I am aware that there is a significant amount of debate about whether there is a need for a statutory cause of action for privacy in this country, or, to put it another way, an enforceable "right to privacy". But there is at the very least an expectation in the community that individual privacy is to be respected and that personal information is to be appropriately protected.That perception is, of course, correct and has been expressed for example by Australian academics, privacy advocates and representatives of the European Union. It is reflected in perceptions that the 'co-regulatory' ethos embodied by the Act has in practice meant regulatory capture.
In the main, that expectation has been met by successive Governments in this country. Indeed, the preamble to the Privacy Act acknowledges Australia's accession to the International Covenant on Civil and Political Rights and refers, in particular, to Australia's undertaking under that Covenant "to adopt such legislative measures as may be necessary to give effect to the right of persons not to be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence."
For many years the Privacy Act has protected individuals from the arbitrary and unlawful misuse of their personal information. However, there is a perception the laws have not kept pace with the attitudinal changes experienced since the Act was originally passed.
The Minister went on to comment that -
There are also valid questions about how the Act should deal with certain new and emerging technologies. There is a compelling argument for the laws to be updated for the twenty-first century. ...The robustness of that intention is contestable and it is regrettable that the Minister did not refer to the more far-reaching reforms canvassed in Victoria, including recognition of a tort of privacy (something consistent with the ostensible recognition of privacy as a human right).
I would like to provide a brief overview of the credit reporting reforms the Government intends to pursue. I don't intend discussing the broader suite of privacy reforms, except to say that the Government's intention is to create a robust and adaptable privacy framework.
Mr O'Connor indicates that "new credit reporting provisions are an integral part" of the Government's changes to national privacy law -
Perhaps the most significant reform is the introduction of more comprehensive credit reporting.We might hope that, amid the self-congratulation, the "sufficient privacy protections" are indeed devised - the weakness of the current protections induces some scepticism - and that the Office of the Australian Information Commissioner (OAIC) takes an active role in enforcing those protections, in contrast to the Privacy Commissioner's history of savaging offenders with all the ferocity of a three-legged, blind and toothless sheep.
The ALRC recommended that any new statutory framework should permit credit reporting information to include five new positive sets of data, including: the type of credit accounts opened by an individual, the dates the accounts were opened and closed (if they were closed), the limits of each open account, and certain details regarding re-payment history over the past two years.
The new positive data would be additional to the existing data sets currently permitted under the Privacy Act - that is, information about a credit provider having sought a credit report in relation to an applicant for credit, and the amount of credit sought in the application.
Subject to sufficient privacy protections being put in place, the Government has accepted this recommendation from the ALRC.
The extra information will allow credit providers to undertake a fuller assessment of an individual's credit risk and lead to increased competition in the credit reporting market.
Never fear, it seems, as the Minister offers reassurance -
I should note that information about an individual's repayment history will only be listed and accessed by credit providers that are subject to responsible lending obligations under the National Consumer Credit Protection Act 2009. The obligations contained in that Act will commence for a majority of credit providers from 1 January 2011.he went on to comment that -
Credit providers and credit reporting agencies will be able to deal with the other four data sets irrespective of whether they are subject to the responsible lending obligations.Little comfort is provided by the Minister's closing statement that -
I should also note that it will not be mandatory under the new legislation for credit reporting agencies or credit providers to collect, use or disclose this extra information.
Understandably, there will be sections of the community concerned about the extra information available through these reforms. But as I have said, the Government has accepted the ALRC recommendation on the basis that sufficient privacy protections are in place.There's more ...
Under the reforms, there will be enhanced notification, disclosure, data quality and dispute resolution requirements, which will act to prevent the misuse of this information.
For example, the Government will move to clarify and strengthen the pre-existing "notification" principle to provide notice to individuals about not only the credit providers own information handling practices, but also specific practices of a credit reporting agency. Notification should occur at or before the time the personal information is disclosed (and therefore collected) by the credit reporting agency, to ensure that individuals are fully aware of how their information will be used in the credit reporting system.
In addition to legislative reform, the Government considers that a clear and transparent industry code of practice should be developed between the credit reporting industry, consumer and credit advocates and the Privacy Commissioner.It is difficult not to laugh on reading the statement that -
Without seeking to override or apply lesser standards than are outlined in the Act, the industry code will outline how the credit reporting provisions and related issues (such as access, data accuracy and complaint handling) should operate in practice. The re-drafted Privacy Act will act as a guide by outlining the matters
the code should cover.
The industry-agreed code will replace the current Credit Reporting Code of Conduct developed by the Privacy Commissioner. It will ensure consistency across the industry, and should strike an appropriate balance between the privacy needs of individuals and the needs of industry to have efficient and effective credit reporting.
I am encouraged by the fact that the Australasian Retail Credit Association [ARCA] is giving consideration to the issues involved in developing the Code and to that end is undertaking consultations with significant stakeholders.The wolves and foxes are giving their full consideration to the issues and can therefore be congratulated by the fierce bad rabbits? The Minister wrapped up by saying "I will also be keeping a close eye on the operation of the new laws following their enactment" ... just the reassurance I need for a contented night's sleep.
The development of an industry-agreed Code is a matter I encourage all interested parties to turn their minds toward in the coming period.