RECOMMENDATIONS


RECOMMENDATIONS

Recommendation 1

6.13      The committee recommends that the application of the exception in proposed APP 2.2(b) in item 104 of Schedule 1 be clarified to make it clear that APP 2.1 does not apply where it is impracticable for the APP entity to deal with 'individuals who have not identified themselves or who have used a pseudonym'.

Recommendation 2

6.27      The committee recommends that, to avoid confusion, the subheading to proposed APP 7.1 in item 104 of Schedule 1 of the Bill be amended to read 'Use or disclosure' or 'Direct marketing', rather than 'Prohibition on direct marketing'.

Recommendation 3

6.31      The committee recommends that proposed APP 7.2 and APP 7.6 in item 104 of Schedule 1 of the Bill be amended to ensure consistency with the notification requirement in APP 7.3, and enable individuals the opportunity to opt-out of direct marketing communications at any time.

Recommendation 4

6.37      The committee recommends that proposed APP 8.2(b) in item 104 of Schedule 1 of the Bill be amended to require an entity to inform an individual of the practical effect and potential consequences of any informed consent by the individual to APP 8.1 not applying to the disclosure of the individual's personal information to an 'overseas recipient'.

Recommendation 5

6.38      The committee recommends that the Explanatory Memorandum to the Bill be revised to clearly explain that an entity will be required to inform an individual of the practical effect and potential consequences of any informed consent by the individual to APP 8.1 not applying to the disclosure of the individual's personal information to an 'overseas recipient'.

Recommendation 6

6.42      The committee recommends that the Attorney-General's Department revise and reissue the Explanatory Memorandum to the Bill to clearly explain the enforcement‑­related functions and activities of the Department of Immigration and Citizenship, as justification for the classification of the 'Immigration Department' as an 'enforcement body' in item 17 of Schedule 1 of the Bill.

Recommendation 7

6.43      The committee recommends that the Attorney-General's Department revise and reissue the Explanatory Memorandum to the Bill to clearly explain the scope and intended application of the terms 'surveillance activities', 'intelligence gathering activities', and 'monitoring activities' in item 20 of Schedule 1 of the Bill.

Recommendation 8

6.47      The committee recommends that the provisions contained in item 82 of Schedule 1 of the Bill and for each Australian Privacy Principle which contains a 'permitted general situation' or 'permitted health situation' exception, a note should be added at the end of the relevant principle to cross‑reference proposed new section 16A of the Privacy Act 1988 and/or proposed new section 16B of the Privacy Act 1988, as appropriate.

Recommendation 9

6.48      The committee recommends that the Attorney-General's Department revise and reissue the Explanatory Memorandum to the Bill to explain the intended scope and application of the 'diplomatic or consular functions or activities' exception set out in item 6 in the table to proposed new subsection 16A(1) of the Privacy Act in item 82 of Schedule 1 of the Bill.

Recommendation 10

6.59      The committee recommends that proposed new subsection 6Q(1) in item 69 of Schedule 2 of the Bill be amended to require an appropriate amount of time, such as 14 days, to have elapsed from the date of a written notice before a default listing can occur.

Recommendation 11

6.1                  The committee recommends that the written notification in proposed new subsection 6Q(1) in item 69 of Schedule 2 of the Bill be amended to include a warning about the potential for a default listing by a 'credit provider' in the event that an overdue amount is not paid within a set period of time.

Recommendation 12

6.61      The committee recommends that proposed new subparagraph 6Q(1)(d)(i) in item 69 of Schedule 2 of the Bill be amended to reflect $300, or such higher amount as the Australian Government considers appropriate, as the minimum amount for which a consumer credit default listing can be made.

Recommendation 13

6.62      The committee recommends that the Office of the Australian Information Commissioner, in formulating guidelines under proposed new section 26V in item 29 of Schedule 3 of the Bill, include as a criterion the timeframe within which an individual's 'default information' can be listed by a 'credit provider'.

Recommendation 14

6.63      The committee recommends that the Office of the Australian Information Commissioner, in formulating guidelines under proposed new section 26V in item 72 of Schedule 2 of the Bill, include a requirement for credit providers to fully consider an application for financial difficulty assistance under the National Consumer Credit Protection Act 2009 before an individual's 'default information' can be listed.

Recommendation 15

6.78      The committee recommends that the Australian Government consider prohibiting the re-identification of 'credit reporting information' which has been de-identified for research purposes in accordance with proposed new subsection 20M(2) in item 72 of Schedule 2 of the Bill, and whether a proportionate civil penalty should apply to any breach of that prohibition.

Recommendation 16

6.81      The committee recommends that proposed new sections 20T and 21V in item 72 of Schedule 2 of the Bill be amended to:

  • create an obligation for the recipient of a request to take reasonable steps to have the information corrected by the entity which holds the disputed information;
  • create an obligation for the entity which holds the disputed information to correct the information within 30 days, if satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; and
  • create an obligation for the recipient of a request to notify the individual about the outcome of their request if that request has been determined by another entity which holds the disputed information.

Recommendation 17

6.84      The committee recommends that the regulations made pursuant to section 100 of the Privacy Act 1988 provide a mechanism for 'credit reporting bodies' and 'credit providers' who have received a request for the correction of an individual's personal information to note on the individual's credit file that a correction is under investigation, with the notation to be removed upon completion of that investigation.

Recommendation 18

6.86      The committee recommends that the Bill be amended to enable a 'credit reporting body' or 'credit provider' to correct an individual's personal information in exceptional circumstances, such as in the case of natural disasters, bank error, fraud, medical incapacity, and mail theft.

Recommendation 19

6.93      The committee recommends that the commencement date for the Bill remain at nine months after the Bill receives Royal Assent in order to provide certainty for all relevant stakeholders.

Recommendation 20

6.96      The committee recommends that, before the Bill's commencement date, the Office of the Australian Information Commissioner – in consultation with the Attorney-General's Department, as appropriate – develop and publish material informing consumers of the key changes to privacy legislation as proposed by the Bill, and providing guidance to Commonwealth agencies and private sector organisations to ensure compliance with the new legislative requirements.

Recommendation 21

6.98      Subject to the preceding recommendations, the committee recommends that the Senate pass the Bill.

Navigation: Previous Page | Contents | Next Page