![]() |
Home
| Databases
| WorldLII
| Search
| Feedback
Privacy Law and Policy Reporter |
![]() |
Chris Puplick
This paper was given at an Inter-national Symposium on Freedom of Information and Privacy, Auckland, 28 March 2002, organised by New Zealand Privacy Commissioner Bruce Slane, and is reproduced here by kind permission of the Commissioner and the author. This paper outlines in tabular form the relationship of the two NSW laws and should be read together with Kevin O’Connor’s paper which follows — Associate Editor.
New South Wales was the first State in Australia to pass a comprehensive State personal data privacy law, in the form of the Privacy and Personal Information Protection Act 1998 (PPIPA). Its core is a series of Information Protection Principles (IPPs). It applies the IPPs by law to the public sector. It created the Office of the Privacy Commissioner.
Under PPIPA, government agencies are required to have privacy management plans. If they wish, they can seek to have the application of one or more of the IPPs to their operations varied and adopt a code of practice, which must be drawn up in consultation with the Privacy Commissioner.
The interaction of the access and amendment rights given by PPIPA with those found under the Freedom of Information Act 1989 (FOI Act) are addressed by clear provisions in PPIPA indicating that the relevant IPPs do not override the FOI Act.
The FOI Act has both a privacy objective and a ‘democratic’ objective, encompassing goals of participation, open government and accountability.
The FOI Act does not claim to exclude other means of obtaining access to information. Access to personal information may best be achieved through the more informal and flexible arrangements mandated under PPIPA, but the FOI Act may continue to be the preferred way of dealing with more complex applications where, for example, there is an issue of disclosure of third party or confidential information or mixed personal and non-personal information.
PPIPA and the FOI Act have significantly different enforcement and review provisions. These and other important points of difference are noted in the following table.
Purpose
|
|
FOI Act
|
To promote ‘openness, accountability and responsibility’ in all
public areas and to confer a legal right to access personal
information and
documents and to request amendments to records of a personal nature that are
inaccurate, incomplete, misleading or
out of date.
|
PPIPA
|
To promote fairness and accuracy in the way that personal information is
collected, stored, used, accessed and disclosed and to govern
the disclosure of
personal information from ‘public registers’.
|
Applies to
|
|
FOI Act
|
Personal or non-personal information held by NSW government authorities,
government ministers, local councils and other public agencies.
|
PPIPA
|
Personal information about the individual held by NSW public sector
agencies, including local councils and prescribed bodies which
are outsourcing
data services and personal information in public registers.
|
Modified by
|
|
FOI Act
|
Not applicable.
|
PPIPA
|
Privacy codes of practice may modify, in relation to an agency or class of
agencies, the operation of both the IPPs and the public
register privacy
principles. This includes exemptions from the operation of an IPP, as well as
specifying the manner in which the
IPP will apply.
|
Information covered
|
|
FOI Act
|
Documents containing personal and non-personal information, including
audio-visual film, tapes and discs.
|
PPIPA
|
Personal information, including genetic material, electronic records, video
recordings, photographs and biometric information.
|
Exempt agencies
|
|
FOI Act
|
Exemptions include some or all of the functions of some agencies including:
Office of Auditor General; Director of Public Prosecutions;
Independent
Commission against Corruption; Public Trustee; State Bank of NSW; State
Authority Superannuation Board; State Superannuation
Investment and Management
Corporation; and the NSW Ombudsman.
|
PPIPA
|
State-owned corporations; Police Service; Independent Commission Against
Corruption; Police Integrity Commission; and the Crime Commission
(except in
relation to their administrative and educative functions).
|
Exempt information
|
|
FOI Act
|
NSW government cabinet and executive council documents (excepting those
that are factual or statistical and do not disclose deliberations
or decisions);
documents exempt under Commonwealth or other States’ FOI legislation;
documents concerning law enforcement and
public safety; documents subject to
legal professional privilege or secrecy provisions in other legislation,
affecting the personal
affairs or business affairs of another person or business
and the economy of NSW. Additionally, documents may be subject to a Ministerial
Certificate stating that a specific document is exempt and restricted.
|
PPIPA
|
Information in publicly available publications and information or an
opinion about a person’s suitability for appointment or
employment as a
public sector official. Several of the IPPs are also declared to be inapplicable
if the agency is lawfully authorised
or required not to comply with the
principle concerned, or if non-compliance is otherwise permitted (or is
necessarily implied or
reasonably contemplated) under an Act or any other
law.
|
Exempt functions
|
|
FOI Act
|
Judicial functions of courts and tribunals and the investment, complaint
handling, investigative and reporting functions of certain
agencies.
|
PPIPA
|
Some exemptions apply to the law enforcement, investigative and complaints
handling activities of certain agencies.
|
Applicant/complainant
|
|
FOI Act
|
An individual or group of individuals or a corporation or
association.
|
PPIPA
|
An individual. Third party complaints may not be allowed.
|
Application or complaints procedure
|
|
FOI Act
|
Application in writing to the agency for access to specified documents held
by the agency. The agency must advise in writing within
21 days that the
information is available, or if the request has been deferred or refused. This
period may be extended by a further
14 days if special circumstances apply, such
as the need to consult with a third party. Application fee of $30, processing
fee of
$30 an hour. Requests for an internal review to be made in writing within
28 days of being told of the agency’s decision. Review
application fee of
$40.
|
PPIPA
|
Complaints about alleged breaches of privacy or applications for access to
personal information, preferably in writing, can be made
to the agency or the
Privacy Commissioner. The agency is obliged to inform an applicant whether they
hold personal information about
the applicant and give access to it without
undue delay or expense.
|
Under Pt 5, the individual may seek an internal review of the
agency’s conduct or decisions regarding an alleged breach of the
IPPs, a
code of practice, or the public register provisions in Pt 6, or they may make a
complaint to the Privacy Commissioner under
Pt 4.
|
|
If the individual complains under Pt 5, the agency must then conduct an
internal review and notify the Privacy Commissioner, and it
may request the
Commissioner to undertake the internal review on the agency’s behalf.
|
|
If the individual makes a complaint to the Commissioner under Pt 4, the
Commissioner must attempt to resolve the complaint by conciliation,
and, on
completion of an investigation, can only make reports and recommendations.
|
|
Review
|
|
FOI Act
|
If dissatisfied with the internal review, the applicant may request that
the NSW Ombudsman investigate. The Ombudsman can make recommendations
but cannot
change or reverse a decision.
|
Alternatively, the applicant may request that the Administrative Decisions
Tribunal (ADT) review the agency’s decision. The
ADT can make a fresh
determination.
|
|
The ADT can be used either as an alternative to an external review by the
Ombudsman or after the Ombudsman has completed an external
review.
|
|
PPIPA
|
Under Pt 5, if the person is dissatisfied by the internal review, or the
action taken by the agency as a result, or if the review
is not completed within
60 days, the individual can make an application to the ADT for a review of the
conduct concerned.
|
Remedies
|
|
FOI Act
|
The ADT can recommend that it is in the public interest to give access to a
document which has been refused as exempt; the decision
of an agency be
reconsidered; action be taken to change the agency’s conduct; reasons be
given for a decision; or the law or
practice be changed.
|
PPIPA
|
Any application to the ADT may go to the findings of the agency review or
to the action proposed to be taken by the agency. The ADT
may decide not to take
any action following review. If it considers that action is warranted it may
make one or more of the following
orders: monetary compensation up to $40,000;
restraining order; specific performance order; correction order; remedial steps
order;
non-disclosure order in the case of public register complaints; and
ancillary orders.
|
Overlap
|
Agencies can refuse notification, access or correction rights under s 13 to
15 of PIPA by using an exemption available to that agency
under the FOI
Act.
|
Chris Puplick, Privacy Commissioner, New South Wales.
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/PrivLawPRpr/2002/22.html