Recent cases: Is there fragmentation of Australia's public sector privacy laws? Professor Graham Greenleaf UNSW Faculty of Law - 22 May 2003 NSW Freedom.

Slides:



Advertisements
Similar presentations
IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
Advertisements

Part 2. QUEENSLAND INTERNATINOAL BUSINESS ACADAMY.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
The Australian Privacy Principles Protecting information rights –­ advancing information policy.
CSE2500 Systems Security and Privacy Week 11 Privacy Law in Australia (after 2000)
Information Systems Unit 3 – Outcome 3 Legal Obligations of Programmers Student Lecture.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
2/06/2015Copyright, Dan Svantesson Law 105 Communication and the law.
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
1 Disclosing Student Personal Information to the Queensland Police Service 1-2 July 2008 RED/EDS Business Meeting.
The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.
Transparency in Public Administration – FOI and EIR
Information Privacy Policy in Canada Presented By: Sue Wu.
Freedom of Information – a brief guide David Evans.
Volunteers and the Law Riverland Community Legal Service Inc.
Data Protection Overview
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Jayne Van Souwe, Principal, Wallis Consulting Group Andrew Maher, Partner, HR Legal.
FSCPC1 Privacy in the workplace Chris Connolly Director Financial Services Consumer Policy Centre.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
Documentation: The legal aspects Maternal and Child Health Conference 5 February 2010 Your speakers: Joanne Kummrow Daniel Perkins.
Use, disclosure, and related principles (data quality etc) Privacy & Surveillance Graham Greenleaf & Nigel Waters Last updated October 2008.
Security and related IPPs (Retention and Disposal) Privacy and Surveillance Nigel Waters & Graham Greenleaf Last updated October 2008.
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
Key concepts in Information Privacy Principles (IPPs)‏ Information Privacy & Data Surveillance Topic 4 Nigel Waters & Graham Greenleaf Last updated September.
APPLICATION FOR ACCESS (PAIA) Mandatory protection (which must be refused in terms of Chap 4 subject to S46) DENIAL OF ACCESS (PAIA) Internal Appeal to.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Some wrong turns for ‘personal data’ Graham GreenleafGraham Greenleaf, UNSW Interpreting Privacy Principles: Chaos or Consistency? Sydney, 17 May 2006.
APEC vs APT?: The struggle for regional privacy standards Graham Greenleaf ‘Terrorists & Watchdogs’ Conference, 8 September 2003 See
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Protecting information rights –­ advancing information policy The Australian Privacy Principles.
Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November
1 THE KENTUCKY OPEN MEETINGS ACT KRS – [T]he basic policy of KRS to is that the formation of public policy is public business.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
Collection & Related Principles Information Privacy & Data Surveillance Nigel Waters & Graham GreenleafGraham Greenleaf Last updated September 2008.
Baker Cyberlaw Centre Seminar 4/12/031 Pitfalls in the complaints process: a privacy advocate's perspective Graham Greenleaf Professor of Law, UNSW, and.
Other IPPs - Access, Correction, & Openness Privacy and Surveillance Nigel Waters and Graham Greenleaf Last updated October 2008.
Communicating interpretations: Building confidence in principles Graham GreenleafGraham Greenleaf, UNSW Interpreting Privacy Principles: Chaos or Consistency?
IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.
IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.
Barry’s Buzz Items of interest affecting Local Government Revenue Management.
Privacy in the Workplace Roland Hassall, Partner Date: 12 November 2015.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
The Protection of Personal Information Bill 13 February
Privacy Area Managers 21 November The Rules in Australia The Australian Privacy Principles (The Privacy Act) Applies to all organisations.
PRIVACY AND SPAM. PRIVACY Claim of individuals, groups or institutions to determine when, how and to what extent personal information is communicated.
Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.
November 2012 Briefing on exposure draft Human Rights and Anti- Discrimination Bill.
The New Privacy Principles and Schools Charles Alexander Veronica Scott March2014 ME_ _3 (PPT)
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Understanding Privacy An Overview of our Responsibilities.
Mandatory notification Who? What? When? How? Kieran Pehm Commissioner Health Care Complaints Commission.
2011 Annual May Workshop The Australian Privacy Law Reform Project: a snapshot Karin Clark 4 May 2011.
Understanding Privacy An Overview of our Responsibilities.
Surveillance around the world
Director, Regulation and Strategy
Surveying the privacy landscape
Privacy in the Workplace
IT Applications Theory Slideshows
Malcolm Crompton International Privacy: Managing Privacy in a Global Organisation – Identity, HR, Security & more IAPP TRUSTe Symposium: Privacy.
APP entities (organisations)
The Matrix Health Funds, Clinical Providers and Patients - Balancing competing priorities of health versus individual privacy 30 August.
SURVEILLANCE IN THE WORKPLACE: WHAT YOU SHOULD KNOW
Patrick Sefton | Principal, Brightline Lawyers
FERPA For New Faculty Lawrence F. Glick Sr. Associate General Counsel
Defensive Medicine Debate
Presentation transcript:

Recent cases: Is there fragmentation of Australia's public sector privacy laws? Professor Graham Greenleaf UNSW Faculty of Law - 22 May 2003 NSW Freedom of Information and Privacy Practitioners Network

Public sector privacy laws Variations so far Commonwealth / ACT - IPPs NSW - NSW IPPs Vic & NT (and private sector) - NPPs Superficial similarities in aims All based on life-cycle of information Significant differences in details Little case law except new NSW cases - major differences already emerging

Examples and recent cases Collection from the data subject DO v University of New South Wales [2002] NSWADT 211; [2003] NSW ADTAP 9 Consent exception- express or implied FM v Macquarie University [2003] NSWADT 78 FM v Macquarie University Minimal collection - anonymity Wykanak v Dept Local Govt [2002] NSWADT 208 Wykanak v Dept Local Gov FH v NSW Dept Corrective Services [2003] NSWADT 72 FH v NSW Dept Corrective Services Are records required before Acts apply? FM v Macquarie University [2003] NSWADT 78 FM v Macquarie University

Collection from the data subject Some laws require collection from the data subject, but they differ considerably Cth IPPs impose no obligation to do collect from the individual, no consent needed to collect from 3rd Ps NPP 1.4 requires collection only from individual ‘if it is reasonable and practicable to do so’ NSW s9 requires collection directly from individual unless NSW s9 3rd P collection is authorised by the individual; or Provided by parent/guardian if under 16 DO v University of New South Wales [2002] NSWADT 211 UNSW did have authorisation to collect from 3rd Ps Iillustrates risks under NSW Act It is OK to ‘double check’ with a 3rd P - collection from both

Consent exception Cth IPPs and NPPs - implied consent ‘express consent or implied consent’ (Cth PA s6, also Vic) Consent must also be informed ( meaning of ‘consent’) Can consent be implied from failure to opt out? NSW s26(2) requires express consent Failure to opt out could never be good enough FM v Macquarie University [2003] NSWADT 78 FM v Macquarie University Consent to UNSW to collect transcript from UNSW was implied consent to Macquarie to disclose it, but that is not express consent Cf NZ requires ‘authorization’ NZ Courts (L v J, L v L) have held this includes implied authorizations (see Roth article)

Minimal collection - anonymity NPP 8 - ‘Wherever lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with an organisation’ - no direct NSW equiv. Is it a breach to build systems which make anonymity impracticable? Does NPP8 require anonymity to be ‘designed in’? FH v NSW Dept Corrective Services [2003] NSWADT 72 - FH v NSW Dept Corrective Services Equivocal on whether breach of security principle where it would cost millions for Dept to change system to log accesses Wykanak v Dept Local Govt [2002] NSWADT 208 (summary) Wykanak v Dept Local Govsummary ADT could not review a complaint of an anticipated breach of a NSW IPP Compare Cth IPPs or NPPs - s98 Injunctions available where ‘a person … is proposing to engage in any conduct that … would constitute a contravention of this Act’Cth IPPs or NPPs - s98 Injunctions

'Records' / 'documents’ Significance in Commonwealth Privacy Act Cth IPPs all require information in ‘records’ or a ‘generally available publication’IPPsrecords NPPs don’t, but s16B has same effects16B One of the dividing lines between information privacy and surveillance laws Problems - compare Cth and NSW results Interview with no notes taken CCTV with no film Listening device with no recording

'Records' / 'documents’ (2) Other jurisdictions requiring records / documents Victoria S3 definition ‘personal information’ - ‘means information … that is recorded in any form …’ Northern Territory S4 definition ‘personal information’ means ‘government information from which …’ S4 definition ‘government information’ means ‘a record held …’ Hong Kong s2 definition 'data' is only 'any representation of information, in any document'. 'document' includes disks, film etc from which visual images or other data are 'capable...of being reproduced’

'Records' / 'documents’ (3) New South Wales - the odd one out S4 defn ‘personal information’ means ‘information or an opinion (….whether or not recorded in a material form) …’ - cannot imply a record from the definition NSW IPPs all refer to ‘personal information’ (contrast Cth IPPs require ‘in a record’) No equivalent to Cth s16B re NPPs All NSW IPPs therefore apply to all personal information whether or not it is ever recorded IPPs only require that agency must ‘collect’ or ‘hold’ personal information

'Records' / 'documents’ (4) FM v Macquarie University [2003] NSWADT 78 FM v Macquarie University Hennessy Dep P (on appeal) S18 breach by Macq’s disclosure to UNSW of information in 2 telephone conversations Information was observations of FM and opinions about him The information was never recorded by Macq Held - Was ‘personal information’ even though FM’s behaviour was observed by others Held - Info was ‘held’ in the mind of Macq staff s4(4) defines ‘held’ as ‘possession or control’ ‘Possess’ must include ‘in the mind’ for non-material information Order - Macq staff must not disclose any information in their minds about students, unless s18 exemption applies