Add to collection(s) Add to saved
  1. Social Science
  2. Political Science

Meeting 3, 9 November 2012 - Office of the Australian Information

advertisement 
Privacy Advisory Committee minutes
9 November 2012
Meeting 3, 9 November 2012
Office of the Australian Information Commissioner
Level 3, 175 Pitt St Sydney, NSW 2000
Participants
Chair
Prof John McMillan, Australian Information Commissioner
Members present
Leon Carter, National Secretary, Financial Sector Union
Prof Michael Kidd, Executive Dean, Faculty of Health Sciences, Flinders University
Christine O’Keefe, Science Leader for Privacy and Confidentiality in CSIRO Mathematics,
Informatics and Statistics
Assoc Prof Moira Paterson, Associate Dean (Undergraduate), Faculty of Law, Monash
University
Barbara Robertson, Chief Privacy Officer & Head of Governance, National Australia Bank
Limited
Richard Glenn, Assistant Secretary, Business and Information Law Branch
Apologies
There were no apologies.
Observers
Timothy Pilgrim, Privacy Commissioner
Angelene Falk, Acting Assistant Commissioner, Compliance
Toni Pirani, Assistant Commissioner
Jonathan Dobinson, Director, Corporate and Public Affairs
Leila Daniels, Deputy Director, Corporate and Public Affairs
1
Linda King, Deputy Director, Policy
Este Darin-Cooper, Deputy Director, Policy
Tim de Sousa, Deputy Director, Policy
Nina Yiannopoulos, Policy Adviser
Brenton Attard, Corporate and Public Affairs Officer
Agenda item 1 — Welcome, attendance and apologies
John McMillan welcomed Committee members. There were no apologies.
John McMillan congratulated Richard Glenn on his recent appointment to the Privacy
Advisory Committee (the Committee) and noted that Barbara Robertson and Michael Kidd
had been re-appointed for a further three years.
John McMillan noted that since the last meeting Mark Hummerston (Assistant
Commissioner Compliance) had retired and Rachel Spalding (Assistant Commissioner Policy)
had resigned.
Agenda item 2 — Minutes from previous meeting
The minutes of the joint Information Advisory Committee (IAC) and Privacy Advisory
Committee meeting of 3 May 2012 were adopted.
John McMillan provided an update on the actions items from the last meeting.
Agenda item 3 — OAIC matters
John McMillan advised that the OAIC was reviewing the OAIC’s organisational structure due
to resource pressures. The Committee will be kept informed as the re-structure progresses.
John McMillan provided an overview of the OAIC’s operational statistics for 2012, noting
that the increase in workload was putting pressure on the OAIC’s limited resources.
Agenda item 4 — Current privacy issues and projects
Progress of privacy law reform
Richard Glenn provided the Committee with an update on the progress of privacy law
reform, noting that the Privacy Amendment (Enhancing Privacy Protections) Bill 2012 (the
Bill) was due to be reintroduced into the Senate following Committee consideration.
Meeting attendees discussed the deferred commencement of the legislation of nine months
after it receives Royal Assent.
OAIC privacy reform implementation strategy
Angelene Falk provided an update on the OAIC’s privacy law reform implementation
strategy. The OAIC will be producing detailed guidance to support the implementation in
2
2013. This guidance will include: guidelines on the Australian Privacy Principles, Code
development guidelines, an updated Privacy Impact Assessment guide, and other related
documents.
Mandatory data breach notification
Richard Glenn updated the Committee on the Government’s discussion paper: Australian
Privacy Breach Notification. The OAIC will be making a submission.
The Committee discussed the OAIC’s role in providing guidance on mandatory data breach
notifications.
eHealth
Toni Pirani noted that the OAIC has entered a memorandum of Understanding (MOU) with
the Department of Health and Ageing (DOHA) to act as the privacy regulator of the
personally controlled electronic health record system (the eHealth system).
Toni Pirani noted the OAIC’s activities in relation to the eHealth system, including public
consultations on two documents relating to the OAIC’s role as privacy regulator of the
eHealth system: eHealth record system — OAIC Enforcement Guidelines and eHealth record
system — Guide to mandatory data breach notification under the personally controlled
electronic health record system.
Other eHealth activities include two submissions regarding eHealth legislation, and the
publication of a number of eHealth fact sheets and a dedicated eHealth page on the OAIC
website.
Angelene Falk advised that the OAIC’s Compliance Branch is reviewing the OAIC’s internal
processes in relation to eHealth, including how the OAIC will exercise powers under the
eHealth legislation.
Timothy Pilgrim advised the OAIC had not yet received any complaints about the eHealth
system, and noted that the OAIC has reviewed the system’s security measures implemented
by DOHA and is satisfied with them.
Action item: OAIC to provide the Committee with an update at future meetings on eHealth
complaints.
Action officer: OAIC
Update on the Public Sector Information report
John McMillan advised that the OAIC had completed a survey of Australian Government
agencies that are subject to the Freedom of Information Act 1982 (the FOI Act) and the
Information Publication Scheme (IPS). A report on Australian Government agency
compliance with IPS obligations was completed in August 2012 and is available on the OAIC
website.
The same survey also sought to measure agencies’ implementation of the Principles on open
public sector information. A report on this aspect of the survey is being finalised. The
3
Committee discussed a number of issues related to the implementation of the Principles on
open public sector information, including the adoption of creative commons licenses.
Recent OAIC submission, publications and consultations
John McMillan provided the Committee with an update on recent OAIC publications and
submissions.
Community Attitudes to Privacy survey
Jonathan Dobinson provided the Committee with an overview of the OAIC’s plans to run the
Community Attitudes to Privacy Survey in 2013. The last survey was conducted in 2007.
The Committee discussed potential questions and the need to maintain the longitudinal
value of the survey. The draft 2013 survey will be forwarded to members for their feedback.
Barbara Robertson asked if the longitudinal questions could be separately identified so
members can understand the foundation issues which the OAIC is tracking.
Action item: OAIC to provide draft Community Attitudes to Privacy survey questionnaire to
the Committee with longitudinal questions identified.
Action officer: OAIC
Education and Awareness
30th Anniversary of the FOI Act event
John McMillan noted an upcoming event to celebrate the 30th Anniversary of the FOI Act.
The anniversary will be celebrated at the National Portrait Gallery on 27 November 2012.
The Committee were invited to attend.
Information Contact Officer Network update
John McMillan advised the Committee that the next Information Contact Officer Network
(ICON) meeting would be held on 7 December 2012 in Sydney.
Information Policy Conference 2013
John McMillan provided the Committee with an update on plans for an Information Policy
Conference in 2013. He noted that the last conference held in November 2011was a great
success.
The OAIC is developing topics and themes for the 2013 conference. The Committee was
invited to make suggestions.
Privacy Awareness Week 2013
Jonathan Dobinson provided the Committee with a progress update on the OAIC’s plans for
Privacy Awareness Week (PAW) 2013. He noted that PAW 2013 will primarily focus on
communicating messages about privacy law reform to businesses, agencies and individuals.
Other messages about how to ensure the security of personal information, mobile apps and
4
social networking may also form part of the campaign. The Committee was also advised of
the OAIC’s limited budget for PAW 2013 activities.
Website development update
Jonathan Dobinson gave the Committee an update on the OAIC’s website redevelopment
project currently underway. The new website is scheduled for completion in the first
quarter of 2013. The website has been designed to meet the Web Content Accessibility
Guideline (WCAG) 2.0 requirements.
The Committee was also advised of current work to create a dedicated website for the Asia
Pacific Privacy Authorities (APPA) forum. The OAIC is the Secretariat for the APPA forum.
International privacy engagement
Timothy Pilgrim provided the Committee with an update on the OAIC’s participation in
international privacy activities, including OAIC correspondence to:

the Article 29 Working Party on behalf of nine APPA members in support of the
Working Party’s correspondence to Google regarding changes to their privacy policy

Microsoft regarding changes to its Service Agreement in August 2012

Facebook regarding changes to its Data Use Policy announced in May 2012.
Timothy Pilgrim noted that he will attend the 38th APPA Forum hosted by the Federal Trade
Commission (FTC), United States. The forum will be held from 3–4 December in San
Francisco. The OAIC has a significant secretariat role within this strategic forum and the
agenda will cover global developments across privacy collections, surveillance and
enforcement practices.
Audit program
Angelene Falk provided the Committee with an overview of the audit program for 2012–13.
Given resource pressures, MOU-funded audits are the OAIC’s priority for 2012–13.
Issues in the media
Jonathan Dobinson updated the Committee on the OAIC’s recent media engagement noting
that there had been 101 media enquiries in the first quarter of 2012–13, a substantial
increase on the 64 enquiries received in the first quarter of 2011–12. The Committee was
provided with an update on the OAIC’s social media activities.
Agenda item 5 — Issues raised by Committee members
Michael Kidd raised privacy issues related to genetic testing. He noted a report of recent
NSW legislation that requires doctors to inform their patients if a blood-related family
member has a medical condition which they are at significant risk of inheriting. Michael Kidd
commented that under the Privacy Act, the National Privacy Principles allow for the
disclosure of medical information in certain circumstances. He recommended that a
discussion be held in future meetings to consider this issue. The Committee agreed.
5
Action item: OAIC to include an item on privacy issues related to genetic testing on the next
Committee meeting agenda.
Action officer: OAIC
Agenda item 6 — Other business
Meeting dates for 2013 were discussed with the Committee. A joint meeting with the OAIC’s
Information Advisory Committee was also discussed and the Committee agreed to hold this
meeting around the time of the Information Policy Conference in November 2013.
Agenda item 7 — Close
The meeting closed at 2:50pm.
6
Related documents
UCLA OAIC Overview - Claude D Pepper Older Americans
UCLA OAIC Overview - Claude D Pepper Older Americans
Principles on open public sector information
Principles on open public sector information
Telstra`s response to the OAIC`s Privacy Regulatory Action Policy
Telstra`s response to the OAIC`s Privacy Regulatory Action Policy
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
New Patient Information Form
New Patient Information Form
Acknowledgement of Privacy Practices
Acknowledgement of Privacy Practices
Draft Guide to Responsible Data Analytics
Draft Guide to Responsible Data Analytics
Download
advertisement