[Previous] [Next] [Up] [Title]

Division 2--Functions of Commissioner


27 Functions of Commissioner in relation to interferences with privacy

(1) Subject to this Part, the Commissioner has the following functions:

(a) to investigate an act or practice of an agency that may breach an Information Privacy Principle and, where the Commissioner considers it appropriate to do so, to endeavour, by conciliation, to effect a settlement of the matters that gave rise to the investigation;

(aa) to approve privacy codes and variations of approved privacy codes and to revoke those approvals;

(ab) subject to Part V--to investigate an act or practice of an organisation that may be an interference with the privacy of an individual because of section 13A and, if the Commissioner considers it appropriate to do so, to attempt, by conciliation, to effect a settlement of the matters that gave rise to the investigation;

(ac) to perform functions, and exercise powers, conferred on an adjudicator by an approved privacy code under which the Commissioner has been appointed as an independent adjudicator to whom complaints may be made;

(ad) to review the operation of approved privacy codes under section 18BH;

(ae) on application under section 18BI for review of the determination of an adjudicator (other than the Commissioner) in relation to a complaint--to deal with the complaint in accordance with that section;

(b) to examine (with or without a request from a Minister) a proposed enactment that would require or authorise acts or practices of an agency or organisation that might, in the absence of the enactment, be interferences with the privacy of individuals or which may otherwise have any adverse effects on the privacy of individuals and to ensure that any adverse effects of such proposed enactment on the privacy of individuals are minimised;

(c) to undertake research into, and to monitor developments in, data processing and computer technology (including data-matching and data-linkage) to ensure that any adverse effects of such developments on the privacy of individuals are minimised, and to report to the Minister the results of such research and monitoring;

(d) to promote an understanding and acceptance of the Information Privacy Principles and of the objects of those Principles and of the National Privacy Principles;

(e) to prepare, and to publish in such manner as the Commissioner considers appropriate, guidelines for the avoidance of acts or practices of an agency or an organisation that may or might be interferences with the privacy of individuals or which may otherwise have any adverse effects on the privacy of individuals;

(ea) to prepare, and to publish in the way that the Commissioner considers appropriate, guidelines:

(i) to assist organisations to develop privacy codes or to apply approved privacy codes; or

(ii) relating to making and dealing with complaints under approved privacy codes; or

(iii) about matters the Commissioner may consider in deciding whether to approve a privacy code or a variation of an approved privacy code;

(f) to provide (on request or on the Commissioner's own initiative) advice to a Minister, agency or organisation on any matter relevant to the operation of this Act;

(fa) to provide advice to an adjudicator for an approved privacy code on any matter relevant to the operation of this Act or the code, on request by the adjudicator;

(g) to maintain, and to publish annually, a record (to be known as the Personal Information Digest) of the matters set out in records maintained by record-keepers in accordance with clause 3 of Information Privacy Principle 5;

(h) to conduct audits of records of personal information maintained by agencies for the purpose of ascertaining whether the records are maintained according to the Information Privacy Principles;

(j) whenever the Commissioner thinks it necessary, to inform the Minister of action that needs to be taken by an agency in order to achieve compliance by the agency with the Information Privacy Principles;

(k) to examine (with or without a request from a Minister) a proposal for data matching or data linkage that may involve an interference with the privacy of individuals or which may otherwise have any adverse effects on the privacy of individuals and to ensure that any adverse effects of such proposal on the privacy of individuals are minimised;

(m) for the purpose of promoting the protection of individual privacy, to undertake educational programs on the Commissioner's own behalf or in co-operation with other persons or authorities acting on behalf of the Commissioner;

(p) to issue guidelines under the Data-matching Program (Assistance and Tax) Act 1990;

(pa) to issue guidelines under section 135AA of the National Health Act 1953;

(q) to monitor and report on the adequacy of equipment and user safeguards;

(r) may, and if requested to do so, shall make reports and recommendations to the Minister in relation to any matter that concerns the need for or the desirability of legislative or administrative action in the interests of the privacy of individuals;

(s) to do anything incidental or conducive to the performance of any of the Commissioner's other functions.

(1A) To avoid doubt, the Commissioner is not subject to Part V in performing functions, and exercising powers, conferred on an adjudicator by an approved privacy code under which the Commissioner has been appointed as an independent adjudicator to whom complaints may be made.

(2) The Commissioner has power to do all things that are necessary or convenient to be done for or in connection with the performance of his or her functions under subsection (1).

(3) Without limiting subsection (2), the Commissioner may, at the request of an organisation, examine the records of personal information maintained by the organisation, for the purpose of ascertaining whether the records are maintained according to:

(a) an approved privacy code that binds the organisation; or

(b) to the extent (if any) that the organisation is not bound by an approved privacy code--the National Privacy Principles.

28 Functions of Commissioner in relation to tax file numbers

(1) In addition to the functions under sections 27 and 28A, the Commissioner has the following functions in relation to tax file numbers:

(a) to issue guidelines under section 17;

(b) to investigate acts or practices of file number recipients that may breach guidelines issued under section 17;

(c) to investigate acts or practices that may involve unauthorised requests or requirements for the disclosure of tax file numbers;

(d) to examine the records of the Commissioner of Taxation to ensure that:

(i) he or she is not using tax file number information for purposes beyond his or her powers; and

(ii) he or she is taking adequate measures to prevent the unlawful disclosure of the tax file number information that he or she holds;

(e) to conduct audits of records of tax file number information maintained by file number recipients for the purpose of ascertaining whether the records are maintained according to any relevant guidelines issued under section 17;

(f) to evaluate compliance with guidelines issued under section 17;

(g) to provide advice (with or without a request) to file number recipients on their obligations under the Taxation Administration Act 1953 with regard to the confidentiality of tax file number information and on any matter relevant to the operation of this Act;

(h) to monitor the security and accuracy of tax file number information kept by file number recipients;

(j) to do anything incidental or conducive to the performance of any of the preceding functions.

(2) The Commissioner has power to do all things that are necessary or convenient to be done for or in connection with the performance of his or her functions under subsection (1).

28A Functions of Commissioner in relation to credit reporting

(1) In addition to the functions under sections 27 and 28, the Commissioner has the following functions in relation to credit reporting:

(a) to develop the Code of Conduct in consultation with government, commercial, consumer and other relevant bodies and organisations;

(b) to investigate an act or practice of a credit reporting agency or credit provider that may constitute a credit reporting infringement and, where the Commissioner considers it appropriate to do so, to endeavour, by conciliation, to effect a settlement of the matters that gave rise to the investigation;

(c) to promote an understanding and acceptance of:

(i) the Code of Conduct and the provisions of Part IIIA; and

(ii) the objects of those provisions;

(d) to make such determinations as the Commissioner is empowered to make under section 11B or Part IIIA; and

(e) to prepare, and to publish in such manner as the Commissioner considers appropriate, guidelines for the avoidance of acts or practices of a credit reporting agency or credit provider that may or might be interferences with the privacy of individuals;

(f) to provide advice (with or without a request) to a Minister, a credit reporting agency or a credit provider on any matter relevant to the operation of this Act;

(g) to conduct audits of credit information files maintained by credit reporting agencies, and credit reports in the possession, or under the control, of credit providers or credit reporting agencies, for the purpose of ascertaining whether the files or reports are maintained in accordance with the Code of Conduct and the provisions of Part IIIA;

(h) to monitor the security and accuracy of personal information contained in credit information files maintained by credit reporting agencies and in credit reports in the possession, or under the control, of credit providers or credit reporting agencies;

(j) to examine the records of credit reporting agencies and credit providers to ensure that:

(i) credit reporting agencies and credit providers are not using personal information contained in credit information files and credit reports for unauthorised purposes; and

(ii) credit reporting agencies and credit providers are taking adequate measures to prevent the unlawful disclosure of personal information contained in credit information files and credit reports;

(k) for the purpose of promoting the protection of individual privacy, to undertake educational programs on the Commissioner's own behalf or in co-operation with other persons or authorities on the Commissioner's behalf;

(m) to do anything incidental or conducive to the performance of any of the preceding functions.

(2) The Commissioner has power to do all things that are necessary or convenient to be done for or in connection with the performance of his or her functions under subsection (1).

29 Commissioner to have regard to certain matters

In the performance of his or her functions, and the exercise of his or her powers, under this Act, the Commissioner shall:

(a) have due regard for the protection of important human rights and social interests that compete with privacy, including the general desirability of a free flow of information (through the media and otherwise) and the recognition of the right of government and business to achieve their objectives in an efficient way;

(b) take account of:

(i) international obligations accepted by Australia, including those concerning the international technology of communications; and

(ii) developing general international guidelines relevant to the better protection of individual privacy;

(c) ensure that his or her recommendations and guidelines are, within the limitations of the powers of the Commonwealth, capable of acceptance, adaptation and extension throughout Australia; and

(d) ensure that his or her directions and guidelines are consistent with whichever of the following (if any) are relevant:

(i) the Information Privacy Principles;

(ii) the National Privacy Principles;

(iii) the Code of Conduct and Part IIIA.


[Previous] [Next] [Up] [Title]