Skip to content.

Home

Allens Arthur Robinson

Archive 2005

Return to top

Review of the Spam Act announced

16 December 2005

The Minister for Communications, Information Technology and the Arts, Senator Helen Coonan, has called for public submissions as part of a review of the Spam Act 2003 and related parts of the Telecommunications Act 1997. An issues paper has been released and industry and members of the public are invited to make submissions to the review by Wednesday 1 February 2006.

The issues paper describes the workings of the Spam Act and raises questions for comments such as:

  • whether the definition of 'commercial electronic message' in the Act is suitable and whether it should cover things that it currently does not (such as 'fax spam')
  • whether the current enforcement measures under the Act are suitable and appropriate
  • whether the current exemptions under the Act for certain commercial electronic messages are necessary
  • whether the consent provisions in the Act provide a clear distinction between legitimate commercial electronic messages and spam
  • what has been the impact of the Act on industry practices
  • how to address privacy and other constraints on spam investigations which require the sharing of information about spam and spammers across borders
  • what scope is there for further government/industry collaboration in relation to education and awareness activities about spam.

It is anticipated that the feedback received will contribute to a report to be tabled in Parliament in 2006 about the operation of the Act.

Return to top

Focus: Privacy

8 November 2005

The Victorian Law Reform Commission's workplace privacy final report, written in response to growing concern about the increased use of surveillance in the workplace, has been tabled in the Victorian Parliament. Lawyer Andrew Ailwood and Special Counsel Karin Clark outline the report's findings. View publication 

Return to top

Victorian Law Reform Commission proposes new Workplace Privacy Act

7 November 2005

The Workplace Privacy Final Report tabled in the Victorian Parliament, prepared by the Victorian Law Reform Commission, has proposed a new regime for the protection of workers' privacy that is much more broadly focussed than other privacy protection regimes in Australia, such as the National Privacy Principles under the Privacy Act 1988 (Cth).

The Report effectively advocates the creation of a right to privacy by recommending prevention of certain acts by employers. The focus on acts that occur before any information is created contrasts starkly with the approach under the Privacy Act on ensuring notification at the time of collection of personal information and limits on the subsequent use and disclosure of that information. A copy of a draft Workplace Privacy Act is attached to the Report.

Among other things, the draft Bill prohibits employers from engaging in an act or practice that unreasonably breaches the privacy of a worker, or prospective worker, when the worker is engaged in a work related activity. An employer unreasonably breaches the privacy of a worker if the employer engages in an act or practice in relation to work that satisfies any one of the following four tests.

  • The act or practice has a purpose that is not directly connected to the employer's business
  • The act or practice is conducted in a manner that is not proportionate to the purpose of the act or practice
  • The act or practice is done without first taking reasonable steps to inform and consult with workers of the employer concerning the act or practice
  • The act or practice is done without providing adequate safeguards to ensure that the act or practice is conducted appropriately.

The draft Bill also:

  • prohibits any interference with the privacy of a worker in relation to non-work related activities, unless authorised by the person to be appointed as the regulator of the legislation;
  • prohibits employers from conducting genetic testing of workers or prospective workers without authorisation granted by the regulator; and
  • prohibits altogether any use of a surveillance device to observe activities in places such as toilets and change rooms.

The Report also proposes that advisory and approved voluntary Codes of Practice be used to flesh out and strengthen the principles in the proposed legislation. Mandatory Codes are also proposed in order to regulate specific practices, such as drug and alcohol testing.

The proposed regime of broad principles and detailed codes is intended to cover both employees and independent contractors who work in the same manner as employees, and hence the term 'worker' is used. It is also covers outworkers and volunteers in a work context.

The Victorian Attorney-General Rob Hulls, has proposed presenting the Report's recommendations to the Standing Committee of Attorneys-General, in an effort to gain national uniformity in this area.

Return to top

Introduction of a Do Not Call Register: discussion paper on a possible Australian model

4 November 2005

In response to public concern about intrusive direct marketing by telemarketers, Senator Helen Coonan, Minister for Communications, Information Technology and the Arts, has released a discussion paper on the possible introduction of a 'do not call' register.

Under one proposed model discussed in the discussion paper, consumers and small businesses with less than 20 employees would be able to register to opt out of receiving unsolicited phone calls except for calls from a limited number of exempt organisations (such as those with an established business relationship with the individual, charities, religious organisations, government bodies and political parties) in limited circumstances. Telemarketers (including those located offshore) would be required to maintain lists of numbers that they are prohibited from contacting and to update these regularly. Companies contravening these provisions would be fined.

The proposed register is similar to others recommended earlier this year by the Office of the Federal Privacy Commissioner and by the Senate Legal and Constitutional References Committee. The paper proposes that the register would be maintained by the Australian Communications and Media Authority (ACMA).

Comments are sought from consumer, community and industry organisations and members of the public. The closing date for submissions is 5pm on Wednesday 30 November 2005.

Return to top

ACMA releases privacy guidelines for broadcasters

23 August 2005

A booklet called Privacy Guidelines for Broadcasters has been released by the Australian Communications and Media Authority (ACMA). The booklet aims to assist broadcasters in striking the appropriate balance between respecting an individual's privacy and ensuring that matters of public interest are reported.

'The core notion found in the privacy provisions of the various broadcasting codes of practice is this - that material relating to a person's private affairs should not be used without the person's consent unless there is an identifiable public interest reason for the material to be broadcast,' said ACMA Acting Chair, Lyn Maddock.

'We expect the guidelines to make a real contribution to helping broadcasters avoid potential problems when they are trying to negotiate this balance,' she said.

The booklet addresses issues such as:

  • the difference between public and private conduct;
  • the use of publicly available information;the position of public figures; and
  • what constitutes the 'public interest'.

Ms Maddock acknowledged that the broadcasting industry had provided extensive input in developing the guidelines, which can be downloaded from www.acma.gov.au.

Return to top

Companies charged under Spam Act for SMS messaging

17 August 2005

The Australian Communications and Media Authority (ACMA) has reported fining two companies a total of $13,200 for breaches of the Spam Act 2003 (Cth) (the Spam Act). The companies were involved in sending out over fifty thousand SMS messages between June and December 2004, marketing an investment scheme for software providing horse racing tips.


The Spam Act requires that commercial electronic messages only be sent with consent, that they accurately identify the sender, and that they include an 'unsubscribe' facility.


One of the companies fined was a specialist SMS messaging company contracted to send the messages by the company that marketed the investment scheme. The specialist messaging company itself engaged an offshore operator to send the messages. However, Lyn Maddock, ACMA Acting Chair, said that 'the 'Australian link' provision of the Act still applied because companies centrally managed in Australia authorised the messages to be sent and the messages were received in Australia'.

The ACMA has reported that since the Spam Act came into force in April 2004, 200 business have been required to alter their practices to comply with the Act, $20,000 in fines have been issued to five businesses, three businesses have provided enforceable undertakings, and Federal Court proceedings are on foot in relation an alleged global spammer.

Return to top

Federal Privacy Commissioner publishes case notes 8-18, 2005

8 July 2005

The Office of the Privacy Commissioner has recently published a number of interesting new Case Notes, covering:

  • Improper listing of a serious credit infringement on an individual's consumer credit information file
  • Transfer of personal information by an insurer subject to the General Insurance Information Privacy Code
  • Disclosure of personal information to a new employer about an incomplete internal investigation
  • Automated disclosure of personal information following use of incorrect facsimile number
  • Disclosure of complainant's personal information by an agency to a third party leading to defamation proceedings against the complainant
  • Improper collection of personal information on employment services application forms
  • Improper disclosure of contact details by an Australian Government Agency
  • Publication of 'silent' telephone number by Telecommunications Service Provider
  • Re-listing of an overdue account on an individual's consumer credit information file
  • Improper disclosure of personal information and failure to take reasonable steps to protect personal information
  • Commercial credit default listed on consumer credit information file. Enquiry listed without loan application

For more, see our summaries or full case notes published on the Commissioner's website.

Return to top

Focus: Health

6 July 2005

A number of the recommendations made in the Privacy Commissioner's review of the private sector provisions of the Privacy Act 1988 will impact on organisations or individuals in health-related fields and those accessing health-related services. Partners Catherine Parr, Peter Jones and Cameron Price and Articled Clerk Martin Hecht look at the main findings of the review. View publication 

Return to top

Focus: Privacy

14 June 2005

The Privacy Commissioner's report into the operation of the private sector provisions of the Privacy Act has been released. The Allens Privacy Team summarises the Report's recommendations in a number of key areas of relevance to Allens' clients. View publication 

Return to top

Report of the Federal Privacy Commissioner into the operation of the private sector provisions of the Privacy Act

20 May 2005

The Attorney General, the Hon Philip Ruddock, MP, has released the Report of the Federal Privacy Commissioner, Ms Karen Curtis, into the operation of the private sector provisions of the Privacy Act.

One finding of the Report is that overall, the National Privacy Principles have worked well and have delivered to individuals protection of personal and sensitive information in Australia in those areas covered by the Act.

However, the Report also contains 85 recommendations for improvement. These range from providing greater national consistency in the protection of privacy, particularly in the health sector, to providing for greater consumer control over personal information (particularly in relation to information collected indirectly or used or disclosed for purposes such as direct marketing), to recommendations that address the need to raise the privacy awareness of organisations and individuals

The Commissioner said she looked forward to the debate about the issues raised in the Report. The Report, entitled Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988 can be downloaded from http://www.privacy.gov.au/act/review/index.html.

We will bring you more detailed analysis of the Report's recommendations soon.

Return to top

eMarketing Code of Practice to regulate spam

18 April 2005

The Australian Communications Authority (ACA) registered the Australian eMarketing Code of Practice (Code) on 18 March 2005. The Code establishes rules for the sending of commercial electronic messages and builds on the Spam Act 2003 requirements.

Who does it apply to?

Now that it is registered, the ACA may enforce compliance of the Code on those entities who undertake 'e-marketing activities' (as defined in the Telecommunications Act 1997 (Cth) and not just signatories to the Code.

The Telecommunications Act defines those who undertake' e-marketing activities' as those who use e-marketing as their 'sole or principal means' of marketing, promoting or advertising, or who market in this way by contract or arrangement on behalf of a third party. The meaning of the phrase 'sole or principal means' in this context is unclear. However the ACA has released a policy statement regarding the interpretation of this phrase, which states that the ACA considers that to be considered the 'principal means' of a entity's marketing of its own goods or services, e- marketing should be the entity's first means of marketing in terms of:

  • importance;
  • frequency; or
  •  the chief or main or leading means of marketing.

The ACA considers that an effective measure of these factors is, when considering the total marketing, advertising and promotional activities undertaken by an entity, the number of potential customers e-marketing campaigns are expected to reach compared to other means of marketing employed by that entity in a 12 month period.

The Code does not apply to carriage service or data storage providers who have no control over the content of any messages sent by the eMarketer.

What does the Code require?

As the Code builds on the regulatory requirements of the Spam Act, it regulates commercial electronic communications with an Australian link, including those sent by email, instant messaging or mobile wireless technology. (Facsimile and voice telephony are excluded from this definition.)

Organisations affected by the Code will need to comply with the Spam Act as well as the additional obligations of the Code. For example, the Code requires that:

  • organisations have an internal procedure for dealing with complaints and details of this procedure must be accessible within each communication sent;
  • additional obligations (to those in the Spam Act) be complied with in relation to functional unsubscribe mechanisms;
  • organisations must only send commercial communications targeted to a recipient dependent on their location (as determined, eg, by GPS technology) if the recipient has expressly consented to such communications;
  • new rules concerning viral messages be complied with; and
  • new rules concerning the age sensitive content of commercial communications be complied with.
Enforcement

If an eMarketer fails to comply with a direction by the ACA to conform to the Code, the ACA can take the matter to the Federal Court, where penalties of up to $250,000 can be imposed for each contravention.

The Code also provides for Recognised Industry Bodies to investigate complaints about breaches of the Code by their members. The Advertising Federation of Australia (ADMA), the Australian Direct Marketing Association (ADMA) and the Public Relations Institute of Australia have been granted such status by the ACA.

Return to top

European Commission approves new standard clauses for international data transfers

23 March 2005

After four years of negotiation, the European Commission has approved a new set of standard contractual clauses for data transfers proposed by seven international business associations. This is an official recognition that the clauses provide full protection under EU Data Protection Directive 95/46/EC for personal data that is transferred from member states of the European Union.

From 1 April 2005, companies will be able to use these clauses, instead of the first set of standard contractual clauses approved in 2001, for transfers to data controllers outside Europe in jurisdictions that have not been formally found by the European Commission to offer an "adequate level of data protection". The clauses are more flexible and business oriented than the first set of clauses approved in 2001. Some of the changes include:

  • the data exporter and data importer being liable only for breach of their own contractual obligations, rather than joint and several liability being imposed on both parties;
  • a requirement that parties comply with decisions of competent courts or data protection agencies whose decisions are final and non-appealable, in place of the requirement that parties abide by "the advice" of data protection authorities;
  • more detailed rules concerning termination and the rights and obligations of parties in the event of termination; and
  • more flexible auditing provisions.

For more information, please visit Final Approved Version of Alternative Standard Contractual Clauses for the Transfer of Personal Data from the EU to Third Countries (controller to controller transfers) - FAQs and final version of clauses. (pdf)

Return to top

Three new members appointed to the Privacy Advisory Committee

4 March 2005

The Federal Privacy Commissioner, Karen Curtis, has recently announced the appointment of three new members to the Privacy Advisory Committee (PAC). The PAC is established under the Commonwealth Privacy Act to provide strategic advice on privacy to the Federal Privacy Commissioner.

The new members of the PAC are:

  • Ms Suzanne Pigdon, Manager Privacy, Coles Myer Ltd;
  • Dr William Pring, Director of Consultation-Liaison, Psychiatry Services Box Hill Hospital; and
  • Ms Joan Sheedy, Assistant Secretary, Information Law Branch, Attorney-General's Department.

The three new members will join the existing members, who are:

  • Mr Peter Coroneos, Chief Executive, Internet Industry Association
  • Mr Graeme Innes AM, Deputy Disability Discrimination Commissioner, Human Rights and Equal Opportunity Commission; and
  • Dr John Michael O'Brien, Senior Lecturer in Industrial Relations and Relations and Organisational Behaviour, University of New South Wales.

The Commissioner has noted that the PAC is helping her office to ensure that its current review of the private sector provisions of the Privacy Act is conducted in a consultative and transparent manner.

Return to top

Privacy Commissioner makes temporary determinations about the prescription shopping project information service

11 February 2005

The Privacy Commissioner (Commissioner) has made two temporary determinations about accessing information under the Health Insurance Commission's (HIC) Prescription Shopping Project Information Service (Information Service).

These determinations will be effective from 10 February 2005 until 9 February 2006. During this time the Commissioner will consider the application for an ongoing determination under s72 of the Privacy Act.

The determinations mean that doctors accessing the HIC's Information Service in accordance with the determinations will not contravene National Privacy Principle 10 (NPP 10).

Under the Information Service the HIC will disclose certain information about an individual to prescribed organisations, including doctors. Such information is collected where the HIC has identified that individual as having engaged in 'shopping around' for medical prescriptions.

NPP 10 in the Privacy Act prohibits, subject to some exceptions, the collection of sensitive information (which includes health information) about an individual by an organisation unless that individual has consented or the collection is required by law. These determinations were in response to an application by a doctor worried that accessing the Information Service may be in breach of NPP 10.

The Commissioner felt that in the small percentage of cases where an individual may not give their consent there is a significant public interest in the doctor nevertheless being able to collect the information. Such information may be necessary for the appropriate clinical treatment of an individual. Denying a doctor such information may limit that doctor's knowledge of the patient's prescriptions and 'may lead to serious and potentially life-threatening consequences' for the patient. Accordingly this public interest outweighed 'to a substantial degree' the public interest in doctors adhering to NPP 10 in these circumstances.

The Commissioner also concluded that in general, NPP 1 does not impose obligations which are likely to prevent doctors from accessing the Information Service and providing an individual's details to the Information Service for the purpose of accessing the relevant information would not breach NPP 2.

For further information see http://www.privacy.gov.au/news/media/05_01.html.

Return to top