Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
Today we’re issuing a policy on giving “Advisory Opinions”. For agencies unsure of what they can and can’t do with personal information under the Privacy Act, we might be prepared to commit, in advance, to advising how we’d look at the issue.
We’re issuing this policy because certainty is a fundamental element of the rule of law. I will have learned of the concept in law school from some dusty old case which I now can’t remember, but the advent of Wikipedia in the intervening years has taken the hard work out of research, offering this pithy summary of the concept:
Legal certainty … "requires that all law be sufficiently precise to allow the person - if need be, with appropriate advice - to foresee, to a degree that is reasonable in the circumstances, the consequences which a given action may entail"
Certainty and privacy
The Privacy Act provides certainty in many areas, but generally takes a principles-based approach. This is a strength of the Act – it’s flexible and technology neutral in the face of constant change, rather than using a rules based approach that quickly goes out of date. But this means that the principles need to be applied to a particular set of facts.
Different organisations react to this in different ways. Some see the Privacy Act as enabling, and providing wide scope for agencies to regulate their own personal information management practices. Others revert to a “black letter” conservative approach, concerned at the risk of getting it wrong. Sometimes those very conservative approaches serve their business purposes well enough, but can seem puzzling or frustrating to customers or other stakeholders. Everyone has a tale of not being able to find out what’s owing on the electricity account because the account is in the spouse’s name.
Occasionally a very “locked down” approach to personal information might not even be in the interests of the individuals concerned, even though it is in the name of protecting their privacy.
Advisory opinions will help agencies manage these situations. By giving guidance based on the facts of a specific situation, we hope to give agencies the certainty and reassurance they need to both serve their customers and protect individual privacy.
The policy
Here’s the policy. We’ll run it for a while, and then evaluate it. All the opinions will be available for everyone to see, and will be limited to their facts.
This isn’t going to help you completely avoid legal risk (I can’t bind the courts or the Human Rights Review Tribunal after all), but you’ll at least know in advance what I think of what you are proposing.
We can’t make all your decisions for you, but we might be able to help you proceed with a little more confidence.
Image credit: Paige Stannard via Flickr
Back