|
Previous issues:
|
|
|
|
|
|
|
|
|
|
The Australian Media and Communications Authority has won its first SMS spam case before the Federal Court. This case, Australian Communications and Media Authority v Mobilegate, illustrates ACMA's willingness to pursue serious breaches of the Spam Act. |
|
|
|
|
|
The Attorney-General's Department has developed a proposal to amend the Telecommunications (Interception and Access) Act 1979 to allow owners and operators of computer networks in Australia to undertake activities to protect their networks. We compare and contrast the two regimes and discuss the implications for owners and operators of computer networks. |
|
|
|
|
|
The NSW Law Reform Commission, in its report Invasion of Privacy, has called for a general cause of action for breach of privacy in New South Wales. But, even though the report echoes the Australian Law Reform Commission's report Australian Privacy Law and Practice, there are some distinguishing features which we discuss in detail. |
|
|
|
|
|
The Australian Communications and Media Authority announced that the number of complaints of telemarketing calls made to numbers on the Do Not Call Register had been reduced by 60% from those made during its first year of operation. |
|
|
|
|
|
| While there are some significant exemptions for organisations in the charity and welfare sectors those organisations are not entirely exempt from privacy concerns, and many organisations will have material obligations regarding the collection, use and disclosure of personal information. |
|
|
|
|
|
| One of the most talked about eHealth initiatives is the introduction of a national electronic health record for all Australians. Several challenges must be overcome before the national electronic health record can become a reality and one of these is need for a satisfactory and robust privacy regime. |
|
|
|
|
|
| The Office of the Federal Privacy Commissioner recently urged Government agencies to protect data contained on portable storage devices, a recommendation that private sector organisation should also consider. |
|
|
|
|
|
| In this article we review five recent case notes. The first two cases clarify the meaning in NPP 6.1 that an organisation 'provide access' to an individual's personal information that it holds and how the Privacy Commissioner determines whether information disclosure is 'required or authorised by law' in the context of legal proceedings. The next two cases consider the consumer credit provisions of the Act and an own motion investigation into privacy breaches involving medical records. The final case is a timely reminder for employers to be mindful that the 'employee records' exemption under the Privacy Act will not necessarily protect them in all cases when dealing with employee records. |
|
|
|
|
|
| The application of the European Union’s Data Protection Directive, introduced to harmonise the data protection laws throughout the EU, raises some interesting dilemmas when dealing with certain technology services such as the internet, which are designed to facilitate the cross-border sharing of data. |
|
|
|
|
|
| In Giller v Procopets, the Victorian Court of Appeal considered whether the defendant’s disclosure to third parties of a videotape that depicted sexual activity between the plaintiff and the defendant constituted breach of confidence, intentional infliction of emotional harm or an invasion of privacy. |
|
|
|
|
|
| This article analyses the ALRC's proposed mandatory data breach reporting scheme as well as the current voluntary guidelines issued by the Office of the Federal Privacy Commissioner in order to assist businesses in managing potential data breaches. |
|
|
|
|
|
| The Queensland Government has proposed significant reforms to privacy and freedom of information laws for its state government agencies. This article summarises the two draft bills: Information Privacy Bill 2009 and the Right to Information Bill 2009. |
|
|
|
|
|
| ACMA's selection of enforcement initiatives seems to indicate that, in the absence of flagrant, malicious or egregious behaviour, enforceable undertakings and formal warnings are the preferred methods of dealing with breaches of the Spam Act. |
|
|
|
|
|
| The Federal Privacy Commissioner has published three new case notes of finalised complaints concerning the interpretation or application of the Privacy Act. The case notes indicate the Commissioner's approach to resolving disputes. |
|
|
|
|
|
| This article discusses ACMA's campaign over the past 12 months to improve telecommunications compliance with the Do Not Call Register |
|
|
|
|
|
|
The ALRC has considered the Australian Government's proposal to establish national shared electronic health records based on a unique healthcare identifiers system and recommended that any scheme should be established under specific enabling legislation. The Privacy Commissioner has made similar recommendations in its submission to the National E-Health Transition Authority on the Privacy Blueprint for the Individual Electronic Health Record. |
|
|
|
|
|
|
One of the significant recommendations made by the ALRC is to amend the definition of 'personal information' in the Privacy Act. This will be relevant to all organisations and agencies since under the proposed new definition, information that is held by them may now be subject to the Privacy Act. |
|
|
|
|
|
|
In addition, the Australian Communications and Media Authority has produced a Fact Sheet to protect the privacy of individuals who engage in online social networking. The Fact Sheet identifies a number of key risks and suggests simple steps that individuals can take to protect themselves. |
|
|
|
|
|
|
The Privacy Commissioner has recently issued three new Privacy Guides on:
- interaction between the Privacy Act and the Spam Act, for organisations who engage in electronic marketing
- internal investigations of privacy complaints, a step-by-step approach for organisations and agencies to investigate and attempt to resolve complaints by individuals about interferences with their privacy and
- handling personal information security breaches, to help organisations and agencies prevent and respond effectively to breaches of personal information security.
|
|
|
|
|
|
|
This article discusses the aftermath of the recent decision of the Victorian County Court in relation to whether a common law duty of care exists between a broadcaster and member of the public. |
|
|
|
|
|
As we reported in our March 2008 edition, the APEC Data Privacy Pathfinder has been endorsed by APEC members. This article discusses how Australian businesses should approach the transfer of data to international entities, in particular to APEC and EU countries. |
|
|
|
|
|
|
In light of the imminent public release of the Australian Law Reform Commission's (ALRC) Final Report on Privacy, this article outlines the reform suggested by the ALRC in their Discussion Paper 72 on the "Review of Australian Privacy Law" in relation to anti-money laundering and counter-terrorism financing. |
|
|
|
|
|
This article summarises the recent Draft Voluntary Information Security Breach Notification Guide issued by the Office of the Privacy Commissioner. |
|
|
|
|
|
As we reported in the November 2007 edition of the Privacy Update, submissions in response to the Australian Law Reform Commission's 'Review of Privacy' closed on 7 December 2007. According to the ALRC website at the time of issue of this edition, the ALRC's final report and recommendations were due to be delivered to the Attorney-General on or before 31 March 2008. |
|
|
|
|
|
|
This article summarises three recent cases that came before the Privacy Commissioner late last year and recent news from the Office of Privacy Commissioner. |
|
|
|
|
|
|
The APEC Data Privacy Pathfinder (Pathfinder) was formally endorsed by APEC members when they met in Sydney last year. The purpose of the Pathfinder is to develop a framework to regulate the transfer of personal information by business across national borders, which aims to ensure that an individual's personal information is protected no matter which APEC country the information is transferred from or to. |
|
|
|
|
|
The Australian Law Reform Commission has recommended a major overhaul of Australia's federal privacy laws, putting forward more than 300 sweeping changes to the current regime under the Privacy Act 1988. Many of the proposals focus on greater protection for individual privacy, reflecting the advances in technology since the Act was passed in 1988. What does this mean for businesses? |
|
|
|
|
|
The Privacy Commissioner has recently considered three important cases regarding privacy breaches and disclosure of information by various organisations. |
|
|
|
|
|
The Federal Privacy Commission recently conducted an investigation into the disclosure of personal information of its members by one of the country's largest private health funds to a third party involved in its Helping Hand Program. |
|
|
|
|
|
The new Privacy Protection for Off-shoring Bill which aims to regulate the transmission of 'personally identifiable information' for processing outside Australia has been introduced into the House Representatives. Specifically, the Bill would insert new provisions the Trade Practices Act to increase measures for the protection of personally identifiable information. |
|
|
|
|
|
The Privacy (Private Sector) Amendment Regulations 2007, that come into operation on 1 December 2007, will bring small businesses, which operate a residential tenancy database and which undertake certain related acts and practices, into the scope of the term 'organisation' for the purposes of the Privacy Act. |
|
|
|
|
|
| Democrats Senator, Natasha Stott-Despoja, has introduced a private member's Bill into parliament seeking immediate amendments to the Privacy Act to further tighten existing privacy laws. The proposed Bill will require all private organisations and Commonwealth Government agencies, which are subject to the Act, to notify individuals if their data security has been breached. |
|
|
|
|
|
In this article we consider the implications of three recent cases which came before the Privacy Commissioner. |
|
|
|
|
|
Western Australia has introduced the Information Privacy Bill 2007 into parliament which, if enacted, will follow the lead of NSW, Victoria and the ACT to give effect to an undertaking by Australian health ministers to introduce Health Privacy Principles specifically for private sector handling of health information. |
|
|
|
|
|
In submissions to the Australian Law Reform Council (ALRC), the Privacy Commissioner has recommended a raft of amendments to the credit reporting provisions of the Privacy Act, including the repeal of Part IIIA, but remains unconvinced that Australia needs to introduce a comprehensive credit reporting scheme. |
|
|
|
|
|
In Jane Doe v the ABC & Ors, the Victorian County Court has held that the alleged invasion or breach of privacy is an actionable wrong which gives right to recover damages in the normal way. The decision has been heavily criticised and is currently on appeal. If the appeal is unsuccessful, it may affect the potential liability of organisations for disclosing personal and private information without good reason and without taking proper care. |
|
|
|
|
|
|
Following the success of Operation Wickenby, the Federal Government is looking to introduce legislation that will allow the Australian Taxation Office to release private taxpayer information to other government agencies such as the Australian Crime Commission, the Australian Securities and Investments Commission and the Australian Federal Police. |
|
|
|
|
|
|
The national 'Do Not Call Register' will be introduced shortly, and is expected to commence operating in May of this year. The Australian Communications and Media Authority, which will oversee the $33 million project, has announced that Melbourne-based Service Stream Solutions Pty Ltd will develop and operate the Register. |
|
