Privacy Amendment (Enhancing Privacy Protection) Act 2012 (197 of 2012)
Schedule 4 Other amendments of the Privacy Act 1988
54 Sections 27 to 29
Repeal the sections, substitute:
27 Functions of the Commissioner
(1) The Commissioner has the following functions:
(a) the functions that are conferred on the Commissioner by or under:
(i) this Act; or
(ii) any other law of the Commonwealth;
(b) the guidance related functions;
(c) the monitoring related functions;
(d) the advice related functions;
(e) to do anything incidental or conducive to the performance of any of the above functions.
(2) The Commissioner has power to do all things necessary or convenient to be done for, or in connection with, the performance of the Commissioner’s functions.
(3) Without limiting subsection (2), the Commissioner may establish a panel of persons with expertise in relation to a particular matter to assist the Commissioner in performing any of the Commissioner’s functions.
(4) Section 38 of the Healthcare Identifiers Act 2010, rather than section 12B of this Act, applies in relation to an investigation of an act or practice referred to in subsection 29(1) of that Act in the same way as it applies to Parts 3 and 4 of that Act.
Note: Section 38 of the Healthcare Identifiers Act 2010 deals with the additional effect of Parts 3 and 4 of that Act.
28 Guidance related functions of the Commissioner
(1) The following are the guidance related functions of the Commissioner:
(a) making guidelines for the avoidance of acts or practices that may or might be interferences with the privacy of individuals, or which may otherwise have any adverse effects on the privacy of individuals;
(b) making, by legislative instrument, guidelines for the purposes of paragraph (d) of Australian Privacy Principle 6.3;
(c) promoting an understanding and acceptance of:
(i) the Australian Privacy Principles and the objects of those principles; and
(ii) a registered APP code; and
(iii) the provisions of Part IIIA and the objects of those provisions; and
(iv) the registered CR code;
(d) undertaking educational programs for the purposes of promoting the protection of individual privacy.
(2) The Commissioner may publish the guidelines referred to in paragraphs (1)(a) and (b) in such manner as the Commissioner considers appropriate.
(3) The educational programs referred to in paragraph (1)(d) may be undertaken by:
(a) the Commissioner; or
(b) a person or authority acting on behalf of the Commissioner.
(4) Guidelines made under paragraph (1)(a) are not a legislative instrument.
28A Monitoring related functions of the Commissioner
Credit reporting and tax file number information
(1) The following are the monitoring related functions of the Commissioner:
(a) monitoring the security and accuracy of information held by an entity that is information to which Part IIIA applies;
(b) examining the records of entities to ensure that the entities:
(i) are not using information to which Part IIIA applies for unauthorised purposes; and
(ii) are taking adequate measures to prevent the unlawful disclosure of such information;
(c) examining the records of the Commissioner of Taxation to ensure that the Commissioner:
(i) is not using tax file number information for purposes beyond his or her powers; and
(ii) is taking adequate measures to prevent the unlawful disclosure of the tax file number information that he or she holds;
(d) evaluating compliance with the rules issued under section 17;
(e) monitoring the security and accuracy of tax file number information kept by file number recipients.
Other matters
(2) The following are also the monitoring related functions of the Commissioner:
(a) examining a proposed enactment that would require or authorise acts or practices of an entity that might otherwise be interferences with the privacy of individuals, or which may otherwise have any adverse effects on the privacy of individuals;
(b) examining a proposal for data matching or linkage that may involve an interference with the privacy of individuals, or which may otherwise have any adverse effects on the privacy of individuals;
(c) ensuring that any adverse effects of the proposed enactment or the proposal on the privacy of individuals are minimised;
(d) undertaking research into, and monitoring developments in, data processing and technology (including data matching and linkage) to ensure that any adverse effects of such developments on the privacy of individuals are minimised;
(e) reporting to the Minister the results of that research and monitoring;
(f) monitoring and reporting on the adequacy of equipment and user safeguards.
(3) The functions referred to in paragraphs (2)(a) and (b) may be performed by the Commissioner:
(a) on request by a Minister or Norfolk Island Minister; or
(b) on the Commissioner’s own initiative.
(4) If the reporting referred to in paragraph (2)(e) or (f) is done in writing, the instrument is not a legislative instrument.
28B Advice related functions of the Commissioner
(1) The following are the advice related functions of the Commissioner:
(a) providing advice to a Minister, Norfolk Island Minister or entity about any matter relevant to the operation of this Act;
(b) informing the Minister of action that needs to be taken by an agency in order to comply with the Australian Privacy Principles;
(c) providing reports and recommendations to the Minister in relation to any matter concerning the need for, or the desirability of, legislative or administrative action in the interests of the privacy of individuals;
(d) providing advice to file number recipients about:
(i) their obligations under the Taxation Administration Act 1953 in relation to the confidentiality of tax file number information; or
(ii) any matter relevant to the operation of this Act.
(2) The functions referred to in paragraphs (1)(a), (c) and (d) may be performed by the Commissioner on request or on the Commissioner’s own initiative.
(3) The Commissioner may perform the function referred to in paragraph (1)(b) whenever the Commissioners think it is necessary to do so.
(4) If the Minister is informed under paragraph (1)(b) in writing, or the report referred to in paragraph (1)(c) is provided in writing, the instrument is not a legislative instrument.
29 Commissioner must have due regard to the objects of the Act
The Commissioner must have due regard to the objects of this Act in performing the Commissioner’s functions, and exercising the Commissioner’s powers, conferred by this Act.
Note: The objects of this Act are set out in section 2A.