Skip to Main Navigation Menus Skip to Content
Home
Biography
Media Releases
Speeches
Transcripts
Publications/Statements
Webcasts/Podcasts
Subscribe/Unsubscribe
Photo Gallery

Portfolio Agenda:

Lobbyist Register
Contact
Senator Ludwig
SENATOR THE HON JOE LUDWIG Cabinet Secretary Special Minister of State

Speech

Speech by Senator the Hon Joe Ludwig
Cabinet Secretary
Special Minister of State

Confidence in a Digital Age

GALA PRESENTATION DINNER OF THE AUSTRALIAN PRIVACY AWARDS, Sydney
Thursday 12 November 2009

Acknowledgements

Thank you for the introduction Karen, and for asking me to speak tonight at the second Australian Privacy Awards.

First I would like to acknowledge the Gadigal peoples of the Eora nation, the traditional owners of these lands, and pay my respects to their elders, both past and present.

I would like to acknowledge the Office of the Privacy Commissioner and commend them for continuing these Awards and for taking the leading role in promoting and protecting privacy across the Australian community.

I would also like to recognise current and past privacy commissioners and especially the award sponsors for tonight.

Ladies and gentlemen, it is an honour to spend an evening with you – a group of dedicated professionals, distinguished by your excellence in the field of privacy. As the Minister in the Rudd Government with responsibility for the Office of the Privacy Commissioner and privacy policy I look forward to working with you to develop our privacy laws that underpin our society in the digital age.

New technology is arriving on our home and office doorstep every day. It is essential that Government ensures that all citizens have confidence when it comes to their interaction with new technology, regardless of whether that interaction is through the government or business.

An article in the New York Times considered the problem of creating confidence in an age where online information sharing is so prevalent1 . Daniel J Solove, a Professor of Law at George Washington University outlined the path we should take back in 2001. He used Franz Kafka’s novel “The Trial” as a literary metaphor to “effect how we see a problem and the way we solve a problem”2.

As many of you would know, ‘The Trial’ tells the story of Joseph K., who spends a year of his life trying to discover the reason for his inexplicable arrest by unidentified agents. He is unsuccessful in ever determining what of his personal information and history the secretive Court actually possessed.

Solove suggests that “state and federal legislatures should seek to create laws that regulate what public and private information may be collected and processed by private or governmental databases, how the information must be secured and how its successive transfer to other databases should be limited.”3

Some eight years later, across the world, the ALRC recommended very similar principles, and last month I unveiled the Government’s ‘first-stage’ response to their report that attempts to do just this.

Our task as the Government is to build confidence in our laws and practice so that all Australians can embrace the benefits of new technology in the digital age.

I see tonight as a rare opportunity to celebrate your achievements so far, and share with leaders in the field the Rudd Government’s progress in achieving a reformed national privacy framework.

As I’m sure you’re all aware, the Government recently announced its intention to rejuvenate the Privacy Act of 1988 and embark upon the most significant reforms of privacy law since it was first enacted over 20 years ago.

Progressing the Government’s Vision for Privacy Reform

I am committed to establishing a first class privacy regime, and it’s pleasing that so many Government agencies and organisations are already committed to this agenda.

At last year’s inaugural Privacy Awards, the Australian Law Reform Commission was in the process of finalising its report into the effectiveness of our privacy laws. In August 2008, it delivered its final report entitled, For Your Information: Australian Privacy Law and Practice. Last month, I announced details of the Government’s ‘first stage response’ to the ALRC’s report.

Underpinning the Government’s proposed reforms is the establishment of a single set of Privacy Principles. The new harmonised Principles will replace the current separate sets of public and private sector principles at the federal level, untangling red tape and providing more national consistency.

These Principles will create a robust framework which will deliver privacy protection to Australians for the decades to come. For example, the recent Global Financial Crisis highlighted the need for better functioning credit markets and the need for more responsible lending. The Australian Government will complement the new responsible lending regime by adding five positive datasets to credit reporting.  

Previously, credit providers were only able to list negative or bad credit events on an individual’s credit report. Adding five new datasets to the report will mean that a persons’ positive credit history can now be taken into account, along with any defaults of difficulties your may have had in the past. These datasets will benefit consumers and lenders by giving an accurate and complete view of an individual’s credit history.

Tonight I want to focus on three areas of the reform that will contribute to creating confidence. These are:

The Openness Principle4

The first of the new Privacy Principles will be the Openness Principle, a Principle crucial to creating confidence in Government and business information policy.

It will require agencies and organisations to express in a Privacy Policy how they handle personal information at each stage of the information cycle.

The Openness Principle will also require agencies and organisations to take reasonable steps to develop and implement internal policies and practices that enable compliance with the Privacy Principles. These include training, and developing mechanisms to deal with complaints and inquiries. Privacy Policies will be openly available to customers for no charge. 

The Openness Principle will mean agencies and organisations take a transparent and proactive approach to privacy compliance which in turn will allow people to make informed and confident decisions about how they choose to engage with the agency or organisation.  

I recognise that tonight’s attendees are already reflecting and acting on privacy protection, and I commend the fact that many have adopted voluntarily some of the practices which may ultimately become obligatory.

Meeting the challenge of protecting Privacy in an age of new and emerging technologies 5

Because Privacy Policies will be working documents, they will be one of the mechanisms through which agencies and organisations will be required to regularly consider how technologies and new ways of operating will impact on their handling of personal information.

Rapid technological changes have meant a vastly increased capacity to collect, retain and disseminate personal information.

To protect Australians into the future, the Government’s reforms to the Privacy Act will be ‘technology neutral’ and will apply regardless of what medium the information is collected, handled, or stored in.

But while the revamped Privacy Act will be technology-neutral, it is important that privacy protections are not compromised by the use of new technologies; the regulatory framework must remain technology-aware.6 In this sense, the Privacy Principles must be robust yet adaptable.

Another change will be that ‘personal information’ will be defined to ensure that where an IP or email address is linked to other reasonably accessible identifying information, that it will be considered ‘personal information’ and covered by the law. 

Because the reforms will be technology-neutral, organisations, government and individuals can all be certain that as new technologies arise, Australia’s privacy law will continue to protect personal information.

The Government’s 2.0 Taskforce which I am progressing with Minister Tanner, is currently investigating new ways to make best use of government information and online engagement. There are some exciting opportunities opening up – research, mapping, geospatial analysis and even mash-ups (and by that, I am not talking about potatoes)– all of which could result in very significant improvements to service delivery. One of the many challenges for the Taskforce will be to determine how to increase the openness of government through making government information more widely available, while meeting public expectations about how personal information is handled.7

The exciting possibilities and challenges of technology in the 21st century and what it can mean for how we do business, is something all organisations and agencies think about constantly.

The Government’s reforms to the Privacy Act will ensure that, despite rapid technological change, privacy protection will be in place and customers can interact and communicate with confidence.

The strengthening of the Office of the Privacy Commissioner

Another reform the Government intends to make is to strengthen the role of the Office of the Privacy Commissioner.

The Privacy Commissioner will have an enhanced role in assisting agencies and organisations to embrace the new Privacy Principles.  Part of the Privacy Commissioner’s role will be to provide technology-specific guidance8 and to ensure the effectiveness and relevant application of the Privacy Principles.

The leadership and education role of the Privacy Commissioner will extend to undertaking Privacy Performance Assessments, and to asking government agencies to conduct a Privacy Impact Assessment where they haven’t already done so.

The Privacy Commissioner will also support agencies and businesses to develop Privacy Codes.

Privacy Codes will allow groups of agencies and businesses to customise the Privacy Principles to suit their specific situation.

In effect, Privacy Codes will develop from a mission statement which considers the particular needs of the industry. The Codes must comply with the Privacy Principles but will be individualised and industry-specific interpretations of the Privacy Principles, formalised into binding agreements.

The Biometrics Institute Privacy Code is a good example of how a Code can be used in this way.9 The Code includes supplementary Privacy Principles which add requirements and obligations of accountability to that industry’s practice. The Biometrics Institute was, you may recall, a Finalist in last year’s Awards.

Privacy Codes can be initiated by an industry voluntarily, enabling greater ‘ownership’ of compliance. However, given the advantages that a Privacy Code can provide for business in creating certainty and consistency, the Privacy Commissioner will be able to require an industry to develop a binding Code when there is a strong public interest. 

We are moving forward in drafting the legislation arising from our first stage response, and it will be ready for public consultation in early 2010. I hope you will take the opportunity to comment on it then. As leaders in the field of privacy protection, your feedback will be most welcome.

Privacy Awards and good practice

In developing a robust privacy framework that is adaptable for the 21st century, the Government must ensure that any reforms support and provide incentive for ‘best practice’ behaviour across the private and public sector.

Tonight we are here to celebrate current best practice of agencies and organisations in our community who have demonstrated excellence in privacy. Your skills in innovation and creative thinking have made privacy protection an essential part of your activities.

When the Office of the Privacy Commissioner instigated these Privacy Awards to recognise good privacy performances and practices for both the public and private sectors, it became the first privacy regulator worldwide to do so.10

This sent a proud and positive message to both domestic and international audiences. I am delighted to be part of this year’s proceedings and the continuation of this vital foundation in the building of our culture of confidence.

The notable aspect of last year’s winners and this year’s nominees is leadership in the field of privacy. Your agencies and organisations have emphasised education and training in privacy protection, which in turn has built the confidence of the wider community.

It makes me very proud as the former Minister for Human Services that Medicare Australia and the Child Support Agency were 2008 Award winners, and tonight the Human Services portfolio is a nominee. Last year Medicare Australia won the Grand Award for privacy, and the Child Support Agency was the winner of the Government Award.

One of the great modern day challenges for these agencies is to protect personal information while at the same time allowing for appropriate flows of data which are necessary to deliver vital services to the community.

Both Medicare Australia and the Child Support Agency have shown excellence in improving the collection and sharing of information between government agencies while minimising the impact on privacy.

Last month, Medicare Australia adopted a protocol to formalise the process for passing customer details to child protection agencies, where a child is at serious risk of harm or in the interests of their health or welfare.

However, the Government believes data sharing must be coupled with appropriate privacy protections, and I commend Medicare Australia and the Child Support Agency for meeting community and government expectations in this area.

I trust that last year’s winners have enjoyed an enhanced reputation among the community as a result of the recognition afforded by winning an Award, and that this year’s winners will experience the same.

Concluding Remarks

Footnotes

1. Carl S Kaplan ‘Kafkaesque? Big Brother? Finding the Right Literary Metaphor for Net Privacy’ New York Times, 2 February 2001 <www.nytimes.com/2001/02/02/technology/02CYBERLAW.html>

2. Ibid, page 2

3. Ibid, page 3

4. The Openness principle is in Part D of the ALRC’s report and the Government’s response. See http://www.dpmc.gov.au/privacy/alrc.cfm.

5. Developing technology is in Part B of the ALRC’s report and the Government’s response. See http://www.dpmc.gov.au/privacy/alrc.cfm.

6. See paragraph 10.2 of the ALRC’s report.

8. See recommendation 10-3 and from paragraph 10.49 in ALRC report about examples of guidance.

9. The Biometrics Institute Privacy Code is available at http://www.privacy.gov.au/business/codes/register. The Code includes privacy standards that are at least equivalent to the Australian National Privacy Principles (NPPs) and also incorporates higher standards of privacy protection in relation to:

  • certain acts and practices in relation to employee records that otherwise would be exempt.
  • the addition of three new Supplementary Biometrics Institute Privacy Principles 11, 12, and 13 in the Code:
    • Principle 11 deals with the protection of biometric information and in some ways supplements the data security obligations in NPP 4.
    • Principle 12 includes some added notice requirements, restricts some secondary uses without express free and informed consent and confers a right to request the removal of biometric information from a system. These obligations enhance NPP 1.3, NPP 1.5, NPP 2 and NPP 4.
    • Principle 13 introduces an obligation of accountability through an extra notice obligation, requires an audit of biometric systems to be undertaken, introduces the concept of holistic privacy management in relation to a biometric product or service, and mandates the use of privacy impact assessments. These requirements augment NPP 1, NPP 4 and NPP 5.1.
  • the inclusion of specific requirements in the Code for code subscribers to be aware of and take account of relevant national and international standards for information protection and biometric systems.

Information taken from: http://www.biometricsinstitute.org/displaycommon.cfm?an=1&subarticlenbr=8.

10. Karen Curtis, Privacy Commissioner. Speech to Privacy Connections Breakfast and Launch of the Australian Privacy Awards and the Australian Privacy medal. Sydney, 9 April 2008.

Media Contact: Website:
Sarah Cosson - 0423 823 843 or (02) 6277 7600 www.cabinetsecretary.gov.au
www.smos.gov.au

Back to top