Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

Inquiry into the AusCheck Bill 2006 - Questions on Notice Supplementary Submission

QUESTIONS ON NOTICE QUESTION 1 Received from Senator KIRK: The Senator asked the Office of the Privacy Commissioner to provide the committee with a form of words regarding how clause 5(d) could be re drafted to reflect the Offices comments that it could benefit from being referenced to the risk associated with particular appoin...

pdfInquiry into the AusCheck Bill 2006 - Questions on Notice Supplementary Submission

QUESTIONS ON NOTICE

QUESTION 1

Received from Senator KIRK: The Senator asked the Office of the Privacy Commissioner to provide the committee with a form of words regarding how clause 5(d) could be re drafted to reflect the Office's comments that it could benefit from being referenced to the risk associated with particular appointment situations or other reasons for the background check.

OFFICE RESPONSE

As stated in the Office's submission to the Committee, the Office believes that clause 5(d) could benefit from the scope of the regulations being referenced to the risk associated and the purpose of the background check. This may assist AusCheck in clearly identifying the relevant information required to be collected and undergo assessment during the process of a background check.

Whilst the Office is not qualified to provide specific drafting advice, clause 5(d) may benefit from the inclusion of more definitive parameters, for example: "such other matters as are relevant, necessary and proportionate to a particular purpose of a background check as prescribed by the regulations".

QUESTION 2

Received from Senator TROOD: The Senator asked the Office of the Privacy Commissioner if it was aware of any legislative schemes that might provide some guidance regarding the removal of information.

OFFICE RESPONSE

The Office's submission to the Committee states that consideration be given to an additional requirement for AusCheck to delete information that is not relevant to the background check for which it is being collected, used or disclosed. Subject to any other lawful obligations AusCheck may have regarding information management, for example the Archives Act 1983 (Cth), the Office believes that this is an issue that AusCheck should consider in its current developmental stages.

Specifically, the Office is not aware of any legislative schemes that provide guidance regarding the removal of information, however, the Office's Guidelines to the Information Privacy Principles (IPPs) do provide further guidance regarding the handling of personal information.

The Office appreciates the limitations regarding the collection and the removal of personal information is a difficult issue faced by many agencies and one which is usually addressed through the operational procedures of the agency. However, effectively the Office's comments reflect the requirement under IPP 1 that agencies are under an obligation to only collect personal information that is "necessary for or directly related to" a purpose that is directly related to the agency's function.

As stated in the Office's Guidelines, agencies should have a clear purpose for collecting each piece of personal information and should determine this purpose before commencing collection. Collecting information just because it may be useful in the future is generally not acceptable.[1] The Guidelines go onto to address the issue of unnecessary recording of information and state that agencies should take steps to ensure that they only receive necessary information and furthermore, if information is not relevant, the agency should not keep it in its records. [2]

Additionally, IPP 3 places an obligation on agencies to ensure that the personal information collected is relevant to the purpose of collection (IPP 3(c)) and the collection "does not intrude to an unreasonable extent upon the personal affairs of the individual" (IPP 3(d)). The Office's Guidelines state that agencies are likely to intrude unreasonably on an individual's privacy if the personal information they try to collect is irrelevant or unnecessary. [3]

Finally, IPP 7.1 requires agencies to take all reasonable steps to ensure that the personal information is accurate and, given the purpose of the information, is relevant, up to date, complete and not misleading. Agencies are obliged to meet these obligations by making appropriate corrections, deletions and additions. Specifically, the Office's Guidelines regarding IPP 7.1 provides guidance regarding such practices by stating:

    "Where possible, an agency should generally retain both the old information - while clearly marking it as no longer current - and the new information; and should record the date and reason the old information was superseded. This allows the agency to trace changes made to the information for audit purposes, and is useful when reviewing decisions made using the information, or dealing with complaints or enquiries related to it.

    There may however be some particularly sensitive cases in which the mere existence of the earlier incorrect information could be detrimental. In such cases, deletion may be the only appropriate option. It is essential if information is deleted that a notation is made of the reason for the deletion, and the officer responsible for the decision." [4]

    The Office believes that AusCheck would benefit from observing these Guidelines in the development of their operational procedures to ensure that the personal information they collect is handled appropriately and in line with their obligations under the Privacy Act 1988.

    [1] Office of the Privacy Commissioner, Plain English Guidelines to Information Privacy Principles 1-3, October 1994, see Guideline 3.available at: http://www.privacy.gov.au/publications/HRC_PRIVACY_PUBLICATION.word_file.p6_4_14.4.doc

    [2] Ibid, Guideline 4.

    [3] Ibid, Guideline 21.

    [4] Ibid, p 19.