I rise to speak to the debate on the Privacy and Data Protection Bill 2014. The opposition will not be opposing the bill, which aims to improve the management of private information held by the Victorian public sector. It follows a report by the Auditor-General tabled on 25 November 2009 entitled Maintaining the Integrity and Confidentiality of Personal Information. The Auditor-General examined the way in which the personal information of Victorians is stored, processed and communicated within the public sector.
It is essential that personal information, such as names and addresses, and highly sensitive information, such as health and criminal records, remain confidential. Only those within the public sector who need to access such information to perform their duties should be able to do so.
The privacy of Victorians is paramount, and there are serious consequences if confidentiality or integrity of information is not maintained. Identity theft is but one example of the potential consequences of the mismanagement of or a breach in the integrity of information. An individual who falls victim to identity theft can experience serious financial loss, threats, harassment and endure a long process of lost time and money to redress the wrong. Through diligent practices we must ensure that sensitive information held within the public sector is secure.
This bill in essence creates a new protective data security regime for the use and storage of data and personal information; provides remedies for interferences with the information privacy of an individual; creates a regime for monitoring and assuring public sector data; establishes the commissioner for privacy and data protection; and repeals the Information Privacy Act 2000 and the Commissioner for Law Enforcement Data Security Act 2005. The current positions of privacy commissioner and the commissioner for law enforcement data security will be rolled together to form the position of commissioner for privacy and data protection. This role will have responsibility for overseeing the new privacy regime being implemented across the Victorian public sector.
The information privacy principles currently governing the use of sensitive information within the public sector are essentially re-enacted under this bill. However, this bill provides increased flexibility in the application of privacy principles by allowing public organisations to apply for exemptions and variations.
In respect of public interest determinations, a public sector agency will be able to apply to the commissioner to vary or receive an exemption from the information privacy principles. Firstly, the commissioner must publish a notice stating that the application has been received and invite persons whose interest may be affected to make submissions. The commissioner in response to such an application may make a public interest determination if the public interest in the organisation doing the act or engaging in the practice outweighs the public interest in the organisation complying with the information privacy principles.
The commissioner may also make a temporary public interest determination in circumstances where the organisation’s application requires urgent determination. A temporary public interest determination can be made for a period not exceeding 12 months. A public interest determination or temporary determination cannot be made in relation to information privacy principles 4 or 6.
These principles relate to data security and the provision of the information of an individual to them upon their request. While a public interest determination is in force, the relevant organisation will not be regarded as interfering with information privacy, provided their actions comply with the variation or exemption to the privacy principles afforded.
On the issue of information usage agreements, organisations may also seek approval from the commissioner for information usage arrangements. These arrangements could exist between two public sector organisations or between a public sector organisation and an external organisation. The information usage arrangement will set out acts or practices for handling personal information in relation to one or more public purposes and for which information privacy principles are modified.
On the issue of safeguards, relevant safeguards are contained within the bill, including the grounds on which the commissioner may revoke determinations, review their operation and issue compliance notes. Parliament may also expressly disallow determinations. However, the most significant safeguard exists in the initial test applied by the commissioner that I referred to earlier — namely, for a determination to be made allowing an organisation to deviate from privacy principles, it must be in the public interest. This public interest must be so great that it outweighs the existing public interest in upholding privacy principles. The commissioner will also be developing a protective data security framework and standards. Within two years of the standards applying, an organisation will undertake a security risk profile assessment and develop a protective data security plan.
In conclusion, the provisions contained in this bill will allow public sector organisations to perform their duties more efficiently and in turn provide an improved service for all Victorians. Although the bill will create flexibility, it will also implement safeguards to ensure that determinations made by the commissioner will be wholly in the public interest. It will also ensure that personal information continues to be treated with the highest levels of confidentiality and integrity.
As I have said, the opposition will not be opposing this bill. However, we urge the government to ensure that the new information framework is implemented efficiently, and that the process is completed with transparency. There are also elements of the bill that remain unclear, such as the procedure for Parliament disallowing commissioner determinations. The Labor opposition supports the framework that improves security for sensitive information held on behalf of Victorians within the public sector.
We support this framework, and we want to see the Napthine government implementing it correctly.