opinion that:
Australia does have a national identification regime today,
one that serves most consumers quite well on a day-to-day basis.[121]
3.48
At the same time, the ACA acknowledged that:
It would be nave and complacent not to acknowledge challenges
within that regime. It does seem clear that some traditional authentication
documentation and credentials such as birth certificates, drivers' licenses and
various commercial statements are falling prey to counterfeiting and forgery
with the advent of technologies such as scanners, laser printers and colour
photocopiers. In our view these challenges need to be met, not with an
additional layer of electronic authentication, but by making existing processes
more robust. This means designing better documents, and constructing document
reference mechanisms that validate the credential in specific circumstances,
without intruding unnecessarily on the personal identity of the individual
holding it.[122]
3.49
Indeed, identity fraud as an invasion of privacy was a
related issue raised during the Committee's inquiry. The APF welcomed debate
about identity management, but was concerned that:
... too many initiatives in the area of identity management, some
involving the use of biometrics and smart cards, are being developed behind
closed doors, by vested interests, and without due regard for wider social
implications, including for privacy. There is far too much loose thinking around
the subject of identity management.[123]
3.50
In particular, the APF suggested that the extent of
identity crime is 'poorly quantified and often exaggerated.'[124] The APF came to the conclusion that:
There is a very strong argument to be made that the separation
of data in functional silos (health, taxation, transport etc) – far from being
a problem – is actually one of our strongest protections against security
breaches having traumatic consequences. Proponents of identity schemes,
monitoring and data matching seem to proceed on the nave assumption that their
scheme can somehow be made 100% accurate and secure, despite the evidence of
history, and the reality of all human systems, that errors and security
breaches will inevitably occur.[125]
3.51
The proposal for a 'national document verification
system', as recently reported in the media, was noted in some submissions.[126] However, EFA commented that the lack
of publicly available information about the scheme made it difficult to
determine privacy and security risks posed by the proposed scheme.[127]
3.52
In response to the committee's questioning on the
issue, the Privacy Commissioner noted that the OPC had been working with the
Attorney-General's Department on the proposed document verification service,
and had been provided funding in the recent budget for that purpose.[128]
3.53
During the Senate Legal and Constitutional Legislation
Committee's May 2005 Budget Estimates hearings, a representative of the
Attorney-General's Department elaborated further on the proposal and gave an
example of how it might work:
Someone might present at a passport office presenting a New
South Wales driver's licence as evidence of their
identity. The operator at the passport office would perhaps type in a few
details that appear on the driver's licence—for example, their name, their date
of birth, their gender or perhaps the driver's licence number. The message
would be sent electronically through a routing system to the road and transport
authority of, for example, New South Wales
asking them whether or not they had issued a document with those details on
them. Electronically, a message would come back yes or no. There is no exchange
of information per se.[129]
3.54
The representative further stated that:
The kind of procedure that would be involved in the document
verification service is not dissimilar to checks that they would already be
undertaking. What it aims to do and what it does do is provide an online
real-time check rather than something which is a manual process.[130]
Medicare
smartcard
3.55
Several submissions observed that the Australian
Government has recently launched a new 'Medicare smartcard'. Medicare
smartcards have been made available in Tasmania
on a trial basis as the first stage of their national introduction. According
to the Department of Health and Ageing, the card will be voluntary, and will
support the current uses of the Medicare card. The Department submitted that
the chip on the Medicare smartcard will also contain a consumer identifier, and
basic demographic and other patient information if required. The Department
noted that the use of the Medicare smartcard is governed by existing provisions
of the Privacy Act.[131]
3.56
A number of submissions raised privacy concerns in
relation to the Medicare smartcard.[132]
The Australian Medical Association (AMA) raised concerns about the consumer
identification number being embedded in the card, and the fact that there
appeared to be no stated purpose for that number.[133] Ms
Julia Nesbitt
explained to the Committee:
...there has still been no discussion on what the purpose of that
chip is and what the purpose of that number is. It goes to the issue of the
development of a unique patient identifier—the key to protection of an
individual's privacy and their understanding of their rights under the Privacy
Act. There must be a purpose associated with that number so the limits of the
use of that number can be understood.[134]
3.57
Ms Irene
Graham from EFA suggested that the Medicare
smartcard trial should be discontinued until further work has been carried out:
...we do not necessarily oppose the use of the smart card, but we
would like to see evidence that there is a reason to use a smart card and there
is no potentially less privacy invasive method of achieving the same objective.
Our core concern with the Medicare smart card proposal at the moment is that
there is simply no information at all that explains why a smart card is needed
or how it is going to be used to protect privacy and security of people's
information. All indications to us at the moment are that it is basically going
to have completely the opposite effect...we think the Medicare smart card
roll-out should be halted until there has been a proper assessment of and
justification for it.[135]
3.58
In particular, Ms
Irene Graham
suggested more specific laws may be needed in context of proposals like the
Medicare smartcard:
...if things like smart cards are going to be used for Medicare
with these databases where you can access your personal information, instead of
just having high level principles we need actual law that says the only people
who can access the back-end database are this organisation or this government
department or this set of people, instead of guidelines that just broadly say,
'If it is necessary to have access, then you can have access' and exemptions to
the privacy principles that are very broad by saying that law enforcement can
access information if it is necessary for the investigation of some law. We do
not believe that those kinds of very broad exemptions should apply to people's
medical and health information that would be in a Medicare smart card kind of
arrangement.[136]
3.59
EFA suggested that, at the very least, an independent
privacy impact assessment of the smartcard should be conducted, and that
security measures should be built into the smartcard.[137]
3.60
The AMA noted that the Medicare smartcard was announced
'without any consultation with the wider community.'[138] Ms
Nesbitt of the AMA argued that there should
be:
...strong consultation should the smartcard be the solution that
the government ultimately accepts...They were talking about all sorts of things
being on the card—for instance, allergies. It is not good clinical practice for
a patient to go into Medicare and say, 'I'm allergic to this and allergic to
that.' It needs really close consultation with the medical profession about
what should be on it. What is the most important information, what is really
necessary, from a clinical perspective, should be on the card.[139]
3.61
When questioned by the committee on the consultation
undertaken in relation to the Medicare smartcard, the Department of Health and
Ageing responded that:
Six Consumer Focus Testing sessions were held in June 2004 to
understand attitudes and expectations about the use of the smartcard prior to
its release.[140]
3.62
The Department of Health and Ageing also noted that
that government agencies and providers had also been consulted, and that:
In-depth consultation took place with consumer representative
groups and consumer focus groups. Consumer groups consulted were Consumers'
Health Forum, Chronic Illness Alliance, Health Consumers Rural and Remote
Australia, Australian Federation of Disability Organisations and the Health
Issues Centre.[141]
3.63
In response to the committee's questioning on the
Medicare smartcard, the OPC noted that it had provided advice on the proposed
smartcard.[142] For example, the OPC
had advised that protections against, and restrictions on, 'function creep',
including a clear articulation of the purpose of the card, will be necessary in
gaining community and stakeholder confidence. It also noted that the Medicare
smartcards are intended to be voluntary and individuals without them should not
be disadvantaged.[143]
3.64
EFA were sceptical about the voluntary nature of the
smartcard, arguing that while the card may be optional initially:
The next stage would occur in a few years when the remaining
members of the public who had declined to opt in would be told that it has
become too costly, or impractical, to continue with two different cards so the
smart card and reliable national identification number has become mandatory.
Thereafter it is a relatively simple matter to add new applications to the
card, as just one example, to control the types of purchases that may be made
with welfare payments.[144]
3.65
Indeed, several submitters raised concerns about the
potential for function creep in relation to the Medicare smartcard. EFA
suggested that it has high potential to result in the equivalent of an
Australia Card.[145] EFA argued that
the Medicare smartcard:
...seems likely to become requested, or required, as a primary proof of identity
document...Whether this will occur will depend on whether a card's chip contains
the "optional" photograph/s and of course whether the inclusion of
photographs remains optional.[146]
3.66
Others expressed concern about the use of the Medicare
smartcard for other purposes, including welfare related purposes.[147] For example, Mr
Bill O'Shea
from the LIV noted that:
Just yesterday we saw Minister Hockey making an announcement
about the possible use of smart cards to link this information. We believe that
is inappropriate and we would oppose it. We are not saying that we therefore
support welfare fraud. We are saying that there is a more fundamental issue at
stake here and that is that smart cards should be used sparingly and only to
the extent that it is absolutely necessary.[148]
3.67
However, the Department of Health and Ageing stated
that 'there is no intention to widen the use of the Medicare smartcard or
identifier beyond the health sector.'[149]
When questioned further by the committee on this issue, representatives from
the Department of Health and Ageing responded that the extension of the
Medicare smartcard to use by other agencies such as Centrelink was not under
consideration by the Department and that:
From the perspective of our department, at this stage there is
no intention for the function of the HealthConnect card to be wider than health
information.[150]
3.68
However, the committee notes that Cabinet has recently
approved a proposal by the Minister for Human Services, the Hon.
Joe Hockey MP,
to expand the use of the Medicare smartcard by linking it to other Government
services, including welfare services.[151] Minister Hockey has explained that "what
the smartcard represents is one set of keys to open a number of doors to a
range of government services and benefits".[152]
Biometrics
3.69
The term 'biometrics' refers to a range of measures of
biological data. Biometric information can include fingerprints, retina/iris
scans, hand geometry, facial scans, voice recognition, DNA samples, and
digitized (electronically stored) images.[153]
Some submissions therefore suggested that the inquiry's terms of reference,
which refer to 'biometric imaging data', should include biometric data more
generally.[154]
3.70
There were mixed views as to whether biometric
information would be covered under the current Privacy Act, and whether the use
of biometrics is privacy enhancing or privacy invasive.[155] The APF acknowledged that biometrics
could be privacy enhancing when used to provide security against unauthorised
access to other personal information. At the same time, the APF was concerned
that biometric technology could be privacy intrusive, for example, when used to
monitor an individual's movements or activities.[156] Some submitters believed that the
greatest threat to privacy would arise through the storage of biometric data.[157]
3.71
Some submissions expressed concern about the
reliability and vulnerability of the technology associated with biometric data.[158] For example, the LIV suggested that:
The biometric encryption system is vulnerable and highly
susceptible to be infiltrated by hackers. Subsequently the system is not
secure.[159]
3.72
Mr Bill
O'Shea from the LIV elaborated on this
during the Committee's hearing in Melbourne:
In terms of biometric encryption, we do not believe the
technology is secure. If the technology was secure, we would be more comfortable
about biometric encryption being used. However, we believe it is still subject
to hackers and interception, and we urge caution in terms of allowing biometric
encryption in Australia
until that technology improves further.[160]
3.73
Several submitters were also concerned that once
biometric data has been compromised or stolen, it is very difficult to rectify
the problem.[161] For example, Lockstep
Consulting observed that 'most biological traits can in fact be duplicated with
sufficient fidelity to fool most biometric detectors.'[162] Lockstep Consulting continued:
...the critical question is: What are we to do in the event that
an individual's biometric identity becomes compromised? We know what do when
any other authenticator is stolen, be it a password, a magnetic stripe card, or
a smartcard: we simply revoke it and issue a new one. But as things stand
today, no biometric identifier can be cancelled and re-issued. In the event of
biometric identity theft, there would appear to be no alternative but to
withdraw the affected user from the system.[163]
3.74
Similarly, the Australian Electrical and Electronic
Manufacturers' Association (AEEMA) noted that 'once stolen, a biometric is
stolen for life.'[164]
3.75
The Office of the Victorian Privacy Commissioner
suggested that privacy impact assessments should be conducted before differing
biometric devices are introduced.[165] Similarly,
the National Health and Medical Research Council (NHMRC) recommended that there
should be extensive public consultation in relation to the use of biometric
imaging.[166]
Biometric Passports
3.76
The Department of Foreign Affairs and Trade (DFAT)
submitted details of the proposed introduction by 26 October 2005of
facial biometrics into all Australian passports.[167] This proposal follows the adoption
of facial recognition as the global standard for biometric identifiers in
passports by the International Civil Aviation Organisation (ICAO). Further,
from October 2005, the United States (US) will require travellers from its Visa
Waiver Program countries to have introduced a biometrics passports system.[168]
3.77
DFAT submitted that the introduction of facial
biometric technology into Australian passports is 'as much about protecting the
privacy of passport holders as it is about improving the security of the
process.'[169] DFAT explained in its
submission that, under the proposed new passport system, the biometric
information obtained from an individual's passport photograph will be stored in
a contactless chip embedded in the passport.[170]
DFAT submitted that the information sought from applicants will remain the same
– that is, a photograph. DFAT argued that 'the only change is that the
individual will be matched to an image of themselves by a machine rather than a
person.'[171] A representative of DFAT
explained to the Committee that the chip on the passport will contain:
Only the information that is currently shown on the data page.
The suggestion that biometric data is something different is probably one of
the greatest misunderstandings in relation to the introduction of this
technology. It is simply what we now have on the data page of the passport. The
only difference is it is written to the chip as well.[172]
3.78
The representative of DFAT elaborated on this:
...what is being proposed is nothing different, really, to what
exists currently. There is no more data involved in the e-passport process.
There is no more data held centrally on Australian citizens than there is
currently. We currently have biodata. We have all of the personal details of
Australian passport applicants. We currently have images on our passport
databases. Those things would remain under the e-passports project.[173]
3.79
The use of facial biometrics in passports will be
regulated under the Australian Passports
Act 2005 (Passports Act), which commences on 1 July 2005. The Passports Act enables the Minister to
determine particular methods and technologies that can be used to confirm 'the
validity of evidence of the identity of an applicant for an Australian travel
document'. Any determination relating to the use of personal information must
specify the nature of the personal information and the purposes for which it
may be used.[174]
3.80
DFAT submitted that 'it is the Government's intention
to implement the new [Passports] Act in a manner consistent with the privacy
principles and policies embodied in the Privacy Act 1988.'[175] DFAT also submitted that the
Minister's determination will be 'underpinned by a Privacy Impact Assessment
which will be subject to scrutiny by the Office of the Federal Privacy
Commissioner'.[176]
3.81
In response to the committee's questioning on to the
extent to which privacy impact assessment had been, or was being, conducted in
relation to the biometric passports, a representative of DFAT replied:
There have been two privacy impact assessment projects conducted
so far. One was done prior to the introduction into parliament of the
legislation. That was done last year. That privacy impact assessment of course
included the provisions relating to the introduction of biometric technology
into Australian passports. And there is currently a biometrics- or e-passports-
specific privacy impact assessment being prepared.[177]
3.82
The representative noted that the assessment was being
prepared 'internally in consultation with privacy advocates and the Privacy
Commissioner'.[178]
3.83
Indeed, the OPC noted that it had provided advice on
the passports legislation, and that this advice had been 'taken on board'.[179] Further, it was noted that the
Privacy Commissioner had been funded in the recent budget 'to work with Customs
and DIMIA [Department of Immigration and Multicultural and Indigenous Affairs]
and DFAT on biometrics.'[180]
3.84
However, EFA advised that they believed that any
privacy protection afforded by the Privacy Act in this context was likely to be
'weak at best'. In particular, EFA was concerned that any disclosure pursuant
to a determination made by the Minister under the Passports Act would be 'authorised
or required by law' and therefore fall within the category of disclosure to
which the Privacy Act does not apply.[181]
3.85
Some submitters were also concerned that the chip to be
implanted in passports could be read remotely, and that this could actually
facilitate identity theft.[182] For
example, Mr Roger
Clarke described the passports proposal as 'nave
and dangerous', arguing that placing enormously sensitive data into an RFID
tag, including biometrics will facilitate identity theft.[183]
3.86
In a similar vein, EFA argued that 'the particular type
of computer chip to be implanted in passports is also a danger to individuals'
security and privacy'.[184] According
to EFA:
The information on the chips can be read remotely by anyone with
any reader, not just by the reader to be used by immigration/customs officials.[185]
3.87
During the committee's hearing in Canberra,
a representative from DFAT responded to this suggestion:
We are very aware of the concerns of not only privacy advocates
but a number of others within the community, in Australia
and internationally, particularly in the United
States, about this possibility of
eavesdropping—the illegal reading of passport data contained on microchips—or
skimming, as it is commonly known. We have looked at this quite extensively and
our testing to date has failed to prove that it is a possibility, frankly. But
it remains a very strong perception and we have taken the view that, in the
longer term at least, it will be possible to do it. So to mitigate that
possibility we have decided to introduce a coded arrangement, called basic
access control, which will require that the machine-readable zone on the data
page of the passport be read in order to unlock the chip—in other words, the
data on the chip will be protected and will not be able to be read unless that
pin is used to unlock it.[186]
3.88
The ACA was concerned about the reliability of
biometric technology, and the 'possible expanded use of the credential in Australia
rather than as a travel document in and out of Australia.'[187] For example, the ACA observed that
the reference material about biometrics provided by DFAT noted that some of the
reasons for an incorrect or low scoring match included, for example, a smile
with teeth showing, hair over the face, non-centred pose, or glasses with dark
tint. ACA submitted that:
This has resulted in new passport photo guidelines being
developed to ensure submitted passport photos will provide the best possible
performance for biometric matching. In the worst sort of technology push
imaginable, we face the prospect of a requirement for citizens to submit
unsmiling to imaging procedures, wearing standardised spectacles, with
government standard haircuts, in a special official pose – a prescription that
seems more suited to North Korea
than to Australia.[188]
3.89
A representative of DFAT responded to these concerns:
It is, of course, correct that, with ageing, simple things like
hair covering foreheads, beards and glasses and so on can have impacts on this
technology. I think the important thing to note is that we have done a lot of
testing with regard to those issues. Because this technology is based on what
we call eye coordinates, we have been able to do a lot of work within the
software to ensure that we can get matches about 98 per cent of the time. As
far as the other two per cent are concerned, all that happens, if somebody has
got older and cannot be matched, is that they will simply be referred to a
secondary processing at airports, for example, to ensure that they are who they
claim to be. I think there is some misunderstanding that individuals will
suffer as a result of perhaps not having been matched...It is generally accepted
the way those people will be processed is simply the way they are processed
now. The data on the microchip is designed to facilitate the processing of
people through matching.[189]
Draft Biometrics Privacy Code
3.90
Some submissions noted that the Biometrics Institute
(an independent organisations for users of biometric services and products)[190] had prepared a draft privacy code of
practice, which has been submitted to the OPC for registration as a code of
practice for the biometrics 'industry' under Part IIIAA of the Privacy Act.[191] The APF and the ACA expressed some
concern about this proposal. In particular, the APF noted that, for many
organisations the proposed biometrics code would only apply to a small part of
their full range of activities. Any activities that did not involve the use of
biometrics would remain subject to the NPPs, and it would be difficult to draw
a clear distinction in most biometric applications.[192]
3.91
ACA expressed a more general concern about the use of
codes to cover technologies, rather than industries:
In our view Codes were envisaged by the legislation as applying
to industries, or more narrowly to parts of industries or even organisations.
This could be characterised as a 'vertical' orientation. The development of
codes to cover technologies that might be used by any number of industries
could be characterized as 'horizontal'.
3.92
Some of the ACA's concerns in relation to this
'horizontal orientation' of industry codes included that companies would need
to understand the circumstances in which the technologically specific code
would apply and the boundaries to that in their operations. The ACA also noted
that this approach could result in companies being subject to a number of
codes, which would need to be consistent.[193]
Finally, the ACA was concerned that:
The granting of Code registration may well be taken as an imprimatur
to the further deployment of a technology, when this is not the function or
purpose of the Code. The OFPC does not have the resources or expertise to
approve technologies for deployment into the Australian market – it should not
be required to act as if it did.[194]
3.93
In the context of the proposed biometrics code, the ACA
observed:
Many organisations that might use biometric technologies would
be covered by Privacy Codes that relate to their specific vertical industry
(such as direct marketing, insurance or banking) and certainly be covered by
the default OFPC arrangements. Hence the Biometric Code may cover a certain
part of a transaction, but other portions would be subject to the generic
arrangements. This would not produce certainty or simplicity for either
consumer or company.[195]
3.94
However, as noted earlier in this chapter, the OPC's
review of the private sector provisions recommended new powers to develop
binding codes, and suggested that these biding codes could be used to deal with
technologically specific situations.[196]
The OPC's recommendation to consider binding codes is considered further in
chapter 4.
Genetic testing and discrimination
3.95
The inquiry's term of reference (a)(ii)(c) requires the
committee to consider the capacity of the Privacy Act to respond to genetic
testing and the potential disclosure and discrimination of genetic information.
This issue has been the subject of recent comprehensive inquiry and report by
the Australian Law Reform Commission (ALRC) and the Australian Health Ethics
Committee (AHEC) of the NHMRC. This section does not intend to repeat all the
issues, concerns and recommendations raised during that inquiry, but will
merely summarise the key recommendations and the response to, and
implementation of, that inquiry to date.
3.96
It is noted that the debate on genetic privacy and
discrimination has been underway in Australia
for some time now. In March 1999, the Senate Legal and Constitutional
Legislation Committee considered the issue of genetic privacy in its inquiry
into the Genetic Privacy and Non-discrimination Bill 1998, which was introduced
by Senator Natasha Stott Despoja.[197] That Bill
was modelled on US
legislation.[198] That inquiry
recommended that the Bill not proceed, pending
the further examination of a number of issues.[199]
3.97
That inquiry was followed by the inquiry and report on the
protection of human genetic information in Australia
by the ALRC and NHMRC.[200] As Professor
Chalmers of the Centre for Law and Genetics
observed:
Without the introduction of the original genetic discrimination
legislation in the Senate...I am not sure that this country would have moved
quite so quickly towards the establishment of the ALRC recommendations. I think
it has spurred our attention.[201]
3.98
The ALRC and NHMRC report, entitled Essentially Yours, was published in March
2003. As Professor David Weisbrot of the ALRC explained to the Committee, this
inquiry considered three key matters relating to the protection of human
genetic information, and in particular: privacy protection; unlawful
discrimination and ethical standards.[202]
Professor Weisbrot
further explained that:
We then took that across a very wide array of subject matter,
including those in the medical and health area, like clinical research, the
deliverance of clinical services, public health administration, genetic
databases and so on. On the more medical legal side, we looked at issues of
insurance, immigration, employment, the use in sport, the delivery of services
and a range of other issues, including identity testing, whether that was done
for parentage purposes or the potential—I think harmful potential—in using it
to determine race or ethnicity in the case of Aboriginality, and a range of
related matters. The privacy concerns, as I said, were looked at in a wide
array of contexts.[203]
3.99
The ALRC and NHMRC report concluded that legislative
issues relating to genetic information are best addressed through existing
legislation such as the Privacy Act, rather than a new regulatory framework
dedicated specifically to the protection of genetic information.[204] Many submitters were supportive of
this approach.[205] For example, Mr
Bill O'Shea
from the LIV agreed:
...we would not see separate legislation being required on this
issue. I do not think the current legislation we have in Australia
protects us in this area because I do not think it specifically includes the
express prohibitions against it that we are suggesting. It does not necessarily
have to be directed at employers or insurers; I think it is a matter of an
individual's genetic information being the property of that individual and
therefore it needs their consent before it can be disclosed. That way it is
applicable to anyone who wishes to have access to it. There can be exceptions.
.... The default position ought to be that that information cannot be used
without the consent of the individual, and I think that can be done by amending
the existing act.[206]
3.100
Similarly, the Anti-Discrimination Board of New South
Wales expressed its view that:
...discrimination on the basis of genetic information is not so
fundamentally different from other forms of discrimination that it cannot be
adequately addressed under the existing privacy and anti-discrimination
legislation framework, state and federal.[207]
3.101
Many submissions expressed concern that genetic
information is not currently adequately protected under the Privacy Act, or
that at the very least, clarification of the Privacy Act is required.[208] For example, the Anti-Discrimination
Board of New South Wales submitted that:
Rather than acting as an impediment to the development and
application of genetic technology, effective anti-discrimination and privacy
legislative regimes are critical to realising the public health benefits of
genetic discrimination.[209]
3.102
The ALRC's submission to this inquiry summarised some
of the key recommendations relating to the Privacy Act made in the Essentially Yours report, including:
- amendment of the definitions of 'health
information' and 'sensitive information', expressly to include human genetic
information about an individual (Recommendations 7-4, 7-5);
- extension of the definition of 'health
information' to include information about an individual who has been dead for
30 years or less (Recommendation 7-6);[210]
- extension of the coverage of the Privacy Act to
all small business operators that hold genetic information or samples (Recommendation
7-7);
- extension to cover identifiable genetic samples
(Recommendations 8-1, 8-2);
- creation of a right of an individual to access
his or her own body samples for the purpose of medical testing, diagnosis or
treatment (Recommendation 8-3);
- creation of a right of an individual to access
genetic information or body samples of his or her first-degree genetic
relatives, where such access is necessary to lessen or prevent a serious threat
to his or her life, health or safety (Recommendations 8-4, 21-3);
- permission for a medical professional to
disclose genetic information about his or her patient to a genetic relative,
where this disclosure is necessary to lessen or prevent a serious threat to an
individual's life, health or safety (Recommendation 21-1); and
- amendments to ensure that employee records
containing genetic information are subject to the protections of the Privacy
Act (Recommendations 34-1, 34-2).[211]
3.103
In relation to the amendment to the definitions of
'health information' and 'sensitive information' to refer specifically to genetic information, the ALRC's submission
noted that:
...genetic information should receive the heightened protection
afforded to health and other sensitive information under the Privacy Act, but
that the existing definitions of health information and sensitive information
do not provide the desired level of protection for all genetic information.
There are circumstances in which genetic information may not amount to 'health
information'—either because the information is not about health, disability or
the provision of a health service (as in the case of parentage or forensic
testing, where the focus is on identification), or because it is not about the
health or disability of an existing individual (as sometimes may be the case
with genetic carrier testing, where the information is primarily about the
health of future children).[212]
3.104
As to the coverage of genetic samples, the ALRC noted
in its submission that:
The Inquiry concluded that the Privacy Act does not currently
cover genetic samples, even where these are identifiable to an individual (eg,
the container has a name or identifier attached)... There was broad support for
extension of the Privacy Act to cover identifiable genetic samples in the
submissions and in the extensive national consultations conducted by the
Inquiry partners.[213]
3.105
Some submissions to this inquiry expressed caution
about these issues. For example, the Queensland Institute of Medical Research
also suggested that the term 'genetic testing' should be very carefully defined
in any amendments to Privacy Act.'[214]
The National Serology Reference Laboratory submitted its concerns that any
future changes to the Privacy Act should not introduce restrictions or
processes which might interfere with its access to required samples.[215]
3.106
However, the ALRC noted that the Essentially Yours report identified a number of reasons for
protecting genetic samples under privacy legislation, including that:
- genetic samples are closely analogous to other sources of
personal information that are covered by the Privacy Act and should be
protected by rules that are consistent with those applying to the genetic
information derived from samples;
- there are gaps in the existing framework for protecting the
privacy of individuals from whom genetic samples are taken or derived;
- these gaps may be remedied if the National Privacy Principles
(NPPs) or a set of similar privacy principles were to apply to genetic samples;
and
- no circumstances have been identified in which applying the
Privacy Act to genetic samples would lead to adverse consequences for existing
practices involving the collection and handling of genetic samples.[216]
3.107
Professor Weisbrot
of the ALRC noted that:
We thought that bringing the Privacy Act into the lab in that
way, by coverage of samples, would work. I should say we initially had some
resistance from researchers, who threw up their arms: they were already
overregulated. When we talked to the people who run good labs, though, and we
went through their processes, the end result was that they did not have to do
anything differently. If you run a good, clean, ethical lab, you keep records
properly and you are sensitive to issues of privacy and confidentiality, you
would not have to do anything differently. I am sure it is the same in other
aspects of industry. If you are doing your job properly, you do not worry about
the Privacy Act.[217]
3.108
The ALRC also noted that its inquiry expressed very
serious concern about the potential for non-consensual collection and analysis
of DNA samples. Professor Weisbrot
observed that there is currently little legal protection against such testing:
...it is still technically possible and it is getting easier, in
the absence of legal regulation, for that genetic testing to occur because the
material is so readily obtainable and the costs of genetic testing are going
way down.[218]
3.109
The ALRC therefore recommended a new criminal offence
to prohibit an individual or a corporation from submitting another person's
sample for genetic testing, or conducting such testing, without the consent of
the person concerned or without other lawful authority.[219] Professor
Weisbrot explained to the Committee:
We felt so strongly about the integrity of the individual to be
free from non-consensual testing—and, I should emphasise, not only in the
parentage area but across the board, whether it is an insurance company,
government, the media or others—that we recommended the implementation and
establishment of a new crime of taking someone else's DNA and submitting it for
testing without that person's consent or without other lawful authority. The
other lawful authority could be an order from the Family Court or another court
that orders paternity testing or it could be a statutory authority where a law
enforcement officer has to take DNA samples for the purposes of a criminal
investigation or it could be research that is being done under a Human Research
Ethics Committee approved process. But we felt that surreptitious testing
should be sanctioned.[220]
3.110
Professor Weisbrot
noted that the United Kingdom
parliament was currently considering legislation with a similar provision prohibiting
such non-consensual genetic testing.[221]
3.111
Parentage testing was another issue considered in the
ALRC's report – that is, DNA testing for the purpose of determining parentage
or kinship.[222] The report made a
number of recommendations, including, for example, that DNA parentage testing
should be conducted only by accredited laboratories, operating in accordance
with the specific accreditation requirements. The report also recommended that parentage
testing reports should be inadmissible in proceedings under the Family Law Act 1975 unless the testing
complies with the Family Law Regulations
1984.[223]
Genetic discrimination
3.112
Several submissions expressed concern about genetic
discrimination, particularly in the insurance and employment context.[224] For example, the Cancer Council of
New South Wales submitted that:
The access to and use of genetic information by insurers is a
matter which has a clear concern for us. We believe the current state of
research with genetics in many conditions, including cancer, still has a high
level of uncertainty and hence risk assessment used in underwriting will not be
accurate. Accordingly the collection of genetic information by the insurance
industry should still be subject to restriction.[225]
3.113
The Cancer Council of New South Wales noted that the Investment
and Financial Services Association (IFSA) has a genetic testing policy, which
is an agreement between life insurers that they will not require applicants for
life insurance to undergo a genetic test. The agreement, approved by the Australian
Competition and Consumer Commission, has been in force since November 2000 and
was extended for two years from December 2003 until December 2005.[226] The Cancer Council of New South
Wales suggested that this policy should remain in place indefinitely.[227]
3.114
The Centre for Law and Genetics noted that it had been
funded by the Australian Research Council for a 'Genetic Discrimination
Project', which had so far 'identified about 24 or 25 genuine cases where
genetic information has been used in a discriminatory fashion.'[228]
3.115
The Essentially
Yours report recommended that the Disability
Discrimination Act 1992 be amended to clarify that the legislation applies
to discrimination based on genetic status (recommendation 9-3).[229] The Anti-Discrimination Board of New
South Wales supported this recommendation in its submission:
Although in the Board's view the current definitions of
disability in both the ADA [Anti-Discrimination Act 1977 (NSW)] and the Disability Discrimination Act 1992 (Cth) cover genetic
discrimination, there is a strong public interest rationale for making such
coverage explicit in all state/territory anti discrimination legislation.[230]
3.116
The committee notes that the Productivity Commission's
recent review of the Disability
Discrimination Act 1992 made a similar recommendation that the definition
of 'disability' in section 4 of the Disability
Discrimination Act 1992 should be amended to ensure that it is clear that
it includes genetic predisposition to a disability that is otherwise covered by
the Act.[231]
Response to the Essentially Yours report
3.117
Many submissions were supportive of the Essentially Yours report and the
implementation of its recommendations.[232]
Professor David
Weisbrot of the ALRC noted that the ALRC's
report had been well received overseas:
It has probably been the ALRC's biggest hit overseas, in part
because the issues involved are so international; it is not looking at an area
of local law. It has been used very extensively by Health Canada,
which is the department of health there. The OECD working group on human
genetic research databases and their working group on genetic testing are both
using it very extensively. The Human Genome Organisation's ethics committee and
UNESCO's bioethics committee are both referring to it regularly. The Japanese
government, the South Korean government and a number of others have referred
specifically to it and adopted bits of it. We have been very gratified to see
that it has been very influential in that
way.[233]
3.118
However, many submissions were concerned that, here in
Australia, the Australian Government has thus far failed to respond to the
report and that most of the report's recommendations have not yet been implemented.[234] For example, the NHMRC submitted
that:
...implementation of the recommendations in Essentially Yours is important and should take place without
further delay.[235]
3.119
The ALRC noted in its submission that:
The Australian Government has not yet formally responded to the
report, although it is understood that the Attorney-General's Department and
the Department of Health and Ageing are coordinating a formal
Whole-of-Government response.[236]
3.120
The Department of Health and Ageing submitted that the
government is currently considering the report and is likely to provide a
formal whole of government response.[237]
Professor Weisbrot
of the ALRC acknowledged that the ALRC report:
...cuts across many portfolios, and I think that is the issue. It
is being primarily coordinated by Health, and the Attorney-General's Department
has been involved and active. But, looking at the subject matter here, my guess
is that you would also have to deal with DIMIA, Workplace Relations, Education,
Science and Technology, DFAT and, no doubt, a range of other departments. So I
think it is probably a very large coordination project, and involves getting
the sign off from all the various ministers and so on. I am not aware that
there are any major issues of principle holding things up. I suspect it is more
a question of the coordination. But again that is a third-party process
impression.[238]
3.121
During the committee's hearing in Sydney,
Professor David
Weisbrot noted that he had heard informal
reports that a response would be provided 'soon'. [239]
3.122
In response to the committee's questions on the issue,
a representative of the Attorney-General's Department noted that 'the timing of
the final release of government responses is of course a matter for ministers',
and that:
A considerable amount of work has been done and there are
certain clearance processes that need to be gone through...there are a number of
ministers and agencies that have some involvement in that. I cannot give you a
specific date but a considerable amount of work has been done in putting together
a response.[240]
3.123
Further, during the committee's hearings, Professor
Weisbrot of the ALRC pointed out to the committee
that, in the recent 2005-06 Budget:
...the government allocated $7.6 million to establish a human
genetics advisory committee. That would be another principal committee of the
NHMRC. That basically implements the central recommendation of the ALRC's
report, which is that we need a standing committee to monitor developments in
this area and to provide expert advice—both technical scientific advice and
advice about the ethical, legal and social implications of the new genetics.[241]
3.124
In response to the committee's questions, Professor
Weisbrot noted that the ALRC's preference
was for an independent, stand-alone commission because:
...a commission would be likely to attract adequate resources,
although I am reassured by the allocation that has been made now that it will
have adequate resources to do the job; and, secondly, that not all the issues
were purely health related.[242]
3.125
Professor Weisbrot
stated that a committee of the NHMRC would be the ALRC's 'second preferred
model', but that:
...it should be a standards setting and advisory and coordination
education body, rather than a regulator, and that the regulation function
should go to other bodies that normally have that function.[243]
3.126
Professor Don Chalmers
of the Centre for Law and Genetics also noted and described the budget proposal
as 'a very good step forward'. He noted that although there are some matters
which will not be fully classified as research or health, his understanding was
that the NHMRC would have the capacity to deal with matters outside the health
area.[244]
3.127
In response to the committee's questions on the issue,
a representative of the NHMRC noted that:
The committee has not yet been established but, as you say, it
will be a principal committee of NHMRC, and it will be appointed by the
minister following consultation with relevant stakeholders. It is anticipated
that the principal committee will start its work to coincide with the beginning
of the new triennium, which is January 2006.[245]
3.128
A representative of the Department of Health and Ageing
explained to the committee:
In the recent budget the government provided funds for the
establishment of an expert advisory committee on human genetics. This will be
established as a principal committee of the National Health and Medical
Research Council. Its role will be to provide advice on current and emerging
issues in human genetics and related technologies, and to provide advice on the
complex social, legal, ethical and scientific issues that arise from these
technologies. The reconciliation of the privacy of an individual with
imperatives of research and the benefits that will give to individuals'
families and communities will, of course, be among these current and emerging
issues that it will advise on.[246]
3.129
In response to the Committee's requests for further
details in relation to this proposed committee, the Department of Health and
Ageing replied that the committee will be established from January 2006, and that
the 'expertise and composition of the new committee are yet to be established.'
The Department also noted that the new committee will work closely with the
NHMRC and other Principal Committees, in consultation with the Minister.[247]
3.130
Some other aspects of the Essentially Yours report have also been implemented. For example, Professor
Weisbrot noted that the Family Law Regulations had been amended in accordance with the
ALRC's recommendations in relation to parentage testing:
...the family law regulations were changed in accordance with the
ALRC recommendations relatively recently...There was change to upgrade the
identification and consent requirements in relation to laboratory testing for
parentage purposes and that is what we did recommend in the report. So that has
been done separately and did not require legislation; it was a new regulation.
That was exactly in the terms that the ALRC recommended. So there are some
improvements there.[248]
3.131
However, he noted that other aspects of the parentage
testing recommendations had not yet been implemented, such as the proposal that
only accredited labs do the testing.[249]
3.132
The Committee notes that the government has responded
to the Productivity Commission's review of the Disability Discrimination Act 1992, and this response mentioned the
ALRC and NHMRC's recommendations on genetic discrimination. The response
stated:
The Government accepts the concerns raised by the Productivity
Commission and the [ALRC-NHMRC] Inquiry that the definition of disability needs
to be clarified so that it includes a genetic predisposition to a disability.
The current definition of disability includes disabilities that may exist in
the future or are imputed to a person. The Government considers that this
includes a genetic predisposition to disability. However, clarification is
desirable to the extent that there is any doubt. The Government considers it
would be more appropriate to provide an advisory note in the DDA [Disability
Discrimination Act 1992], rather than amend the definition itself.[250]
Microchip implants and RFID technology
3.133
The Committee's terms of reference for this inquiry
refer to microchips which can be implanted in human beings (for example, as
recently authorised by the United States Food and Drug Administration).[251] The authorisation refers to the
approval, in October 2004, by the United States Food and Drug Administration
(US FDA) for the use of 'Verichip' technology for medical purposes.[252] The 'Verichip' is a miniaturised,
implantable RFID. RFID has been described as:
...tiny silicon chips that broadcast a unique identification code,
when queried by a reader device using radio waves. At present, they can return
such a signal from distances up to a few tens of metres depending on the
communicating frequencies and transmitting powers involved. The tags may be as
small as rice grains, positioned within ID cards, tokens, wristbands, or even
under the skin, as in the use of microchips for pets.[253]
3.134
As the Office of the Victorian Privacy Commissioner
observed:
Although Radio Frequency Identification (RFID) was initially
used primarily for tracking objects (such as individuals items of foodstuff,
clothing and books), it is gradually being used to track people (such as
children) by embedding RFID chips in clothing or cards.[254]
3.135
The 'Verichip', as approved by the US FDA, is described
as 'a subdermal RFID device' about the size of a rice grain.[255] The manufacturer explains that each
'Verichip' contains:
...a unique verification number that is captured by briefly
passing a proprietary scanner over the VeriChip... A small amount of radio
frequency energy passes from the scanner energizing the dormant VeriChip, which
then emits a radio frequency signal transmitting the verification number.[256]
3.136
The US FDA has approved the 'VeriChip' for medical uses
– such as confirmation of identity, blood type, potential allergies and medical
history of unconscious patients. However, according to the manufacturer, the 'VeriChip
is not an FDA-regulated device with regard to other potential uses, such as security,
financial, personal identification/safety applications'.[257]
Indeed, the Office of the Victorian Privacy Commisioner noted that, according
to Verichip, the technology is:
...being actively developed for a variety of security, defense,
homeland security and secure-access applications, such as authorized access
control to government and private sector facilities, research laboratories, and
sensitive transportation resources.[258]
3.137
Few submissions specifically addressed the issue of
human microchip implants. Of those that did, several submissions suggested that
the use of microchip implants should be prohibited, pending further research,
public consultation and the implementation of a suitable regulatory regime.[259] For example, the NHMRC submitted
that:
If the use of implanted microchips involves tailoring the
information to specific individuals as an extension of pharmacogenetics, for
example full identification which could be useful in certain circumstances such
as disaster victim identification, ethical issues including loss of freedom;
compulsion or coercion of the individual to accept a microchip (especially
minors); access to information contained on the microchip beyond health
applications; and the individual’s ability to update or change information as
needed would arise. The NHMRC believes there needs to be a thorough and full
examination of all the issues before such a proposal is considered further in Australia.[260]
3.138
Mr Roger
Clarke expressed strong concern that
proposals for the use of human microchips are 'coming forward in a regulatory
vacuum', and in particular that:
The much-heralded FDA 'approval' for chip-implantation was
merely a statement that the procedure does not automatically violate health
care laws.[261]
3.139
Mr Roger
Clarke argued that:
The Parliament has a responsibility to proscribe all uses of
chips in or closely associated with humans, and to sustain the ban until after
research and public consultation have been undertaken and a suitable regulatory
regime devised and implemented.[262]
3.140
In response to the committee's questions on notice on
this issue, the Office of the Victorian Privacy Commissioner expressed the view
that implanting the RFA devices under the skin 'raises additional privacy
concerns that need to be debated.' The Office noted the use of electronic
monitoring has recently been authorised in Victorian law for serious sex
offenders released from custody, but that the Victorian legislation 'is silent
as to whether a tracking device can be implanted under the ex-offender's skin.'[263] The Office of the Victorian Privacy
Commissioner argued that:
Any such interference with bodily integrity, if ever
contemplated in extraordinary circumstances, should only be done under clear
authority of law or by voluntary and informed consent, and with appropriate
safeguards to protect the health, privacy and dignity of the individual to be
tracked, and those with whom he or she lives and associates.[264]
3.141
In contrast, other submitters commented on the possible
benefits of such technology, depending on their application and use.[265]
3.142
The Department of Health and Ageing submitted that it
was not considering the introduction of a microchip for human use here in Australia
in the foreseeable future. However, the Department noted that such implants may
not fall within the definition of 'therapeutic good' or 'medical device' under
the Therapeutic Goods Act 1989,
depending on the particular use and medical applications.[266]
3.143
In response to the Committee's questions on the issue
of microchips, the Privacy Commissioner, Ms
Karen Curtis
replied:
We have not provided any advice to any Australian government
about microchips. One of the clear principles that underpin our Privacy Act is
technology neutrality, so we would like to think that the Privacy Act would be
able to apply to some of these things. But in my report I am actually recommending
that there be a wider review of the definition of personal information, because
the principles are based on essentially 30-year-old notions.[267]
RFID
technology
3.144
Some submissions raised concerns about the privacy
implications of RFID technology at a broader level than its use in human
implants.[268] For example, the Office
of the Victorian Privacy Commissioner believed that:
The use of RFID raises significant privacy issues around how it
is used, when its use is justifiable, what other information is made accessible
through the use of the device, and what safeguards apply to minimise the risk
of misuse and provide redress.[269]
3.145
Similarly, the ACA described RFID devices
as 'invisible bar codes', and was concerned that:
RFID potentially brings all our possessions and purchases into
the electronic realm, and thus has the potential to radically alter concepts
and norms of ownership and personal information.[270]
3.146
The ACA did not suggest RFID-specific legislation, but
submitted that:
Many of the issues in RFID are challenges to existing and
desirable generalist legislation. Many of the backend data accumulation issues
should be covered in the Privacy Act, with appropriate treatment of what
constitutes personal information. Other RFID issues are actually about
surveillance and need attention in surveillance legislation, alongside optical
and other techniques. It is this environment that would perhaps be best placed
to deal with issues of implantable tags.[271]
3.147
It is noted that an international resolution on RFID has
been adopted by data protection and privacy commissioners. The resolution calls
for all the basic principles of privacy law to be adopted when designing,
implementing and using RFID technology.[272]
Other technologies and related issues
3.148
Submissions also raised a range of other
technologies that it was suggested should be considered by this inquiry due to
their privacy implications.[273]
3.149
For example, the AFP submitted that it was monitoring
the emergence of 'Public Source Data' (PSD) companies in the US,
although the extent of PSD activity in Australia
is uncertain. The AFP explained that PSD companies focus solely on the
collection of publicly available personal information from which detailed
comprehensive personal profiles of individuals are compiled. These profiles are
then sold to clients including credit agencies, private investigators and
auditing companies. The AFP submitted that, while individual items of
information obtained by PSDs may not breach current privacy legislation, the
capacity of PSDs to aggregate such information and link it to high powered
search engines provides a 'significant source of concern.'[274]
3.150
The ACA pointed to a number of technologies that
it argued the Privacy Act had failed to adequately address, including:
electronic messaging; video surveillance; location-based services; the
integrated public number database, and 'spyware'.[275] In relation to 'spyware', it is
noted that the Department of Communications, Information Technology and the
Arts has released a discussion paper on the issue and has been conducting
public consultation workshops around Australia.[276] Further, in March 2005, the Minister
for Communications, Information Technology and the Arts released the outcome of
a legislative review which concluded that 'spyware-related malicious activities
are covered by existing laws', including the Privacy Act.[277]
3.151
Mr Roger Clarke also pointed to:
...a long list of
additional technologies that should also be subjected to examination. Data
mining, CCTV [closed circuit television], digital signatures, toll-roads that
deny anonymous usage, pattern-recognition applied to car number-plates, caller-line
identification, gross abuses of the 'white pages' database – IPND [Integrated
Public Number Database], auto-identification of telephone callers, and location
and tracking of mobile phones, have all demanded attention from public interest
organisations. They should all be subjected to publicly funded policy research,
and then to appropriate regulation in order to rein in the privacy abuses that
they embody.[278]
3.152
The LIV suggested that other technologies to be
considered could include:
...digital cameras in
mobile phones, GPS technology, light x-rays of airline passengers and video
surveillance, and drug testing and fingerprinting of school children. Even more
items could be added as new technologies, and new ways of applying existing
technologies, are developed.[279]
3.153
The LIV also suggested that this inquiry should
examine:
...the individual systems that support these new technologies.
This is particularly relevant to the LIV's submission as a breach of privacy
may not occur at the 'front end' or 'user end' (ie where Smart Cards are being
used), but rather at the 'backend' (ie at the server where all the information
is stored). We suggest that attacks on the backend of these systems are common
and may result in a breach of privacy.[280]
3.154
Electronic health records, and the HealthConnect initiative, were also raised in
several submissions.[281] These are
considered further in chapter 5 of this report.
3.155
EFA raised concerns with other technologies, including
telecommunications technology. For example, EFA was particularly concerned
about the online surveillance of activities by internet users and other issues.[282] Indeed, EFA argued that:
...individuals have almost no privacy 'rights' in the online
environment and even the few privacy rights they allegedly have are not
protected adequately and are difficult, sometimes impossible, to have enforced.[283]
3.156
EFA explained further
The lack of rights and/or adequate protection of rights arises
from a combination of factors, including but not limited to, uncertainty
regarding the definition of 'personal information'; no requirement to obtain
consent before collecting personal information; use of bundled 'consents'
including to disclose information to unspecified 'partners'; the small business
exemption; and/or technological developments.[284]
3.157
Some of these issues, such as the bundled consent, are
discussed further in relation to the private sector provisions in the next chapter
of this report.
3.158
It is also noted that some of these other technologies
are regulated by legislation other than the Privacy Act, such as
telecommunications legislation. However, the inconsistency between the Privacy
Act and telecommunications legislation was a problem for some submitters. For
example, the APF and EFA suggested that there should be a review of the
relationship between privacy and communications law.[285] This is also discussed in the next
chapter of this report.
Navigation: Previous Page | Contents | Next Page