	Home \| Databases \| WorldLII \| Search \| Feedback Australian Law Reform Commission - Reform Journal

Home | Databases | WorldLII | Search | Feedback

Australian Law Reform Commission - Reform Journal

You are here: AustLII >> Databases >> Australian Law Reform Commission - Reform Journal >> 1995 >> [1995] ALRCRefJl 10

Stewart, Blair --- "The New Zealand Privacy Act" [1995] ALRCRefJl 10; (1995) 67 Australian Law Reform Commission Reform Journal 51

THE NEW ZEALAND PRIVACY ACT

Australia's Neighbour Leads the Way in Privacy Protection

The New Zealand Privacy Act 1993 has been described as one of the most comprehensive and potentially most effective privacy laws in the world.

Blair Stewart highlights some aspects of the Act and explains its significance as a piece of law reform.

Blair Stewart is the Manager, Codes and Legislation, in the Office of the Privacy Commissioner, New Zealand. Blair is also on the Editorial Panel of Privacy Law & Policy Reporter' and is a Consulting Editor to Human Rights Law and Practice'.

Contact details:

Privacy Commissioner
PO Box 466
Auckland 1
New Zealand

Telephone + 64 9 302 2160
Facsimile + 64 9 302 2305

The Act followed a classic law reform process, unusual for a piece of New Zealand legislation. With all due respect to the country's law reform agencies, it is probably fair to say that most NZ legislation is updated merely by amending or consolidating earlier law or reacting to specific events or problems. In contrast, this Act was the product of reports, consideration of overseas experience and has a foundation based on internationally agreed principles.

The key law reform processes involved in the drafting of the Privacy Act were:

a detailed review of privacy laws conducted by the Human Rights Commission
a data privacy options paper prepared by Tim McBride of the University of Auckland on contract to the Minister of Justice
the introduction of a Private Members Bill to spur matters along
the referring of a Government Bill to a Select Committee which received submissions (the normal procedure in New Zealand) and considered them for more than 18 months. During this period, by reason of a separate enactment establishing his office, the Privacy Commissioner had a role in helping to shape the legislation.

International principles

The Act follows closely the (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (issued in 1980). These are the same guidelines that shaped the Australian Privacy Act. (1988) (Cth). The assistance of the Commonwealth Privacy Commissioner's Office in commenting on the Bill while it was still in Select Committee helped develop some aspects of the final Act. It is unusual for NZ legislation to be influenced by international norms and agreements to this extent.

Radical features of the Act

Probably the most radical feature of the NZ Privacy Act is that the same privacy principles apply to both public and private sectors. This approach is consistent with the thrust of much modern NZ legislation which seeks to place public institutions on the same basis as their private sector equivalents, for example the Telecommunications Act 1989 and the Broadcasting Act 1989.

Several other features are worth commenting on as significant law reform experiments'.

The Act uses enforceable codes of practice. The principles in the Act cover the entire public and private sectors. They are drafted in general language with a number of exceptions to cover most anticipated difficulties. Codes of practice, however, enable greater flexibility for particular circumstances, both to overcome difficulties of compliance and to impose higher standards of privacy. One of the innovative features is to make such codes enforceable rather than merely statements of industry self-regulation.

Information on public registers is a significant privacy issue in every jurisdiction, for instance, recent problems with the motor vehicle register in New South Wales. It is not possible to treat information on public registers with the same respect for privacy that other personal information gathered by Government departments might enjoy. The very basis of a public register is that people, other than the individual concerned, may need to search the register and obtain the information.

The NZ Act has established four public register privacy principles which are not found in any international standard or other equivalent privacy legislation [see box below]. It may be that those principles, taken together with the ability to issue codes of practice for particular registers, will provide a model for regulation in other jurisdictions.

Public register privacy principles
1. Search references
Personal information shall be made available from a public register only by search references that are consistent with the manner in which the register is indexed or organised.
2. Use of information from public registers
Personal information obtained from a public register shall not be re-sorted, or combined with personal information obtained from any other public register for the purpose of making available for valuable consideration personal information assembled in a form in which that personal information could not be obtained directly from the register.
3. Electronic transmission of personal information from register
Personal information in a public register shall not be made available by means of electronic transmission, unless the purpose of the transmission is to make the information available to a member of the public who wishes to search the register.
4. Charging for access to a public register
Personal information shall be made available from a public register for no charge or for no more than a reasonable charge.

Data-matching

Matching information between different government databanks is a growing phenomenon that has raised concerns in a number of jurisdictions. The NZ data-matching guidelines and rules owe much to the Australian approach.

The NZ Act establishes a set of statutory information-matching guidelines' and information-matching rules'. The guidelines indicate to departments seeking data-matching powers the criteria which Parliament thinks are important in balancing the competing public interests. The Privacy Commissioner is expressly authorised to examine any new proposed data-matching provisions with regard to the guidelines. The guidelines are an explicit acknowledgment that data-matching is an intrusion into privacy and therefore requires each data-matching program to be justified in terms of objectives of significant public importance and an objective cost-benefit analysis.

The information matching rules are more technical in nature than the guidelines. The rules provide detailed and practical safeguards in relation to notices to individuals affected, the use of unique identifiers, on-line transfers, technical standards, the destruction of information after a matching program has been completed and a number of other matters.

The NZ approach owes much to the Data Matching Program (Assistance and Tax) Act 1990 (Cth) and also to the Commonwealth Privacy Commissioner's Data-Matching in Commonwealth Administration Guidelines' issued under the Privacy Act 1988 (Cth).

Privacy Commissioner as a law reform agency

While not a law reform agency in the strict sense, the Privacy Commissioner has a number of specific statutory powers that clearly fall within the area of law reform. These include powers to:

review the operation of the Act after 3 years
review the public register privacy principles from time to time with particular regard to certain Council of Europe recommendations
examine proposed legislation concerning the collection or disclosure of personal information or information matching programs
receive and invite representations from the public on any matter affecting the privacy of the individual
make suggestions in relation to any matter that concerns the need for, or the desirability of, action by a person in the interests of the privacy of the individual
examine any proposed legislation or Government policy which may affect the privacy of individuals and to report to the responsible Minister
report with or without request to the Prime Minister from time to time on any matter affecting the privacy of the individual.

In addition, there are significant law reform processes at work in the context of the codes of practice. The process of consultation, both prior to the issue of a code and on its review, is an example of privacy law reform, as is the ongoing evaluation of the need for codes of practice in particular areas, identifying shortcomings in the law or practice and proposing legal solutions.

Conclusion

In my view, the Privacy Act is a very clear example of a major reform of the law, providing interesting material on the processes of law reform at work. The Privacy Commissioner is, and will continue to be, an important element in the law reform process in New Zealand.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/ALRCRefJl/1995/10.html