People in South Australia need real answers and real responses to yet another data breach. The SA Ambulance Service has disclosed that the personal details of 28,000 patients have been stolen. Those details include people’s name, date of birth, age, address, and in some cases, their pension number and health notes. Juanita Fernando, chair of the Australian Privacy Foundation’s (APF’s) Health Committee said, “That’s prime fodder for identity theft and something we all need to take seriously.” The Ambulance Service says the data was on a storage device that was stolen from a consultancy firm in July. The consultants had apparently held the data since the early 2000s.

The Victorian Government’s Health Legislation Amendment (Information Sharing) Bill 2021 was rushed through its first parliamentary vote on 14 October 2021, raising many unanswered questions for patients and health care professionals in that state. Put plainly, this legislation allows agents of the Victorian Government a complete record of every Victorian person’s most sensitive and private information. The powers embodied in the Bill are unprecedented. Why does the Victorian Government need to harvest and store such a rich database of patient information?

This week the federal government announced proposed legislation to develop an online privacy code (or “OP Code”) setting tougher privacy standards for Facebook, Google, Amazon and many other online platforms. These companies collect and use vast amounts of consumers’ personal data, much of it without their knowledge or real consent, and the code is intended to guard against privacy harms from these practices. The higher standards would be backed by increased penalties for interference with privacy under the Privacy Act and greater enforcement powers for the federal privacy commissioner. However, relevant companies are likely to try to avoid obligations under the OP Code by drawing out the process for drafting and registering the code. They are also likely to try to exclude themselves from the code’s coverage, and argue about the definition of “personal information”.

On 25 October the Attorney General’s Department released its long awaited Privacy Act Review Discussion paper (the “Paper”). It is far from comprehensive. It avoids making recommendations about a statutory tort of privacy. Rather it continues the continual policy loop as governments of every persuasion push this issue into further review, then consultation then bury it in a report and then hope it goes away until it is recommended or otherwise finds itself before the Government. It has been a hugely expensive, time intensive waste of time.

The federal government has been asking the public for feedback on proposed legislation to create a “trusted digital identity” system. The aim is for Australians to use it to prove their identity when accessing public services. But what will a national digital identity system actually involve, who will it serve, and if we need it, how should it be implemented?

The Australian Information Commissioner has issued a very significant determination resulting from a Commissioner initiated investigation into 7-Eleven, where she found that the company had breached Australian Privacy Principle (APP) 3 and 5 of the Privacy Act 1988.