Banner
 spacer
print  Print page  
Consultation Paper 3 (2008) - Privacy legislation in New South Wales


8. Relationship between PPIPA and other legislation

Updates and background for this project (Digest)

INTRODUCTION

8.1 This chapter is concerned with the relationship between the Privacy and Personal Information Protection Act 1998 (NSW) (“PPIPA”) and other statutes that contain provisions dealing with privacy and access to information. The fact that privacy in New South Wales is currently regulated by several Acts has given rise to confusion about the way in which these pieces of legislation interact with one another.

8.2 Specifically, the chapter deals with the following:

    • the relationship between PPIPA and the Freedom of Information Act 1989 (NSW) (“FOI Act”), including:
    • duplication and inconsistencies between the information disclosure, access and collection provisions;
    • inconsistencies between the complaints-handling and review provisions found in the two Acts; and
    • arguments for and against amalgamation of the oversight of privacy and FOI;
    • the relationship between PPIPA and the Local Government Act 1993 (NSW) (“LGA”);
    • the relationship between PPIPA and the State Records Act 1998 (NSW) (“SRA”).
8.3 The Acts listed above do not exactly replicate one another in privacy regulation, as each has its own particular focus and priorities, reflected in the different objects and purposes of each Act. The LGA is concerned with the structure and functions of councils, while the SRA has the very different role of governing the management of public offices’ records. Unlike PPIPA, neither is primarily designed to regulate privacy and access to information. However, particular provisions in the various pieces of legislation relating to access to information held by government agencies cover essentially the same ground, meaning that more than one regulatory regime may apply in particular circumstances.

8.4 In fact, there are three separate regimes governing access to, and amendment of, documents held by public sector agencies: the LGA for councils; and PPIPA and the FOI Act for both councils and other public sector agencies in New South Wales.1 In addition, the SRA contains provisions that bear on the issue.

8.5 The relevant provisions in these Acts often regulate the same thing but they do so in terms that are, at best, only similar or comparable to each other, not identical. At worst, it has been suggested that the differences between the Acts are such that it “is simply not possible” to obey them at the same time.2 The former Privacy Commissioner has said that the provisions in PPIPA, the FOI Act and the SRA “are in fact, in a number of key respects, insufficiently compatible, [so] that an officer will have to be in breach of one of them at some stage”.3

8.6 In a similar vein, the Ombudsman has noted that the three regimes are “largely incompatible”4 and have led to “considerable confusion for both users and the public officials responsible for administering the relevant legislation”.5 These concerns were echoed by other submissions to the Attorney General’s Review of PPIPA,6 including those made by Sydney University, Bankstown Council, the Department of Education and Training, the Ministry for Police and the Roads and Traffic Authority.

8.7 The major overlap is between PPIPA and the FOI Act.

THE RELATIONSHIP BETWEEN PPIPA AND THE FOI ACT

Disclosure, access and correction provisions

8.8 This section analyses the duplication of, and inconsistencies between, the provisions of PPIPA and the provisions of the FOI Act that deal with disclosure and correction of, and access to, information. These are s 1315 of PPIPA and Parts 24 of the FOI Act.

8.9 It is because the relevant provisions of the two Acts are similar, not identical, that the duplications produce inconsistencies. In particular, differences in terminology result in substantive differences in application. For example, while the FOI Act is limited in its application to “documents”,7 PPIPA applies to “information”,8 which is a wider term than “documents” because information includes what has not been recorded in documentary form.9 On the other hand, PPIPA applies only to “personal information”,10 whereas the FOI Act allows access to a wide range of documents held by an agency.

8.10 Applicants and agencies will enjoy different benefits, and incur different obligations, depending on the particular statute under which the application for access to information is dealt with. This might not matter if the two statutes simply operated concurrently, or in parallel, without affecting each other. But they do not. Particular provisions in the Acts complicate their interaction. While PPIPA is not intended to affect the FOI Act, the FOI Act specifically affects PPIPA through the operation of s 20(5) of PPIPA. However, the way in which it does so is not entirely clear because, as discussed in Chapter 6 in paragraph 6.32, the correct interpretation of that section is uncertain.

8.11 Section 20(5) of PPIPA provides that “the provisions of the [FOI Act] that impose conditions or limitations (however expressed) with respect to any matter referred to in section 13, 14 or 15 are not affected by this Act, and those provisions continue to apply in relation to any such matter as if those provisions were part of this Act”.

8.12 Privacy NSW has argued that it is uncertain exactly how “the access and correction provisions of the FOI Act relate to or are imported into” PPIPA.11 The Ombudsman agrees that the provision is “ambiguous” but that it seems to mean that if disclosure, access or correction rights may be validly denied under the FOI Act (under Parts 2–4) they may be similarly denied under PPIPA (s 13–15).12 Thus, an application for access to information under s 14 of PPIPA may be refused because of conditions and limitations (on s 16 of the FOI Act) found in Part 3 of the FOI Act. The Crown Solicitor, on the other hand, remarked that “[t]he difficulty [of interpretation] lies in identifying the provisions of the FOI Act that impose ‘conditions or limitations (however expressed)’ with respect to any ‘matter’ referred to in ss 13, 14 or 15", noting that it was highly unlikely that all the provisions affecting the access right under the FOI Act would have been intended to apply to those seeking access to information under s 14 of PPIPA.13

8.13 It is not difficult to see why the FOI Act and PPIPA have created such confusion. There is a fundamentally different policy underlying each Act:

      Privacy and data protection laws are intended to protect and promote the fair handling of personal information by agencies, whilst FOI laws are intended to promote open government in relation to handling of personal and non-personal information.14
8.14 The President of the Administrative Decisions Tribunal and former Federal Privacy Commissioner, Judge Kevin O’Connor, has commented that where jurisdictions have FOI and privacy laws, frequently both provide for access to, and amendment of, personal information, as a result of which there are often “tensions between the two laws because of differences in language and approach”.15 In his view, there is a “good case” for there being “one provision in New South Wales law that deals with the right of access, and one provision that deals with the right of amendment”. He has observed that, in contrast, what we have now is “a situation where differently expressed rights are found in FOI and Privacy statutes bearing on the one set of records”. His conclusion is that: “[t]his should be rationalised”. 16

8.15 The Ombudsman has queried whether all the IPPs need to be implemented solely under PPIPA, or whether it might not be better for the three relevant IPPs (in s 13, 14 and 15) to be implemented through the provisions of the FOI Act “(with or without any appropriate amendment to that Act)”.17 This would avoid the duplications and inconsistencies between the two Acts and the over-complexity of the regulatory regime.

8.16 The Ombudsman has proposed the following solution “to address the proliferation of access to information regimes and to help simplify the current complex regulatory environment”:18

      1) repeal s 20(5) of [PPIPA]

      2) as originally proposed in the [PPIP] Bill that went to Parliament, amend s 13–15 and/or s 20 of [PPIPA] to provide that the [IPPs] set out in s 13–15 do not apply to agencies to which the FOI Act appl[ies] and that in relation to those agencies those principles are implemented through the relevant provisions of the FOI Act, and

      3) if considered necessary, amend the FOI Act to put beyond doubt that agencies can adopt informal methods of releas[ing] personal information to the person concerned.19

8.17 It may, at first glance, seem incongruous to pass legislation (namely PPIPA) to protect people’s privacy of, and access to, personal information only to then pass an amendment to the Act that would seriously limit the scope of its application. Since the FOI Act is of general application, specifying that the rights of access granted by PPIPA do not apply to agencies governed by the FOI Act would severely restrict the extent of PPIPA’s reach. However, this approach can be supported on the basis that if rights of access to information are sufficiently protected by the FOI Act, the superadded protection of PPIPA is unnecessary.
      ISSUE 62

      Should the disclosure, access and correction provisions of the Privacy and Personal Information Protection Act 1998 (NSW) and the Freedom of Information Act 1989 (NSW) be rationalised?

      ISSUE 63

      Should the Freedom of Information Act 1989 (NSW) be the means by which the Privacy and Personal Information Protection Act 1998 (NSW) access rights are obtained?

      Complaints-handling and review provisions

8.18 Both PPIPA and the FOI Act contain provisions governing how complaints about breaches of privacy (or issues related to access to information) are to be handled, and what mechanisms are available for review by an agency of any decision made relating to any such complaint. There are significant differences between the two Acts. Some of the key differences are as follows:
    • A person who makes a complaint to the Privacy Commissioner under PPIPA and is dissatisfied with the result cannot take the matter to the Administrative Decisions Tribunal (“ADT”) whereas a person who complains to the Ombudsman under the FOI Act can.
    • Areas of complaint under PPIPA are confined to: alleged violations of, or interferences with, the privacy of an individual;20 an agency’s contravention of an IPP or a privacy code of practice; and the disclosure of personal information kept in a public register.21 On the other hand, complaints under the FOI Act can be made about conduct of any person or body in relation to a determination made by an agency under the FOI Act.22
    • A complaint to the Privacy Commissioner can be made concurrently with a review application to the ADT, but the Ombudsman will not investigate a complaint under the FOI Act while proceedings are before the ADT.23
    • The Privacy Commissioner has a right to appear and be heard in any proceedings before the ADT in relation to a review under s 55 of PPIPA, but the Ombudsman has no such right under the FOI Act.
    • Under PPIPA, neither the applicant nor the respondent agency carries a burden of proof to prove or disprove a fact before the ADT, but under the FOI Act, the onus of proof is on the respondent.24
8.19 When an aggrieved person applies to have an agency review its conduct under s 53 of PPIPA, the agency must notify the Privacy Commissioner of the application, keep him or her informed of the progress of the internal review and inform him or her of any findings or determinations made in relation to the matter.25 No similar provisions are made for the Ombudsman in the FOI Act.

8.20 Time limits for complaints and applications for internal review are also different under the two statutes:

    • Under PPIPA, the applicant for internal review has six months from the time the applicant first became aware of the conduct complained of.26 Under the FOI Act, the applicant has only twenty-eight days from the time notice of the determination is given to apply for an internal review.27
    • Under PPIPA, a complainant has six months (from becoming aware of the relevant conduct) within which to make a complaint to the Privacy Commissioner.28 Under the FOI Act, no time limit for complaining to the Ombudsman is imposed.
    • Under PPIPA, applications for review by the ADT need not be made within any specified time limit. Under the FOI Act, applications must be made within sixty days of the agency’s determination or the Ombudsman’s decision.29
      ISSUE 64

      Should the complaints-handling and review procedures of the Privacy and Personal Information Protection Act 1998 (NSW) and the Freedom of Information Act 1989 (NSW) that are not specifically related to the particular provisions of each Act be made consistent?

Amalgamation of the oversight of privacy and FOI

8.21 One way of reducing the problem of duplications and inconsistencies between PPIPA and the FOI Act would be to charge a single body with the responsibility of overseeing the administration of both statutes. Privacy NSW’s submission to the Attorney General’s Review of PPIPA observed that this “makes intuitive sense”: “[t]hey are two sides of the one coin in ensuring government agencies handle information in an accountable manner”.30 Its reasons for this view were threefold: the vast majority of FOI requests are for access to the applicant’s own personal information; “one Information Commissioner is the trend in many common law jurisdictions”; and it would seem desirable for a single individual to resolve tensions between FOI and privacy.31

8.22 The Ombudsman also supported amalgamating FOI and privacy functions. It commented that this would:

      provide a more integrated and coherent approach to information handling, fostering a better balance between the right to privacy with the need for a safe and open government. It would also reduce duplication, complexity and confusion for the public and agencies.32
8.23 Despite agreeing in principle, Privacy NSW and the Ombudsman disagreed on how an amalgamation of FOI and privacy should be implemented. Privacy NSW maintained that an amalgamation of functions should be under the auspices of an independent Information Commissioner. The Ombudsman, on the other hand, argued that it would make most sense for the role and responsibilities of the Privacy Commissioner to be absorbed into the Office of the Ombudsman.33 It backed up its position with the following arguments:
    • More people are aware of the existence and functions of the Ombudsman than are aware of the role of Privacy Commissioners, and people are therefore more likely to make a privacy complaint to the Ombudsman than to Privacy NSW.34
    • The Ombudsman already has expertise in the area of privacy arising out of its roles in relation to police, community services, telecommunications interception, and so forth. Further, as it is a complaints-handling agency that already has jurisdiction in the related area of FOI, “integration of [Privacy NSW] into the Ombudsman would provide an opportunity to properly coordinate and integrate FOI and privacy practice, procedures and regulation.”35
    • Privacy NSW is too small to be viable as a stand-alone agency.36
    • Most public sector agencies have delegated privacy and FOI responsibilities to the same staff.37
8.24 Privacy NSW put forward the following counter-arguments for not absorbing the office of the Privacy Commissioner into that of the Ombudsman:
    • An Ombudsman should not be involved in policy-making and should be free to criticise bad policy.38
    • The Australian Law Reform Commission recommended that the three roles of overseeing FOI, Privacy Commissioner and Ombudsman should remain separate, although it argued for cooperation between them.39
    • Separate organisations might result in better accountability, as each could provide checks and balances on the other.40
    • Jurisdictions that have appointed Information Commissioners have retained “a separate Ombudsman to deal with more general misconduct and maladministration in government”.41
    • Jurisdictions that have given the Ombudsman the role of regulating FOI have primarily limited the role to complaints-handling rather than wide policy-setting, advice or education roles. The role of Privacy Commissioner, on the other hand, is not so limited.42
8.25 The Ombudsman disputed a number of these assertions, especially those that contend that its primary role is complaints-handling rather than oversight; and that the Ombudsman does not, or should not, have a role in policy development.43

8.26 The Ombudsman was also of the opinion that, even if Privacy NSW was not absorbed into its organisational structure, FOI and privacy still ought to be overseen by a single, separate agency, although it conceded that this would have “several serious shortcomings”.44 First, it submitted that “such a separate agency is unlikely to be viable on its own as it would only have a full time permanent staff of approximately 12 persons”.45 Secondly, there would still be overlap between the agency’s role and that of the Ombudsman, especially in relation to FOI maladministration. The Ombudsman concluded that:

      there would therefore need to be adequate provision to enable that agency and the Ombudsman to share information, refer complaints or the issues arising out of complaints, coordinate concurrent investigations into related issues, etc.46
8.27 The Attorney General’s Review of PPIPA raised an alternative view, noting that:
      [t]here is an inherent policy dilemma in merging a regime predicated on a citizen’s right to transparency in government (freedom of information) and a regime which is concerned with protecting the individual’s right to having their personal information protected by government (privacy).47
8.28 The Commission agrees with this view and is inclined, at this stage, not to recommend that the administration of FOI and privacy legislation be amalgamated in one body, but is interested in receiving submissions on the point.
      ISSUE 65

      Should the administration of Freedom of Information and privacy legislation be amalgamated in one body?

THE RELATIONSHIP BETWEEN PPIPA AND THE LGA

8.29 A comparison of the FOI provision found in the LGA with similar provisions in the other statutes demonstrates that, while divergent terminology in different statutes can be the cause of inconsistencies and confusion (as it is in the case of PPIPA and the FOI Act), it is not always so in every respect. Consider the following provisions:

    • Section 12(6) of the LGA provides that a council must allow inspection of its documents free of charge unless this would be contrary to public interest.48
    • Section 14 of PPIPA provides that an agency that holds personal information must, at the request of the individual to whom the information relates, provide him or her with access to the information, without excessive delay or expense.49
    • Section 16(1) of the FOI Act gives a person a right to access an agency’s documents.50
8.30 Note that PPIPA and the FOI Act refer to a right of “access” to information or documents, whereas the LGA refers merely to a right of “inspection”. On the face of it, this would appear to be something different (and less). However, a subsequent provision of the LGA that defines the right of inspection as including “the right to take away a copy of the document”51 makes the right as extensive as the “access” rights granted in the other statutes. A difference in form (that is, the wording of the statute) is therefore not always determinative of a difference in substance (that is, the actual right conferred by the provision).

8.31 Nevertheless, the differences between the provisions of the LGA and those of PPIPA and the FOI Act are sufficiently significant and substantial to question the necessity for this legislative overlap. Since the application of both PPIPA and the FOI Act extends to councils, the problems of duplication and inconsistencies are simply reproduced and multiplied in the context of local government authorities, which are (as already observed) regulated by these two statutes in addition to the LGA.

8.32 An applicant for access to documents held by a council will therefore have a choice of proceeding under any or all of the three pieces of legislation, each with its own advantages and disadvantages. The Ombudsman has remarked that if the information sought is “simple, non-complex or non-contentious” it is better for both the applicant and the agency to deal with the application under PPIPA “because it has hardly any procedural requirements”.52 If, however, the information is more complex, extensive or contentious, applicants are likely to favour applying for access under the LGA, since “the options and discretions available to councils under that Act to refuse access to information are far more limited than under the FOI Act”.53 Councils themselves are likely to prefer to deal with applications for access to documents under the FOI Act because applicants have to submit their request in writing, councils can charge fees for the documents and “there are greater legal protections available for the council under the FOI Act than under either the [LGA] or PPIPA”.54

8.33 The divergences and inconsistencies between PPIPA and the FOI Act were discussed above. The compounding of these by the addition of the LGA is illustrated in the following examples:

    • The access right in PPIPA is limited to “personal information”, while those in the LGA and FOI Act are not.
    • Access to documents under the LGA is subject to a “public interest” test, but access under PPIPA or the FOI Act has no such test.
    • Applications for information under the FOI Act must be in writing55 and specify that they are being made under that Act56 but there is no similar requirement under the LGA and PPIPA.
    • if an agency refuses access to documents under the FOI Act, reasons for the refusal must be given to the applicant.57 If an agency refuses access to an applicant under the LGA, reasons need not be given to the applicant but reasons must be given to the council.58 If an agency refuses access to an applicant under PPIPA, reasons for the refusal need not be given at all (unless the decision is appealed to the ADT).
8.34 These are just some of the differences, inconsistencies and duplications between the three statutes.59

8.35 The NSW Ombudsman’s submission to the Attorney-General’s Review of PPIPA as to how the “proliferation of access to information regimes” should be addressed was quoted in paragraph 8.16 above. In substance, the submission argued for amendments that would ensure that the “access to information” provisions in PPIPA (s 1315) did not apply to agencies to which the FOI Act’s “access to information” provisions applied. Since the FOI Act applies to councils by defining an “agency” as including a council within the LGA, this exemption from the application of PPIPA would also extend to councils. They would, however, still be subject to two regulatory regimes (pursuant to the FOI Act and the LGA).

8.36 Whether this would satisfactorily resolve the current state of affairs needs to be examined. First, applicants would still have to choose from two separate statutes under which to make an access application to a local government authority. This would carry with it all the problems that the overlapping and competing regulatory regimes had before, albeit on a lesser scale. Secondly, it is debatable whether or not councils would prefer their legal obligations and responsibilities to be governed by the FOI Act rather than the LGA. The Local Government Governance Network Group, for example, submitted to the Attorney General’s Review of PPIPA that the LGA should be the primary statute for managing council information, and if that submission were to be acted upon then the scope of the FOI Act would need to be reduced so as to exclude (or at least restrict or limit) its application to local authorities.

8.37 On the other hand, if, as the Ombudsman contends, there are greater protections when dealing with applications for access to information for councils and their staff under the FOI Act than under the LGA, then it would be understandable for councils to be arguing for the FOI Act to operate to the exclusion of the LGA. Either way, the eradication of all forms of duplication and overlap requires that any given agency (in this case, a council) be regulated by only one set of statutory provisions when dealing with applications for access to information.

      ISSUE 66

      (a) Should the following amendments, as suggested by the NSW Ombudsman, be made?

        • repeal s 20(5) of the Privacy and Personal Information Protection Act 1998 (NSW);
        • amend s 13, 14 and 15 and/or s 20 of the Privacy and Personal Information Protection Act 1998 (NSW) to provide that the IPPs contained in those sections do not apply to agencies to which the Freedom of Information Act 1989 (NSW) applies and that, in relation to those agencies, those principles are implemented through the relevant provisions of the Freedom of Information Act 1989 (NSW);
        • amend the Freedom of Information Act 1989 (NSW) to clarify that agencies can adopt informal methods of releasing personal information to the applicant.
      (b) Is there a better alternative to this solution?

      ISSUE 67

      What alternative amendments to the Privacy and Personal Information Protection Act 1998 (NSW), the Freedom of Information Act 1989 (NSW) and the Local Government Act 1993 (NSW) would address the current problems arising from the application of three different regulatory schemes?

THE RELATIONSHIP BETWEEN PPIPA AND THE SRA

8.38 The main purpose of the SRA is “to make provision for the creation, management and protection of the records of public offices of the State and to provide for public access to those records”.60 Section 12 of the Act provides that “each public office must make and keep full and accurate records of [its] activities” and must “establish and maintain a records management program”.61 A “record” is defined to mean any document or other source of information compiled, recorded or stored in written form or on film, or by electronic process, or in any other manner or by any other means”.62 A “state record” is defined to mean “any record made and kept, or received and kept, by any person in the course of the exercise of official functions in a public office, or for any purpose of a public office, or for the use of a public office, whether before or after the commencement of this section”.63 “Public office” is very widely defined and includes a State owned corporation.64 Under the SRA, a person can gain access to State records that are at least 30 years old,65 providing an open access direction has been made.66

8.39 The Crown Solicitor has highlighted an issue arising from the interaction between PPIPA and the SRA and their application to imperatives to amend or destroy documents.67 Section 21(1) of the SRA prohibits a person from, among other things, disposing of, or altering, a State record. It is a prohibition that prevails over a provision of any other Act that was enacted before it commenced,68 unless the conflicting Act provides expressly for its provision to have effect despite s 21 of the SRA.69 The SRA (except for Part 4) commenced on 1 January 1999, whereas PPIPA was enacted on 30 November 1998.70 However, disposal or alteration of a State record is not a contravention of s 21 if it is “done in accordance with normal administrative practice in a public office” or “authorised or required to be done by or under [the SRA], or by or under a provision of any other Act that is prescribed by the regulations as being an exception to [Part 3 of the SRA]”.71

8.40 Section 12 of PPIPA provides that a public sector agency must not keep information for longer than is necessary and contemplates alteration of a document to delete information no longer needed or disposal of documents. The Crown Solicitor has submitted that it is unclear how s 12 was intended to apply in light of s 21 of the SRA. It notes that, to date, the ADT has declined to clarify the interaction between the provisions.72 However, in GR v Director-General, Department of Housing, the ADT Appeal Panel stated that “every attempt should be made to read the provisions [of PPIPA and the SRA] harmoniously”.73

8.41 Section 15(4) of PPIPA, on the other hand, specifically states that s 15 applies to public sector agencies despite s 21 of the SRA.

      ISSUE 68

      (a) Should a provision be inserted into s 12 of the Privacy and Personal Information Protection Act 1998 (NSW), identical to that inserted into s 15(4) of that Act, providing that s 12, and any provision of a privacy code of practice that relates to the requirements set out in that section, apply to public sector agencies despite s 21 of the SRA?

      (b) Alternatively, should s 12 be clarified as taking effect subject to the prohibition in s 21 of the State Records Act 1998 (NSW)?


FOOTNOTES

1. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998 (April 2004), 14.

2. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 16, quoting former Privacy Commissioner Chris Puplick.

3. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 16, quoting former Privacy Commissioner Chris Puplick.

4. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 15.

5. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 14.

6. New South Wales AttorneyGeneral’s Department, Review of the Privacy and Personal Information Protection Act 1998 (Tabled 25 September 2007, Legislative Assembly).

7. Freedom of Information Act 1989 (NSW) s 16.

8. Privacy and Personal Information Protection Act 1998 (NSW) s 4.

9. Section 4 of the Privacy and Personal Information Protection Act 1998 (NSW) provides that “personal information means information or an opinion (including information or an opinion forming part of a database and whether or not recoded in material form) …”.

10. Defined as “information or an opinion … about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion”: Privacy and Personal Information Protection Act 1998 (NSW) s 4(1).

11. Privacy NSW, Submission on the Review of the Privacy and Personal Information Protection Act 1998 (June 2004), 82.

12. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 19.

13. Crown Solicitor ’s Office, New South Wales, Advice (5 October 2007), 24.

14. Ormonde v NSW National Parks & Wildlife Service (No 2) [2004] NSWADT 253, [56].

15. New South Wales, Administrative Decisions Tribunal, Submission to Attorney General’s Department Review of the Operation of the Privacy and Personal Information Protection Act 1998 (26 May 2004), 8.

16. New South Wales, Administrative Decisions Tribunal, Submission to Attorney General’s Department Review of the Operation of the Privacy and Personal Information Protection Act 1998, 9.

17. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 14.

18. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 20.

19. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 20–21.

20. Privacy and Personal Information Protection Act 1998 (NSW) s 45(1).

21. Privacy and Personal Information Protection Act 1998 (NSW) s 52(1).

22. Freedom of Information Act 1989 (NSW) s 52(1).

23. Freedom of Information Act 1989 (NSW) s 52 and 53.

24. Freedom of Information Act 1989 (NSW) s 61.

25. Privacy and Personal Information Protection Act 1998 (NSW) s 54(1).

26. Privacy and Personal Information Protection Act 1998 (NSW) s 53(3).

27. Freedom of Information Act 1989 (NSW) s 34(2).

28. Privacy and Personal Information Protection Act 1998 (NSW) s 45(5).

29. Freedom of Information Act 1989 (NSW) s 54.

30. Privacy NSW, Submission on the Review of the Privacy and Personal Information Protection Act 1998, 36.

31. Privacy NSW, Submission on the Review of the Privacy and Personal Information Protection Act 1998, 36.

32. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 27.

33. It submitted that “Privacy NSW should be amalgamated with the NSW Ombudsman, including: a) the transfer to the Ombudsman of the full staff and budget of Privacy NSW, and b) the establishment of a specialist access to information and privacy team within the NSW Ombudsman’s Office”: NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 28.

34. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 27.

35. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 27.

36. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 26.

37. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 27.

38. Privacy NSW noted that the Australian Law Reform Commission rejected the idea of an Ombudsman taking the role of FOI Commissioner for this reason: Privacy NSW, Submission on the Review of the Privacy and Personal Information Protection Act 1998, 36.

39. Privacy NSW, Submission on the Review of the Privacy and Personal Information Protection Act 1998, 37.

40. Privacy NSW, Submission on the Review of the Privacy and Personal Information Protection Act 1998, 37.

41. Privacy NSW, Submission on the Review of the Privacy and Personal Information Protection Act 1998, 37.

42. For example, Privacy NSW has a large, and growing, advice role and sees itself as a resource to agencies, not just a “watchdog”: Privacy NSW, Submission on the Review of the Privacy and Personal Information Protection Act 1998, 37.

43. Letter from the NSW Ombudsman to the Director, Legislation and Policy Division, NSW Attorney General’s Department (5 July 2004).

44. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 28.

45. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 28.

46. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 28.

47. New South Wales Attorney General’s Department, Review of the Privacy and Personal Information Protection Act 1998, [13.12], 65.

48. Local Government Act 1993 (NSW) s 12(6).

49. Privacy and Personal Information Protection Act 1998 (NSW) s 14.

50. Freedom of Information Act 1989 (NSW) s 16(1).

51. Local Government Act 1993 (NSW) s 12B(1).

52. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 15.

53. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 20.

54. NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, 16.

55. Freedom of Information Act 1989 (NSW) s 17(a).

56. Freedom of Information Act 1989 (NSW) s 17(b).

57. Freedom of Information Act 1989 (NSW) s 28(2)(e).

58. Local Government Act 1993 (NSW) s 12A(1).

59. See NSW Ombudsman, Submission to the Review of the Privacy and Personal Information Protection Act 1998, Appendix B-1, Navigating the Maze: A Guide to the Alternative Regimes for Access to Personal Information in NSW.

60. State Records Act 1998 (NSW), Long Title.

61. State Records Act 1998 (NSW) s 12.

62. State Records Act 1998 (NSW) s 3.

63. State Records Act 1998 (NSW) s 3.

64. State Records Act 1998 (NSW) s 3.

65. State Records Act 1998 (NSW) pt 6.

66. State Records Act 1998 (NSW) s 51.

67. Crown Solicitor’s Office, New South Wales, Advice (5 October 2007), [6.1]-[6.4].

68. State Records Act 1998 (NSW) s 21(6).

69. State Records Act 1998 (NSW) s 21(7).

70. Although Part 2, Division 1 of the Privacy and Personal Information Protection Act 1998 (NSW), containing the IPPs, did not commence until 1 July 2000.

71. State Records Act 1998 (NSW) s 21(2).

72. See FH v Commissioner, New South Wales Department of Corrective Services [2003] NSWADT 72; and GR v Director-General, Department of Housing [2004] NSW ADTAP 26.

73. GR v Director-General, Department of Housing [2004] NSW ADTAP 26, [57].

Previous Page | Back to Lawlink Home | Top of Page
  Last updated 29 July 2008   Crown Copyright ©  
Hosted by agd logo
Lawlink NSW