Subscribe to CIO Magazine »

OAIC should have more power: Cyberspace Law and Policy Centre

The centre claims the OAIC should be able to enforce decisions and impose fines on ISPs and those who breach internet users’ privacy

The UNSW Cyberspace Law and Policy Centre has called on the Federal Government to expand the Office of the Information Commissioner’s (OAIC) powers to better protect personal information and privacy online.

Speaking at a Joint Select Committee on Cybersafety, the centre’s executive director, David Vaille, said the Cybercrime Legislation Amendment Bill 2011 should not continue without fixing the deficits within the jurisdiction of the OAIC.

“Providing safe guards for Australian internet users, particularly about the enforceability of decisions and the power to impose fines on ISPs and others where there are unwarranted and unauthorised breaches of an internet users’ privacy, without that and a number of other protections, even a revised version of the bill would not be suitable,” Vaille said.

According to Vaille, research from “a number of people in the field” pointed to a range of deficiencies in Australian privacy laws that could not be fixed by only a minor extension of the OAIC’s jurisdiction.

“This bill should not go ahead without the introduction of some sort of robust, statutory protection for privacy.”

The centre’s research associate, Chris Connolly, said the Australian Law Reform Commission had previously reviewed privacy laws within Australia and had also made recommendations to strengthen the powers of the OAIC.

He said within the last 10 years, from the time privacy provisions were extended to the private sector, only one termination has been made by the Privacy Commissioner and was the result of a class action by consumers.

“No organisation has been named as in breach of the Privacy Act as a result of a complaint and this compares unfavourably with sectors such as the regulation of telecommunications, financial services, activities of regulators like ACMA [the Australian Communications and Media Authority] where organisations are named fairly regularly as in breach of legislation,” Connolly said.

“We believe there’s a strong body of evidence and a good 10 year history showing that the conciliation approach, which would be that the privacy commissioner remains unusual in the regulatory sphere, really doesn’t provide any motivation to comply with privacy laws.”

Dual criminality

Connolly expressed a major concern at the Bill’s failure to address the issue of dual criminality – by which any criminal offence that is the subject of mutual assistance should be considered an offence both in Australia and the target country.

“That’s the core part of our test of whether or not the bill is acceptable, whether or not there is a clear unambiguous requirement for dual criminality,” he said.

“We’re unclear whether it’s the intention of drafters or a drafting error but normally what you would expect to see in a Bill of this type implementing a convention, is a specific decision by the legislator to act on the recommendation in the convention that countries can choose to impose a dual criminality requirement for all of the subsequent cooperation arrangements such as data preservation notices, mutual assistance and so on. There is no dual criminality requirement in the bill there’s nothing set out at all.”

Follow Chloe Herrick on Twitter: @chloe_CW

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Bill, Federal Government, UNSW
References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Office of the Information Commissioner, cyber crime, Cyberspace Law and Policy Centre, privacy, Cybercrime Legislation Amendment Bill 2011
Latest Blog Posts
  • CISO 2013 Security Insights: A new standard for security leaders
    Insights from the 2013 IBM Chief Information Security Officer Assessment which uncovered a set of leading business, technology and measurement practices that help to address the questions CISO's and security leaders have in managing diverse business concerns, creating mobile security policies and in fully integrating business, risk and security metrics.
    Learn more »
  • Swiss Nuclear Power Plant Improves Business Continuity
    Learn how Kernkraftwerk Leibstadt (KKL), a Swiss nuclear power plant, achieved 95% virtualization with 50% fewer servers in just two months by implementing a Vblock System. The solution ensures that KKL can reliably deliver the continuous electricity supply safely and cost effectively.
    Learn more »
  • PCI DSS v3.0 - Compliance Guide
    Due to a lack of consumer confidence and a subsequent drop in sales, all entities that handle credit cardholder information are being challenged to adopt more effective data protection measures. This paper provides information on available tools to help validate compliance with the latest version of the Payment Card Industry Data Security Standard (PCI DSS).
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments