Office of Regulation Review (ORR) Submission regarding the Attorney General s Discussion Paper on Privacy protection in the private sector



Similar documents
The Guidelines aim to provide assistance for agencies and Ministers in developing and implementing regulation in Western Australia.

COUNCIL OF AUSTRALIAN GOVERNMENTS

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

QUICK REFERENCE BEst PRaCtICE REgUlatIoN HaNdBooK

005ASubmission to the Serious Data Breach Notification Consultation

The establishment of the NHVR and the development of the NHVL is expected to bring the following benefits:

Regulation of Insolvency Practitioners

Submission on the Proposal for a National Energy Consumer Advocacy Body

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).

BEST PRACTICE GUIDE FOR PREPARING REGULATORY IMPACT STATEMENTS

Response from the Department of Treasury, Western Australia, to the Productivity Commission s Draft Report Regulatory Impact Analysis: Benchmarking

Australian Government response to the Joint Standing Committee on Migration report:

Supplementary Policy on Data Breach Notification Legislation

The performance of the Australian Securities and Investments Commission Submission 202

Privacy and Cloud Computing for Australian Government Agencies

COMMONWEALTH GOVERNMENT RESPONSE TO THE PRODUCTIVITY COMMISSION INQUIRY: THE MARKET FOR RETAIL TENANCY LEASES IN AUSTRALIA

Submission to the Energy Market Reform Working Group Consultation on regulatory implications of New Products and Services in the Electricity Market

European Privacy Reporter

Legislative and Governance Forum on Food Regulation (convening as the Australia and New Zealand Food Regulation Ministerial Council)

Reporting of Taxable Payments to Contractors in the Building and Construction Industry. Consultation Paper

Plumbing and Drainage Regulation 2012

Submission to Standing Senate Committee on the Environment, Communications and the Arts on the adequacy of protections for the privacy of Australians

How To Write A Listing Policy For A Species At Risk Act

Financial Adviser Regulations Discretionary Investment Management Services and Custody

Submission to the Department of Environment Regulation s Draft Guidance Statement on Regulatory Principles December 2014

Request for feedback and comments scoping study for a national not-for-profit regulator

How To Change The Rules Of Financial Industry Regulation

Statement. on the. Kenya Communications (Broadcasting) Regulations, February 2010

Submission to the Australian Communications and Media Authority on Proposed revisions to the Telecommunications (Do Not Call Register) (Telemarketing

HIPAA Employee Training Guide. Revision Date: April 11, 2015

UK - legal overview by John Hagan and Melanie Ellis

FINANCIAL ADVISERS REGULATION: VOLUNTARY AUTHORISATION

Social Services Portfolio (Department of Human Services) Annual Deregulation Report 2014

Regulation and the direct marketing industry

FINANCIAL SERVICE PROVIDERS (REGISTRATION) REGULATIONS

Small Business Superannuation Clearing House

Data Protection Working Group. Final Report on the Draft Data Protection Bill

BEST PRACTICE CONSULTATION

Governance working group

Presiding Commissioner Regulatory Burdens: Social and Economic Infrastructure Services Productivity Commission GPO Box 1428 Canberra City ACT 2601

The Netherlands response to the public consultation on the revision of the European Commission s Impact Assessment guidelines

Please find attached NCVER s detailed response to the Regulatory Impact Statement for Total VET Activity.

The Coalition s Policy to Help Problem Gamblers

Note that the following document is copyright, details of which are provided on the next page.

Competition Policy Review. SUBMISSION by the OFFICE OF THE AUSTRALIAN SMALL BUSINESS COMMISSIONER

STATES OF JERSEY REVIEW OF THE DRAFT CHARITIES (JERSEY) LAW (S.R.7/2014): RESPONSE OF THE CHIEF MINISTER STATES GREFFE

Option 1 would result a continuation of the status quo whereby the 2001/2004 Industrial Relations Acts had become inoperable.

Audit Results by Transport Sector

sections 201 and 206 of the Public Health Law and sections 363-a and 365-a(2) of the Social

RE: Federal Election Commission (FEC) and State Regulation of Online Political Advertising

Cyber-safety for Senior Australians. Inquiry Submission

Patrick Fair Partner, ITC and Data Security Specialist Baker & McKenzie. Developments in Security Regulation

FORC QUARTERLY JOURNAL OF INSURANCE LAW AND REGULATION

Draft Australian Privacy Principles (APP) Guidelines first tranche

Council of Australian Governments

The general insurance industry in Australia

Some Text Here. Policy Overview. Regulation Impact Statement for Early Childhood Education and Care Quality Reforms. July 2009

MUTUAL RECOGNITION ARRANGEMENT

ICMA Private Wealth Management Charter of Quality

Future of Financial Advice: Best interests duty and related obligations

Financial Services Industry - Pros and Cons of the PJC Model

AUSTRALIAN DIRECT MARKETING ASSOCIATION SUBMISSION PRODUCTIVITY COMMISSION DRAFT RESEARCH REPORT

Clearing Up the Confusion Over a Retirement Plan Advisor s Fiduciary Status

INSURANCE BROKERS ASSOCIATION OF CANADA

Ai GROUP SUBMISSION 14 AUGUST Ai Group Submission on Regulator Engagement with Small Business

Protective Marking Standard Implementation Guide for the Australian Government

IN CONFIDENCE. Regulatory Impact Analysis Requirements: New Guidance

NSW Data & Information Custodianship Policy. June 2013 v1.0

AER Submission. Competition Policy Review Draft Report

EXTENDING UNFAIR CONTRACT TERM PROTECTIONS TO SMALL BUSINESS EXPOSURE DRAFT LEGISLATION

Council of Financial Regulators: Review of Financial Market Infrastructure Regulation

AISA Position Statement: Mandatory Data Breach Notification in Australia

Independent Pricing and Regulatory Tribunal. Customer engagement on prices for monopoly services

PRINCIPLES FOR ACCESSING AND USING PUBLICLY-FUNDED DATA FOR HEALTH RESEARCH

Senate Inquiry into Australia s Innovation System

When an application is received by the department, we will: See page 3 for information about access charges; See pages 5-6 for the timeframes.

Guidelines for Foreign Companies that wish to. operate Employee Stock Compensation Plans. in Trinidad and Tobago

Statement of Community Involvement (SCI) March 2016

Regulation Impact Statement

National Consumer Credit Protection Amendment (Credit Reform Phase 2) Bill 2012

Governance Document Management Framework

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner

Building Code 2013 Supporting Guidelines for Commonwealth Funding Entities

Not an Official Translation On Procedure of Coming into Effect of the Law of Ukraine On State Regulation of the Securities Market in Ukraine

Integrated Assurance & Approval Strategy and Integrated Assurance & Approval Plans

Data Breach Notifications. Submission by the Australian Communications Consumer Action Network to the Attorney General s Department

6. Supporting the financial services industry and looking to the future

Licensing Options for Internet Service Providers June 23, 2001 Updated September 25, 2002

Guide to inquiries into disputes about bulk interconnection services

RISK MANAGEMENT FOR PRIVATE HEALTH INSURERS. Consultation Paper. January 2013

Accreditation under the Health Practitioner Regulation National Law Act 1 (the National Law)

COMMUNICATIONS ALLIANCE LTD DOCUMENT MAINTENANCE POLICY AND PROCESS

Review of PIRSA s Cost Recovery Policy and practices, including their application to the Fisheries and Aquaculture Industries Primary Industries and

NOAA PERFORMANCE MANAGEMENT PROGRAM

PRIME MINISTER A NEW MEDICAL INDEMNITY INSURANCE FRAMEWORK

nonprofit alert AUTHORS: Lisa M. Hix Susan E. Golden

Submission in response to the Life Insurance and Advice Working Group Interim Report on Retail Life Insurance

Submission to the Essential Services Commission. Modernising Victoria s Energy Licence Framework Issues Paper

Chapter 7: Australian Privacy Principle 7 Direct marketing

New Child Development Legislation, Legislation reform Discussion Paper No. 5 Submission from the AISSA

Transcription:

Office of Regulation Review (ORR) Submission regarding the Attorney General s Discussion Paper on Privacy protection in the private sector The Office of Regulation Review (ORR) located within the Industry (Productivity) Commission provides advice on the Commonwealth Government s regulation review policy: it reviews new regulations; and monitors the progress and participates in programs for the reform of existing regulations. The ORR also advises Cabinet on regulatory proposals affecting business, liaises with departments and agencies in the development of regulations, and comments publicly on regulatory issues. The proposal to extend the scope of privacy protection would affect a very wide range of businesses. Because the direct marketing industry would be particularly affected, this submission focuses on that industry. However, the general points made have broader application. This submission by the ORR addresses three matters: the importance of using a Regulation Impact Statement (RIS) to justify regulations that impact upon the direct marketing industry; avoiding unnecessary regulatory overlap on the direct marketing industry; and ensuring that regulations which impact upon business are created after adequate consultation with stakeholders. 1 The importance of using RISs to justify regulations that impact upon the direct marketing industry RIS type guidelines are currently being used by the Commonwealth government to promote regulation review through a variety of processes: the terms of reference for all legislative reviews under the Competition Principles Agreement must include the principal elements of a RIS; all Cabinet submissions involving new or amended business legislation must be accompanied by either a RIS in the form of an attachment or a statement that a waiver has been given by the ORR; whilst the guidelines for preparing RISs have to date applied only when agencies seek Cabinet approval for new or amended regulations, it is anticipated that their essential elements will apply more broadly in the future. The Legislative Instruments Bill 1996 provides for similar tests to be certified by the ORR which agencies would have to apply to a wide range of legislation including subordinate regulation; and under the Principles and Guidelines for National Standard Setting and Regulatory Action, adopted by the Council of Australian Governments in

April 1995, Ministerial Councils and National Standard Setting Bodies must now prepare a RIS for new standards. RISs improve decision-making by regulators The use of RISs in the above processes is designed to improve the quality of existing and new regulations, by ensuring that consistent and rigorous regulation making and review processes are implemented by institutions making regulations. RIS guidelines ensure that before a proposed regulation is adopted, the problem to be addressed is properly specified, and that its impact and associated costs and benefits are considered. In addition, it provides a framework within which to explore alternative methods of achieving the objective for which the regulation was designed. Changes to the Privacy Act will need a RIS attached. The proposed changes to the Privacy Act 1988 are likely to require a submission to Cabinet to amend the primary legislation. The Cabinet Handbook requires that such proposals which impact upon business be referred at the earliest opportunity to the ORR, and must be accompanied by a RIS. To assist this process, and to improve decision-making, the ORR believes this review should adopt the RIS framework from the outset. A copy of the Commonwealth's RIS guidelines (attached) will assist the Attorney General s Department in adopting a RIS framework for its proposal to extend Information Protection Principles (IPPs) to the private sector. The ORR consistent with its role in regulation review and reform is willing to provide assistance and advice in preparing this RIS. The costs and benefits of amending the Privacy Act The RIS approach includes assessing the costs and benefits of amending the Privacy Act as well as examining the efficacy of alternative regulatory and nonregulatory methods of achieving the desired privacy outcome. For example, the current proposal will impose costs upon businesses and consumers. Costs to business could include: an increase in the regulatory compliance burden on business; and a decrease in revenue from restrictions on business (ie. direct marketing activities etc). The costs to consumers could include: less information about products; and less choice from fewer products being marketed. These costs should be balanced against the benefits which enhanced privacy protection may provide to the community. 2

Alternatives to amending the Privacy Act Possible alternatives to extending the application of the Privacy Act to direct marketers could include: using existing laws such as the Trade Practices Act 1974 and the various Fair Trading Acts in each state to extend privacy regulation to the private sector; negative licensing methods whereby direct marketers are free to solicit and disseminate information, but if they fail to exercise due diligence, they will then be required to comply with minimum licence requirements, which may embody the IPPs; self regulation and enforced self regulation which enables the direct marketing industry to develop its own Codes of Practice. Under the current proposal, power to issue Codes resides with the Privacy Commissioner; information strategies to alert consumers to the potential implications of divulging information to direct marketers; and the viability of using opt out principles as opposed to the opt in principles in IPPs 10 and 11. The ability of regulatory and non regulatory mechanisms to mitigate particular market failures is further discussed in the ORR s Annual Report, Regulation and Its Review 1994 95, pp. 11-28 (copy enclosed). 2 Avoiding unnecessary regulatory overlap on the direct marketing industry To achieve an optimal regulatory environment for the direct marketing industry, it is important to avoid unnecessary regulatory overlap. There appears to be scope for unnecessary duplication in regulations designed to protect privacy. For example, direct marketers are regulated by the Trade Practices Act 1974 and the Fair Trading Acts in each state. In addition, the ORR notes that the Australian Competition and Consumer Commission (ACCC) is proposing a voluntary Code on distance selling. As many direct marketers also engage in distance selling, there is a potential for regulatory overlap between the Discussion Paper s co-regulatory approach of combining IPPs and Codes of Practice issued by the Privacy Commissioner, and the ACCC s voluntary Code. 3 Regulations which impact on business should be formed after consultation with stakeholders Independent oversight is necessary to ensure adequate consultation occurs in the development of Codes of Practice. The Discussion Paper outlines consultation procedures which the Privacy Commissioner must follow in developing Codes of Practice. However, there 3

appears to be no provision for independent oversight to ensure compliance with these procedures. The ORR considers that independent oversight is necessary to ensure that the Commissioner engages in the appropriate level of consultation when developing Codes. Furthermore, the ORR notes that in urgent cases, stakeholders need not be consulted prior to a Code being issued. This proposal should clearly state the circumstances in which an urgent need for a Code of Practice may arise, rather than leaving it to the discretion of the Privacy Commissioner. Alternatively, these issues could be resolved in part by explicit reference to the provisions of the Legislative Instruments Bill 1996. As Codes of Practice will be of a legislative character, having a significant impact upon business (ie. direct marketers), they are likely to come under the auspices of Part 3 of the Bill. Once the Bill is proclaimed, their formulation will require the preparation of a legislative instruments proposal and consultation with stakeholders. Guidelines should be subject to a RIS analysis before promulgation While Codes of Practice will need to comply with the Legislative Instruments Bill, guidelines issued by the Privacy Commissioner are likely to be exempt from Part 3 requirements, as they will not be of a legislative character. Although the guidelines will not be mandatory, the extensive powers of the Commissioner to investigate compliance with them and the ensuing costs to businesses, will mean that they are not strictly voluntary. Indeed, the guidelines may become quasi regulations. The Small Business Deregulation Task Force's report to the Prime Minister defines quasi regulations as:...rules or instruments for which there is a reasonable expectation of compliance but which do not have the full force of law. 1 According to Recommendation 57 of that report:...proposals to introduce quasi-regulations [should] be subject to cost benefit analysis, for instance in the form of a regulation impact statement, and there be independent review processes built into quasi regulations to ensure they remain effective and efficient. At present, only the Commissioner is able to issue guidelines, and consultation with industry does not necessarily have to occur. Furthermore, the Discussion Paper makes no provision for the review of guidelines in the future. The Government is currently considering the recommendations of the Task Force. Nevertheless, the ORR considers that if guidelines are to be made for particular issues such as telemarketing and optical surveillance affected industry participants should be consulted, and alternative ways of achieving the goals of the guidelines ought to be explored. In particular, industry self-regulation should be considered where relevant, in line with Recommendation 61 of the Taskforce that: 1 Time for Business, Report of the Small Business Deregulation Task Force, November, 1996. 4

...[g]overnments should consider industry self-regulation as one of the first regulatory options... The introduction of the above processes will improve the quality of privacy regulations. They will help remove unnecessary regulatory burdens upon business, and will allow the costs of proposed guidelines to be judged against the benefits of improved privacy which they might provide. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information