Attorney-General open to privacy changes

In a review of the private sector provisions within the1988 Privacy Act, Privacy Commissioner Karen Curtis said dramatic "changes" in technology has had an impact on the way personal information is "collected, tracked, connected and disclosed".

She was refering to the use of new and emerging technologies such as Global Positioning System (GPS), Voice over IP (voIP), Electronic Number Mapping (ENUM), Radio Frequency Identification (RFID) and biometrics.

"This may be unprotected by telecommunications legislation that has regulated telephone numbers in a more conventional environment," she said.

Most businesses are regulated under the National Privacy Principles (NPP) code -- which is part of the Privacy Act. Attorney-General Philip Ruddock said while the NPP has worked well to protect the privacy of Australians, "the existing regime could be improved".

"The Attorney-General acknowledges that new technologies present new challenges for the way we protect personal information.

"In light of those technological developments, we appreciate the fact this issue has been subject to a number of recommendations. [New technology] is one particular area we will be looking at," a spokesperson for Ruddock told ZDNet Australia.

The Australian Communication Authority (ACA) agreed that given the rapid rate of technological advancement, there is "a need to periodically review the adequacy of the NPPs".

However, the Australian Business and Specialist Publishers said that new technology doesn't necessarily equate to privacy infringement and that "there should be no change until there is a proven problem".

Optus, on the other hand, said that although it supports technological neutrality, "there are new and emerging technologies such as VoIP and IP and location-based services that may provide new challenges for the protection of Australian consumer information because the functionality that these services provide is more invasive."

In the case of VoIP, the telco said the public can access voice services from a provider that has no presence in Australia. It's concerned that neither the Privacy Act nor the Telecommunications Act will cover foreign VoIP providers.

In the review, Optus recommended that the government consider discussing -- through international forums -- how to deal with major jurisdictional issues arising from the global reach of new technologies such as VoIP.

As for GPS and RFID, the ACA argued that the current Privacy Act "does not clearly establish consumer control over location information and challenges assumptions about how privacy and personal information inter-relate."

"Unless the individual controls the context in which the information is released, a business making an unsolicited locational approach will have a high probability of being inappropriate, intrusive and quite possibly offensive," the ACA said in the report.

Mobile commerce was also discussed as a possible privacy challenge given its ability to relay "sensitive financial information such as credit card details" that may be sent as unencrypted text messages.

The ACA suggested that the NPP should be amened to state that service providers should ensure their payment mechanisms should protect the personal information of consumers.

Curtis' office undertook extensive consultation with community groups and received written submissions from 128 interested parties ranging from major businesses and industry groups, stakeholders, Australian government agencies, law enforcement agencies and other regulators.