“Australia has a Federal system of government. There are two layers of government, Federal and State; both have legislation that protects information. Each of the six states and two territories has their own legislation. For the purpose of this assessment the state of Victoria will be used as a case study.
The Commonwealth Government has passed legislation in the form of the Privacy Act (1988), which is designed to protect the personal information of individuals. The act addresses the collection, use, storage and disclosure of an individual’s personal information. In addition, the act provides for an individual to access information about them and have it corrected if required. The Privacy Act (1988) has established thirteen privacy principles to guide implementation of the Act. More information can be found at (http://www.oaic.gov.au/images/documents/privacy/privacy-resources/privacy-fact-sheets/privacy-fact-sheet-17-australian-privacy-principles_2.pdf).
Implementation of the Privacy Act and possible breaches of the Act are addressed by the Office of the Australian Information Commissioner. The Privacy Act applies to all Commonwealth Agencies, some companies and other bodies.
At state level, Victoria has the Information Privacy Act 2001 (IPA). The IPA has established 10 Information Privacy Principles and applies to Victorian Government Agencies, statutory bodies and local government.
From the above, the most significant deficiency in the legislation is that it predominantly applies to government bodies. Not all private sector organisations or not for profits are covered by the legislation. However, there is a raft of legislation that applies to other activities that may address privacy and data protection. As an example, hacking and cyber breaches are usually covered by the relevant jurisdiction’s criminal laws.
As a government employee who has worked at both state and federal level I have at some time needed to apply the above legislation to my work and the information I have been collecting, using and storing. One of the issues in addressing data and information collected, is the purpose for which it has been collected. Data is not supposed to be used for reasons other than the stated purpose at the time of collection. If an additional purpose arises, the supplier of information should be asked if the information may be used for an alternative purpose.
As an example, if people supply information to register and attend a Government run course, then that information cannot be used for other reasons, without the express permission of the person who has supplied the information. Thus if the course convener wanted to make a class contact list so that participants could contact each other, then each participant would have to agree to this usage of the information they supplied.
Collectors of data must carefully consider what they wish to collect and its utilisation. Many standard forms now provide an option for people providing information to allow or deny the ways in which that information may be used. Alternatively, agencies may choose to seek further permission to use data for a purpose other than the original reason of collection. The latter approach is often used to avoid complaints of confusion as to which purpose the supplier of information was agreeing.
The public must have faith in the manner in which government collects, uses and stores their data. Without such faith the population is unlikely to be honest and open in the data it provides to government”. Andrew Blades- Victoria, Australia