Privacy Advisory Committee meeting - 6 July 2011
The Privacy Advisory Committee met at the OAIC offices in Sydney on 6 July 2011. Committee members discussed a wide range of matters during the course of the meeting. Selected highlights of those discussions follow.
Privacy law reform
Committee members discussed the Australian Government's Privacy Law Reform Process, focusing on the proposed credit reporting reforms and the role that industry may take in developing a code of conduct.
E-health and research
The OAIC consulted members out of session, during May 2011, on the development of its submission to the Department of Health and Ageing (DOHA) on the Draft Concept of Operations relating to the introduction of a personally controlled electronic health record (PCEHR) system. Prof McMillan thanked the Committee for its valuable contribution.
The OAIC anticipates making a submission on DOHA's 'legislation issues paper', which is likely to be released later in 2011. It will consult Committee members as it develops this submission.
Committee members also discussed the benefits and disadvantages of opt-in and opt-out models of electronic health records. A Committee member noted that health professionals had raised concerns about the reliability and utility of an opt-in system, but noted that an opt-out system may cause privacy concerns.
Review of the Guide to Handling Personal Information Security Breaches
The OAIC is reviewing its Guide to Handling Personal Information Security Breaches, and sought Committee members' input in this process. A number of suggestions were made for improving the Guide.
US Foreign Account Tax Compliance Act
Committee members discussed the Foreign Account Tax Compliance provisions (FATCA provisions), which have been enacted in the United States of America as part of the federal Hiring Incentives to Restore Employment (HIRE) Act. In order to comply with a FATCA agreement, foreign (including Australian) financial institutions may have to, among other things, disclose to US Internal Revenue Service specified account information on accounts held by 'US persons'. This would include US persons in Australia.
The FATCA provisions have given rise to significant concerns in the banking industry in Australia about the implications of FATCA agreement on financial institutions' obligations under the Privacy Act 1988 (Cth).
The OAIC’s priority is to ensure compliance with Australian privacy law. However, in light of industry concern over this matter, Prof McMillan wrote to the Department of the Prime Minister and Cabinet suggesting that it raise the issue with the Department of the Treasury.
Privacy education and awareness
Committee members congratulated the OAIC on running a successful Privacy Awareness Week (PAW) campaign in May 2011. Privacy gained a significant amount of media coverage during PAW, and promotional messages were distributed widely using online and social media.
Committee members provided constructive feedback for improvement in future years. One Committee member suggested the OAIC could supplement its use of the internet distribution channels such as YouTube, Facebook and the Privacy Awareness Week website with more hard copy materials. Another Committee member suggested that, in future years, there could be a greater regional focus for promotional activities.
Publication of outcomes of Committee meetings
To improve accountability and transparency of Committee processes, members agreed that a brief report summarising major developments should be published after each meeting.
The next Committee meeting will take place on 30 January 2012.
Prof John McMillan, Australian Information Commissioner
Ms Robin Banks, Anti-Discrimination Commissioner of Tasmania
Ms Barbara Robertson, Chief Privacy Officer and Head of Notices, National Australia Bank Limited
Ms Joan Sheedy, Assistant Secretary, Privacy and FOI Policy Branch, Department of the Prime Minister and Cabinet
Prof Michael Kidd AM, Executive Dean, Faculty of Health Sciences, Flinders University
Mr Timothy Pilgrim, Australian Privacy Commissioner
Mr Mark Hummerston, Assistant Commissioner – Compliance, OAIC
Ms Rachel Spalding, Assistant Commissioner – Policy, OAIC
Mr Jonathan Dobinson, Director Corporate and Public Affairs, OAIC
Mr Kieran Colreavy, Corporate and Public Affairs Officer, OAIC