The role of the Office of the Privacy Commissioner in telecommunications

Andrew SolomonDirector, Policy

Presentation • What is privacy?

• The role of the Office– Our legislation– Complaint handling– Policy advice– Promotion and Education

• Privacy and telecommunications regulation

What is privacy?Privacy can be divided into four separate but related

concepts:

• Information privacy – involving rules for the handling of personal data

• Bodily privacy – protection of our physical selves against invasive procedures

• Privacy of communications – security and privacy of mail, telephones etc

• Territorial privacy – setting limits on intrusions into domestic and other environments.

David Banisar, Electronic Privacy Information Centre, 2000 www.privacyinternational.org/survey/

Our legislation covers…• Australian Government agencies

• Private sector: – annual turnover > $3m– trade in personal information– health service provider– contracted service provider for a

Commonwealth contract

• Credit reporting

• Some other areas eg; ACT agencies, TFN

The National Privacy PrinciplesThe Privacy Act 1988 relates to information privacy. The

National Privacy Principles apply to certain private sector organisations. In relation to personal information the principles cover:

1. Collection

2. Use and disclosure

3. Data quality

4. Data security

5. Openness

The National Privacy Principles

6. Access and correction

7. Identifiers (Australian Government)

8. Anonymity

9. Transborder flows of data (overseas)

10.Sensitive information

Complaint handling

Our complaint handling approach emphasises:

• Resolution between organisation and individual where possible and

• Investigation and conciliation where complaints are made to the Privacy Commissioner

Complaint handling

Typical outcomes following conciliation include:

• apologies

• access provided and/or records amended

• change in practice or procedure

• staff training and

• monetary or other compensation to redress actual loss or damage

Complaint handling

Powers supporting complaints process include:

• make enquiries of third parties

• enter premises (with consent or warrant)

• require the production of information or documents

• undertake own motion investigations

• Apply to a court to enforce decisions made by Commissioner

Policy advice

Our policy team:

• provides guidance and advice to Australian Government agencies and private sector organisations on privacy issues;

• examines and makes submissions on proposed legislation that may have privacy implications; and

• monitors technological and social developments that affect individual privacy.

Promotion and education

Our public affairs team:

• “promotes an Australian culture that respects privacy”

• educates individuals and organisations of their rights and obligations

• manages media relations

• manages Privacy Contact Officer network

Privacy & telecommunicationsIs regulated by:

• National Privacy Principles, Privacy Act 1988• Telecommunications Act 1997• Telecommunications (Interception and Access) Act 1979• Spam Act 2003• Do Not Call Register Act 2006• Communications Alliance Codes (formerly ACIF)

OPC 2005 Review of the private sector provisions: – Privacy Commissioner recommended greater consistency in

privacy regulation

Privacy Act and Telco Act

Acts taken to be authorised by law for purposes of Privacy Act

• s. 303B – If a disclosure or use of customer information is

permitted by an exception in Part 13 of the Telco Act, then it is “authorised by law” for the purposes of NPP 2.

Responsibilities under Telco ActRegistration of Industry Codes –Part 6

• s. 117(1)(j):– ACMA must be satisfied that the Privacy

Commissioner has been consulted about the development of the code, if privacy matters are relevant

• s. 117(1)(k):– ACMA must believe that the Privacy

Commissioner is satisfied with the code, if the code deals with NPP matters

Responsibilities under Telco Act

ACMA requesting codes

• s. 118(4A)– ACMA must consult the Privacy Commissioner

before making a request for the development of an industry code that deals with NPP issues

Responsibilities under Telco ActDirections about compliance with industry

codes• s. 121

– ACMA must consult the Privacy Commissioner before directing a person to comply with an industry code, if NPP issues are relevant.

Formal warnings—breach of industry codes• s. 122

– ACMA must consult the Privacy Commissioner before issuing a formal warning about breaching of a code, if NPP issues are relevant

Responsibilities under Telco Act

Consultation with the Privacy Commissioner on Industry Standards

• s. 134 – Before determining, varying or revoking an

industry standard, ACMA must consult the Privacy Commissioner, if privacy issues are relevant (e.g. IPND industry standard)

Responsibilities under Telco Act

Law enforcement and protection of public revenue

• s. 282 – ACMA must consult the Privacy Commissioner

before determining requirements that law enforcement agencies must follow when certifying that a disclosure of customer information is reasonably necessary

Responsibilities under Telco Act

Monitoring by the Privacy Commissioner

• s. 309 – Division 5 of Part 13 requires

telecommunications companies to keep records of customer information that is released to law enforcement agencies under certain conditions

• Privacy Commissioner has the function of monitoring compliance with Division 5 through conducting audits of these records

2005 Review Recommendations• Telecommunications

– Clarify relationship between Telco Act, Spam Act and Privacy Act

• Recommendations 8, 10, 11 • Further guidance • Legislative amendment?

– ISPs and directory producers covered • Recommendation 9 • Small business operator exemption? • Regulations under s. 6E of the Privacy Act

– Consider options for a Do Not Contact register • Do Not Call Register now being implemented

Review Recommendations– Technological developments – internet, data-

mining, biometrics etc– Support for technological neutrality – But some possible gaps identified eg VoIP,

GPS, Mcommerce, spyware?

Australian Law Reform Commission privacy review likely to pursue these areas.

Recent Telecommunications Submissions• Inquiry into the provisions of the Do Not Call Register Bill

2006 and the Do Not Call Register (Consequential Amendments) Bill 2006; (June 2006)

• Inquiry into the provisions of the Telecommunications (Interception) Amendment Bill 2006; (March 2006)

• Review of the Spam Act 2003;  (February 2006)

• Introduction of a Do Not Call Register, Possible Australian Model: Discussion Paper (December 2005)

• Telecommunications (Use of Integrated Public Number Database) Draft Industry Standard 2005 (August 2005)

More information

Visit our website: www.privacy.gov.au

Call our hotline:

1300 363 992

Join our Privacy Connections Network

The role of the Office of the Privacy Commissioner in telecommunications

Andrew SolomonDirector of Policy