The Victorian privacy commissioner has said that some form of data retention legislation may be acceptable, but only if the necessary safeguards are in place.
Presenting evidence to the Parliamentary Joint Committee on Intelligence and Security, the Acting Victorian Privacy Commissioner Dr Anthony Bendall said that, while it was difficult to commit to anything as details on the proposed legislation were scarce and not even draft legislation had been drafted, a minimalistic data retention bill might be accepted by his office, subject to a number of conditions.
Bendall's conditions effectively bargain for the inclusion of long-delayed privacy reforms, such as the inclusion of mandatory data breach notification laws, as a compromise to having some, however little, data retention policies.
If it was "a fully fleshed proposal, with not just the data retention proposal; but perhaps a regime of safeguards (like offense provisions for misuse) coupled with stronger privacy legislation, [like] having stricter controls and a requirement to inform those affected by data breaches ... I certainly don't rule out ever supporting or ever expressing less concern, I guess, over that proposal," he told the committee.
Bendall made it very clear, however, that he does not support the data retention proposal in its current form at all.
"I do not support any data retention scheme. Data retention schemes and privacy are mutually exclusive," he said in a later statement.
"The paucity of detail on the data retention scheme in the discussion paper, especially around safeguards, is extremely concerning. However, if the Government does decide to implement a data retention scheme, only the minimum amount of data should be retained in order to fulfil national security objectives. Stringent safeguards and oversight must also be a necessary feature of any proposed scheme."
The committee appeared to be receptive to Bendall's bargain, with Senator John Faulkner requesting that Bendall's office make a supplementary submission into what additional safeguards would be required to reduce the privacy commissioner's concerns.
Updated on Wednesday September 5, 2012 at 5.46 p.m. AEST (12.46 a.m. PT): added further statement from the Privacy Commissioner