NSW Privacy Commissioner Doctor Elizabeth Coombs has called for amendments to be made to the state's Privacy and Personal Information Protection (PIPP) Act from 1998 to bring it in line with 21st Century privacy concerns.
A report (PDF) was tabled in state parliament which outlined a number of recommendations.
- The PPIP Act to be amended to provide mandatory notification of serious breaches of an individual’s privacy by a public sector agency.
- Access to and amendment of personal information to be governed solely by the PIPP Act and access to non-personal government information to be governed by the Government Information Public Access (GIPA) Act
- All NSW state owned corporations should be covered by privacy legislation
- Principle of anonymity and pseudonymity where lawful and practicable
- Coombs to prepare guidance for agencies on the use of surveillance technologies such as CCTV
- The PPIP to include privacy by design
- ISO/IEC 27018 standard covering privacy, security and cloud services to be considered for inclusion in the NSW government’s information security management systems policy
- A Code of Practice to be developed to enable information sharing for planning and policy analysis purposes between agencies.
Commenting on the report, Coombs said that some amendments to the PPIP Act would better protect the privacy of individuals in NSW and the operation of public sector agencies.
“A key legislative gap is the lack of protection for the personal information of NSW citizens when their information is transferred out of NSW by public sector agencies,” she said.
“Issues requiring attention include inconsistent privacy protection for customers of state owned corporations, aligning NSW and Commonwealth privacy legislation, embedding privacy protection within customer services and ensuring public sector agencies are accountable for their management of the privacy and personal information of NSW citizens.”
Follow Hamish Barwick on Twitter: @HamishBarwickRead more: Vic govt push to streamline service delivery