Privacy NSW Newsletter - July 2003
Milestones
1. Privacy NSW wants you!
2. Privacy tackles consent and capacity
3. New Health Privacy Law – Countdown
4. Regular features:
Milestones
What do Pamela Anderson, Princess Diana and the PPIP Act have in common? Their birthday is on the 1st of July!
The 1st of July marks the 3rd anniversary of the Privacy and Personal Information Protection Act (PPIP Act). Three years ago to this day, the Information Protection Principles, the right to Internal and External Review and the Public Register Provisions all came into effect. Since this date, we have seen a significant increase in enquiries, requests for advice and more recently, internal reviews.
Other exciting news here at Privacy NSW is that we will soon be launching a new education and publications strategy. To kick it off, we are taking a survey of the NSW privacy community, including Privacy Contact Officers such as yourselves (read more about the Survey in the sections below). All your comments and suggestions are really worthwhile to us and we look forward to hearing from you about your needs.
There are other milestones to note as well here at Privacy NSW. Chris Puplick, who was the first New South Wales Privacy Commissioner, resigned last month. Chris made valuable contributions to public debate about privacy issues, and his commitment to the protection of human rights has been recognised by fellow Privacy Commissioners in Australia.
The Attorney General has appointed Ms Maureen Tangney as Acting Privacy Commissioner until a new Commissioner is appointed. Ms Tangney was the Executive Member of the former Privacy Committee, and she is currently the Director of the Legislation and Policy Division in the NSW Attorney General’s Department.
Anna Johnston
Deputy Privacy Commissioner
1. Privacy NSW wants you!
Privacy NSW will soon be launching a new series of education and training materials in order to assist organisations in the application of the PPIP Act. This will include new publications and awareness-raising events.
In order to get off on the best possible footing, we would like to hear from you directly about what you need from us. We will shortly be sending an Education and Training Needs Survey to each public sector agency to be completed by their Privacy Contact Officer. We would greatly appreciate it if you could take 10 minutes to fill out our Survey, which will help us identify your needs and determine our priorities in delivering those services to you.
You will also soon be able to download an electronic version of the Survey from our website. Please return your completed survey to us by email at privacy_nsw@agd.nsw.gov.au by Monday, 21 July 2003.
2. Privacy tackles consent and capacity
How can you protect the privacy of someone who is not necessarily capable of giving consent?
On 15 May Privacy NSW opened its doors to a diverse group of stakeholders to discuss the first Draft Guidelines on Consent and Capacity.
The guidelines deal with complex issues that arise in protecting the privacy of adults who may lack “capacity” due to a disability or injury, such as a mental illness, dementia, an intellectual disability, or an acquired brain injury. In developing these guidelines, Privacy NSW is responding to the need expressed by both members of the public sector and the community to deal with this complex question.
Over 50 people attended the consultation, including representatives of public sector agencies, advocacy and self-help organisations, carers, non-government service-providers, and members of the health and legal professions.
The consultation was highly interactive and a wealth of feedback was obtained from participants on the Draft Guidelines. Participants were overwhelmingly positive about both the need for the Guidelines and the interactive nature of the consultation itself.
You can see a copy of the Draft Guidelines as well as a copy of the Consultation Report on our website. We are preparing a second draft of the guidelines which will be available on our website from late July 2003.
3. New Health Privacy Law – Countdown
New legislation to protect the privacy of health information is expected to commence in the first half of 2004. The Health Records and Information Privacy Act 2002 will promote fair and responsible handling of health information and will apply to every organisation that is a health service provider or that collects, holds or uses health information. This includes NSW public sector agencies as well as the private sector.
Privacy NSW is working on a series of guidelines and an education strategy to assist people in the application of the Act. We have also created a new section on our web site and will be keeping you up-to-date with all the latest developments over the next few months. For more information, visit our new web page.
4. Regular features:
- Privacy in the News
- Pools, Phones and Peeping Toms – The Sydney Morning Herald recently reported that mobile phones will be banned from change rooms in gyms, pools and sports centres in an effort to deter misuse of new-generation camera-phones. There is a fear that the phones with camera and video capabilities would allow “devious minds” to record images and transmit them electronically and that basic privacy rights would be infringed. Public debate on camera-phones and privacy rights is set to continue over the next couple of months.
(The Sydney Morning Herald, 12/06/03, page 5)
- SARS “super-spreader” sacrificed – The Toronto Star recently defended the plight of a 26-year-old former flight attendant afflicted with the deadly SARS virus. More than 100 cases of SARS have been traced back to her, including her own parents who have since died of the virus. The local newspapers covering the SARS epidemic named her, and even gave her the nickname of “super-spreader” – a kind of modern “Typhoid Mary”.
The woman’s brother made an emotional plea to both the newspaper and the Health Ministry to withdraw her name. He feared not only the damage to her reputation and future employment prospects, but also the emotional damage during her grieving period in isolation. The Star called for compassion, confidentiality and her right for privacy.
(The Australian, 28/04/03)
- Stalking - A landmark case – A judgment in the Queensland District Court (Grosse v Purvis) appears to be the first Australian Court decision to recognise an “invasion of privacy”. Damages of $178,000 have been awarded to the plaintiff following stalking by the defendant, including damages for breach of the right to privacy. The court’s findings were based on comments made by judges of the High Court in the recent case of ABC v Lenah Game Meats which left the way open for a legal recognition of a right to privacy.
- From the Tribunal
News from the Administrative Decisions Tribunal:
- FM v Macquarie University - FM enrolled as a postgraduate student at the University of NSW after a previous post-graduate enrolment at Macquarie University. He signed a form authorising UNSW to obtain information from other Universities at which he had enrolled. UNSW sought further information from Macquarie University concerning his prior enrolment. As well as obtaining a transcript of his academic record, a staff member of UNSW phoned two members of the teaching staff of Macquarie and learned about incidents that had led to a disciplinary investigation. FM claimed that he had not authorised Macquarie to disclose this information to UNSW.
The Tribunal found that Macquarie University's conduct breached section 18 of the PPIP Act. The case is significant for clarifying the Act's application to personal information held outside formal record systems, and in its interpretation of the scope of exemptions under a section 41 Direction. The University has appealed to the Tribunal’s Appeals Panel.
- FH v Commissioner, New South Wales Department of Corrective Services - FH was a correctional inmate. After serving part of a sentence, his conviction was overturned on appeal. He sought review of the decision by the Department not to remove his information from circulation or "delete" his computerised inmate record.
The Department argued that it had legal authority to collect personal information on inmates serving full-time custody in NSW correctional centres. It also referred to obligations on public sector agencies under the State Records Act 1998 to preserve records, and the possibility of penalties for non-compliance.
The Tribunal dismissed FH’s arguments in that the records were being retained for "directly related purposes" and that security safeguards were being examined for the electronic records system on which FH’s information was being held. This case indicates the limits the ADT is likely to set when reviewing a decision by an agency about the retention of personal information in electronic format and the adequacy of security measures adopted.
- Fitzpatrick v Ambulance Service – Under the Tribunal’s Interim Rules, there is a 28 day time limit for lodging applications. However, in this case it was found not to apply to privacy applications. Agencies should therefore be aware that applicants can apply to the Tribunal at any time after their Internal Review is complete. That is, there are no time limits. Privacy NSW has supported a request by the ADT to the Attorney General, to amend the PPIP Act as a matter of priority, to set workable timeframes for all parties.
All the above and other Case Notes are available on our website.
- Publications
Draft Guidelines on Consent and Capacity (see above for more details) are available for consultation on our website.
Privacy Code of Practice (General) 2003, which commenced on 9 May 2003, is now available via our website.
- What’s on
| 8 September 2003 | The Body as Data International Conference,
Privacy Victoria, Melbourne
|
| 10-12 September 2003 | 25th International Conference of Data Protection & Privacy Commissioners will be held in Sydney. This year's theme is "Practical Privacy for People, Government and Business".
For more information, see the Conference web site at: www.privacyconference2003.org |
|
|
