Introduction
Thank you Alan Rassaby.
As many of you know, the Attorney-General today launched a set privacy principles developed by the Privacy Commissioner, Moira Scollay. They are entitled: National Principles for the Fair Handling of Personal Information.
The development of these principles is a great achievement by Moira - who is with us here - and all the business organisations and privacy and consumer bodies which have worked with her on this task - many of whom are also here.
This achievement confirms the Government's belief that good privacy practices are in the interests, not just of consumers, but also of business.
Business Interest in privacy protection
Privacy is an issue that figures prominently when people are asked about issues of concerns in their dealings with organisations.
People want to know who collects information about them, what that information will be used for, and who will have access to it.
Advances in technology have heightened these concerns.
Of course, customer trust is imperative to good business.
Having the customer's confidence that information about them will be dealt with properly and fairly is an important aspect of good customer relations.
Privacy Commissioner's Role
It was in recognition of the interests of business and consumers that the Government announced in March last year that the services of the Privacy Commissioner would be available to assist in the development of voluntary codes of conduct and to meet privacy standards.
Since that announcement, Moira has consulted widely, including issuing a discussion paper, holding public forums around Australia and meeting with many peak bodies, individual businesses, privacy, consumer and government bodies.
Most recently she convened a working group of business, privacy, consumer and government bodies to undertake the final drafting of the principles.
Government Approach
The Government encouraged this approach because it is believed that privacy principles for business could best be developed if business were a major player in their development.
We want privacy principles that will provide real privacy protection to consumers. But we want to achieve this protection in a way what does not impose any unnecessary burdens or constraints on business. They reduce the efficiency of business, and thus are adverse to economic growth.
They would also inevitably translate into costs passed on to the consumer.
Status of Principles
The formulation of principles to promote good corporate behaviour in addressing the privacy concerns of individuals reflects the Government's belief that a heavy-handed, black-letter law approach in this area would not be desirable. This is consistent with the Government's policy of promoting "best regulatory practice" for which the Prime Minister has tasked me with overall responsibility. I find it very pleasing, therefore, that business groups believe that Moira's privacy principles will be effective, without imposing undue compliance costs. It is equally important that the right balance continue to be struck through the implementation stage.
In essence, are intended to be a practical basis for organisations to develop good privacy practices.
They are intended to be applied to the circumstances of different organisations to achieve effective privacy protection. They provide a framework, not a detailed prescription. Of course, if business is going to be doing the right thing by consumers, the principles need to be taken seriously.
Content of principles
The principles provide basic standards relating to the various stages of handling personal information: collection, storage and use and disclosure.
Put very simply, they state that when organisations collect information about individuals, the individual concerned should know why it is being collected, what it will be used for, and who it will be disclosed to, and the organisation should not use it or disclose it in a way that the individual wouldn't reasonably expect.
There are of course a range of situations where these general principles would be inappropriate and the principles include exceptions to cover such situations,
The principles also recognise the legitimate interests of business in efficient and effective information handling in a changing competitive environment.
To look at an example of how the principles would operate, if you have health insurance with a company in a particular corporate group, and you seek a loan from the finance company of that corporate group, you don't expect information about your medical treatment to be provided to the finance company without your consent.
And similarly, if you go into hospital for a hip replacement, you don't expect your details to be sold to companies which sell walking frames or own aged care homes without your consent.
On the other hand, a corporate group may well offer its customers the opportunity to receive a seamless range of integrated financial services. On this basis, the customer would expect information provided to be accessible for use in relation to any of those services.
Because these principles do turn on what the customer would expect, they provide flexibility for the organisation's relationship with its clients.
The principles also state that individuals should be able to have access to information which an organisation holds about them, and have it corrected if it is incorrect.
For example, tenancy data bases have been established to enable real estate agents to check the tenancy history of potential tenants. Real estate agents provide information about their tenants to the central data base and can check prospective tenants against it.
This is clearly a valuable service to real estate agents and landlords wishing to establish the credentials of prospective tenants. It is however possible for mistakes to be made.
A person could be refused a rental property on basis of incorrect information.
Unless they were aware of the contents of the data base they would not be able to rectify their position.
Applying the principles would allow prospective tenants to have access to that information, or at least an explanation of why the tenancy was refused. If the prospective tenant could establish that the information was not accurate, the data base should be corrected.
Next Steps
These principles provide a good basis for all organisations who wish to ensure that they have good privacy practices.
I understand that some sectors are already considering using them as the basis for industry codes of practice.
In addition, Moira is going to continue consultations to determine whether a national voluntary scheme for adherence to these principles can be developed.
Such a scheme could include mechanisms for signing up to the principles, and mechanisms to enable individuals, who believe that their privacy has been interfered with by virtue of a breach of the principles, to have recourse to an independent complaints machinery.
National Approach
Such a national scheme would have advantages for consumers and business.
Consumers could expect the same basic approach to privacy from all organisations dealing with information about them, no matter what the sector and no matter where in Australia that business operated.
Businesses would not be faced with a range of codes relevant to their operations.
This is becoming increasingly important as businesses broaden their activities beyond the traditional sectoral limitations.
Summing up
So releasing these principles is an important first step.
It is one example of the Government's approach to working with business to ensure that the interest of business, and the entire Australian community, are pursued.
I congratulate — and the Attorney-General congratulates — all those who have provided input in their development.
On behalf of the Attorney-General I encourage you all to contribute to the next step of considering how such principles might be implemented.