Treasury gets privacy help over businesses' reporting

The Federal Treasury has issued a tender seeking privacy consultancy services for the government's Special Business Reporting initiative, a scheme to simplify regulated reporting processes for Australian businesses.

The Federal Treasury has issued a tender seeking privacy consultancy services for the government's Special Business Reporting initiative (SBR), a scheme to simplify regulated reporting processes for Australian businesses.

Launched in August last year, the project — a joint initiative between several Federal government agencies including the Department of the Treasury, Australian Tax Office (ATO), and the Australian Securities and Investment Commission (ASIC) — is expected to be fully implemented by 2010. It will feature a system enabling local business software developers to embed requirements from standard government forms into their applications, allowing them to be auto-filled and electronically submitted by businesses when required. A single, secure log-on portal is also likely to be developed as part of the project, permitting businesses to file their reports — regardless of the intended department — through one channel.

As part of the project's development, the Federal Treasury is seeking a consultancy service to address any potential privacy issues as it develops the SBR system, according to SBR program director, Paul Madden.

"At this stage we don't have any specific privacy risks identified, but given that we are creating a new channel for businesses to send information to government we want to ensure we've got it right," he said.

"We're beginning to design the security infrastructure for the system right now, so we want to have a privacy advisor there from this stage forwards to identify the risks and build those into the design," Madden said.

Madden told ZDNet.com.au today that the Department is "being very proactive around the privacy issue" in developing the project, and that the privacy consultant would be expected to report to the Treasury team and its board until the completion of the project in 2010, although not on a permanent or full-time basis.

"We won't employ a full time person or team, but we need to have access to a privacy advisor all the way through, if there are concerns at any stage, or if people are unsure about something we want that person to be there," said Madden, "because at the end of the day if we build in any privacy issues then we'll be answering to the privacy commissioner," he added.

However, executive director of the Cyberspace Law and Policy Centre at the University of New South Wales, Dr David Vaile, believes the recruitment of a privacy consultant could just be a smokescreen.

"Employing a privacy consultant could easily be aimed at trying to work out what the sore spots are — that if put in plain language would trigger the most public concern," said Vaile.

Vaile also raised concerns about the sharing of data between multiple agencies, saying that even though businesses do not share the same legal rights as individuals, the amount of data collated and shared — particularly regarding small businesses — could impinge on personal privacy protections by forming causal links between a business's transactions and individual's finances.

"Restrictions on use are at the core of privacy protection, and the opportunistic sharing of this data is against the spirit of the law," he said.

"The temptation for these agencies may be to use convenience [for the user] as a justification for negating this kind of question, therefore creating approvals to bypass the Privacy Act," said Vaile.