Roger Clarke's Web-Site


© Xamax Consultancy Pty Ltd,  1995-2018

Roger Clarke's 'Australian Privacy Law'

History of Australian Privacy Law

Emergent Draft of 29 October 2010

Roger Clarke ** [and co-authors?]

© Xamax Consultancy Pty Ltd, 2010

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at

It is one chapter in a study of privacy law in Australia

1. Introduction

New South Wales is a State of c. 800,000 (20% larger than France). It has a population approaching 7 million, almost 75% of whom live in the Newcastle-Sydney-Wollongong conurbation.

NSW was proclaimed as British territory in 1770 by a passing naval officer, Lt James Cook. The first settlement did not occur until 1788. The boundaries of the colony were originally wide and ill-defined, but it gained its current shape in 1859, after a succession of other colonies were carved off from it. It gained self-government in 1855, inheriting the laws of the United Kingdom. It became a State of the Commonwealth of Australia at federation in 1901.

The Parliament of NSW arguably suffers the lowest repute of the nine in Australia, and its government agencies are widely regarded as being large bureaucracies of at best modest competence. Reforms are few, and proceed very slowly.

This paper reviews the history and status of privacy law in Australia's oldest and most populous State, New South Wales (NSW). Separate papers in the series address the Commonwealth, the complex situation in the private sector, Victoria, and the other six smaller States and Territories.

2. The Beginnings - 1972-1989

An Australian, Dr Herbert Vere Evatt, played a significant role in the establishment of the United Nations and in the development and proclamation of UDHR (1948). However, UDHR was merely a statement, and required no action by member-countries. The first real stimulus for action in N.S.W. was Zelman Cowen's ABC Boyer Lecture Series (Cowen 1969). Then, in 1972, Australia signed the ICCPR (although it was not ratified until 1980).

Also in 1972, the N.S.W. Attorney-General, John Madison, took to the Standing Committee of Attorneys-General (SCAG) a proposal that the concerns expressed in Cowen (1969) be investigated. He commissioned a report into the law of privacy by a Professor at the University of Sydney. Concerned about the prospect of the then still-nascent computer industry being strangled, the N.S.W. Branch of the Australian Computer Society actively lobbied the Government in an endeavour to prevent the imposition of excessive or inappropriate regulation.Morison (1973) approached privacy as an interest rather than a moral or legal right. He noted that such privacy protections as currently existed were incidental rather than intentional, but concluded that further study and experience were needed before any substantive legal protections were enacted. To achieve this, he recommended the establishment of a permanent Committee and staff, with responsibilities to undertake research and handle complaints.The Morison report appears to have had no impact on other members of SCAG. In N.S.W., however, it resulted in the Privacy Committee Act 1975 (NSW). This created a complaints-investigation and research organisation of broad scope. Its work is evident in its Annual Reports (NSWPC 1975-99), and a long series of research reports and information brochures. An early contribution was a set of information privacy principles designed to provide guidance to organisations using computers (NSWPC 1977). Very few of the publications of the Committee are accessible on the Web, and it is unclear what documents, if any, are held in libraries.

3. 1990-1999

During 1990, a scandal arose concerning unauthorised access to records of the Department of Social Security, N.S.W. motor driver licensing, and the Health Insurance Commission. A long-running enquiry was held by the N.S.W. Independent Commission Against Corruption (ICAC 1992. See also Clarke 1992c). This disclosed that serious abuses were occurring, some on a routinised basis, and with tacit approval from and participation of public servants.

The N.S.W. Privacy and Data Protection Bill 1994 was introduced. It was heavily criticised (e.g. Greenleaf 1994b, Greenleaf 1994c). It was referred to a Parliamentary Committee, and never heard of again.

WHAT WAS THE BACKGROUND TO THE Listening Devices Act 1994 ?

In early 1996, the Privacy and Data Protection Bill 1996 was announced (Greenleaf 1996b). This extended to the naming of the Privacy Commissioner-designate (Chris Puplick, previously a Liberal Senator, and long involved with civil rights matters, and for many years the N.S.W. Anti-Discrimination Commissioner).

Changes in NSW law commonly move with glacial speed. Over 2 years later, on 17 September 1998, a Bill was tabled in the Legislative Council. A Privacy Commissioner was to replace the long-standing Privacy Committee. The Commissioner would continue to exercise the same kind of investigative and reporting functions as the Committee. In addition, however, the Bill contained a set of information protection principles that would apply to public sector agencies and to IT outsourcing providers, but otherwise not to the private sector. Agencies would be able to develop privacy codes with input from the Privacy Commissioner, in order to vary the principles. There were also provisions for restricting disclosure of personal information from public registers. There was a very wide range of exemptions to the principles.

The Bill also implemented recommendations of the Independent Commission against Corruption's 'Report on Unauthorised Release of Government Information' (ICAC 1992) to penalise corrupt disclosure and trade in personal information held in the public sector.

The Second Reading Speech (Hansard, 17 September 1998, pp. 7598-7601) contained a recitation of the arguments why privacy protection is so important. Unfortunately, analysis of the Bill showed that it to be so completely riven with exemptions as to be worthless. It was decribed as a 'betrayal' by the Australian Privacy Foundation [APF980928.html - LOST DOCUMENT!] and was even attacked by the Privacy Commissioner-designate (AFR 1998) [BROKEN LINK - ]

The Bill was briefly debated and negotiated in the upper house, the Legislative Council (where the Attorney-General had his seat), and then in the lower house, the Legislative Assembly, with agreed amendments passed by the Legislative Council. Its passage occurred in the shadows of Parliament rising for Christmas, with the place in uproar over the Treasurer being banned indefinitely by the upper house (which was not controlled by the Government), and with an election due in early 1999. The Bill was assented to on 1 December 1998.

The Privacy And Personal Information Protection Act regulates (some of) the N.S.W. public sector. It embodies a set of Information Protection Principles in ss. 8-19. It created a Privacy Commissioner, but the appointee retained his full-time job as Anti-Discrimination Commissioner, and was paid an additional 6% increment on his salary to perform the privacy function. The Act created an Office with a small staff, but within the Department of Justice, called Privacy NSW.

The original document was quite possibly the worst Government Bill ever submitted to any Parliament anywhere in the world. Even after some improvements were made, the Act is seriously deficient in a range of respects (Greenleaf 1999), and is perhaps the least privacy-protective of such statutes anywhere in the world, and the Commissioner very probably the weakest.

In addition, the Workplace Video Surveillance Act 1998 was passed, in July 1998. This was a more reasonably balanced statute than long-time observers were used to seeing emanate from N.S.W. Governments.

3. 2000-09

A N.S.W. Health Records and Information Privacy Act was passed in 2002. It affects both public and private sector organisations active in the N.S.W. health care sector. The health sector is complex; but the primary effect of the Act is to authorise a wide range of exceptions and exceptions to the Principles that would otherwise apply.

During the decade following its creation, the Commission was ignored by successive Governments and starved of resources. It has had very limited impact on privacy-invasive practices in the N.S.W. public or private sectors. The Premier, Bob Carr, ran a long vendetta against the first Privacy Commissioner, and utilised a misdemeanour to gain his resignation in 2003. The Government attempted to absorb Privacy NSW into the Ombudsman's Office (YEARS?, REFS?).

During 2003 to 2008, a Privacy Commissioner withouth prior experience in the area was appointed, John Dickie (previously Commonwealth Chief Censor). He was, moreover, placed on successive short-term contracts, and was limited to 1 paid day per week. In 2008, a 5-year appointment was made, but the appointee had limited background in privacy, and resigned due to ill-health and pressure of other work in late 2009. The role was filled on a temporary basis through 2010.

Despite the permissive nature of the Health Records and Information Privacy Act, it was inconvenient to the conduct of a major trial of electronic health records in the Hunter Valley called HealtheLink so the government simply suspended the inconvenient principle. (YEAR? REFS?)

The Workplace Surveillance Act 2005 replaced the Workplace Video Surveillance Act 1998 - NEEDS SOME KIND OF EVALUATION

A Surveillance Devices Act was passed in 200x (and the Listening Devices Act 1994 was rescinded?). That was replaced by the Surveillance Devices Act 2007 - NEEDS SOME KIND OF EVALUATION OF THAT LEGISLATION

4. 2010-

With effect from 2010, the Government Information (Public Access) Act 2009 substantially upgraded the freedom of information process in NSW, and created the Office of the Information Commissioner. The first Information Commissioner, Deirdre O'Donnell, was appointed in May 2010.

Later in 2010, the Privacy and Government Information Legislation Amendment Act 2010 was enacted, to bring the Privacy and Information Commissioners together within the Information and Privacy Commission (IPC), and make consequential amendments to the two Commissioners' governing statutes.

The two groups were at this stage co-located. The Privacy group appeared to comprise 5 staff, and the senior staff-member was continuing to act as Privacy Commissioner. An advertisement for Expressions of Interest in appointment as NSW Privacy Commissioner appeared in the press in October 2010. The position was advertised on an unspecified part-time basis. The Information Commissioner, on the other hand, was full-time and had funding for 20 staff.

5. Conclusions


Relevant laws are identified in APF (2010).



See the consolidated reference list for the complete series of papers.



Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Department of Computer Science at the Australian National University.

xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.

Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 7 August 2010 - Last Amended: 29 October 2010 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2017   -    Privacy Policy