Transcript of Today's Hearing Will Be Placed on the Committee's Website When It Becomes Available
Total Page:16
File Type:pdf, Size:1020Kb
CORRECTED REPORT OF PROCEEDINGS BEFORE STANDING COMMITTEE ON LAW AND JUSTICE INQUIRY INTO REMEDIES FOR THE SERIOUS INVASION OF PRIVACY IN NEW SOUTH WALES ——— At Sydney on 30 October 2015 ——— The Committee met at 10.15 a.m. ——— PRESENT The Hon. N. Maclaren-Jones (Chair) The Hon. D. J. Clarke Mr D. Shoebridge The Hon. B. Taylor The Hon. L. J. Voltz CORRECTED CHAIR: I welcome everyone to the first hearing of the Standing Committee on Law and Justice inquiry into remedies for the serious invasion of privacy in New South Wales. Before I commence I acknowledge the Gadigal people, who are the traditional custodians of this land. I pay respect to the elders past and present of the Eora nation and extend that respect to other Aboriginals present. The inquiry is examining the adequacy of existing remedies for the serious invasion of privacy in this State. The Committee's terms of reference require it to consider the adequacy of existing remedies for serious invasions of privacy, including the equitable action of breach of confidence and whether a statutory cause of action should be introduced to respond to such invasions. In addition to these issues, a number of submissions to our inquiry have alluded to the capacity of the criminal law to respond appropriately to serious invasions of privacy. Today is the first of two hearings we plan to hold for this inquiry. We will hear today from the New South Wales privacy and information commissioners, the New South Wales Council of Civil Liberties, the Australian Law Reform Commission, representatives from the legal fraternity, academics, and the Australian Privacy Foundation. Before we commence I will make some brief comments about the procedures for today's hearing. Today's hearing is open to the public and is being broadcast live via the Parliament website. A transcript of today's hearing will be placed on the Committee's website when it becomes available. In accordance with broadcasting guidelines, while members of the media may film or record Committee members and witnesses, people in the public gallery should not be the primary focus of any filming or photography. I remind media representatives that they must take responsibility for what they publish about the Committee's proceedings. It is important to remember that parliamentary privilege does not apply to what witnesses may say outside of their evidence at this hearing. I urge witnesses to be careful about any comments they may make to the media or to others after they complete their evidence as such comments would not be protected by parliamentary privilege if another person decided to take action for defamation. The guidelines for the broadcasting of proceedings are available from the secretariat. There may be some questions that a witness could only answer if they had more time or with certain documents at hand. In these circumstances witnesses are advised that they can take questions on notice and provide the answer within 21 days. I remind everyone that Committee hearings are not intended to provide a forum for people to make adverse reflections about others under the protection of parliamentary privilege. I therefore request that witnesses focus on the issues raised by the inquiry's terms of reference and avoid naming individuals unnecessarily. Our witnesses are also advised that any messages should be delivered to the Committee through the Committee staff. STANDING COMMITTEE ON LAW AND JUSTICE 1 Friday 30 October 2015 CORRECTED ELIZABETH COOMBS, NSW Privacy Commissioner, Information and Privacy Commission, sworn and examined: CHAIR: Before we commence with questions would you like to make an opening statement? Dr COOMBS: I would, thank you. I hope to keep it brief. Madam Chair and members, thank you for inviting me here today to address the Committee. I am conscious that I am your first witness to appear in the public hearings. I would like to express my appreciation for this opportunity but also my very strong support for the introduction of a statutory cause of action for serious invasions of privacy. I know that you will be hearing many issues over the course of the hearings. I would like to have the opportunity to address some of the matters that might come up in some of the later hearings. I will give a brief overview of my submission to commence and then, as I said, some of those issues which I anticipate will come up. As the privacy commissioner it is my statutory role to act as an advocate for the protection of the privacy of the citizens of New South Wales. My concern is that their personal information, in addition to their broader privacy rights, is protected. I draw your attention, as a context to this inquiry, to the fact that privacy is a basic human right. Article 17 of the United Nations International Convention on Civil and Political Rights, of which Australia is a signatory, says: No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. This is the important part as well: Everyone has the right to the protection of the law against such interference or attacks. New South Wales privacy legislation does provide some protection. There is absolutely no doubt about that. My report to Parliament tabled earlier this year says that those pieces of legislation have stood the test of time well in general, but they really concern information privacy. I argue that neither the Privacy and Personal Information Protection Act nor the Health Records and Information Protection Act deals sufficiently with the broader concept of privacy as described by article 17 of the declaration. Most definitely they do not deal well with the broader concept of privacy—that notion of being left alone, of the right to freedom from interference or from surveillance and the right to solitude. Privacy is increasingly becoming an asset. That is not just the view of an advocate for privacy such as me; it is proven through empirical, quantitative and respected research. Privacy is something that an individual believes gives them the right to control their lives and information about them. We as a society do not condone acts by individuals or businesses that use physical violence or threats to rob people of their property. Information about you, as set down in the Act, is an important asset. I argue that privacy in this sense deserves similar protections against theft and harm whether actual or threatened. It is all the more important in an age where we not only have technological advances but we have ever increasing technological advances. The Privacy and Personal Information Protection Act was introduced in 1998, seven years after the internet but many years before we had iPhones, smartphones, iPads, Facebook and other tools that people use in their everyday lives. We could not question that technological advancement has led to a rise both in benefits and convenience to citizens but it has also led to a rise in serious threats to their privacy—sometimes through their own actions, sometimes through the actions of other parties or business or government. It is our responsibility to try to keep up to this evolution. Data breaches intentional or otherwise are unfortunately not an uncommon occurrence. As I was walking to the train station this morning I saw a billboard saying that there had been very significant identity thefts just recently where people's tax file numbers have been stolen. The important thing is it is not just about financial information; these things have a domino effect. That information which has been stolen by one will be onsold to others and so the uses are pervasive and ongoing. I also want to spend a little bit of time on the rise of revenge porn, given the seriousness and the very offensive nature of such acts but also the fact that they have received quite broad media attention. With other breaches such as the Ashley Madison breach, the salacious nature has brought those ones to the fore. But there are other cyber attacks which affect many people, such as the one on Adobe customers that affected 38 million people worldwide of which 1.7 million were Australians. There are some more micro-level examples. One is a telco. Recently in the last couple of months there was an allegation that that telco had inappropriately accessed the personal information of a customer who also happened to be a journalist. I think many people who raise concerns about the introduction of a legal remedy for serious invasions of privacy point to common law as an avenue which currently exists. Common law most certainly has a very STANDING COMMITTEE ON LAW AND JUSTICE 2 Friday 30 October 2015 CORRECTED fine and respected tradition. Common law, though, dates back to the twelfth century. Anything that is 900 years old is going to move very, very slowly. I think that is what we are seeing in the submissions which have written about why common law in itself is not sufficient. In a globalised economy where we have instant and worldwide communication, and where anyone with a smartphone can become an Internet superstar in a matter of hours, the ability of the common law to protect privacy rights, and regulate appropriately and comprehensively the appropriate use of people's information or incursions into their privacy, is hampered by a lack of flexibility and timeliness. Lord Leveson, when he came to Sydney— CHAIR: Dr Coombs, I am sorry to interrupt but I would point out that we only have limited time for questioning here today.