Functions under other Acts

Background

47.124 In addition to the functions enumerated in the Privacy Act, the Commissioner has functions under other legislation.[175] In summary, these functions are to:

  • Issue the Data-matching Program (Assistance and Tax) Guidelines and to investigate an act or practice that may breach the Guidelines or Part 2 of the Data-matching Program (Assistance and Tax) Act 1990 (Cth).[176]

  • Issue the Privacy Guidelines for the Medicare Benefits and Pharmaceutical Benefits Programs and to investigate an act or practice that may breach the guidelines.[177]

  • Monitor compliance with the record-keeping requirements under Part 13 of the Telecommunications Act 1997 (Cth).[178] The Commissioner also must be consulted about industry codes and standards that deal with privacy issues pursuant to Part 6 of the Telecommunications Act,[179]and must be consulted before the Australian Communications and Media Authority enforces an industry code relating to a matter dealt with by the NPPs or an approved privacy code.[180]

  • Investigate and determine complaints about breaches of the spent convictions scheme in Part VIIC of the Crimes Act and to assess applications for complete or partial exclusions from the requirements of the scheme.[181]

Submissions and consultations

47.125 In DP 72, the ALRC identified support in submissions and consultations for consolidating all the Privacy Commissioner’s functions in the Privacy Act, including where the functions are presently under other legislation.[182] While the ALRC agreed that listing all functions in the Privacy Act would be ideal, it acknowledged that it may not be practical to expect that the Privacy Act would be amended each time the Commissioner was given a new function under another piece of legislation. Instead, the ALRC proposed that the OPC maintain and publish on its website a list of all the Privacy Commissioner’s functions, including those functions that arise under other legislation.[183]

47.126 The proposal received almost unanimous support from stakeholders.[184] The Cyberspace Law and Policy Centre argued that all of the Commissioner’s functions should be located or relocated, or if appropriate repeated, in the Privacy Act. It argued that any other legislation to which a function relates should contain an explicit cross-reference to the Commissioner’s role and the Privacy Act function.[185]

ALRC’s view

47.127 Consistently with the ALRC’s recommendation that the Privacy Act should be redrafted to achieve greater logical consistency, simplicity and clarity,[186] it would be of assistance to stakeholders if the OPC listed its functions on the OPC’s website, where the function arises in the Privacy Act and under other legislation. While the ALRC agrees that it would be preferable for the Privacy Act to contain a complete list of the Commissioner’s functions it would not be practical for the Privacy Act to be amended each time the Commissioner was given a new function.

Recommendation 47-7 The Office of the Privacy Commissioner should publish and maintain on its website a list of all the Privacy Commissioner’s functions, including those functions that arise under other legislation.

[175] These functions are set out in more detail in Australian Law Reform Commission, Review of Privacy, IP 31 (2006), [6.66]–[6.75].

[176] Issued pursuant to Privacy Act 1988 (Cth) s 27(1)(p) and Data-matching Program (Assistance and Tax) Act 1990 (Cth) s 12(2). These replaced the interim guidelines set out in Privacy Act 1988 (Cth) sch 2. The current guidelines came into effect on 14 April 1997.

[177] Office of the Federal Privacy Commissioner, Medicare and Pharmaceutical Benefits Programs Privacy Guidelines: Issued under Section 135AA of the National Health Act 1953 (1997), 2–3.

[178]Telecommunications Act 1997 (Cth) s 309.

[179] Ibid ss 117(1)(j), 117(1)(k), 118, 134. In 2006–07, the Privacy Commissioner was consulted on eight Australian Communications Industry Forum codes developed pursuant to the Telecommunications Act 1997 (Cth): Office of the Privacy Commissioner, The Operation of the Privacy Act Annual Report: 1 July 2006–30 June 2007 (2007), [1.7.3].

[180]Telecommunications Act 1997 (Cth) ss 121, 122.

[181]Crimes Act 1914 (Cth) ss 85ZZ, 85ZZC.

[182] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007; G Greenleaf, N Waters and L Bygrave—Cyberspace Law and Policy Centre UNSW, Submission PR 183, 9 February 2007; Australian Privacy Foundation, Submission PR 167, 2 February 2007; Fundraising Institute—Australia Ltd, Submission PR 138, 22 January 2007; Centre for Law and Genetics, Submission PR 127, 16 January 2007; Institute of Mercantile Agents, Submission PR 101, 15 January 2007. It was also suggested that the Commissioner’s functions be listed in a separate schedule to the Act: Privacy NSW, Submission PR 193, 15 February 2007.

[183] Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 44–7.

[184] Australian Bankers’ Association Inc, Submission PR 567, 11 February 2008; Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; Australian Direct Marketing Association, Submission PR 543, 21 December 2007; Australian Government Department of Human Services, Submission PR 541, 21 December 2007; GE Money Australia, Submission PR 537, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Law Society of New South Wales, Submission PR 443, 10 December 2007.

[185] Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[186] Rec 5–2.