'Political parties and voter privacy: Australia, Canada, the United Kingdom, and United States in comparative perspective', an article by Philip Howard and Daniel Kreiss in (2010) 15(12) First Monday discusses the dirty little secret - abuse by political parties and associated entities.
Political parties are among the most lax, unregulated organizations handling large volumes of personally identifiable data about citizens’ behavior and attitudes. We analyze the privacy practices of political parties in Australia, Canada, United Kingdom, and United States to assess the current state of electorate data, compare regulatory efforts, and offer policy recommendations. While data has long been a part of political practice, there has been a revolution over the last decade in the opportunities for gathering, storing, and acting upon data. Candidates, parties, lobby groups and data–mining firms collect massive amounts of data. They trade analytical tools, databases, and consulting expertise on a vast and unregulated market. In these practices, political actors routinely violate the privacy norms of many citizens. There are also documented cases of data breeches in all four countries. Meanwhile, political parties face relatively few restrictions on their use of data, and have developed a wide variety of largely voluntary privacy policies that are inadequate. We argue that some straightforward policy oversight would significantly improve the way personal records are handled by political actors.Closer to home there is a cogent 16 page paper [PDF] by Anthony Bendall & Helen Versey of Privacy Victoria on 'Privacy and the media - how to balance rights and interests'.
The authors comment that although the media is properly concerned about protecting freedom of expression,that protection must not be to the exclusion of privacy rights. Privacy and freedom of expression are not antithetical.
The paper argues that there are at significant gaps in Australian privacy laws and that privacy rights are unprotected in significant areas. I concur with that assessment and am, for example, concerned with the cavalier approach adopted by the national Privacy Commissioner in enshrining very fuzzy restrictions on data harvesting/use (PID 11 and PID 11A) in relation to genetic information.
The authors persuasively argue that "the way forward is to ensure that a serious breach of an individual’s privacy is protected through a statutory right of action. Technology no longer allows information to be forgotten. It is time that the gaps in the law are filled." Their national counterpart seems to be intent on widening the gaps on the basis of a problematical consultation exercise that should pose concerns for medical practitioners and members of the public.