Commonwealth of Australia Explanatory Memoranda Commonwealth of Australia Explanatory Memoranda[Index] [Search] [Download] [Bill] [Help]
1998-1999-2000
THE PARLIAMENT OF THE
COMMONWEALTH OF AUSTRALIA
HOUSE OF
REPRESENTATIVES
PRIVACY
AMENDMENT (PRIVATE SECTOR) BILL 2000
SUPPLEMENTARY EXPLANATORY
MEMORANDUM
Amendments and New Clauses to be
Moved on Behalf of the Government
(Circulated
by authority of the Attorney-General,
the
Honourable Daryl Williams AM QC MP)
ISBN: 0642 450994
PRIVACY AMENDMENT (PRIVATE SECTOR) BILL 2000
OUTLINE
The Privacy Amendment (Private Sector) Bill 2000 (the Bill) is part of the Commonwealth Government’s commitment to enacting balanced privacy legislation for the private sector to ensure that full advantage may be taken of the opportunities that electronic commerce presents for Australian business and consumers. The Bill implements the National Principles for the Fair Handling of Personal Information, which were developed by the Privacy Commissioner following extensive consultation with business and consumers. They set out minimum standards in relation to how business and other private sector organisations should collect personal information, in relation to the use and disclosure of personal information and in relation to ensuring that the personal information they hold is accurate and secure.
The Bill was introduced into the House of Representatives on 12 April 2000 and was later referred by the Attorney-General to the House of Representatives Standing Committee on Legal and Constitutional Affairs for inquiry and report. After receiving 100 written submissions on the Bill and holding public hearings in Canberra, Sydney and Melbourne, the Committee tabled its advisory report in the House of Representatives on 26 June 2000. The advisory report made a number of recommendations.
The Government amendments to the Bill aim to address some of the Committee’s recommendations, implement further changes resulting from consultation with interests, and implement necessary technical amendments.
FINANCIAL IMPACT STATEMENT
The amendments are expected to have minimal impact on Commonwealth expenditure or revenue.
SCHEDULE 1 - AMENDMENT OF THE PRIVACY ACT 1988
Amendment 1
[Section 6 - small business]
1. Amendment 1 omits Item 4 of Schedule 1 of the Bill. Item 4
defined “annual turnover”. “Annual turnover” now has
the meaning given by new clause 6DA. This amendment is part of the changes that
have been made to the small business exemption.
(See
also Amendments 4, 5, 6, 7, 8, 11, 12 and 18.)
Amendment 2
[Section 6 - media]
2. Amendment 2 omits Item 18 of Schedule 1 of the Bill. Item
18 inserted a definition of “journalism” in subsection 6(1) of the
Act. The definition of journalism is omitted so that the ordinary meaning of
the word will apply. The ordinary meaning of journalism is relevant in
determining the scope of the exemption in
sub-clause
7B(4) of the Bill for acts and practices done, or engaged in, by media
organisations in the course of journalism.
3. The definition previously included at Item 18 would have covered activities beyond the commonly understood activities of journalism. The amendment is intended to clarify the scope of the exemption.
4. The term “journalism” is intended to apply in a
technology neutral way. This is consistent with the approach in the Bill as a
whole. The term is also intended to cover the dissemination of material to the
public.
(See also Amendment 9.)
Amendment 3
[Section 6 - identifiers]
5. Amendment 3 inserts a new Item 22A after Item 22 in
Schedule 1 of the Bill, as a consequence of amendments made to National Privacy
Principle 7. Item 22A inserts a definition of “principal executive”
in subsection 6(1) of the Act. “Principal executive” is defined to
have the same meaning as it has in section 37 of the Act.
(See also Amendments 16, 19, 21, 22 and
23.)
Amendment 4
[Section 6D - small business]
6. Amendment 4 amends Item 36 of Schedule 1 of the Bill by
omitting subsections 6D(1) and 6D(2) and substituting a new definition of
“small business” in new
sub-clauses 6D(1)
and 6D(2). New sub-clause 6D(1) provides that a business is a small business
during a financial year if its annual turnover for the previous financial year
was $3 million or less. New sub-clause 6D(2) provides that a business which was
not carried on in a previous financial year is a small business only if its
annual turnover for the current year is $3 million or less. The method by which
annual turnover is calculated for a previous year or projected for a current
year is set out in new clause 6DA, which is inserted into the Bill by Amendment
7.
Amendment 5
[Section 6D - small business]
7. Amendment 5 amends Item 36 of Schedule 1 of the Bill by omitting from paragraph 6D(4)(a) “at any time” and substituting “for a financial year that has ended”. Sub-clause 6D(4) outlines the circumstances in which a small business is prevented from being defined as a “small business operator” (and therefore unable to rely on the exemption for small business operators). The amendment to paragraph 6D(4)(a) means that an entity will not be a small business operator if it carries on a business that has had an actual annual turnover of more that $3 million in a previous financial year. The reference to “a financial year that has ended” means that a new small business that is required to project its annual turnover in accordance with new sub-clause 6DA(2) (inserted into the Bill by Amendment 7) will not be denied the status of a “small business operator” only because its projected annual turnover exceeds $3 million.
Amendment 6
[Section 6D - small business]
8. Amendment 6 amends Item 36 of Schedule 1 of the Bill by
inserting new
sub-clauses 6D(7), 6D(8) and 6D(9) into
the Bill.
9. New sub-clause 6D(7) clarifies that paragraph 6D(4)(c) of the Bill will not have the effect of denying a small business the status of a “small business operator” only because the small business discloses personal information about another individual with the consent of the individual or as required or authorised by or under legislation.
10. New sub-clause 6D(8) clarifies that paragraph 6D(4)(d) of the Bill will not have the effect of denying a small business the status of “small business operator” only because the small business provides a benefit, service or advantage to be allowed to collect personal information from an individual with the consent of the individual or as required or authorised by or under legislation.
11. New sub-clause 6D(9) provides that a body corporate that carries on a small business is not a “small business operator” if it is related to a body corporate that carries on a business that is not a small business. This means that a small business that is part of a corporate group which includes a large business will not be able to take advantage of the small business exemption. This amendment is consistent with the general amendment to the related body corporate provision (see Amendment 10).
Amendment 7
[Section 6DA - small business]
12. Amendment 7 amends Item 36 of Schedule 1 of the Bill by inserting a new clause 6DA into the Bill. New sub-clause 6DA(1) defines the “annual turnover” of a business for a financial year as the total of: the proceeds of sales of goods and/or services; commission income; repair and service income; rent, leasing and hiring income; government bounties and subsidies; interest, royalties and dividends; and other operating income earned in the year in the course of business. The note to new sub-clause 6DA(1) clarifies that, in general, a business’ annual turnover calculated in accordance with clause 6DA will equate to the total of the instalment income the business notifies to the Commissioner of Taxation on its Business Activity Statements over the course of the financial year. It is intended that, in most cases, a business will be able to use the calculations on its Business Activity Statements to demonstrate its annual turnover for the purposes of clause 6DA.
13. New sub-clause 6DA(2) sets out a formula to project the annual turnover of a business that has been carried on for only part of a financial year. The annual turnover for such a business is determined by multiplying the amount of turnover that has been generated in the course of business during the part year by the number of days in the whole financial year divided by the number of days in the relevant part of the financial year.
Amendment 8
[Section 6EA - small business]
14. Amendment 8 amends Item 36 of Schedule 1 of the Bill by inserting a new clause 6EA after clause 6E. New clause 6EA allows a small business operator to elect to be treated as if it were an organisation and subject to the provisions of the Bill. New sub-clause 6EA(2) provides that such a choice must be made in writing and given to the Privacy Commissioner. New sub-clause 6EA(3) provides that if the Privacy Commissioner is satisfied that a small business operator has made a choice to opt-in to the privacy scheme in the Bill under new sub-clause 6EA(2), he or she must enter the name or names under which the operator carries on business and the operator’s Australian Business Number (if it has one) in a register. The small business operator would then be treated as if it were an organisation (and covered by the Bill) from the date of registration.
15. A small business operator may revoke a choice under new sub-clause 6EA(2) by notice given in writing to the Privacy Commissioner. If a revocation is made, new sub-clause 6EA(4) requires the Privacy Commissioner to remove the name of the operator from the register.
16. New sub-clause 6EA(5) provides that the Privacy Commissioner may decide the form of the register and how it is to be kept. For example, the Privacy Commissioner may choose to maintain an electronic database which is accessible via the Internet. The aim of the register is to make it easy to establish which small business operators have opted in to the privacy scheme in the Bill, and the date from which those operators are required to comply with the scheme.
17. New sub-clause 6EA(6) requires the Privacy Commissioner to make the register available to the public but prevents the Privacy Commissioner from releasing publicly any information about a business other than the name or names under which it trades and its Australian Business Number.
Amendment 9
[Section 7B - media]
18. Amendment 9 amends Item 42 of Schedule 1 of the Bill by
deleting
sub-clause 7B(4) and substituting a new
sub-clause 7B(4). The new sub-clause requires media organisations to meet an
additional condition before the acts and practices done or engaged in by the
organisation in the course of journalism are exempt. This additional condition
seeks to ensure an appropriate balance is found between the public interest in
allowing the free flow of information to the public through the media and the
public interest in providing adequate safeguards for the handling of personal
information.
19. The additional condition is set out in new paragraph 7B(4)(b). It requires a media organisation to have publicly committed itself to observing published standards that deal with privacy before it can rely on the exemption for the media. In other words, if a media organisation seeks to rely on the exemption for acts and practices done or engaged in by the organisation in the course of journalism it must be able to show that, at the relevant time, it was committed to a code of practice that deals with privacy.
20. One way a media organisation might demonstrate its public commitment to standards dealing with privacy is to show that it is a member of a media industry body and that membership of that body requires it to subscribe to a code developed and published by the industry body. Indeed, many media organisations already subscribe to published codes of practice that have been developed by media industry bodies. It is not intended that a media organisation need subscribe to a privacy code approved by the Privacy Commissioner in order to benefit from the exemption.
Amendment 10
[Section 13B - related bodies corporate]
21. Amendment 10 amends Item 52 of Schedule 1 of the Bill by
inserting a new
sub-clause 13B(1A). Clause 13B allows
related bodies corporate to share personal information. New sub-clause 13B(1A)
will ensure that if an entity (“A”) that was not required to comply
with the National Privacy Principles (or approved privacy code) in obtaining
personal information shares that personal information with a related body
corporate (“B”), then the collecting related body “B”
must comply with the National Privacy Principles (or code equivalent) when
accepting personal information from “A” (the exempt entity, or
organisation whose acts and practices are exempt).
22. The addition of new sub-clause 13B(1A) clarifies how
clause 13B interacts with the exemptions in the Bill. For example, a body
corporate that is related to a media organisation could not rely on clause 13B
to collect personal information from the media organisation without first
ensuring that the individual was aware of the matters listed in National Privacy
Principle 1.3 (or code equivalent) and that collection complied with all the
other requirements in National Privacy Principle 1 (or code equivalent).
(See also Amendment 6, specifically new sub-clause
6D(9).)
Amendment 11
[Section 16D - small business]
23. Amendment 11 amends Item 54 of Schedule 1 of the Bill by omitting from clause 16D the words “and does not carry on any other business” and substituting “throughout the delayed application period for the organisation”. Clause 16D delays the application of the National Privacy Principles to organisations that carry on one or more small businesses. The amendment to clause 16D (combined with Amendment 12, below) means that the length of the delayed application period may vary. The period of delay may be a maximum of 12 months after the commencement of clause 16D, or may, as a result of Amendment 12, be a shorter period.
Amendment 12
[Section 16D - small business]
24. Amendment 12 amends Item 54 of Schedule 1 of the Bill by omitting the definition of “delayed application period” from clause 16D and substituting a new definition of that phrase.
25. Clause 16D currently provides that an organisation that
carries on a small business will not be subject to the National Privacy
Principles for a period of
12 months after the Bill
commences. The new definition of “delayed application period”
retains the 12 month delay for most small businesses, but introduces new
provisions to deal with new organisations and organisations that carry on a
business that is not a small business or provide a health service. The new
delayed application period starts on either the day that clause 16D commences or
the day that the entity carrying on the small business becomes an
“organisation” for the purposes of the Bill, whichever is later. An
entity may become an “organisation” after the commencement of clause
16D if, for example, it commences carrying on a small business but is not a
small business operator as defined in the Bill.
26. The delayed application period ends when an organisation carries on a small business that involves the provision of health services. It is recognised that the community considers the type of personal information held by health service providers to be particularly sensitive. Health service providers are therefore denied the advantage of the delayed application period in order to ensure that their information handling procedures comply with the terms of the Bill from the earliest possible time.
Amendment 13
[Section 18BB - considerations]
27. Amendment 13 amends Item 58 of Schedule 1 of the Bill by
deleting
paragraph 18BB(3)(c) and substituting a new
paragraph 18BB(3)(c). The paragraph provides that an adjudicator under a code
must, in performing his or her functions, or exercising his or her powers under
the code, have due regard to certain matters. The amendment to paragraph
18BB(3)(c) makes it clear that an adjudicator must have due regard to the same
matters as the Privacy Commissioner, by expressly referring to paragraph 29(a)
of the Act. (See also Amendment 17.)
Amendment 14
[Section 18BF - guidelines]
28. Amendment 14 amends Item 58 of Schedule 1 of the Bill by
inserting a new
sub-clause 18BF(1A). Sub-clause
18BF(1) provides that the Privacy Commissioner may make guidelines in relation
to privacy codes and complaint handling mechanisms in privacy codes. New
sub-clause 18BF(1A) requires the Privacy Commissioner to give everyone he or she
considers has a real or substantial interest in the matters covered by the
proposed guidelines in relation to complaint handling an opportunity to comment
on them. An example of one way the Privacy Commissioner may provide this
opportunity is to publish an invitation for parties to comment on the proposed
guidelines in a nationally available newspaper. Another way would be to publish
an invitation on his or her website.
Amendment 15
[Section 18BF - guidelines]
29. Amendment 15 amends Item 58 of Schedule 1 of the Bill by
omitting from
sub-clause 18BF(2) the words “the
guidelines” and substituting the words “guidelines made under
subsection (1)”. Sub-clause 18BF(2) provides that the Privacy
Commissioner may publish guidelines in any way he or she considers appropriate.
The amendment clarifies that sub-clause 18BF(2) refers to all the guidelines
listed in sub-clause 18BF(1).
Amendment 16
[Section 37 - identifiers]
30. Amendment 16 inserts a new Item 76A in Schedule 1 of the
Bill. Item 76A amends section 37 of the Act by omitting the words “for
the purposes of this Part, the” and substitutes “the”.
Section 37 currently defines “principal executive”, but only for the
purpose of Part V of the Act (which relates to investigations). Amendment 16
deletes the reference to Part V so that the definition is capable of extending
to
National Privacy Principle
7.
(See also Amendments 3, 19, 21 and 22.)
Amendment 17
[Section 55A - considerations]
31. Amendment 17 amends Item 99 of Schedule 1 of the Bill by
inserting a new
sub-clause 55A(7A). Clause 55A relates
to proceedings to enforce a determination made by the Privacy Commissioner or a
code adjudicator. New sub-clause 55A(7A) describes the matters to which the
Court is to have due regard in conducting a hearing or making an order. The
addition of new sub-clause 55A(7A) makes it clear that a Court must have due
regard to the same matters as the Privacy Commissioner, by expressly referring
to paragraph 29(a) of the Act. (See also Amendment 13.)
Amendment 18
[Section 70B - small business]
32. Amendment 18 amends Item 114 of Schedule 1 of the Bill by
inserting a new clause 70B. New clause 70B provides that an entity that ceases
to be an organisation but continues to exist is subject to Part V of the Act
(which relates to investigations) in relation to an act or practice of the
entity while it was an organisation, as if it were still an organisation. This
means that a complaint may be made about an act or practice of a small business
that subsequently becomes a small business operator and therefore exempt from
the Bill if the act or practice occurred before the business became exempt.
Equally, if a small business operator makes an election under new
clause 6EA to be subject to the Bill but later revokes
that election, acts or practices that occurred while the election remained in
force may be investigated and dealt with by the Privacy Commissioner as if the
small business operator were still subject to the Bill. This ensures that the
Privacy Commissioner’s jurisdiction to investigate complaints about
alleged interferences with privacy is not defeated by a business gaining or
reasserting an exemption from the Bill after the act or practice complained of
occurred.
Amendment 19
[Section 100 - identifiers]
33. Amendment 19 inserts a new Item 138A into Schedule 1 of
the Bill, as a consequence of amendments made to National Privacy Principle 7
(see, in particular, Amendments 21 and 22). Item 138A inserts a new sub-clause
100(2) at the end of existing section 100 of the Act. Section 100 provides that
the Governor-General may make regulations prescribing certain matters. New
sub-clause 100(2) provides that, before the Governor-General may make
regulations for the purposes of
National Privacy
Principle 7.1A or National Privacy Principle 7.2(c), the Minister must be
satisfied of the things listed in new paragraphs 100(2)(a), (b) and (c). New
paragraph 100(2)(a) provides that the agency (or principal executive of the
agency, where the agency has a principal executive) must have agreed that the
adoption, use or disclosure by the organisation of the identifier in the
circumstances is appropriate. New paragraph 100(2)(b) provides that the agency
(or principal executive, as appropriate) must have consulted the Privacy
Commissioner about the proposal in paragraph (a). Finally, new paragraph
100(2)(c) provides that the adoption, use or disclosure can only be for the
benefit of the individual concerned.
Amendment 20
[Schedule 3, National Privacy Principle 2 - direct marketing]
34. Amendment 20 amends Item 139 of Schedule 1 of the Bill by
omitting
sub-paragraph (iv) from National Privacy
Principle 2.1(c) (NPP 2.1(c)), and substituting new NPP 2.1(c)(iv) and NPP
2.1(c)(v). NPP 2.1(c) describes the circumstances in which an organisation may
use personal information for the secondary purpose of direct marketing. New NPP
2.1(c)(iv) requires an organisation to draw to the individual’s attention
his or her opportunity to opt out of further direct marketing communications, in
each direct marketing communication to the individual. This sub-paragraph is
intended to ensure that an individual is made aware that he or she may ask the
organisation to stop sending direct marketing material to him or her at any
stage in the transaction with the organisation.
35. New NPP 2.1(c)(v) requires an organisation to provide its business address and telephone number to an individual in any written direct marketing communication to the individual. NPP 2.1(c)(v) also requires an organisation to provide electronic contact details (for example, a facsimile number or electronic mail address) at which the organisation can be contacted directly, where direct marketing communications are sent to an individual by electronic means. These amendments are intended to ensure that businesses provide consumers with information that allows identification of the business involved in a particular transaction as well as prompt, easy and effective communication with the business. It is expected that relevant statutory registration or licence numbers, including, for example, the Australian Business Number and/or the Australian Company Number would be displayed on any written direct marketing communications with an individual.
Amendment 21
[Schedule 3, National Privacy Principle 7- identifiers]
36. Amendment 21 amends Item 139 of Schedule 1 of the Bill by
inserting new
NPP 7.1A after NPP 7.1. NPP 7.1
prohibits an organisation from adopting a government identifier. New NPP 7.1A
recognises that there may be situations where it is appropriate for certain
organisations to adopt certain identifiers in certain circumstances. These
organisations, identifiers and circumstances may be prescribed. Amendment 19
outlines the prerequisites that must be satisfied before prescription can
occur.
Amendment 22
[Schedule 3 National Privacy Principle 7 - identifiers]
37. Amendment 22 amends Item 139 of Schedule 1 of the Bill by omitting existing NPP 7.2(b) and adding new NPP 7.2(b) and NPP 7.2(c). NPP 7.2 places limitations on when an organisation may use or disclose a government identifier. New NPP 7.2(c) recognises that there may be situations where it is appropriate for certain organisations to use or disclose certain identifiers in certain circumstances. These organisations, identifiers and circumstances may be prescribed. Amendment 19 outlines the prerequisites that must be satisfied before prescription can occur.
38. Amendments 21 and 22 provide some flexibility in terms of the adoption, use and disclosure of government identifiers. The amendments are not, however, intended to open up the principle to allow for widespread adoption, use or disclosure of such identifiers.
Amendment 23
[Schedule 3 National Privacy Principle 7 - identifiers]
39. Amendment 23 amends Item 139 of Schedule 1 of the Bill by inserting “or ABN (as defined in the A New Tax System (Australian Business Number) Act 1999)” after “name” in NPP 7.3. The amendment specifically excludes the ABN from the definition of identifier in NPP 7.3. Although an ABN is intended to be a unique business identifier, it may, to the extent that it is assigned to identify a sole trader, also fall within the scope of the definition of identifier in NPP 7.3. The amendment therefore clarifies that the restrictions on using identifiers assigned by agencies are not intended to apply within the context of the ABN scheme.