Review of the Integrated Public Number Database: A discussion paper

Submission to the Department of Broadband, Communications and the Digital Economy (December 2011)

Submission by Timothy Pilgrim, Australian Privacy Commissioner

Contents

• Key Messages
• The Office of the Australian Information Commissioner
• Coverage of the Privacy Act
• Comments on the Discussion Paper
  • Collection of IPND Data
  • Access to IPND Data
  • Access through the IPND Scheme
  • Other Privacy Issues
  • Changing telecommunications environment
  • Governance and management of the IPND
  • Solutions used overseas

Key Messages

The Office of the Australian Information Commissioner (OAIC) welcomes the opportunity to make a submission to the Department of Broadband, Communications and the Digital Economy (DBCDE) on the Review of the Integrated Public Number Database: A discussion paper (the Discussion Paper).

In this submission, the OAIC makes the following comments in relation to the Discussion Paper:

• The OAIC would support measures to strengthen the Australian Communication and Media Authority's (ACMA) investigative and enforcement powers to ensure Carriage Service Providers (CSPs) comply with the regulatory framework around Integrated Public Number Database (IPND) data collection.
• National Privacy Principle (NPP) 2 in the Privacy Act 1988 (the Privacy Act) could effectively regulate use and disclosure of IPND data, or alternatively, the exceptions in Part 13 of the Telecommunications Act 1997 (the Tel Act) could be aligned with the provisions under NPP 2.
• The OAIC supports the creation of access[1] principles to ensure consistency and ensure access is granted only where there are safeguards in place to prevent misuse of the information.
• The OAIC agrees that any expansion of the data held or accessed through the IPND raises serious privacy issues.
• Mandatory data breach notifications to the Privacy Commissioner would strengthen compliance with Information Privacy Principle (IPP) 4 and NPP 4 in the Privacy Act and help clarify the data protection obligations of agencies and organisations.
• The OAIC supports directory products, produced from data sources other than the IPND, being subject to the same rules under Part 13 of the Tel Act as directory products which are produced from data sourced from the IPND.
• Any research proposal should be able to demonstrate that the public interest in the research proposal substantially outweighs the public interest in maintaining the level of protection afforded in the IPND.
• The OAIC does not support the proposition that ACMA authorise ongoing access for particular organisations and considers this would create serious risks to the privacy of subscribers.
• Subscribers should be allowed direct access to their own information stored in the IPND (with appropriate identification verification measures).
• The OAIC supports the application of civil penalties for unauthorised use or disclosure of IPND information.
• The OAIC considers that any changes to the current management structure of the IPND should be subject to a privacy impact assessment (PIA).

The Office of the Australian Information Commissioner

The OAIC was established by the Australian Information Commissioner Act 2010 (Cth) (the AIC Act) and commenced operation on 1 November 2010.

The OAIC is an independent statutory agency headed by the Australian Information Commissioner. The Information Commissioner is supported by two other statutory officers: the Freedom of Information Commissioner and the Privacy Commissioner.

The former Office of the Privacy Commissioner was integrated into the OAIC on 1 November 2010.

The OAIC brings together the functions of information policy and independent oversight of privacy protection and freedom of information (FOI) in one agency, to advance the development of consistent workable information policy across all Australian government agencies.

The Commissioners of the OAIC share two broad functions:

• the FOI functions, set out in s 8 of the AIC Act - providing access to information held by the Australian Government in accordance with the Freedom of Information Act 1982 (Cth), and
• the privacy functions, set out in s 9 of the AIC Act - protecting the privacy of individuals in accordance with the Privacy Act 1988 (Cth) and other legislation.

The Information Commissioner also has the information commissioner functions, set out in s 7 of the AIC Act. Those comprise strategic functions relating to information management by the Australian Government.

Coverage of the Privacy Act

As the national privacy regulator the OAIC can provide general advice on privacy issues and the application of the Privacy Act.

The Privacy Act applies to ‘personal information', which is defined in s 6(1) as information or an opinion, whether true or not, about an individual whose identity is apparent or can be reasonably ascertained from that information. The Privacy Act contains eleven Information Privacy Principles (IPPs) which apply to Australian, ACT Government and Norfolk Island agencies . It also includes ten National Privacy Principles (NPPs) which generally apply to private sector organisations, but which do not apply to certain exempt organisations including some small businesses and State or Territory authorities.[2]

Comments on the Discussion Paper

The IPND is a centralised database containing the personal information of a significant number of Australians. It performs a number of critical and non-critical roles for the Australian community. The information within the IPND is used and disclosed for emergency and law enforcement purposes, operator and directory assistance services, location dependent carriage services (LDCS) and research purposes. The OAIC's view is that it is important that Australians maintain trust in the integrity and security of this important repository of personal information, making the need for adequate privacy protections particularly important.

The OAIC therefore welcomes that the Discussion Paper seeks comment on any reforms that should be undertaken to improve outcomes for IPND stakeholders and the Australian community, in particular, on how the privacy of subscribers and end users can be best protected. The OAIC also welcomes that the Discussion Paper explores issues that were identified in the Australian Law Reform Commission's (ALRC) 2008 report, For Your Information: Australian Privacy Law and Practice (the ALRC Report).[3] The comments below consider the discussion questions which relate to some of the privacy recommendations raised by the ALRC's report.

In this submission the OAIC draws on its understanding of privacy issues associated with the IPND. The OAIC has developed this understanding through its involvement in previous consultations. For example, the OAIC has made submissions to:

• Department of Communications, Information Technology and the Arts on A Discussion Paper: Use of IPND information to provide Location Dependent Carriage Services, August 2007[4]
• Department of Communications, Information Technology and the Arts on Draft of Telecommunications Integrated Public Number Database Legislative Instruments 2007, March 2007
• Australian Communications and Media Authority on the Consultation Draft Telecommunications Integrated Public Number Database Scheme 2007, March 2007
• Australian Communications and Media Authority on the Draft Telecommunications (Use of Integrated Public Number Database) Industry Standard, 2005
• Australian Communications Authority on the Discussion Paper: Who's Got Your Number? Regulating the Use of Telecommunications Customer Information, May 2004.[5]

The Discussion Paper poses a number of questions which are relevant to the OAIC's functions. The OAIC's comments on those questions are set out below.

Collection of IPND Data

Question 1: How could the way that data is collected be changed to improve accuracy? Question 2: More generally, how can the collection of IPND data be improved?

The collection of accurate data for the IPND is essential for critical and non-critical users of IPND information, particularly for emergency services that rely on it when responding to life-threatening or time-critical emergencies.

The Discussion Paper points to two main reasons for inaccuracies in IPND data when it is collected. The first reason relates to inaccurate data provided by Carriage Service Providers (CSPs). This aspect of data collection is regulated by:

• Part 4 of Schedule 2 of the Telecommunications Act 1997 (the Tel Act)
• the Telecommunications (Emergency Call Service) Determination 2009
• the Integrated Public Number Database (IPND) Industry Code
• the IPND Data Industry Guideline.

The OAIC is concerned that despite the existence of a comprehensive regulatory and guidance framework, the Australian Communications and Media Authority (ACMA) issued eleven warnings to CSPs for non-compliance in 2010. Data quality is a basic element of information privacy. This principle is reflected in the NPP 3 which states that organisations are required to take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date. The OAIC would support measures to strengthen ACMA's investigative and enforcement powers to ensure CSPs comply with the regulatory framework.

The second reason for inaccuracies in IPND data identified in the Discussion Paper is that subscribers may provide inaccurate data to CSPs, in part, because they may not be aware that the information they provide underpins critical IPND services (such as emergency call services). NPP 1.3 stipulates that an organisation must take reasonable steps to ensure that an individual is aware of the purposes for which their personal information is collected and must take reasonable steps to tell the individual about any law that requires the individual to provide, or the organisation to collect, personal information in the particular situation. NPP 1.3 also requires an organisation to take reasonable steps to ensure that an individual is aware of the organisations (or the types of organisations) to which the organisation usually discloses information of that kind. Clear reinforcement of CSPs' obligation to advise their subscribers of the importance of providing accurate information and updating their information and advise about the ways in which the data is used for the IPND is required.

Access to IPND Data

Question 3: Is the disclosure regime for IPND data adequate, too broad or too narrow? Why? Question 4: How can the disclosure regime for IPND data be simplified?

Most individuals will understand that their personal information will be disclosed for directory assistance, law enforcement and emergency services. However, individuals are less likely to appreciate that, due to the IPND disclosure regime, the handling of their personal information does not end with their CSP providing it to the IPND manager, but may lead to their personal information being used in other contexts which are allowed under the exceptions in Part 13 of the Tel Act.

Recognising that many individuals in the community may not be aware of the way in which IPND data may be used under the IPND disclosure regime, and because individuals have limited control over how their information is used once it has been collected, it is important that additional attention is given to ensuring the protection of personal information in the IPND disclosure regime. As discussed below, the OAIC supports the development of access principles to ensure consistency and ensure that access is granted only where there are safeguards in place to prevent misuse of the information. The OAIC suggests that ACMA is the appropriate body to develop, monitor and enforce such principles.

The ALRC Report explored issues around the disclosure of IPND data and identified areas where clarification was needed. The Report found that it is unclear to what extent provisions other than s 285 of the Tel Act regulate the use or disclosure of information held on the IPND. For example, it is not clear whether all the exceptions under Part 13 apply to IPND information, and how those exceptions interact with Telstra's licence conditions and the Telecommunications (Interception and Access) Act 1979. The ALRC also expressed concern that s 289(1)(b)(i) of the Tel Act would allow the use and disclosure of IPND information for a broad range of purposes.

The OAIC notes that the Australian Government has not yet considered the ALRC's recommendations relating to the handling of personal information under the Tel Act. However, the OAIC has submitted[6] that the disclosure regime for IPND data may be simplified by removing the exceptions under Division 3 of Part 13 of the Tel Act and allowing NPP 2 to regulate use and disclosure of information. Alternatively, the exceptions in Part 13 could be aligned with the use and disclosure provisions under NPP 2. The OAIC suggests that if the exceptions to use and disclosure offences are retained under Part 13 of the Tel Act, consideration should be given to amending both the Privacy Act and the Tel Act to clarify what constitutes authorised uses and disclosures under the two Acts.

New users

Question 5: Should new users of IPND data be allowed? What principles should guide access to IPND data by new and existing users?

The OAIC accepts that it is likely that access to the IPND will continue to be sought by a range of organisations for a variety of reasons. Since it is not possible to predict which organisations will seek access in the future and for what reasons, the OAIC supports the creation of access principles to ensure consistency and ensure access is granted only where there are safeguards in place to prevent misuse of the information. Such principles should reflect the safeguards in the IPPs and NPPs in the Privacy Act.

The OAIC has previously consulted with DBCDE specifically on the issue of the IPND being used to automatically update the Do Not Call Register. The OAIC advised that legislative amendment or other steps that allow subsequent uses or disclosures of personal information for purposes that would not have been anticipated by individuals should be carefully considered before implementation. This is because these measures can deprive individuals of the opportunity to make choices about the way their personal information is handled. 

The OAIC recognises however, that other public interests must be weighed against the potential privacy impacts in choosing a course of action. Where the public interest is considered to require the implementation of such a measure, it will be important to consider how to implement the measure in a manner that minimises any adverse effects on privacy.

The OAIC suggests that if new categories or types of users were allowed to access IPND data, the IPND Scheme should be amended to regulate the authorisation and conditions applicable to new users. The OAIC considers that it is essential to build privacy protections into new projects and initiatives; and for this reason, the OAIC also suggests that any news users should be required to submit a completed PIA to ACMA before access to the IPND is granted.

A PIA is a tool that can help agencies and organisations identify and respond to the privacy ramifications of new or existing projects and initiatives, and build in privacy protections at an early stage.

PIAs can be particularly helpful in addressing public concerns relating to privacy, including information security concerns.

Generally, a PIA should:

• describe the personal information flows in a project
• analyse the possible privacy impacts of those flows
• assess the impact the project as a whole may have on the privacy of individuals, and
• explain how those impacts will be eliminated or minimised.

Data elements in the IPND

Question 6: Are the current restrictions on what data elements IPND users can access appropriate? If not, why and what changes should be made? Question 7: What data elements should be in the IPND? What principles should guide the addition or removal of data elements?

The OAIC agrees with the comments in the Discussion Paper that any expansion of the data held or accessed through the IPND raises serious privacy issues. There would need to be a strong and demonstrated requirement for additional data, and access would need to be tightly-controlled to ensure that data is not used for trivial purposes. The OAIC recommends that the inclusion of any new data elements in the IPND should be subject to a PIA.

Access through the IPND Scheme

Question 9: What additional conditions should apply to IPND information accessed through the IPND Scheme?

In the ALRC Report, it was recommended that the Privacy Act be amended to impose a mandatory obligation to notify the Privacy Commissioner and affected individuals in the event of a data breach that could give rise to a ‘real risk of serious harm' to the affected individuals (recommendation 51-1).

The OAIC strongly supports that recommendation and would support the development of a mandatory data breach notification scheme in relation to the IPND. While the OAIC considers that notification of data breaches will generally be a reasonable step required by IPP 4 and NPP 4, the OAIC considers that a mandatory notification requirement would strengthen this position and help clarify the data protection obligations of agencies and organisations. Conditions for data breach notification are outlined in the OAIC's Data breach notification: A guide to handling personal information security breaches.

The Government has advised that it will consider the ALRC's recommendation in its second stage response to the Report.

Public number directories

Question 12: Alternatively, should the same use and disclosure restrictions in Part 13 of the Tel Act apply to all directory products, regardless of where the information is sourced? Why/why not?

The OAIC supports directory products, produced from data sources other than the IPND, being subject to the same rules under Part 13 of the Tel Act as directory products which are produced from data sourced from the IPND.

The OAIC has previously raised the issue in submissions to the ALRC, that the Telecommunications Amendment (Integrated Public Number Database) Act 2006 (the IPND Act), does not address the issue of directory products which are produced from data sources other than the IPND.[7] As discussed in the Discussion Paper, under current industry practices, the entity that produces directory products such as the White and Yellow Pages (currently Sensis) collects the required information directly from telecommunications companies under bilateral contractual arrangements. As this information is not drawn from the IPND, it appears that the relevant entity does not have to apply to ACMA for an authorisation, or comply with the requirements of the IPND Act (or other applicable legislation) in relation to this information.

The OAIC sees the application of the same use and disclosure restrictions to all directory products, regardless of their source, to be privacy enhancing.

Access by researchers

Question 13: Are the categories of permitted research purposes too broad, adequate or too narrow? Why? Question 14: What high-level principles should govern the addition or removal of permitted categories of research? Question 15: Should the ACMA authorise ongoing access for particular organisations? If so, what protections should be put in place to ensure that the privacy of subscribers is upheld?

The OAIC has addressed some of the issues raised in Questions 13, 14 and 15 in its submission to the Department of Communications, Information Technology and the Arts on the Draft of Telecommunications Integrated Public Number Database Legislative Instruments 2007, in March 2007.[8] In that submission, the OIAC raised several concerns regarding permitted research purposes and the authorisation of IPND users for research purposes.

The OAIC notes that the Telecommunications (Integrated Public Number Database - Permitted Research Purposes) Instrument 2007 (No. 1) (Permitted Research Instrument)[9] specifies that permitted research must not be conducted for a primarily commercial purpose. However, it is not clear how ACMA assesses whether or not the research is for ‘primarily' commercial purposes. The OAIC recommends that the term ‘primarily' could be removed from the Permitted Research Instrument. Further, an additional paragraph, excluding commercial research should be added to the Telecommunications (Integrated Public Number Database Scheme - Conditions for Authorisations) Determination 2007 (No. 1).

The OAIC is also concerned that the Permitted Research Instrument specifies ‘public health, including epidemiological research' as one kind of research allowed using the IPND. There are no provisions within the IPND legislative instruments to provide guidance so that the Minister may be satisfied that research carried out using IPND data is in the public interest. The question of determining what is in the public interest in terms of public health research is often extremely complex. The OAIC notes that there are existing bodies who have determined standards for analysing and approving public health research applications, such as the Human Research Ethics Committees (HREC) which use standards such as those in the National Statement on Ethical Conduct in Human Research (2007). The Office suggests that ACMA could investigate whether such a body could be included in their authorisation process.

In response to ALRC's the Review of Privacy,[10] the OAIC submitted that consideration should be given to amending the public interest test as one that substantially outweighs the public interest in maintaining the level of protection in the Tel Act to information in the IPND rather than simply ‘outweighs the public interest'. Given that individuals have no choice as to whether their personal information is included in the IPND, it is important that any research proposal that seeks to lessen privacy should be able to demonstrate that the public interest in the research proposal substantially outweighs the public interest in maintaining the level of protection afforded in the IPND. The OAIC considers the exception allowing access to the IPND for research purposes is appropriate, subject to the suggestion noted above.

The OAIC does not support the proposition that ACMA authorise ongoing access for particular organisations and considers this would create serious risks to the privacy of subscribers. Where personal information is required by law to be collected and stored in a large-scale, protected database like the IPND, the Australian community would expect a very high level of control and accountability over who may access that information, and the purposes for which it may be accessed, used and disclosed.

Other Privacy Issues

Interaction between the Privacy Act and Part 13

Question 16: Should meeting the tests in the Privacy Act be considered insufficient to allow disclosure of IPND information under Part 13? How should the disclosure regime for IPND information differ to the regime in the Privacy Act?

The Privacy Act contains eleven Information Privacy Principles (IPPs) which apply to Australian and ACT Government agencies. It also includes ten National Privacy Principles (NPPs) which generally apply to private sector organisations, but do not apply to certain exempt organisations including some small businesses and State or Territory authorities.[11]

The application of the NPPs in the Privacy Act are limited in the sense that they only apply to those telecommunications organisations with an annual turnover of more than $3 million and regulate personal information held in a record. This is narrower than Part 13 of the Tel Act, which regulates information or documents. Additionally, unlike Part 13 of the Tel Act, the IPPs and NPPs do not impose criminal penalties where a breach is found.

However, the Privacy Act provides for complaint-handling by the OAIC, which includes conciliation between the parties and allows the Commissioner[12] to make a determination for loss or damage suffered (under s 52 of the Privacy Act). The Privacy Act does not place a monetary limit on the quantum of damages under a settlement or determination.  The power to make a determination under the Privacy Act is limited to circumstances where a complaint has been made by an individual. It is not possible, for example, for the Commissioner to make a determination if an ‘own motion investigation' has been undertaken under s 40(2) of the Privacy Act.

Division 3 of Part 13 of the Tel Act provides exceptions which permit the use and disclosure of personal information in specific circumstances. A use or disclosure that is permitted under the Tel Act will not be a breach of the Privacy Act.

The OAIC is concerned that some particular exceptions in Part 13 permit uses and disclosures of personal information for purposes in addition to the NPPs, for example for ‘businesses needs'[13] or in the ‘performance of a person's duties'[14] which may result in diminished protections for personal information in the telecommunications sector.

As discussed in response to Questions 3 and 4 above in relation to the IPND disclosure regime, the OAIC considers that NPP 2 could effectively regulate use and disclosure of IPND data, or alternatively, the exceptions in Part 13 could be aligned with the use and disclosure provisions under NPP 2. If NPP 2 was to regulate IPND data disclosure, NPP 2 would need to specifically prevent IPND data from being disclosed for direct marketing purposes.[15]

The OAIC suggests that, if the exceptions to use and disclosure offences are retained under Part 13 of the Tel Act, consideration should be given to amending both the Privacy Act and the Tel Act to clarify what constitutes authorised uses and disclosures under the two Acts.[16]

The Discussion Paper suggests that the Tel Act applies ‘more stringent tests' to carriers and CSPs in relation to the disclosure of IPND information than the Privacy Act. The OAIC understands this comment relates to the argument that the Tel Act, in its current form, may allow carriers or CSPs to interpret the phrase ‘authorised by law' in ss 280(1)(b) and 297 as meaning permitted by the Privacy Act. This would allow carriers and CSPs to use or disclose information in a way that would not be otherwise permitted under Part 13 of the Tel Act, such as use or disclosure for direct marketing purposes.

The OAIC agrees that the Tel Act should be amended to clarify that meeting the tests in the Privacy Act should not by itself be sufficient to allow disclosure. Part 13 would need to specify that disclosure is permitted where there is reason to suspect that unlawful activities are being or may be engaged in, and the disclosure is a necessary part of alerting the relevant authorities.[17]

Access by subscribers

Question 17: What are the advantages/disadvantages of allowing subscribers to see and correct the IPND information that relates to their services? What checks would be required to ensure that information was not accessed or altered inappropriately or fraudulently?

The OAIC supports the proposition that subscribers should be allowed direct access to their own information stored in the IPND (with appropriate identification verification measures). This reflects the principle in NPP 6 that an individual has a right of access to information held about them by an organisation. NPP 6 also allows individuals to have their information corrected if it is wrong. Where an individual is able to show that the information the organisation holds about them is not accurate, complete and up-to-date, an organisation must take reasonable steps to correct the information.

An important consideration when providing individuals with access to to their personal information is to be sure that the individual is who they say they are. There may be a risk that an individual tries to access information about another individual. For this reason, thorough checks would be required to ensure that information was not accessed or altered inappropriately or fraudulently.

Opting out of IPND services

Question 18: Should subscribers be allowed to opt out of having their IPND information accessed by non-critical IPND users on a category by category basis? Why?

The Discussion Paper raises the issue that some CSPs charge for recording a subscriber's listing preference. The OAIC supports the ALRC's recommendation that fees for unlisted numbers are a burden on particularly vulnerable consumers. This position is generally consistent with the OAIC's position in its submission to ACMA in 2005 when it commented on the draft Telecommunications (Use of Integrated Public Number Database) Industry Standard 2005.[18]

The OAIC considers the payment of a fee limits the ability of individuals to exercise their choice of being unlisted in the public telephone directory. The OAIC takes the view that charging a fee for a silent number may affect individuals' ability to make such choices freely, and thereby hamper their ability to control their own personal information. This may be particularly the case in regard to individuals on low or fixed incomes.

The OAIC also supports that subscribers should be allowed to opt out of having their IPND information accessed by non-critical IPND users on a category by category basis without charge. The OAIC considers that this would strengthen subscriber's control over their personal information and increase confidence that that their information is being effectively protected.

Enforcement of access restrictions

Question 19: What measures would enhance the enforcement of IPND obligations? Question 20: Should civil penalties, as well as criminal ones, apply where IPND information has been disclosed in breach of the rules? Why?

The OAIC supports the application of civil penalties for unauthorised use or disclosure of IPND information, where these relate to sufficiently serious misconduct.

The OAIC understands Part 13 of the Tel Act imposes obligations on ‘eligible persons', ‘number-database operators' and ‘eligible number-database persons' to protect information or documents, that relate to persons, from use or disclosure except in specified circumstances. These obligations are enforceable by way of criminal penalties for improper use or disclosure. However, as noted in the Discussion Paper, there have been no referrals by ACMA or prosecutions for breaches of the prohibitions under Part 13 since the Tel Act was enacted.

In the OAIC's view, Part 13 appears to be directed more towards deterrence and punishment than individual remedy. For example, the OAIC understands that an individual cannot instigate a prosecution for breaches of prohibited uses or disclosures. In addition, where a prosecution is successful, it is understood that the penalty is remitted to the Commonwealth as consolidated revenue. The individual concerned must consider other avenues for a remedy.

 

The OAIC understands that the jurisdiction of the Telecommunications Industry Ombudsman does not extend to complaints about alleged breaches of the use or disclosure prohibitions or exceptions in Part 13. However, the same facts may give rise to a breach of the NPPs under the Privacy Act, in which case a complaint could be made to the OAIC. There may be a question about the uniformity of coverage. For example, if the breach relates to the activities of those telecommunications companies whose annual turnover is $3 million or less, and therefore classified as‘small business operators', the NPPs will not apply. The OAIC suggests that consideration be given to amending the Tel Act or Privacy Act so that personal information handled held by all IPND users is covered by the NPPs, given the amount of personal  information they hold, and the potential for adverse impacts on individuals if that information is not appropriately protected.

 

A civil penalty system appears likely to be more effective for the reasons canvassed in the Discussion Paper as compared with the existing criminal provisions. In general, criminal provisions are difficult to prosecute because of the higher standard of proof required and, to that extent, could be said to be less effective as a deterrent. Moreover, law enforcement agencies, such as the AFP, prioritise their activities in line with the available resources which may impact on whether or not a prosecution occurs.

Changing telecommunications environment

New services

Question 23: What technology and identifiers should be in the IPND? In the future, on what basis should new technologies or identifiers be included in the IPND?

The OAIC agrees that if the IPND was to be expanded, the privacy implications would need to be carefully balanced against the increased functionality for IPND users. The OAIC recommends that the inclusion of any new technologies or identifiers in the IPND should be subject to a PIA.

Governance and management of the IPND

Question 26: What are the advantages/disadvantages of the current management structure of the IPND? Question 27: Should Telstra continue in its role as IPND Manager? What alternatives are there?

The OAIC considers that any changes to the current management structure of the IPND should be subject to a PIA. This would ensure that privacy protections are built into this system from the outset. This approach is also referred to as ‘privacy by design'.

Solutions used overseas

Question 31: Compared to other countries in the table above, Australia is the only country to use its database for a wide variety of purposes. What are the advantages/disadvantages of this? Should the IPND be separated into different databases, each database serving a single, specific purpose?

Regardless of database structure, the OAIC expects that robust information handling practices will be employed to ensure that personal information is adequately protected by both critical and non-critical users of IPND data. Again, the OAIC recommends that any changes to the structure of the IPND database should be subject to a PIA.

---

Footnote

[1] Note: the term ‘access' refers to access by IPND users (not access by subscribers)

[2] Information relating to the operation of the Privacy Act can be found on the OAIC website at www.privacy.gov.au/law/act.

[3] See Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice (ALRC Report 108), August 2008 available at www.alrc.gov.au/publications/report-108. The first stage of the government's response to the ALRC Report was published in October 2009. See www.dpmc.gov.au/privacy/alrc_docs/stage1_aus_govt_response.pdf.

[4] The OAIC's submission is available at www.privacy.gov.au/index.php?option=com_icedoc&view=types&element=submissions&sortby=65&Itemid=1021.

[5] The OAIC's submission is available at www.privacy.gov.au/index.php?option=com_icedoc&view=types&element=submissions&sortby=65&Itemid=1021.

[6] Office of the Privacy Commissioner, Submission to the Australian Law Reform Commission's Review of Privacy - Issues Paper 31, response to Question 10-2. This submission is available at www.privacy.gov.au/materials/types/submissions/view/6757.

[7] Office of the Privacy Commissioner, Submission to the Australian Law Reform Commission's Review of Privacy - Issues Paper 31, response to Question 10-1. This submission is available at www.privacy.gov.au/materials/types/submissions/view/6757.

[8] The OAIC's submission is available at www.privacy.gov.au/materials/types/submissions?sortby=65.

[9] See Item 4 of the Permitted Research Instrument available at www.comlaw.gov.au/Details/F2007L01309.

[10] See Australian Law Reform Commission, Review of Australian Privacy Law (ALRC DP 72), September 2007 available at www.alrc.gov.au/dp-72.

[11] Information about the operation of the Privacy Act can be found on the OAIC's website at www.privacy.gov.au/law/act.

[12] Commissioner means the Information Commissioner within the meaning of the AIC Act. Privacy functions can also be performed by the Privacy Commissioner and the FOI Commissioner.

[13] Section 291 Telecommunications Act 1997 (Cth)

[14] Section 279 Telecommunications Act 1997 (Cth)

[15] Note: the ALRC referenced submissions in its Report 108 from the Department of Communications, Inofrmation Technology and the Arts and Optus to the effect that in certain circumstances NPP 2 may not prevent information being used for direct marketing purposes  

[16] Office of the Privacy Commissioner, Submission to the Australian Law Reform Commission's Review of Privacy - Issues Paper 31, response to Question 10-1. This submission is available at www.privacy.gov.au/materials/types/submissions/view/6757.

[17] See page 2424 and recommendation 72-2 of the ALRC Report available at www.alrc.gov.au/publications/report-108.

[18] The OAIC's submission is available at www.privacy.gov.au/index.php?option=com_icedoc&view=types&element=submissions&sortby=65&Itemid=1021.