Search This Blog

Friday, March 31, 2006

Telephone and email tapping powers extended

Federal Parliament has passed amendments to the Telecommunications (Interception) Act which gives new powers to police and intelligence agencies to tap the phones of those who come in contact with terrorism suspects. The legislation passed despite the reservations of the Senate Legal and Constitutional Committee which said that the safeguards against abuse were far too vague and inadequate. The Attorney General said that the Committee's changes would be considered at a later time but it was urgent that the new powers be approved because all phone interception powers were about to expire.

Controversial planning laws passed

The Government’s changes to planning laws giving the Minister for Planning greater powers went through the Legislative Council on 28 March but not before the vital votes of 2 members of the cross-benches were gained when the Minister for Planning accepted amendments proposed by Fred Nile to ensure greater transparency. The amendments included a requirement that the Minister make publicly available reasons for the level and nature of development contributions levied by him, and for the appointment of a planning panel, and a review of the new powers given to the Minister after 3 years. A raft of amendments proposed by other members were defeated.

The Local Government community is still very unhappy with the result.

NZ privacy damages case touches off national debate

The ABC Radio National Law Report this week focused on criminals and privacy. The program includes a discussion of a recent NZ case in which a paedophile was awarded $25,000 in a civil suit alleging breach of privacy by the Police Service. The case and the commentary in the program demonstrate the clash of principles - a police officer’s judgment about an obligation to warn, and another individual’s right to privacy. The judge decided against the Police on the grounds that distribution of a leaflet with photograph to those in the area where he lived was not in the public interest. The Police apparently took matters into their own hands as a result of a refusal by Parole authorities to discuss the matter with them.

The case and the court decision has been a hot topic in NZ. Australian courts to date (with one exception) have not recognised an actionable right to damages on privacy grounds.


The Dean of Law at Deakin University proposes a simple solution – everyone’s criminal history should be a matter of public record. The Dean, Mirko Bagaric, has plenty of controversial views on a range of topics perhaps the best known being his views about the case for legalised torture.

The program also includes a discussion of the practice of a Sydney suburban pharmacy which photographs “shoplifters” and displays the photographs with captions in the front window. They claim not to have received complaints on privacy grounds.

Opt out model for e-health card pilot survives parliamentary challenge

The Government's Regulation to permit a departure from privacy principles for the electronic health record pilot projects survived a motion to disallow it in the NSW Legislative Council. The debate on the motion (in 2 parts see here and here) included strong criticism of elements of the project although most speakers acknowledge the potential benefits of a linked electronic health records system. Some speakers, themselves medical practitioners, provided thoughtful comments about the merits and dangers of the proposed system.

Community groups continue to voice concerns about the system.

Tuesday, March 28, 2006

ADT Appeal Panel decision upholds legal professional privilege

The Appeal Panel in Saggers v Attorney General’s Department (2006) NSWADTAP 11 has dismissed an appeal by the FOI applicant against a finding that documents were exempt under the legal professional privilege exemption. This is another case involving a request for documents concerning the sale of the Sydney Markets. The decision turns on the particular circumstances of the case and involves few findings of general significance.

National ID card on backburner?

Today's Australian Financial Review reports that 2 months after announcing an inquiry into a national identity card, the Attorney General has not settled on terms of reference, and is now of the view that there is no need to hurry.

Petitions and privacy

A Stay in Touch article (Fields of Clover) in Monday’s Sydney Morning Herald was about an allegation of breach of privacy in connection with information contained in a petition.

We’ll leave it to the City of Sydney Council and the Member for Bligh to sort this one out but it prompts the following thoughts about privacy and petitions generally.

Petitions are a call for action by the people’s representatives. They express a view about a particular matter and call on the Parliament (or local council) to take action.

Those that sign a petition (the requirement usually is for name, address and signature) can have no complaint that the petition is tabled in the Parliament or council. Documents tabled in Parliament or in a council meeting are available for inspection by any member or the public. Some councils include petitions in business papers or minutes and now publish these documents on the web. NSW Parliamentary procedures state that a petition after tabling will be referred to the appropriate minister for consideration.

The Victorian Privacy Commissioner (VPrivCmr[2004]2) found that inclusion of a petition on the web of a local council did not breach that State's privacy laws.

There may be a question about the extent to which local councils and others who receive petitions make members of the public aware of their information handling practices.

Petitions once tabled are "publicly available publications" - in NSW this takes them outside the scope of privacy laws. Information in a petition can, in any event, be used or disclosed consistent with a petition’s original purpose – to promote the democratic processes of government. Privacy laws permit use for other purposes in certain circumstances such as use for a directly related purpose. Follow up by the minister or the minister’s department providing information regarding the matter raised in a petition would clearly be covered by such a provision.

Local councils in NSW are permitted by a Code of Practice approved by the Attorney General to use information held for a purpose related to a lawful function where it is reasonably necessary to do so.

The Queensland Parliament accepts e-petitions and has an information brochure that provides that only the name and address of the petition organiser will be published on the web, although names and addresses of all signatories are included in the original presented to the Parliament and this documents is available for public inspection.

Some other related but quirky provisions of the (NSW) privacy laws at least – Parliament is not an agency covered by the laws which also do not apply to members of Parliament; ministers apparently are not part of an agency for the purposes of the Act although ministerial staff, technically employed by the Premier’s Department are public sector officials subject to the legislation. On the other hand councillors form part of the governing body of a local council and the council is responsible for any breach of privacy principles by the councillor in the course of carrying out council functions.

All makes sense doesn’t it?

Monday, March 27, 2006

NSW Government accused of "sneaky" change to privacy law

The NSW Government’s pilot project for the introduction of electronic health records, commenced in the Hunter region on 23 March. A previous blog highlighted the privacy concern that the project appeared to be contrary to Clause 15 of the NSW Health Records and Information Privacy Act which requires express consent to inclusion of records in a linked electronic system.

It appears the Government solved the problem by making a regulation under the Act to exempt the pilot scheme from this compliance obligation. The Australian’s IT page provides the details – it says that the decision to reverse the requirement for consent “has sent a chilling ripple through consumer and privacy groups involved in Healthelink consultations”.

Groups including the Council of Social Service NSW and the Australian Privacy Foundation have been strongly critical of the way in which the change was “quietly” gazetted on 10 March.

While the Minister for Health issued a media statement (Trial of Electronic Health Records) on 23 March , it made no mention of the regulation.

We couldn’t find any mention of it on the Department of Health website or that of Privacy NSW. So much for openness and transparency.

However the Health Records and Information Privacy Regulation 2006 is there for all to see in the consolidated set of NSW Regulations - just the place most people would look!

National Smart Card on the way

Reports today in The Australian and The Age indicate that the Federal Cabinet this week will consider a proposal for a new “smart card” with photo ID and a computer chip to replace the Medicare card and 19 other cards used in dealings with Centrelink. The Age report gives more detail.

This obvious intentional leak of what is in a submission yet to be considered by Cabinet stands in contrast to arguments relied on in many cases to refuse access to documents because of the sanctity of the Cabinet process. These arguments don’t get in the way of government trying to get on the front foot in presenting the case for its plans.

Both reports state that privacy and the prevention of identity fraud are key justifications for the project.

This card will take years to roll out and is said to be separate from the National ID card which is still under consideration, although the Wilcox cartoon in The Age report may reflect the response of most.

FOI in the news

Media reports over the last week based on FOI applications include a Canberra Times report on 21 March that 2 Canberra fire stations have received infringement notices for having fire hazards; The Daily Telegraph report on 22 March about increased numbers of weapons finding their way into schools; the Sydney Morning Herald report about an unsuccessful attempt to obtain RailCorp documents concerning the safety of two buildings above railway track; and The Australian report on 27 March about the number of adverse reaction reports received by the Therapeutic Goods Administration, particularly children and Ritalin.

The Sydney Morning Herald report and another in The Age on 20 March “A public service response Sir Humphrey would be proud of” both get good mileage out of the responses given by the FOI officer to their requests.

The Australian reports that its High Court challenge to the conclusive certificate issued by Treasurer Costello concerning documents about bracket creep and the first home buyers scheme, will be heard on 18 May.

Friday, March 24, 2006

ADT decision on legal professional privilege

In another McGuirk, v University of NSW decision (2006) NSWADT 84 the Tribunal has upheld the University’s determination to refuse access on the grounds of the legal professional privilege exemption (Clause 10 Schedule 1) to a memorandum of advice from the in house solicitor to the Vice Chancellor.

The Tribunal, states [paragraph 24] that the test of legal professional privilege for the purposes of the FOI Act are the common law principles rather than the client legal privilege test contained in the NSW Evidence Act. There are other cases where a different view has been taken but nothing of major significance seems to flow from this.

The decision [paragraph 25] includes the list of categories of circumstances in which legal professional privilege can arise – a list that has been used on a number of occasions in recent decisions. The Tribunal also considered a number of other matters relevant to a claim of privilege: whether the University’s Legal Office had the necessary degree of independence to satisfy the test, whether the communication lost its privileged status because it was part of a criminal or unlawful proceeding or was made for an illegal purpose; and whether privilege had been waived. It was satisfied that none of these factors in this case affected the privilege claim.

An application by the University for costs was rejected on the grounds that there were no “special circumstances” even though the Tribunal acknowledged that the application was misguided and somewhat out of the ordinary.

Useful guidance from NSW Ombudsman

The NSW Ombudsman’s website has a useful list of fact sheets. A number are particularly relevant to agencies regarding the management of information access and FOI issues. See in particular Fact Sheet 12 on Legal Advice including the Ombudsman’s views about releasing legal advice to the public; Fact Sheet 16 on the Public Interest which addresses issues relevant to weighing factors for and against disclosure; and Fact Sheet 20 on Transparency and Accountability. Fact Sheet 26 provides a guide to issues addressed in the complete series.

Thursday, March 23, 2006

NSW Ombudsman confirms no local council charges for access under LGA

The NSW Ombudsman’s Office on 21 March sent an email to local council general managers drawing attention to a new information sheet on issues associated with access to documents under Section 12 of the Local Government Act. The information sheet reports the findings of a recent investigation and concludes that there is no legal basis for a council to charge for access except a reasonable copying charge (which should be in the range of 25-60 cents a page.

The Ombudsman says that recommendations have been made to the Minister for Local Government to amend Section 12 to authorise charging of a reasonable retrieval fee for documents held in storage, but until (and unless) the Act is amended, there is no legal basis for such charges. The Ombudsman’s views are consistent with the Department of Local Government Circular 02/54 “Charging a Retrieval Charge for providing public access to council documents”.

Many councils have reviewed or are reviewing information access policies. A working group established by the Local Government Governance Network is also close to completing a model statement of policy and procedures for consideration.

In our view it is open to a council to indicate that some documents will not generally be available under Section 12, on the basis that disclosure of documents containing certain specified information will usually, on balance be contrary to the public interest. A council could also adopt a policy position that some broad non specific requests for documents will not be dealt with on the basis that the work involved in dealing with such an application (at no charge other than reasonable copying charges) would substantially divert resources. As a result dealing with the request, and provision of access to the documents sought would be contrary to the public interest in advantaging one applicant at the expense of all ratepayers and because it would reduce the time available to deal with other requests.

Any application, of course, would need to be dealt with on its merits.

A council might also legitimately charge for any service offered to all members of the public to undertake research and provide a report on a particular matter where such a service clearly goes beyond providing council documents for inspection.

Wednesday, March 22, 2006

Local Government Training on Information Access and Privacy Protection

We still have a few places available for our Introductory Workshops for local government for next week - 29 March on Information Access including Section 12 of the Local Government Act and FOI issues; 30 March on compliance with the NSW privacy legislation. See details here.

Tuesday, March 21, 2006

Transparency in the NSW land use planning process

The NSW Government and the local government sector are engaged in a battle over government proposed changes which will significantly increase its power to intervene in the planning decisions of local councils, as illustrated in this article in yesterday’s Sydney Morning Herald.

When the State Government exercises planning powers, just how transparent is the process?

We noticed recently a newspaper advertisement concerning the exhibition of an environmental assessment of a proposal under consideration by the Minister for Planning for the Australian Museum in College Street Sydney. The proposal has been called in by the Minster because it involves capital investment of more than $5 million, bringing it within powers granted to the Minister in changes to the Environmental Planning and Assessment Act last year.

The advertisement invited submissions and included a note: “Under Section 75H of the Act the Director General is required to send copies of submissions or a report of the issues raised in those submissions to the proponent, and to any other authority the Director General considers appropriate, but the names and addresses would be withheld. If you do not want your submission to be made public, please state this in your submission”.

Given the fact that local councils have been urged to treat submissions on development applications they consider as documents available for public inspection, we were intrigued to find on inquiry that the Department of Planning does not make submissions on a major development available for public inspection as a matter of routine. The Department says it does not identify those (other than government agencies) who make submissions “on privacy grounds”. Remarkably this extends to submissions by corporations or interest groups.

Apparently if you make an FOI application for the documents it will be dealt with in accordance with the Act’s provisions.

When dealing with major proposals of the kind currently within the powers of the Minister or to come within those powers as a result of changes now before Parliament, there is a strong case, in the interests of transparency, for submissions to be available for public inspection.

There is no privacy problem if people are informed about the use and disclosure of personal information at the time a proposal is advertised, although there is a need to provide for special circumstances where a person's identity should not be publicly disclosed. Views about a proposal are not personal information in any event.

There is nothing in the Environmental Planning and Assessment Act that requires submissions to be made publicly available. It seems in Planning, they stick strictly to the law but they might want to check with others such as the NSW Ombudsman (see the Ombudsman's views about public access to submissions made to a council - paragraph 7.1.10 and following in his FOI Policies and Guidelines) and the ICAC who advocate transparency in the process.

ADT FOI decision: advance deposit

Another decision by the ADT in a long line of applications brought by the same FOI applicant, (McGuirk v University of NSW (2006) NSWADT 81) the Tribunal upheld the agency’s decision to ask for an advance deposit, and decided that the amount requested was reasonable.

The Tribunal noted that the Premier’s Department FOI Procedure Manual 2.14.6 states as a matter of “policy” advance deposits will be used only with large scale requests involving significant charges. It decided that despite the fact that the introduction to the manual states that “policy” is to be observed by agencies, the provision could only be a guideline as Section 21 of the FOI Act confers a discretion - an agency may request an advance deposit. This meant that it was open to an agency to ask for a reasonable amount by way of advance deposit where in the circumstances it felt this was appropriate. It did not need to demonstrate that the application was a "large scale" request.

The Tribunal also considered whether the University decision to refuse a rebate of fees was justified. It upheld the refusal to grant a rebate which had been sought on public interest grounds. The Tribunal said that in order to demonstrate that the public interest justifies the reduction in charges "there must be a public interest in the release of the particular documents that are the subject of the application". It was not sufficient to claim that a "general public interest in the University's conduct being made known to the people of the state of NSW".

Monday, March 20, 2006

Canadian privacy watchdog exposed

The former Canadian Federal Privacy Commissioner has been charged with fraud and breach of trust. Criminal charges have been laid after an extensive police investigation.

Thanks to David Fraser’s Canadian privacy blog for the lead.

Not so bright idea at Brighton

Of all the intrusions into privacy that we are hearing about these days, this probably isn’t the most significant. However its worth a mention that the New Brighton Hotel in Manly has made it compulsory for patrons to have their driving licenses scanned before entry. This has prompted the Minister for Gaming and Racing to write to the Federal Privacy Commissioner suggesting that the practice could be a breach of privacy.

New SMH FOI editor out of pocket

The Sydney Morning Herald has appointed one of its most experienced journalists, Mathew Moore, FOI editor.

In his first piece in the position Moore comments about the high cost of FOI, citing Herald experiences in dealing with some Federal departments. It’s a sad reminder that access to documents about policy and related matters, comes, if at all, at a high price. Some of the arguments used to refuse the Herald a rebate of fees are inventive and don’t accord any weight to the public interest in knowing what the Government knows about matters of significance to the community.

FOI in the news

FOI based stories in the media over the last week included reports in the Sydney Morning Herald, “Sartor quits his fight to hide tobacco”, “ Sartor ignored warning about smoking ads”and reports that 124 Child care centres are below basic hygiene, safety and staffing standards; in the Daily Telegraph that cane toads have been among the beneficiaries of bridges and tunnels built to protect native species in the Pacific Highway upgrade; in the Australian and Hobart Mercury that a briefing note warned the Health Minister that overseas trained doctors at the Royal Hobart Hospital were not competent in basic hospital procedures.

Friday, March 17, 2006

FOI: C minus - can do better

The Federal Ombudsman has released a report "Scrutinising government: Administration of the Freedom of Information Act in Australian Government Agencies". The report is another in a long line of reports that identify fundamental problems in the way FOI works.

The Federal Ombudsman Professor John McMillan said that there is an uneven culture of support for FOI among Australian Government agencies. There is still cultural resistance to open government and good FOI administration appears to be of dwindling importance, in some agencies at least.

Part 7 of the report identifies the following deficiencies following the survey of practices in 22 agencies:

  • excessive delay in processing some FOI requests;
  • failure to comply with the publishing requirements of the Act in some cases;
  • lack of consistency in acknowledging requests in a timely fashion;
  • delay in notifying charges and inconsistencies in their application;
  • variable quality in the standard of decision letters, particularly regarding the explanation of exemptions imposed.
The Ombudsman says that given the growing emphasis on the need for consistency across government in service delivery, the same arguments can be applied to FOI administration.

"It is unacceptable that members of the public can encounter quite different standards in FOI administration, depending on the agency they approach...FOI should be afforded the same high priority and strict compliance that is given to other pieces of defining legislation, such as that dealing with financial management."

The Report refers to the problem of the interaction between FOI and privacy obligations, points out that privacy issues are subject to oversight and enforcement by a Privacy Commissioner, but that there is no similar office with matching responsibilities under the FOI Act.

The Ombudsman recommends the Federal Government establish an FOI Commissioner, possibly as a specialised and separately funded unit in his office.

This Report, like the many other federal and state reports it refers to, says that FOI legislation is long overdue for reform. It would be surprising if the problems in administration it identifies aren't replicated in all states and territories. Its call for consistency in the administration of FOI across government can only be achieved federally and in each state and territory if strong leadership, co-ordination and support is provided by a central government agency.

Thursday, March 16, 2006

Let the sun shine in!

The American Society of Newspaper Editors has this week designated 12-18 March “Sunshine Week” to encourage dialogue about the importance of open government and Freedom of Information.

The project includes the release of research and a wide range of media initiatives. See here for results of a national poll which show that the public equates open government with effective democracy; and here for a selection of cartoons from across the US about secrecy in government and the importance of the right to know. The Governors of several states issued Sunshine Week proclamations.

I’m sure Australian newspaper editors share the enthusiasm for the topic even if this mightn’t run to a well funded, well managed national initiative designed to encourage discussion and debate about open government in practice.

US award for worst performing government agency

The National Security Archive, a non government institution attached to the George Washington University in the US has awarded the CIA with its 2006 “Rosemary” award for the worst Freedom of Information performance by a Federal agency.

This release provides the details including the CIA’s failure to deal with 40% of the 10 oldest still unanswered requests in the US Federal Government sector. The Archive said that the “oldest requests are so old they are eligible for drivers licenses in most states”.

The US Air Force won last year’s award after it apparently lost (or threw away) dozens of FOI requests dating back 18 years. As a result of a law suit launched by the Archive, the Air Force has since launched a major “FOIA Get Well Program”, hired new senior staff, reached out to requesters and other agencies for best practices and begun to clean up its backlog.

The award is named after Rosemary Woods, President Nixon’s secretary who testified that a backwards-leaning stretch while seated at her desk resulted in the “inadvertent” erasure of eighteen and a half minutes from the audio tape of a key Watergate conversation in the President’s White House office.

Thanks to Steve Wood's UK FOI blog for the lead.

Wednesday, March 15, 2006

Privacy problem for the not so happy snaps

The pitfalls that can arise for agencies subject to the Privacy and Personal Information Protection Act (PPIPA) are illustrated by the decision this week by the NSW ADT in SW v Forests NSW (2006) NSWADT 74.

The agency was found to have breached collection, use and disclosure principles following the taking of photographs by a departmental officer. The photographs were of a representative of a community organisation who had accompanied him to make a presentation to a public meeting in Victoria.

The Tribunal accepted that the person concerned had not consented to the taking of photographs out of the work environment which showed her in “morning attire” at the shared accommodation where the party stayed. Copies of a CD containing the photographs had been subsequently given to her and other participants on the trip.

Important issues about this decision are that an agency is responsible for action taken by an officer in the course of employment – in this case attending a meeting in Victoria; taking photographs using an office camera may be a breach of privacy principles where the “collection” is not for a lawful purpose related to function or activity of the agency; a photograph that did not represent the subject in her “professional capacity” breached the data quality principle in Section 16; and disclosure, even limited to other participants in the trip, was sufficient to constitute a breach of Section 18.

The Tribunal refused an application for damages (on the basis there was no causal connection between the breach and any damage suffered) and for costs.

The orders made included that Forests NSW review its privacy policy, implement necessary changes and ensure appropriate staff training

It will be a major and ongoing task to ensure that every public sector employee is aware of the consequences that can arise for the agency as a result of conduct in the performance of official functions which involve collection, use or disclosure of personal or health contrary to privacy principles.

The situation is not helped by complex laws and the thin nature of official guidance in most agencies about what the law means. It might be difficult however to contemplate every scenario in advance, as this case illustrates.

The full text of this decision appeared briefly on the ADT website on 14 March, was withdrawn, and subsequently reposted with some parts of the original decision deleted because of a suppression order.

Tuesday, March 14, 2006

FOI decision: confidential source of information regarding law enforcement

The ADT in an FOI decision this week (Sullivan v Department of Corrective Services (2006) NSWADT 76) affirmed the decision of the agency to refuse access to a document exempt on grounds that disclosure would reveal the existence or identity of a confidential source of information in relation to the enforcement or administration of the law – Clause 4(1) (b) Schedule 1 of the NSW Act. The decision doesn’t involve any new interpretation of the provision

Monday, March 13, 2006

FOI in the news

The front page story in today’s Sydney Morning Herald about conditions in some child care centres is based on documents released under the FOI Act, as was Saturday’s report about the overseas travel of the Minister for Gaming and Racing.

The West Australian on 9 March reported that FOI documents revealed that 15,000 were on the waiting list for elective surgery in public hospitals in Perth, the first official waiting list figures released since June 2005.

Ministerial travel expenses and hospital waiting lists are two categories of documents that shouldn’t require FOI applications. This type of non exempt information should be routinely disclosed and widely disseminated on the web. Australia’s requirements for pro active disclosure are a long way behind good practice. Have a look at one Canadian provincial requirement for routine disclosure of information. There are many others in Canada, the US and the UK.

Friday, March 10, 2006

UK FOI finding on vexatious applicant

The UK Information Commissioner (Case Ref: FS 50078594) has issued a decision notice on his first case involving an agency consideration of the use of the provision in the FOI Act which allows an agency to refuse to deal with vexatious applications.

Following the criteria contained in a published guidance note on the topic the Commissioner found that a person who had lodged 25 applications (not identical but forming a pattern of thematic requests) had imposed a significant burden on the agency involving substantial resources, that the requests had the effect of harassing the agency, and could otherwise be characterised as obsessive or manifestly unreasonable. It was relevant in this case that the applicant had been judged to be vexatious in other proceedings.

The Commissioner upheld the decision of the agency.

Most FOI acts except Queensland, don't have a vexatious applicant provision. Amendments last year to the Queensland FOI Act gives the Information Commissioner powers to find an FOI applicant to be vexatious. In other jurisdictions the review body (in NSW the ADT) has powers to dismiss an application for review on the basis that it is frivolous, vexatious or lacking in substance. The NSW ADT Practice Rule 12 includes vexatious as one of the grounds on which costs may be awarded against a party and the Tribunal has recently shown that it is prepared to make such a decision.

No one in Australia so far has given an agency power to refuse an FOI application on the grounds that it is vexatious.

Who knows whether something like this might get a run if and when legislation in most of our jurisdictions finally gets reviewed?

Thanks to Steve Wood's UK FOI blog for the lead.

High ideals for ministers' servants

The Federal Public Service Commissioner has published a best practice guide ‘Supporting Ministers, Upholding the Values’. Given all we have heard recently about the break down in standards, this is a timely reminder about good practice, and particularly the roles and responsibilities of public servants.

One of the values which underpin the Australian Public Service is accountability. Good record keeping, and transparency are essential elements.

On record keeping the guide says
“all significant decisions or actions need to be documented to a standard that would withstand independent scrutiny. Proper record keeping allows others to understand the reasons why a decision was made, or an action taken and can guide future decision makers”.
With a reference to the Palmer report into the Department of Immigration, the guide says that good practice should extend to ensuring
“that executive management makes itself personally accountable for ensuring that sound file management practices are followed"
On the issue of advice to ministers, the guide says that advice from public servants must be
“frank, honest, comprehensive, accurate and timely. It should also be forthright and direct and not withhold or gloss over important known facts or bad news”.
FOI gets a mention:
“while the possibility of public access may properly influence how some communications are recorded it is important to resist pressure to avoid making records where they would indeed clarify the decision making process and accountability”.
All in all, perhaps nothing new but an important reminder of the essentials of public service in working with ministers. All public servants, not just those in the APS, could benefit from the guide’s important messages.

Who will put it in the 'in tray' for ministers and ministerial staff?

Disclosure of contracts: no comment from Parliamentary Committee

The NSW Parliament's Legislation Review Committee has reported that it has no comment to make on the Independent Member for Bligh's FOI Amendment (Open Government-Disclosure of Contracts) Bill which was the subject of an earlier blog on this site.

This in effect means that the Committee concludes that the Bill does not contain any limitations on rights and won't necessarily mean anything in terms of support for the Bill in the Parliament. The Government has the numbers to determine its fate - there has been no public indication of the Government's position to date.

Privacy concerns brushed aside in establishment of NSW Transport Ticketing Corporation

The legislation to establish the NSW Public Transport Ticketing Corporation passed the Legislative Council on 7 March and is now awaiting assent. We blogged earlier about issues raised in the Legislative Assembly about the Corporation not being subject to privacy legislation once it eventually becomes a State Owned Corporation (SOC).

The Government was on the front foot on the matter in the Legislative Council. It sought to explain that, while a statutory authority the Corporation would be subject to the Privacy and Personal Information Protection Act, and was part of an organisation with a well established privacy policy and a person responsible for privacy. Even though it would not formally be subject to PPIPA when it became an SOC, the Government gave a commitment that it would have policies and procedures in place to follow PPIPA.

A Greens’ amendment to require the Corporation as an SOC to comply with PPIPA drew only 4 votes with the Opposition, Government and other MPs voting against.

Our earlier blog suggested that this problem was first raised by the Opposition during debate in the Assembly. In fact these issues had been pointed out by Parliament’s Legislation Review Committee last November. The Committee wrote to the Minister asking why administrative procedures regarding privacy compliance for the Corporation as an SOC were to be preferred to legislated compliance requirements.

Its not clear what the answer was as Government speakers in the Council simply reiterated the Government’s position. Minutes of the Review Committee indicate that some advice on the matter was also received from the Acting Privacy Commissioner. However his letter of advice is not included in the published Committee records.

The only difference between administrative compliance and compliance required by PPIPA is that the latter gives a right to seek review of conduct by the Administrative Decisions Tribunal. The Tribunal has powers to award damages of up to $40,000. Both these features are absent in an administrative regime.

Australian ID Fraud Summit

Identity fraud continues to be a front-page news item almost daily in the US. While it's surprising that our media is not similarly full of reports about this subject, the issue is getting attention. An ID Management Summit was held on 7/8 March with the focus on preventing fraud and safe guarding Australian business infrastructure and people.

The Federal Attorney General Phillip Ruddock spoke about national ID security. According to The Australian he said that the most recent estimate is that identity fraud costs Australia at least $1 billion a year.

The part of his speech that received the most attention was about the use of identity fraud by terrorists. Without diminishing the importance of this issue, most experts seem to be more concerned about identity fraud and crime. The US Department of Justice and the UK Home Office both make it pretty clear that this is where the main concern lies.

One of Australia's experts, Roger Clarke, who spoke at the conference has published an abstract of his paper "Avoid the Mythologies of Identity Control and Re-discover a Sense of Balance and Proportion". How about this:

"A whole flotilla of myths [about identity control] has been perpetrated by national security agencies, and sponsored by governments. Over-excited vendors are pushing half-baked technologies. Fortunately for civilisation, most of them are ineffective. To the extent that these technologies work as claimed, they are far more dangerous to our society than the ills of organised crime and terrorism."

He and Mr Ruddock (who seems to have suggested that an national ID card might be one of the answers) could have had an interesting chat at morning tea given the diversity of their views, but I notice Mr Ruddock participated by video link from overseas.

Anna Johnston, Chair of the Australian Privacy Foundation, also spoke to the conference on privacy issues but have not yet sighted her paper.

Champions of Open Government recognised

Given the low profile of FOI in Australia, it's always interesting to see what happens elsewhere. The US First Amendment Center, an NGO which promotes freedom of speech issues is organising a national FOI Day Conference of 16 March which will include the induction of "21 champions of open government" into the National Freedom of Information Act Hall of Fame. Criteria for induction include, "long-term or significant instances of leadership, advocacy, accomplishments or scholarship on behalf of the Federal Freedom of Information Act in particular or open government in general".

There is an opening here for an enterprising Australian organisation to develop a local equivalent. Any takers?

Tuesday, March 07, 2006

FOI in the news

News Limited newspapers continue to find stories as a result of FOI applications. The Daily Telegraph claims that documents released by Sutherland Shire Council reveal advanced warnings about growing problems at Cronulla prior to the December riot, a claim denied by the Police today.

The Australian has reported on expenditure on rent and entertainment by the NSW Government’s trade representative in London. The same story says that the office will close at the end of June.

We presume one didn’t lead to the other.

FOI ADT decision on legal professional privilege

The ADT (Ferns v Commissioner of Corrective Services (2006) NSWADT 66) has upheld the agency determination to refuse access to documents under the legal professional privilege exemption (Clause 10 Schedule 1). The Tribunal accepted that the disputed documents were prepared for the dominant purpose of use in legal proceedings or were confidential communications between the agency and its internal legal adviser.

Long delays in ADT processes

A new privacy decision by the NSW ADT (NW v NSW Fire Brigades (No.2) (2006) NSWADT61) this week saw the Tribunal reject an application for damages although in a previous decision it had been satisfied that there had been a breach of privacy principles. The Tribunal found that there was no causal link between the breach and the subsequent damage (loss of income) suffered by the applicant.

This case has had some twists and turns: it involved disclosure of information about attendance as a retained fire fighter to the fire fighter's employer, a local council. In the earlier hearing referred to below, the Fire Brigades claimed that the information was not subject to privacy legtislation as it was contained in a publicly available publication, the station occurence book. This argument and another that the disclosure was consistent with a Direction from the NSW Privacy Commissioner regarding the use of information for investigative purposes were rejected.

While the new decision reiterates that the Fire Brigades breached the disclosure principle, the Tribunal notes that the Council could have compelled the person concerned to provide the information to it in any event.

The time taken to resolve privacy complaint (and FOI) matters by the ADT is worth a comment. In this case the conduct complained of occurred in April 2003. The ADT heard the original matter in April and October 2004 and handed down its decision that a breach of privacy had occurred in April 2005. The application for an award of damages was heard in September 2005. This decision is dated March 2006.

In this case the parties themselves may have contributed to the long drawn out process but this is not a system that involves speedy resolution of complaints about administrative conduct.

The NSW Attorney General is still to table in Parliament the Statutory Review of the Administrative Decisions Tribunal Act – to examine whether the Act was achieving its objectives. This should have been completed and presented no later than July 2003.

What’s that old saying – justice delayed is justice denied?

"BOTPA" strikes again!

This article in Saturday’s Sydney Morning Herald about the health problems of children in foster care quotes a researcher into the issue as saying that NSW privacy laws inhibit the flow of health information to those who need it. But the Department of Community Services denies the legislation is an impediment in passing health information to foster carers. The President of Foster Care NSW responds to this by saying that practice in the field was erratic and some case workers cited privacy as a reason for withholding health histories.

Its hard to see how the legislation prevents sensible communication of information to authorised carers but its more than likely that confusion and uncertainty reigns in this field as it does in others. There have been plenty of suggestions that “BOTPA” (“because of the privacy act”) has become a common excuse for refusal of access to information, usually by those who don’t know the law, or don’t have available guidance on what it means and what should be done in particular circumstances.

NSW privacy laws are "fuzzy laws". They can only be made to work effectively where those who are required to implement them - often front line staff - have adequate resources available to assist them on a day to day basis. The responsibility rests with Privacy NSW and the responsible government agency in each case.

Room for more transparency in local government

Professor Percy Allen, the former Secretary of the NSW Treasury has a well earned reputation for thoroughness and analysis which will be enhanced by the publication of the Interim Report: Findings and Options of the Independent Inquiry in to the Financial Sustainability of NSW Local Government. The 258 page report “Are Councils Sustainable” is a veritable book on the subject. It identifies a wide range of major problems facing local councils and suggests various options about how they should be addressed.

Accountability is one of the twelve local council values he assesses. While the report doesn’t specifically address access to information issues, it does comment about the need for greater transparency and due process in dealing with development control issues, particularly in light of the scope for undue influence by interested parties. The report notes that councillors can be lobbied, aren’t required to give reasons for decisions, and often how they vote on particular DAs is not recorded.

There is plenty of material in the report about local council governance and the roles and responsibilities of those involved to discuss and debate in the few weeks before submissions on the Interim Report close.

There appear to be no specific references in the report to local government concerns about the complexity and cost of legislative compliance with the various information access laws that apply.

What will the Department of Local Government make of the report’s comment that it is “more akin to a nanny than a mentor and monitor” of local government in NSW?

Friday, March 03, 2006

"Smorgasbord of stuff ups" in Victoria

We blogged earlier this week about a damning report issued by the Victorian Privacy Commissioner concerning the handling of personal information by the Police and the Office of Police Integrity.

The Age today has an opinion piece by the State Political Editor Paul Austin.

Austin describes the incidents revealed in the report as a “smorgasbord of stuff ups” and says that it shows long standing systemic problems in Police security systems. He supports the Privacy Commissioner’s call for the Police Commissioner, the Police Integrity Commissioner (the Ombudsman) and the Premier to clean up the mess.

FOI producing plenty of stories in the UK.

Apart from Steve Wood's brilliant UK FOI blog which provides tremendous coverage of developments and links to FOI based media reports, the BBC is now publishing its own website dedicated to stories emerging as a result of use of the FOI Act.

The BBC itself as a public authority is subject to the UK FOI Act along with Channel 4. Its compliance details and a selection of its responses to FOI applications appear here.

Thinking about privacy implications before, not after the event

The NSW Government's Office of the Privacy Commissioner has for some time been urging agencies to give early consideration to privacy issues when considering new policies and projects. It has even published a checklist in its Privacy Essentials series (Number 3) to assist.

It doesn't go into whether in establishing a new organisation it will be covered by privacy legislation but in light of the following perhaps it should.

According to an article in today's Australian Financial Review, the Government found itself on the back-foot regarding privacy implications arising from the establishment of the Public Transport Ticketing Corporation.

With NSW years behind in integrating ticketing and fare payment systems for public transport, no one could oppose the idea of establishing a single purpose organisation to at last make this happen. However, legislation introduced in the Parliament would initially establish the corporation as a statutory body which in due course would be transformed into a State Owned Corporation.

The privacy problem is that State Owned Corporations in NSW are not subject to NSW privacy laws, except in respect of the handling of health information. Of the 16 bodies listed in Schedule 1 of the State Owned Corporations Act - the list includes, Sydney Ferries, Sydney Water and NSW Lotteries - only 1 (Integral Energy) is subject to the Private Sector provisions of the Federal Privacy Act. Some of the rest "voluntarily" agree to comply with NSW privacy law.

The (Opposition) Member for Hornsby, Judy Hopwood, raised the privacy concern in the course of parliamentary debate on 1 March 2006. It hadn't been mentioned by government speakers in introducing the Bill. The Deputy Leader of the Opposition also referred to an FOI application for documents relating to the management of the ticketing initiative which is long overdue.

The answer to the problem is simple enough; make all State Owned Corporations - including the proposed Public Transport Ticketing Corporation - subject to the Government's own privacy legislation.

Perhaps these issues will be addressed in the long overdue statutory review of the NSW Privacy and Personal Information Protection Act. The Act required the Attorney General to table the Report on the Review no later than November 2004. It is still to appear.

The Financial Review reports that the Greens plan to move an amendment in the Legislative Council that the Ticketing Corporation not be exempt from NSW privacy law.

Thursday, March 02, 2006

Is nothing sacred?

Hmm......After posting a blog earlier this week about workplace surveillance issues we couldn't help noticing this item from Louisiana about employees being forced to undergo DNA testing in order to identify who peed in the toolbox! Yes, it does seem to raise privacy problems.

Maybe establishing some rules as advocated by the Victorian Law Reform Commission would be a good and timely idea.

Thanks to David Fraser's Canadian Privacy Blog for the lead

Federal Privacy Commissioner case notes - some universal pointers

The Federal Privacy Commissioner has released case notes on four finalised privacy complaints. Two of the cases contain pointers for organisations regardless of which of Australia's diverse privacy laws apply to them.

In B v Australian Government Agency (2006) PrivCmrA2 an employee of the agency became aware that records consisting of confidential emails and reports about their employment were held in a computer file that was not restricted from general access and could be viewed by other staff in the complainant’s staff group. The agency admitted this was a breach of the privacy principle which requires protection of personal information from unauthorised access. The agency agreed to remedy the situation and to pay for the complainant to receive counselling for the distress caused by the incident.

D v Banking Institution (2006) PrivCmrA4 shows that old habits, or more correctly old computer systems, die hard but can give rise to a privacy problem if they involve the collection of information not necessary for a function or activity. They can also prove to be expensive in responding and dealing with complaints that might arise.

In order to open a deposit account the Institution asked the complainant to complete a question about their marital status and said that if it wasn't supplied the computer system would not accept the application. It agreed during the course of the Privacy Commissioner’s investigation that this information had no bearing on the complainant’s eligibility to open an account and it was therefore in breach of the principle. The Institution agreed to change its computer system, to provide reports on progress and to raise the issue of marital status collection with its industry body as it appeared to be an industry wide practice

Wednesday, March 01, 2006

Major Victorian report on privacy breach

The Victorian Privacy Commissioner has released a report on the investigation of a complaint concerning the handling of personal information by the Office of Police Integrity which involved a range of issues concerning the Law Enforcement Enhancement Program (LEAP) the main data base used by Victorian Police in carrying out their functions.

The Age has prominently reported the Commissioner’s findings.

This report is about the complaints lodged by “Jenny” but the Privacy Commissioner is also conducting a broader examination of issues associated with the management of personal information in the LEAP data base.

A couple of issues of interest from a NSW perspective.

In Victoria, the Police are subject to privacy laws whereas in NSW, the Police (the Police Integrity Commission and others) are only subject to privacy legislation in respect of their educative and administrative functions. This has led to fine legal points about what constitutes the functions covered by privacy legislation and those that are not, an issue that does not arise in Victoria.

A classic illustration was OQ v Commissioner of Police (2005) NSWADT 240 decided by the ADT last October. The Tribunal found that information maintained in the NSW equivalent of LEAPS (Computerised Operational Policing System – COPS) related to core responsibilities and was not subject to the NSW privacy legislation. In this case, while the Police regretted the inconvenience caused, the complainant whose personal information was mishandled by the Police had no recourse available.

The Victorian Privacy Commissioner’s report includes details about the imposition of a compliance notice on the Office of Police Integrity requiring action within a specified period to ensure compliance with the data security principle. The order is the first issued since the Victorian Act commenced.

The NSW Act does not appear to contain powers for a similar order.

Another interesting aspect is that the Victorian Privacy Commissioner is of the view that the legislation in that state requires an agency to notify those concerned if there has been an unauthorised disclosure of personal information, although in this case involving disclosure of information in LEAPS concerning 90 people, he has decided that this is not appropriate. His view is based on the objects of the Act.

The NSW Act does not contain a similar statement of objects.

Reasonable search for documents sought under FOIA

No new ground in an FOI decision this week by the NSW ADT (Curtin v University of NSW (No.2) (2006) NSWADT 56) on what constitutes a reasonable search for documents. The Tribunal confirmed that the basic issues are whether there are reasonable grounds to believe that the requested documents exist and are documents of the agency, and that reasonable steps in the circumstances have been taken to locate them.

The Tribunal notes that in another case heard but not yet determined, an agency has raised an objection on jurisdictional grounds to the ADT conducting an inquiry into sufficiency of search.

In this case the parties accepted that the Tribunal had jurisdiction.

Gap in Workplace Surveillance Act

At the time the NSW Workplace Surveillance Act was introduced there were doubts about whether NSW legislation applied to Commonwealth Government bodies operating in the NSW. The Act, amongst other things bans employers from blocking staff access to union emails and websites from their work computers.

According to to-day’s Australian Financial Review the NSW Attorney General has been advised that the Act does not provide the basis for prosecution of Centrelink (a Commonwealth Government agency) for blocking access to the Combined Public Sector Union website last October, just after the Act commenced. Centrelink subsequently reinstated access as part of the settlement of an enterprise agreement.

The Attorney General said that the Commonwealth Government should draft laws of its own that mirror the NSW provisions.

While NSW has been the first state to enact workplace surveillance laws and has sought to promote the NSW Act as a model for other states, the Victorian Government is currently considering a Law Reform Commission Report, Workplace Privacy Final Report (October 2005) that proposes broader laws that cover areas such as genetic testing. It hopes its approach will be adopted nationally.

In this area, like so many others, it looks like the usual Australian rules will prevail: different jurisdictions, different laws, different provisions.

Tough criminal penalties for stolen data

As reported by Associated Press a US court has imposed an eight year prison sentence on a person convicted of 120 counts of unauthorised access to data, 2 counts of access device fraud and 1 count of obstruction of justice. The owner of Snipermail Ink a company that distributed internet ads to email addresses had, using decription software to obtain passwords, accessed more than 1 billion records in 4789 computer files in Acxiom (one of the world’s largest data management companies) which included names, telephone numbers, street and email addresses.

The prosecution claimed the data was worth $58 million but a data management expert testified that almost all the stolen data could have been purchased for less than $50,000.