Search This Blog

Friday, June 30, 2006

ADT FOI decision on sufficiency of agency search for documents

The Administrative Decisions Tribunal in Cianfrano v Department of Commerce (No.2) (2006) NSWADT195 has found that it has powers to examine whether an agency has conducted a sufficient search for documents.

While this is consistent with a number of previous decisions, (originally Beesley v NSW Police Service (2000) NSWADT 52) arguments have been put in a number of recent cases that these earlier decisions were wrongly decided.

President O’Connor disagreed with some of the reasoning in the Beesley decision but reached the same conclusion.

He said that Section 24 of the FOI Act requires an agency to determine whether to grant or release documents it holds. It also provides that a failure to make a determination is taken to be a deemed refusal.

The ADT had to satisfy itself that an agency has fully determined an application. If an FOI applicant contended there has been a failure to locate relevant documents, and put credible material before the Tribunal that suggested an arguable case, the Tribunal had to consider whether there had been a possible failure by the agency to address all the documents in its possession. Such a failure could be characterised as a deemed refusal, and was a reviewable decision.

President O’Connor said that an applicant could complain to the Ombudsman about such matters, and that the ADT could refer a matter to the Ombudsman for review. However the Tribunal had powers to press an agency to prove that its determination had fully responded to the request, thus enabling it to inquire about the adequacy of the search for documents.

The applicant in this case has listed a range of documents he contends are relevant to the application. A further hearing is to be scheduled to consider next steps.

Thursday, June 29, 2006

Privacy commissioners asked to investigate US Government bank prying

The US Government’s apparent monitoring of international banking transactions conducted through the Belgian based SWIFT, is still running strongly. (See our item two below).

Privacy International, based in the UK has sent a letter to privacy commissioners in 33 countries, including Australia, asking for investigation whether the US may have breached national privacy laws by monitoriing international banking transactions of their nationals.

The Canadian Privacy Commissioner is considering an investigation. “Obviously this is something we can't ignore. We are looking into the matter, though the extent to which we get involved has yet to be determined,” said Anne-Marie Hayden, a spokesperson for the Office of the Privacy Commissioner of Canada.

Not a peep so far on the Federal Privacy Commissioner’s website.

The Belgian Government is now to investigate what's been going on: "We need to ask what are the legal frontiers in this case and whether it is right that a U.S. civil servant could look at private transactions without the approval of a Belgian judge," government spokesman Didier Seus said Monday.

Wednesday, June 28, 2006

Transparency missing in MPs "secret" submissions

I know that politicians are in a no win situation when it comes to pay and conditions – no one seems to think they deserve a raise at any time.

In NSW the Parliamentary Remuneration Tribunal – a judge appointed by the President of the Industrial Relations Tribunal - has the job of producing an annual report with recommendations. Today’s Daily Telegraph “MPs' staff grab” says a “secret” submission has been lodged by the Speaker of the Legislative Assembly arguing for an extra staff member for each parliamentarian, just coincidentally at the time the Government is planning to reduce the public service by 5000 jobs.

The “secret” nature of the submission, and the Tribunal’s comments that submissions are confidential says something about politicians sensitivity regarding full and robust debate about their worth and what they need to do their job properly. I’m sure the Telegraph doesn’t need any help in this area, but the Tribunal is part of the Premier’s Department for FOI purposes, and an FOI application might produce some interesting results.

The Parliamentary Remuneration Act makes no reference to the confidential nature of submissions so any decision to treat them in this way is entirely the result of a decision by the Tribunal itself. The Tribunal’s website is silent on this issue, in contrast to the Federal Remuneration Tribunal – it makes it clear that any submission that contains information of a personal kind or is otherwise sensitive should be indicated as such at the time a submission is lodged and goes on to say that submissions may be accessed under the Federal FOI Act.

The fact that a submission on this matter on behalf of NSW MPs needs a secret label says a lot about the prevailing culture and the interest (or lack thereof) in robust debate.

Australian banks in the dark about US monitoring

The hot privacy issue this week has been the revelation by the New York Times that a secret US Government program has been monitoring international banking transactions conducted through a bank cooperative program SWIFT based in Belgium. President Bush has criticised the revelation as "disgraceful" and defended the program as legal and essential in the ‘war on terror’. The Times has said it was in the public interest to reveal it and quoted unnamed bank and government officials expressing concern about the program, initially a temporary measure, and now running into its 5th year.

Australia's big four banks are members of SWIFT. Today’s Australian Financial Review “CIA pulls a swifty on banks” says that Australian banks were unaware that international transactions may have been monitored by the US, and while the US Government had notified the central banks of 9 countries about the program, the Australian Reserve Bank was not aware of the traces.

Australian international banking transactions have long been monitored by the Government's Austrac, in connection with money laundering. However its news that the US Government has possibly been monitoring our transactions as well.

The European Union and the Belgian Government have apparently been in the dark. As for the Australian Government ….

In the US this development, following weeks of reports about other privacy intrusions, has prompted Congressional efforts to introduce a national comprehensive privacy law - this article captures the essence.

Monday, June 26, 2006

Australian crime busters busted for privacy breach

When I posed some questions last week about the reasons why data security didn't seem to be a headline issue in Australia, in contrast to the US, how was I to know we were about to have a spate of reports about lost, stolen or carelessly discarded data?

Since then we've posted reported breaches involving Australia Post, the Queensland Government and the Tax Office. The latest is this report "Cop bungle exposes bank files" - the Australian High Tech Crime Centre, the body involved in investigating online frauds, lost a memory stick containing the banking details of 3500 customers when an officer lost the classified information while travelling to London to brief overseas police forces.

Two-thirds of the bank customers had their name, post code and banking institution recorded on the memory stick. The rest had their bank accounts and bank branch numbers as well.

The memory stick was not protected by a password or encryption and the information stored could be accessed by plugging it into a computer.

This occurred in April last year and has only come to light today. The Centre persuaded the banks involved not to inform the customers involved as they didn't want to draw the bad guys attention to the fact the information was 'out there'.

All this points up the need for better standards and a requirement that those potentially affected by a data security breach be informed when information that lends itself to ID theft and fraud is lost, stolen or inadvertently disclosed.

Sunday, June 25, 2006

Australian Tax Office in privacy blunder

Another Australian data security problem comes to light – the Federal Ombudsman doubles as Taxation Ombudsman and last week reported on tax activities in 2005 (see the report page 12) One of the complaints investigated was from a taxpayer, Mrs. J. who received from the tax office a letter containing information about expenses claimed by another tax payer.

It turned out that when the Ombudsman contacted the Tax Office to make inquiries he found they were already aware of the issue – in fact 4000 taxpayers were affected by a faulty mail out, the Tax Office was in the process of contacting them and had alerted the Federal Privacy Commissioner.

The Ombudsman assured Mrs. J. that no one had been sent her details in error. However the Ombudsman’s special tax advisor is quoted in The Australian Financial Review 24-25 June as saying that it was unclear to what extent the privacy of the remaining 4000 taxpayers had been breached. He said the issue for the Ombudsman was that “we only know half the story”, but he was still confident that the Tax Office had acted appropriately because it had referred the matter to the Privacy Commissioner. He sounded pretty understanding about the whole thing really – “it’s a regrettable error, but there is always this danger for any government agency that has automated processes”.

We might all find it reassuring that the Tax Commissioner told a consultative committee last week that the Tax Office is making efforts to improve its letter mail outs to taxpayers in a “letter improvement project”.

Our right to know about restaurant hygiene

Matthew Moore’s “Food for thought” article in Saturday’s Sydney Morning Herald raises an important public right to know issue: whether those who handle the food we eat comply with food hygiene standards. The Herald website shows some quick responses from readers to Moore's article including a comment from an Australian living in Canada that publication of this type of information there is regarded as standard.

I don’t know what those responsible for food standards in Australia think about disclosure of compliance information. Elsewhere in the world there is a growing consensus that food hygiene standards improve when regulators publish information and ratings that inform the public whether a particular restaurant is an A or an E.

This report “Restaurant inspectors urge “scores on doors” shows that in the UK councils in 2004 were planning the public display of hygiene inspections to seek to reduce the 1million food poisoning cases reported each year. Since the commencement of FOI in the UK in January 2005, councils have not sought to refuse access to inspection reports. The “Scores on doors” movement – pro active publication of this type of information without the need for any FOI application – is now running strongly in the UK, (see the results of this Google search) and is supported by bodies such as the Chartered Institute of Environmental Health. It’s been a requirement in California and other states in the US for some time and is currently on the agenda in Chicago.

Pro active publication should be a requirement here. Food standard authorities and councils should get together in an Australian "Scores on doors" initiative.

In its absence there is an interesting test case waiting to happen in the event that an application for this type of information under FOI is refused. There would appear to be a strong public interest in access to information about food hygiene practices in our restaurants and other places where our food is handled.

FOI in the news

Media reports based on FOI applications over the last week include:

Daily Telegraph 19 June:
“Grime and punishment: private schools secretly told to clean up their act” - Private schools were ordered by WorkCover to lift their game last year over dozens of matters including mouldy science labs, leaking toilet blocks and even hazardous prayer mats.. The Daily Telegraph has obtained copies of all WorkCover improvement orders issued to private schools. Among the more serious matters were claims of staff bullying at Eukarima School at Bowral, Glenaeon Rudolf Steiner School at Middle Cove and Coverdale Christian School, Riverstone.

“Red light camera: how less is more” - Red light cameras are catching fewer motorists than ever but higher fines have created a magic pudding miracle of more revenue for the NSW Treasury. An investigation by The Daily Telegraph has revealed the number of drivers snapped running red lights fell to 51,375 last year, nearly 2000 down on 2003-04.. But higher $300 fines mean the State Government has squeezed out millions of dollars more.

Canberra Times 19 June: “In this jail, there'll be more cons than pros” - A 2003 report that provided the basis for the ACT Government’s decision to build Canberra’s first prison says a majority of those convicted in the ACT are not Canberra residents, contradicting one of the major claims for proceeding with the project.

Australian Financial Review 23 June: "Power and liberty seldom get along" - Verona Burgess, the Government Business reporter, summarises speeches by the Federal Ombudsman, Federal Privacy Commissioner and Richard Mulgan of the ANU at last week's Institute of Public Administration seminar on Open Government. The Ombudsman, John McMillan "blasted the public service for indefensible uneveness in agencies' responses to FOI requests....The democratic integrity of a system of government is as vital as its financial integrity".

The Australian 24 June: “Stealth fighter project “flawed” - Australia’s biggest-ever defence project, the $16 billion Joint Strike Fighter, has potential flaws that could reduce the world's newest warplane to just an "average aircraft", according to internal Defence Department documents. The documents reveal the JSF is beset with serious software problems and a cockpit display system so bad it had to be almost completely redesigned.

Sydney Morning Herald 24 June: In his weekly “What they won’t tell you” column FOI Editor Matthew Moore in “Food for thought” reports on food hygiene inspection of restaurants by City of Sydney Council health inspectors. Moore has been unsuccessful in obtaining details concerning those fined and identifies anomalies in the statistics provided to him by the Council concerning the activities of the inspectors.

As usual some links are not available.

Friday, June 23, 2006

Privacy data security hits home

After banging on this for the past couple of days, its entirely coincidental that two Australian data security stories hit the headlines yesterday.

At least Australia Post, after “losing” 615 passport applications, found them after a week and reassured those concerned that they’d never left the premises.

On the other hand the Queensland Government has the problem of looking for an explanation how personal documents including birth certificates, wills, blank bank cheques and other documents from various government departments, including the Attorney General’s office, were sold for paper recycling without being shredded first.

Tips of icebergs?

Tuesday, June 20, 2006

Australians not so relaxed and comfortable about privacy

The fact that two out of three Australians approached by a television reporter last month were happy to divulge lots of personal information prompted us to ask “So who’s concerned about privacy”.

Well, according to a survey by Newspoll published in today’s Australian, 53% of us are worried about unauthorised use of credit and ATM cards and 56% are worried about unauthorised access to, or misuse of personal information.

I doubt if things have changed in a month but privacy according to this survey rates higher on our list of concerns than war, terrorism, bird flu or rising interest rates.

The Australian also reports the results of a 2006 Deloitte Global Security Survey that 78% of 150 leading banks and finance companies had a security breach in the last year, up from 26% in 2005. The Asia-Pacific region (that includes us) rated worst-in-class in several categories: only 15% of our institutions regarded information security as a senior management or board concern; only 33 % had a security strategy, and “none reported that they had the required skills to respond effectively to a threat”.

Relaxed and comfortable?

Data security in Australia: US may not be unique

Having wondered aloud yesterday about data security in Australia and what a close look by regulators might discover, I have just come across this performance audit report by the Federal Auditor General “Internet Security in Australian Government Agencies” tabled 13 June. The audit is a follow up on a 2001 report on this topic and a 2005 IT security management audit.

The audit involved examination of the adequacy of the management of internet security in six Federal Government agencies and concluded: “The current level of internet security was insufficient given the risks and problems identified through the audit findings”. In particular none of the audited agencies fully complied with the Australian Government Protective Security Manual 2005 that establishes minimum standards for the protection of Australian Government information and the Australian Government Information and Communications Technology Manual that covers secure information technology.

The Auditor General says that the conclusions are similar to those reached in the 2001 audit but that what has changed since is that government agencies have significantly increased the services delivered by the internet, while risks from within and outside agencies, and the number and sophistication of electronic attacks have grown rapidly. “A major risk to internet security also comes from within agencies, where personnel he the potential to accidentally or deliberately change information”.

The agencies audited included the Australian Federal Police and Medicare Australia both of which would hold large amounts of personal and health information. For obvious reasons the report does not comment on the vulnerability of particular agencies.

This doesn't throw any light on state and local government, or private sector data security.

The question remains “Why isn’t Australia suffering a wave of security breaches”?

Monday, June 19, 2006

Data security breaches: is the US unique?

Incidents concerning major data security breaches have been reported in the US media with such regularity over the last year or so that they seem commonplace.

Privacy Rights Clearinghouse has put together a chronology of data breaches reported since the ChoicePoint incident in February 2005 involving the access to credit card processing details by ID thieves (ChoicePoint was subsequently fined $15million over this incident).

The Clearinghouse list includes data security breaches by private companies, government organisations, hospitals and universities.

They claim details of 88 million Americans have been put at risk.

Incidents over the last week are listed on Pogowasright. Both lists just missed a report of data stolen last month from a government employees house about 2.2million US troops in the National Guard and Reserves.

Is this just a US phenomenon or is the rest of the world missing something?

This article in Computerworld Security "Why isn't Europe suffering a wave of security breaches" says that a recent survey found US privacy practices do not suffer in comparison to European counterparts but 50 privacy experts in North America and Europe cite 3 major factors to explain the difference: US practices are under the microscope,with obligations to report these incidents that don't apply elsewhere; European data practices are more robust; US data collections are more attractive and lucrative targets.

Could the same factors explain the difference between what's been happening in the US and the very limited public information about data breaches in Australia?

The prevailing view here seems to be that we are travelling pretty well - see the Federal Privacy Commissioner's comments to a NZ conference recently. At a symposium in Sydney recently the Commissioner in response to a question about this issue, said Australian organisations generally were a compliant lot(really?) and this might explain the difference .

I've got my doubts. I think the absence of an obligation to notify those affected by a data security breach (now the law in almost 30 US states) is a major difference.

Who knows what might emerge here if our regulators had the resources and drive to dig deeper?

Thanks to David Fraser's Canadian Privacy Law blog and Pogowasright for some of the leads.

Federal access card: questions now answers later

The Consumer and Privacy Task Force, chaired by Professor Allan Fels established to advise the Federal Government on issues related to the development of the health and social services access card has released a discussion paper outlining preliminary thinking about questions that need to be addressed. The five major issues include privacy protection and accountability. Submissions are invited and close on 27 July.

The Task Force plans a range of activities designed to attract public input.

Sunday, June 18, 2006

FOI in the news

Stories based on FOI in the media this week include:

ABC Online 9 June: “FOI cases wasting taxpayers’ money” - The Victorian Opposition has accused the Government of wasting taxpayers' money by trying to stop it getting access to politically sensitive documents under Freedom of Information (FOI).The Opposition has 10 cases before the Victorian Civil and Administrative Tribunal (VCAT), relating to FOI requests that have been denied. It says that in one case alone, the Government has spent more than $38,000 on lawyers for a one-day hearing. Premier Bracks has defended the Government’s record.

Herald Sun 9 June: “$500m loan was on the cards” – the Victorian Government considered borrowing $500m to pay for its transport smartcard project before deciding to fund the project itself.

Canberra Times 10 June: “Blunder over ACT land” – Economist Brendan O’Reilly says ACT taxpayers have lost $100 million in land sale revenue because successive territory governments have sold 99-year leases on rural land for a fraction of their true value.

The Age 11 June: “Cash strapped hospital tried to put off tax bill: State bails out Royal Children’s” -The Victorian Government has been forced to rescue the Royal Children's Hospital from a cash crisis, which at one stage was so dire that the hospital had stalled paying the tax withheld from employee wages.

Herald Sun 12 June: “Police car crashes cost us $1m” - Victorian Police Force wrote off 21 cars and incurred a $1.7m damage bill in on-the-job accidents in a year. 95 speeding tickets were issued to Police in the same period.

Daily Telegraph 12 June: “Fat cats enjoy cream of sport” – The NSW state owned corporation Energy Australia has paid $700,000 for a corporate box at Telstra Stadium over the last three and a half years. 437 people used the box on 22 occasions – 372 were Energy Australia workers.

The Age 12 June: “Ambulance legal bills reach $1m” – Victoria’s country ambulance service is spending hundreds of thousands of dollars in taxpayers' funds fighting legal battles against paramedics who claim they have been harassed, bullied or mistreated.

Canberra Times 13 June:
“Bid to beat parking ticket lost” - The system under which parking infringement notices are withdrawn if a good excuse is raised would collapse if a Canberra man was granted access to guidelines on the subject, government officials have successfully argued.. After receiving a parking ticket, Tony Pintori appealed to Urban Services but was told his case did not fit within the guidelines. Using the Freedom of Information Act, he asked for a copy of the guidelines but was refused.

“Health chief’s “departure” questioned” - Officials must reveal the reasons behind the sudden departure of one of the region's senior health bureaucrats, the NSW Opposition has demanded.. . NSW Opposition health spokeswoman...Mrs Skinner said documents obtained under freedom of information showed the service had more than $8.5 million in overdue accounts at the end of last year.

Australian Financial Review 16 June: "Ombudsman warns on FOI compliance" - The Federal Ombudsman told an ACT Institute of Public Administration seminar that he will audit agency head committment to the FOIA. He said they should be as dedicated to uniform compliance with democratic integrity laws as those dealing with financial reporting and contract procurement. A spokeswoman for the Federal Attorney General is quoted as saying that "Mr. Ruddock was comfortable with agencies' compliance with the FOI Act".

Federal Privacy Commissioner Karen Curtis also spoke on "Open Government: Reality or Rhetoric" at the seminar.

Sydney Morning Herald 17 June: "Deaf or just dumb" - In his weekly “What they won’t tell you” column, FOI Editor Matthew Moore recounts his experience in seeking a public interest rebate from a Commonwealth Government agency that estimated costs of dealing with an application for some economic modelling documents to be in excess of $13,000. The agency isn’t convinced that releasing documents to a newspaper will result in the public being informed about their content.

Sunday Telegraph 18 June: “Doctors not paid for years” - Some doctors are waiting up to two years to be paid by cash-strapped NSW hospitals, while other surgeons are operating for free. Area health services owed more than $65 million in overdue accounts by the end of last year.

As usual some links to free content are not available.

Wednesday, June 14, 2006

South Australia: keeping DNA on file just in case.....

In South Australia recently a magistrate dismissed charges against a person because Police, contrary to law, had retained DNA information in connection with an earlier charge that had been dismissed and used this information to lay new charges on an unrelated matter.

The Government’s response was to announce that the law would be changed to enable the Police to retain DNA samples. According to the Advertiser this will give South Australia a larger DNA database than anywhere in the world. outside the UK.

The Premier said this made sense: those with nothing to hide had nothing to fear.

It now turns out that the Police knew they were acting illegally in retaining the information contrary to the law.

I don’t know where all this leaves long and complicated efforts to establish national rules about access to a national DNA database. The Federal Attorney General’s Department took years to lead the states and territories through this process. Here is a link some information about that process.

It’s interesting that about the same time that the SA Premier issued his “nothing to hide, nothing to fear” proclamation, the Victorian Privacy Commissioner devoted a significant part of his Law Week speech on the Value of Privacy 1 June (page 16) to debunk this idea.

Its also an issue in Canada and the US. (Thanks to David Fraser's Canada Privacy blog)

The Victorian Privacy Commissioner concluded that as governments ask for more personal information from the public, we should ask more questions.
"Insist on proportionality. Verify that promised safeguards are enshrined in law and can be enforced. Trust, but cautiously. Keep an eye on your governments".

Good luck to those in South Australia.

Tuesday, June 13, 2006

ADT privacy case: damages awarded for breach of disclosure principle

In the second case in which damages for a breach of privacy have been awarded, the NSWADT has ordered an agency to pay $4000 to an applicant who successfully claimed loss or damage as a result of a breach of privacy principles.

This decision NZ v Department of Housing (2006) NSWADT 173 followed an earlier finding that the Department had breached the disclosure principles in the Privacy and Personal Information Protection Act. The breach involved disclosure in a letter to NZ’s sister about the investigation of a complaint made against her. The letter acknowledged the sister’s explanation that the information had come from NZ, and that the officer concerned had discussed with the sister the possibility that NZ may be a vexatious complainant.

The Tribunal accepted evidence from a number of witnesses that NZ’s fragile health condition had been affected by the disclosure. It rejected arguments by the Department that the Civil Liability Act (2002 legislation concerning the award of damages for personal injury) was relevant to an assessment of appropriate compensation under PPIPA. Drawing principles from a Federal case involving an award of damages and published decisions of the Federal Privacy Commissioner, the Tribunal said that an assessment needed to be made of economic and non economic loss and whether exemplary or punitive damages were appropriate.

The ADT ordered a payment of $4000 for non economic loss and made other orders concerning the removal and secure holding of departmental records that contained the information in question. An appeal has already been lodged but it is not clear by whom.

The only other award of damages in the NSWADT to date was in RD v Department of Education and Training (2005) NSWADT 195 –$2000 for psychological harm arising from the disclosure of health information about the applicant by forwarding it to the wrong address.

Access card: privacy dangers worse than Australia Card

Professor Graham Greenleaf Co-Director of the Cyberspace Law and Policy Centre UNSW has published a draft report "Quacking like a duck: The national ID Card proposal (2006) compared with the Australia Card (1986-87)". The report is a working draft as all relevant information about the access card to enable a full comparison has not been released by the Federal Government. The report concludes that the access card proposal of 2006 has almost all the features of the failed Australia Card proposal of the 1980s, and because of the addition of a microchip, the privacy dangers are worse.

Yesterday's Sydney Morning Herald included this detailed report about the access card.

The battle about the merits of the proposal is heating up.

Electronic health on sick list

If you're interested in the state of play regarding the development of electronic health and medical records in Australia, dash out and grab a copy of today's Australian Financial Review. Its front page article "Electronic health records scheme on critical list" is a detailed report on developments nationally, and in the states. Its not a happy story - delays, cost overruns, bureaucratic infighting, legal disputes and funding issues all feature.

In a separate article the AFR reports that Queensland is proceeding with its driver's license smartcard. The license with microchip is to be introduced in 2008.

The AFR website which provides very limited free content in any event, lists the articles here but at this stage they are not accessable.

Sunday, June 11, 2006

FOI in the news

The Age 5 June: “IR Overhaul based on short “essay” – economic case contains no modelling” - the document that contains the basis for the Federal Government’s workplace reforms consists of a 4 page literature review citing 16 journal articles.

The Australian 5 June:
Military and tankers threaten Barrier Reef” – a Defence Department report reveals that while most naval activity in the Reef area is benign, there are risks particularly from an oil spill:

Chaos after consultant’s reign” - The NSW Department of Aboriginal Affairs paid a consultant nearly $270,000 to manage a restructure that, barely a year into its life, has left the upper echelons of the department in disarray.

Irwin’s crocodile letters revealed” - letters to the Minister for the Environment, give an insight into the world famous croc hunter's thoughts on allowing crocodile trophy hunters into the Top End.

Sydney Morning Herald 5 June:
A budget to show if Iemma is in control” – in this pre budget opinion piece the State Political Editor says that documents released under FOI have revealed that by February this year most area health services had achieved only 60 per cent target staff reductions. The Hunter/New England Area Health Service was only 38 per cent toward its target.

Call to trim payroll tax”: the Property Council said NSW Treasury figures it had obtained under FOI showed twice as many NSW businesses paid land tax than payroll tax, because many had payrolls lower than the minimum threshold of $600,000.

The Age 6 June:
FOI: it’s like a painful day at the dentist” – the Age Health Reporter follows up on the recent Victorian Ombudsman report on FOI by recounting her own experiences, particularly delays, in dealing with the Department of Human Services.

Osland resumes fight for FOI papers” – the Victorian Government has gone to the Court of Appeal seeking to overturn a Victorian Civil and Administrative Tribunal finding that documents concerning her application for a pardon for murder should be released because it was in the public interest, despite the fact that they attracted legal professional privilege.

The Daily Telegraph 6 June: “Parents not told of drug risks” - Documents obtained under FOI show the Australian Adverse Drug Reactions Committee (ADRAC) in September 2005 discussed placing warnings on anti depressants about use by people under 19.

The Canberra Times 9 June: “Minister says he is not aware of any plans to sell school sites” – following the ACT Government’s announcement that it will close 39 schools, the Government says community use will have priority despite the fact that documents contained under FOI last year disclosed that valuations had been sought for 4 sites.

The Sydney Morning Herald 10 June: “What they won’t tell you” – in this first in a new column series, the Herald FOI Editor Matthew Moore recounts his unsuccessful attempt to obtain details of the payout to former head of the RTA, Paul Forward.

Sunday Herald Sun 11 June: “Computer bunfight – up to 16 line up” – inconsistencies in computer access in Victorian schools include 16 students per computer at some and 2 per computer at others.

As usual some links are not available.

Thursday, June 08, 2006

FOI: dull documents still attracting interest

Today’s Sydney Morning Herald editorial “Keeping us in the dark”: NSW frustrates FOI laws” picks up issues blogged here on 23 May and 6 June.

FOI Training for State and Local Government agencies

We are running an Introductory program on FOI for NSW State Government agencies on 27 June and an Introductory access to information (S12 and FOI) for NSW local councils on 4 July. See here for a link to our seminars page and website for full details and booking form.

UK Information Commissioner: Watchdog bites himself

There has been a lot of chortling in the UK that the Information Commissioner has investigated a complaint and concluded that his office breached its obligations under the FOI Act. The matter arose because in the UK the Act confers a right to ask for information without the need to specify that it is a FOI application. The office didn’t deal with a letter as if it was an FOI request.

This BBC report gives you the gist but Rob Edwards blog gets the headline award: “Information watchdog bites himself”.His page has a link to the Commissioner's Notice

NSW FOI Act new exemption on back of tough juvenile detention law

There has been a little publicity about the passage of legislation this week described as “toughening up” the NSW juvenile detention system. Buried away in the fine print of the Children (Detention Centres) Amendment Bill, and not mentioned in the media report is a provision that will add a new exemption to the FOI Act for documents held by the Drug Intelligence Unit of the Department of Juvenile Justice.

Parliament’s Legislation Review Committee made no comment on this aspect of the Bill – it did draw attention to the fact that new powers to hold juveniles in solitary confinement could be seen to be a breach of Australia’s obligations under international law regarding the treatment of children; and wondered whether compulsory drug and alcohol testing of staff was an invasion of privacy.

In any event the Bill sailed through the Assembly, was the subject of more spirited debate in the Council but nevertheless was passed without amendment.

The only Government speaker who commented about the FOI Amendment was the Member for Peats Marie Andrews who said in the Legislative Assembly debate that the new exemption would bring the Unit into line with the State Crime Command of NSW Police, and the Corrections Intelligence Group at Corrective Services that were already exempted through special provisions in the FOIA. It would ensure the consistent and free flow of information among three intelligence units “and ensure that intelligence is not compromised, especially in regard to counterterrorist measures”.

In the Council Lee Rhiannnon of the NSW Greens said that the exemption was another illustration of government preference for secrecy. She said that any highly sensitive document could be claimed to be exempt in the usual way -“providing a blanket exemption is just lazy administration and is symptomatic of a Government fearful of scrutiny”.

There is not much of an explanation available publicly about what, if any problems Juvenile Justice faced in dealing with FOI applications without the benefit of this specific exemption. The Department’s annual reports for the last three years reveal about 20 applications a year with a fairly high percentage refused in full or in part but only two internal review requests in three years, one complaint to the Ombudsman and one ADT review. The three reports all include a comment that the FOIA has had no adverse effect on operations.

Yes, there were a few voices of concern raised during Council debate about the effect of harsher detention laws on children held in detention but its now the law.

Wednesday, June 07, 2006

Victorian Privacy Commissioner rings alarm bell

Victorian Privacy Commissioner, Paul Chadwick has had a major impact on discussion and debate on human rights issues in addition to sterling service in implementation of Victoria’s privacy laws.

In a thought provoking speech - "The Value of Privacy" on 1 June - he ventures into new territory sounding a very clear warning about why we should all be alert and somewhat alarmed about the use of CCTV cameras, and a Federal – state government plan to coordinate and develop a national framework for surveillance as a counter terrorism measure.

Read Chadwick’s hypothetical case studies from history and his picture of where the proposed initiative might take us in Australia, and ponder whether we should all accept that government knows best.

There were voices of concern raised last September about the civil liberties impact of that round of anti terrorism measures agreed between the Commonwealth and the states but those of you interested in government decision making processes should be aware of the considered opinion of the Victorian Privacy Commissioner 6 months after the event: "the single most serious failure of the deliberative democratic process in Australia that I have witnessed in almost 30 years of reporting on and participating in public affairs".
"The inadequacies included: lack of notice; narrow consultation within government; failure to provide details for public debate among relevant specialists in law and academia as well as community organisations (until the Chief Minister of the ACT breached protocol and unilaterally made draft legislation public); truncated parliamentary processes; official enquiries that enquired and reported after, not before, parliament made major legislative change directly relevant to the subject-matter of the enquiries. The subject matter involved fundamental re-balancing of liberty and security in favor of security (preventative detention without charge, control orders, limited rights to representation and other safeguards, sedition offences, widened information demand powers). In such matters, due process is essential to the legitimacy of the resulting law. Failure to honor deliberative democratic processes comes at a cost in confidence and trust".

National access card business case released

Federal Minister for Human Services, Joe Hockey has released an edited version of Volume 1 of the KPMG business case for the proposed national access card. Detailed costings in Volume 2 have not been released. Deletions of parts of the report have been made on various grounds including commercial in confidence and Cabinet in confidence. The section on how the card will help reduce fraud has been deleted on the grounds that disclosure would be a risk to government outlays.

There is a convincing case put forward about the need for change and improvement in government current systems for access to health and social service payments, given the poor quality of data held concerning proof of identity.

KPMG and the Government are convinced that it all makes good business sense. The devil in the detail will become more apparent as the project moves forward.

A continuing concern will be pressures from within government for added functionality and “function creep” – new uses for all the data that will be at hand. The report acknowledges the need for close and careful oversight.

Tuesday, June 06, 2006

Ethics Centre slams ministerial ignorance

Ignorance – “I didn’t know” or “no one told me” – has become a commonplace ministerial defence over the last decade when things have gone badly, with frequent resort to this plea - ‘children overboard’, illegal kick backs for the sale of wheat to Iraq, torture at Abu Graib, the whole mess in Immigration including the deportation of Vivian Alvarez Solon and the detention of Cornellia Rau - the list goes on.

Dr. Simon Longstaff of the St. James Ethics Centre has an article on ministerial responsibility in the Centre’s just published winter edition of Living Ethics. He reminds us that when Winston Churchill famously and publicly apologised for his failures that lead to the fall of Singapore, there were three not two elements: “I did not know. I was not told. I should have asked”.

Dr. Longstaff says that Churchill got it right in stipulating that a minister's responsibility is not only to listen, but to ask when inquiry should be made. Those who think two out of three is sufficient compliance with the standard are failing in their duty.

I guess you would take with a grain of salt the observation that "tactical ignorance" is now part of the modus operandi at the highest levels of government if anyone other than the Director of the St. James Ethics Centre told you so. Dr. Longstaff concludes
“The natural tendency for self preservation…..has seen ministers develop innovations such as the most recent attempt to record ignorance. I’m told that, at the Commonwealth level at least, files sent to ministers can now be marked officially as “Not Read by the Minister”
Even the strictest laws on public accountability can't cope with this sort of practice.

Telemarketers top list in national privacy phone in

3 out of 4 of those who called the Australian Law Reform Commission privacy phone in last week raised concerns about unsolicited calls from telemarketers. I guess we can all sympathise with those who told the Commission they receive more than a dozen calls a night.

The Federal Government’s “Do not call” legislation has now been introduced into Parliament but while this might provide some relief, it may leave many gaps. Charities, political parties, independent members of Parliament, candidates in elections, government bodies, educational institutions, research organisations and those you have done business with over the last 12 months are exempt. It may turn out to be a long wait until the legislation commences, and then too little relief. Professor Graham Greenleaf of UNSW can be heard discussing the issues on ABC Radio National Life Matters.

Other significant privacy concerns raised during the phone in included public and private sector handling practices, security of health information, video surveillance and the proposed national access card.

Don’t hold your breath for any magic bullet and the Commission has until 2008 to report to the Federal Government.

"Boring administrative records" become FOI battleground

The Sydney Morning Herald today “Much ado about deadly dull documents” - reports on the Attorney General’s/Crown Solicitor’s unsuccessful attempt in the ADT Appeal Panel to argue the exempt status of a letter requesting a drainage diagram from Sydney Water, a planning certificate from Strathfield Council and two request forms for land title searches. We commented on this matter on 23 May.

In this case the Office that provides legal services to other state government agencies felt compelled to argue narrow legal issues concerning innocuous documents when it was on the receiving end of an FOI application. There was a point perhaps in arguing the toss before the Tribunal when 88 documents were in dispute. But when they lost on 4 of them – those mentioned above – someone appears to have concluded that important adverse consequences would flow from the decision and that more public money should be thrown at seeking to protect them by taking the matter to the Appeal Panel.

In the end the Appeal Panel found the documents not exempt. Perhaps the agency claims some sort of pyrrhic victory, hang the expense.

Why these 4 documents were not initially released or released on internal review is a mystery given the following guidance that appears in the Government’s FOI Procedure Manual (page 143) and is stated policy for all state government agencies:
“Exemptions should be claimed only where it is necessary to protect an important interest and to do so in any other way which involves release of the documents is not possible (policy)”.
This 1994 direction sought to encourage disclosure not technical legal arguments.

Sunday, June 04, 2006

Kids cards - what next?

It's a bit hard to work out exactly what the Federal Government has as its main objective in announcing that parents will need a pin number or a swipe card to pick up their child from child care.

In this interview on ABC Radio the Minister says it will be a great security tool for parents and all outside of school providers will need to be linked up to the system to help the Government prevent fraud. The Minister can't say yet whether this card will be part of the foreshadowed national access card. Not a word so far about privacy implications.

All I can say is why stop with the child care card? Why not put a microchip on the kids and keep an eye on them 24 hours a day? Its happening in some parts of the world.

Maybe already even closer to home.

ADT Appeal Panel privacy decision: no valid complaint

The Appeal Panel in this latest NZ v Department of Housing decision affirmed the Tribunal's finding that the ADT had no jurisdiction to consider the matter because there had not been a complaint to the agency under Section 53 of PPIPA.

The Appeal Panel confirmed that a complaint about a breach of privacy, to be valid, must identify the conduct complained of but does not need to be precise about exactly what information protection principle is in issue. In this case the matters complained about were not incidents that were relevant to a claim of breach of privacy. The agency had not been in receipt of a complaint under the Act

Victorian Ombudsman finds lots of problems in FOI review

The Victorian Ombudsman has tabled his report on review of FOI policies, practices and procedures in the 10 budget departments of the Government and the Victorian Police.

The Ombudsman thought that delay was the key issue in Freedom of Information decisions but others who read the report rather than the media release thought otherwise – The Age headlined their story “Deception, secrecy to obstruct FOI” and the Australian “Ministers hinder FOI laws”. Both these reports and the ABC focused on his comments about politicisation of the FOI process, and the intervention of ministers and their staff in decision making.

The report is another in a long line of reports at Federal and state level that demonstrate that FOI laws are not self implementing, and illustrate delay, political interference and a culture of defensiveness in its case studies.

The Ombudsman recommends some changes to the Act among them aligning FOI and privacy laws by common use of the term personal information, new powers for a vexatious applicant declaration and the adoption of more proactive disclosure along the lines of the UK's publication scheme requirements.

He also points out serious deficiencies in determinations, comments about the need for more systematic training and urges the Department of Justice to provide more and better leadership and support for all agencies through setting appropriate standards for FOI processing and issuing practice notes to guide agency staff and to update on developments.

Having found delay is a major problem the Ombudsman recommends that agencies be given more time to deal with applications. Victorian agencies already have 45 days - the Ombudsman says they should have an additional 30 days when consultation with third parties is required. This misses the point that a failing in all Australian FOI legislation is to treat all applications as if they are the same. The reality is that some are large and others aren't. There should be a process for additional time only for the very large category.

The real message from this and other reports: “Strong and ongoing leadership the only answer to the open government problem”.

FOI in the news

Media reports based on FOI over the past week included:

Sun Herald 28 May – “Long wait for FOI requests”: NSW Police are forwarding letters of apology to FOI applicants regarding a 6 month delay in processing requests said to be the result of a chronic staff shortage.

(Just a comment on this – the Ombudsman’s last Annual Report page 132 says that Office has “become increasingly concerned at delays by NSW Police in dealing with FOI applications”. The report said that while some short term measures had been put in place to deal with increased applications “no significant long term measures have been (taken) to enable NSW Police to comply with the statutory timeframes for assessing applications. We have now begun a formal investigation into these issues”.

The more things change, the more they stay the same?)

Herald Sun 29 May – “Big squeeze in schools”: in this report about school class sizes the paper says the Victorian Education Department has refused to reveal how many schools have composite classes, but an FOI application has now been lodged for the files.

Australian Financial Review 30 May – “Qantas deal clouds Singapore free trade talks”: this front page story about ongoing negotiations with Singapore includes a letter obtained under FOI written by the former Deputy Prime Minister John Anderson in September 2002 to the Singapore Government indicating positive interest in an ‘open skies’ agreement.

The Daily Telegraph 31 May –“School safety put on notice”: documents disclose inadequacies in occupational health and safety in NSW schools and the results of some prosecutions for breaches.

The Australian 2 June –“Child Support’s security blunders”: an internal audit of the Federal Child Support agency found 405 privacy breaches within the last 9 months – 69 involving sensitive information being given to ex-spouses.

The Australian 2 June also published an editorial “The right to know”. It comments about Federal Government secrecy regarding the amount of revenue generated by the various taxes that apply to superannuation. The editorial – it is the second item on this page – goes on to comment about openness in the Federal Treasury:
“Treasury in particular, suffers from a culture of secrecy. Treasurer Peter Costello has justified this by saying that public servants should be able to provide critical advice without fear that it will enter the public domain. He claims use of the Freedom of Information Act by media groups, particularly The Australian, jeopardises policy development. Indeed, the Treasurer recently defended government secrecy in the High Court in a landmark FOI appeal over documents relating to income tax, with a judgment expected within six months. The Government's secrecy over superannuation taxes reveals the use of power over information for narrow political purposes. A vigorous democracy requires that government is open and accountable. Voters should be empowered to make judgments about government on the basis of its actions, about which there should be full disclosure”.
Sunday Telegraph 4 June- “Rise in prison inmates: staff pay sours“ the State's prison population has swelled by 1100 in the past four years leading to a staff shortage and an overtime bill of $100 million.

As usual links to some articles are not available in free content.

Thursday, June 01, 2006

Snowy Hydro documents - when is debate unnecessary?

There are media reports today that the NSW Government has responded to a Legislative Council resolution requiring the tabling of documents concerning the sale of the Snowy Hydro. On this morning’s ABC radio AM program - see transcript "NSW Greens outraged by withheld Snowy Hydro documents" - discussion focused on the fact that 40 boxes of documents had been tabled but a further 25 boxes of documents had been subject to a privilege claim and only available for inspection by members of Parliament. Greens Upper House Member Sylvia Hale said that the letter accompanying the documents asserted that disclosure would be contrary to the public interest because they could lead to “unnecessary debate”.

I haven’t seen the letter but if this claim is correct, someone somewhere in the system seems to be blissfully unaware that this sort of argument, while frequently claimed, would be unlikely to get a smooth run in any FOI court or tribunal hearing. Its dangerously close to one of the “Howard factors” first adopted in a Federal FOI case 20 years ago – “that confusion and unnecessary debate resulting from disclosure of possibilities considered” would be contrary to the public interest. This “Howard factor” wasn’t argued in the recent landmark NSW Court of Appeal decision in Law Society v WorkCover Authority. But the Court pulled no punches in generally commenting that the Howard factors were a formulaic theoretical list of criteria developed in the pre FOI era of closed government.

The Court said that public interest factors for and against disclosure needed to be weighed with facts required to support assertions. It added there was a strong public interest in access to information held by the government.

As long ago as 1987 a Senate Committee said that this Howard factor implied that the Australian community
"lacks the sophistication to distinguish between a proposal canvassed as an option and a proposal actually adopted…… The Committee records its conclusion that possible confusion and unnecessary debate not be factors to be considered in calculating where the pubic interest lies”
The Australian Law Reform Commission in its 1995 review of the Federal Freedom of Information Act agreed.

The NSW FOI Act in Section 59A states that in considering public interest factors it is irrelevant that disclosure would cause the applicant to misinterpret or misunderstand the information because of an omission from the document or for any other reason.

The Greens have called for an independent legal arbiter to examine the documents.

In debate on the motion in the Legislative Council on 25 May, Minister Della Bosca argued that disclosure of the documents now that investors have been invited to subscribe to shares may raise legal issues and contravene Australian Stock Exchange rules. He failed to persuade the Council on this.

He may have had a point but "contrary to the public interest because it might lead to unnecessary debate" may not have been the best way to seek to protect sensitive information from disclosure.

There have been further developments with claims that some documents may have been destroyed - Treasury says that these were only copies and all relevant documents have been provided.

Privacy resources

There are some good privacy resource materials available at the Privacy Law Library, part of the World Legal Information Institute.

The Australian privacy cases are summaries of NSW ADT cases since 2004 by Anna Johnston of Salinger and Co. and fill the gap that has existed since Privacy NSW ceased to publish its summaries of the cases.

NSW Auditor General adds voice to call for more transparent government contracts

The NSW Auditor General’s report on the Cross City Tunnel was released yesterday and gets wide coverage in today’s papers, particularly the RTA requirement for an upfront fee, and the weight attached to this factor in determining the winning bid.

The report (3.6) also looks at transparency issues particularly around the significant amendment to the contract to add $38 million new work and allow a compensating increase to the toll. The Auditor General comments that the renegotiation took place after the protective structures (probity oversight and evaluation and review panels) had been dismantled. The amendments were not made public until forced by a Parliamentary Committee. The report says that there is still insufficient publicly available information to make sense of what was negotiated.

The Auditor General recommends that contract amendments should receive the same degree of scrutiny as original contracts, and should be publicly available.

Treasury’s response says that it is currently working on revised guidelines for disclosure of contracts which will address contract variations.

Privacy phone in: anonymous calls welcome

The Australian Law Reform Commission has a National Privacy phone in from 9am -5pm from today and tomorrow. Anonymous views, concerns and experiences about privacy protection in Australia are welcome.

Call 1300 6553 418. You can also provide an online comment here.