From today the Privacy Act applies to the private sector. There has been plenty of warning, but as is the nature of human affairs, everything is left to the last minute.
The critical obligations are: collect only what is necessary; use fair and lawful means to collect it; get consent; tell them why you are collecting and who it might be passed on to; only disclose the information for the primary purpose (with exemptions for safety, health and law enforcement); make sure the information is accurate and secure; disclose to an individual the information you have on that individual; allow correction.
Conflict over privacy laws has taken a couple of forms. At one level, business is arguing that it is all too expensive and unnecessary. Besides having information about people helps business target customers in a way that better services customers – they get the sort of information that is relevant to them and it is far too costly to have to get permission to pass information on. It is far too costly to allow people to correct information. Pitted against them are people who assert their individual rights against capitalists who want to make money.
The other conflict is a bit more esoteric. It has people concerned with liberal democracy and human rights pitted against people concerned liberal democracy and human rights.
Let’s deal with that conflict first.
The right to privacy is a fundamental human right. The NSW privacy Commissioner, Chris Puplick, says privacy is a matter of a sense of self-identity, self-worth and autonomy. Privacy is related to what it is about ourselves that we wish other people to know, or perhaps more critically, what it is about ourselves that we do not want other people to know.
“”If we are not in control of intimate information about ourselves, if we are, in terms of our personal data, naked to every prying eye, then how are we to be able to assert that we have real personal autonomy, personal space, personal control of our lives and the respect which is due to each of us as a unique individual,” he said.
It is a fairly powerful assertion of individual rights that those who adhere to liberal, democratic principles would easily side with.
But those liberal democratic ideals also stand for openness and accountability. And this can be at odds with another of Puplick’s sentiments.
Puplick says. “”We may not want [others] to know about our health status, about our financial position, about our sexuality or our beliefs, about who we hold as friends, who we associate with or what our tastes and preferences are. It is not just that we do not want anonymous others knowing this information, very often we want to keep things private from our most loved and intimate family; how typical it is of people not to want their family members informed about their health status for any number of reasons.”
This is the dark, secretive and insecure side of human nature coming to the fore. It cuts across another liberal-democratic tradition that seeks openness and accountability. This tradition holds dear freedom of expression and freedom of communication, especially about political matters. A community has to be informed before it can be truly democratic. A government has to be open and accountable before it is fully democratic. And that requires a free flow of information.
The danger for democratic societies is that “”privacy” is cited as a reason for not giving out information. Just as “”commercial-in-confidence” is used to hide a multitude of sins that only come out after the damage is done.
Without information about people malfeasance is hard to uncover. Sometimes privacy concerns must play second fiddle.
A recent High Court case illustrates the point. The ABC obtained film from trespassing animal liberationists on the gruesome stun killing of possums.
The court refused to grant and injunction to stop the film being broadcast, mainly because the land was owned by a corporation, but some judges hinted that they might invoke a private right to privacy if another case arose.
It would be damnable if in the name of privacy, paedophilia, violence, cruelty to animals or fraud were covered up.
Warren Beeby, chair of the Australasian section of the Commonwealth Press Union, is concerned that press freedom is playing second fiddle to privacy and national security.
There is an irony there because the privacy advocates are concerned that national security is being invoked to invade privacy – which indicates how delicate the balances have become.
Beeby very cogently argues that journalists should make the hurdles they meet in getting information a part of their stories.
When journalists meet brick walls, unreturned calls, unanswered questions or the invocation of privacy or commercial in confidence they should state it in their stories so the public can see who has something to hide.
The danger with the new privacy laws is not their use, but their abuse – their use as an excuse not to divulge information that is pertinent to the political debate. The Privacy Act has applied to Commonwealth and ACT bodies since 1988. Given the danger of arming government with an excuse not to hand out information, perhaps we got it around the wrong way – it should have applied to the private sector first.
Business doesn’t like the idea. It has had a rough time of it in the past couple of years with the Y2K bug, the GST and the business activity statement. They have been costly, but equally they have improved the way business does things. Computer systems and accounting procedures have been improved. That argument could also apply to privacy – forcing business to straighten out privacy practices which will help them gain their clients’ trust – thereby encouraging them to move to more efficient electronic dealings with business.
Privacy is good for business is the message being put out by the Privacy Commissioner, Malcolm Crompton and Federal Attorney-General Daryl Williams. But it is a lesser argument. Besides business prefers the usual more effective methods of advertising and prizes to encourage electronic dealings, rather than long-term trust-building.
Consumer fear seems to be not based on the potential for misuse of personal information, but around losing money through giving credit-card information over the internet, even though it is far more secure than giving it by phone or over the counter or using cheques.
Consumers need not fear about the act of transferring electronic information from themselves to a business. No; the real fear is what the receiving business might do with it once it is on their database.
This is the unanswerable test for business (and a better argument than privacy is good for business). Business may well say, if you have nothing to hide you have nothing to worry about. But the corollary to that is to say to business: if you are using information properly what have you got to fear about a law that requires you to use the information properly?
The acid test of that is inaccurate information. What if a customer is misidentified or the wrong information goes in. That individual’s rights are affected. How can they address that unless business gives access and corrections?
Properly applied, the privacy rules are fine. But if they become just another weapon to cover up malfeasance, they will do more harm than good.