The spread of new technologies and the internet into people's personal and business lives over the past 15 years has been rapid and far-reaching; so much so that governments and the courts have struggled to keep pace with the attendant privacy implications. The result has been overlapping sets of state, federal and territory laws governing privacy regulations for the public and private sectors, and a great deal of confusion about compliance, coverage and what are acceptable principles for information-sharing in fast-developing technologies such as electronic health and medical records, online banking, social networking, data security, emails, mobile phones and digital cameras.
It was to address legislative deficiencies in Australia's complex privacy laws, including the 1988 Commonwealth Privacy Act, exposed by these fast-developing technologies, that the Australian Law Reform Commission issued about 300 law reform proposals last year and began one of the largest public consultations in its history. On Monday, the commission tabled the result of its deliberations in Federal Parliament: a three-volume, 2700-page report containing 295 proposed reforms some of which are bound to test the Federal Government's resolve to update and reform the 1988 Privacy Act, requiring as it inevitably will the difficult task of confronting competing and colliding interests.
Special Minister of State Senator John Faulkner has indicated there will be a stage-by-stage response to the commission's reform agenda, with the Government committed at first instance to implementing recommendations designed to streamline and harmonise state and federal laws governing the control of information and data. Faulkner expects this to happen within 18 months. Once the easy, low-hanging fruit is gone, the other more problematic issues, such as whether the current system of two sets of privacy principles governing the public and private sectors should be replaced with a unified set applicable to all jurisdictions, and whether political parties should continue to be exempt from the Privacy Act, will be addressed. However, Faulkner has offered no time frame for implementation of these proposals, suggesting that it will not happen before the next federal election. Arguably, the Government has its priorities right. With data flow crucial to the growth of modern information-based economies like Australia, the implementation of legal frameworks which facilitate this and which reduce the complexity of existing regulation seems entirely sensible. As a start, the commission has proposed that important terms in the Privacy Act, such as ''personal information'' and ''sensitive information'', be redefined to reflect new technologies and new methods of collecting and storing personal information.
Commission president David Weisbrot says the Australian public remains wary about the way private information is acquired by business and government, the way it is protected, and to whom it is distributed with good reason, given the number of incidents involving the inadvertent loss of government databases, particularly in Britain. And there was an example of corporate data leakage here this week when a computer booking agency mistakenly released a small portion of its database into the public domain.
The introduction of data disclosure laws should assuage such fears, Weisbrot says. Australians nonetheless accept and recognise the benefits for individuals and for society generally to be gained from the accrual of such information. A commission recommendation regarding credit reporting takes that thinking to its logical conclusion: it says specialist agencies selling information to banks and other credit organisations should be allowed to collect more information on consumers, including repayment histories, provided that enforceable measures are enacted to ensure more responsible lending. Likewise, the commission wants laws dealing with the electronic storage of health and medical information held by doctors and hospitals to be updated and harmonised so that such records can be transferred interstate, in a secure, coded form, to facilitate the treatment of patients. Though the Government says it will back this proposal, there remains uncertainty about the ethics of transmitting personal or private information across borders, whether to facilitate emergency treatment of an individual or to enable an epidemiological survey. The creation of large centralised medical databases is regarded with equal, if not greater, suspicion, though this has not stopped other countries, such as Sweden, from developing them, albeit with strict disclosure laws.
Doubtless, the Federal Government's enthusiasm for these proposals stems in part from knowledge of the great promise that health informatics holds for population health and medical research. Where the proposals hold out fewer tangible benefits, or where they involve taking on vested interests (including party political interests), Faulkner's response has been more muted.