MEDIA RELEASE: Does privacy matter less if your data is breached by your State Government?

APF says NO! Go NSW!

The Australian Privacy Foundation (APF) advocates for the privacy of all Australians, whether from Dubbo, Darlinghurst, Dapto or Darwin. While we often have to draw critical attention to privacy problems, we like to give credit where it’s due: NSW parliament is contemplating a positive step that others should follow.

State and Territory governments collect vast amounts of information about people, much of it by compulsion. You need to provide personal information for the electoral roll, driver and boat registration, to run a cafe or small business, and many other purposes. You also need to provide information – no choice – if you are a government employee.

We expect government agencies to take great care with this information about us, but sometimes they don’t. Some are careless, and don’t bother to erase payroll and other data from devices sold to the public. Some leave sensitive files lying around. What happens when there is a breach?

A valuable new law has been introduced into NSW parliament, the Privacy and Personal Information Protection Amendment (Notification of Serious Violations of Privacy by Public Sector Agencies) Bill 2017. It would force NSW public agencies to report data breaches to you, if you are affected, and to the NSW Privacy Commissioner, within 15 days of a serious breach. This would give you a chance to take protect yourself from the consequences, and make it harder for breaches to be swept under the carpet and ignored. Ministers and officials would need to take responsibility. If you were affected by the breach, you’d be in a better position to protect yourself, for example being alert to identity theft, or changing passwords.

This new NSW Bill goes beyond a similar Commonwealth Act – fewer loopholes and more urgency – and should be welcomed by everyone who cares about personal information protection.

APF also calls on the other state governments to enact similar laws: people outside NSW need and deserve this ‘mandatory data breach notification’ protection, which is now common in states and provinces in other countries.

The Foundation also calls on Western Australia and South Australia, which don’t even have any privacy act to start with, to urgently enact a law that deals with information privacy in those states. NSW, Victoria and Queensland have had this sort of law for many years, helping build trust in their data handling regimes. It is amazing that WA and SA still haven’t drafted the necessary law … it’s not difficult or expensive, but it’s increasingly necessary. Now’s the time to fix – don’t let a few hours’ time lag keep you in the past!

Media contacts:
David Vaile 0414 731 249
Kat Lane 0447 620 694