The data assets of Australia’s political parties and their candidates are notoriously exempt from the Privacy Act, but proxy campaigns waged by their sympathetic friends and relatives are definitely not, a fresh action by the nation’s data watchdog has confirmed.
Wilson Asset Management International (WAMI), the investment firm that galvanised the brutally effective campaign against Labor’s franking credits policy, has been ordered by the Office of the Australian Information Commissioner (OAIC) to immediately destroy its campaign data holdings through a court-enforceable undertaking.
“Our investigation identified deficiencies in WAMI’s personal information handling practices which will be addressed through a court-enforceable undertaking,” Privacy Commissioner Angelene Falk said in a statement.
“The community expects that all organisations handling personal information will be clear about what information they are collecting and how it will be used.
“Organisations should only collect personal information that is necessary for their activities.”
The OAIC’s action revolves around the ‘Stop the retirement tax’ website launched and authorised by Liberal MP Tim Wilson that sought to garner submissions to a parliamentary committee on tax policy.
While the website was widely regarded as a sop to try and poison Labor’s election campaign, the transfer of personal data – especially email addresses – derived from people signing an online petition from the ‘Stop the retirement tax’ to WAMI fell foul of privacy regulations.
The OAIC said that “it was not sufficiently clear to people who signed the petition” that their information would be passed on for them to be contacted with the watchdog also taking issue over how much information was harvested.
A chief concern for the watchdog was that the level of personal detail collected “was not reasonably necessary for its administration of the petition, such as individuals’ phone numbers, full addresses, and details of their submissions on the proposal.”
The watchdog also criticised the use of "pre-selected tick boxes to seek individuals’ consent."
“Submissions may have contained sensitive information about the individuals’ political opinions,” the OAIC said.
That kind of sensitive data, along with demographic, family, employment and marital status is however collected with legal impunity by both of the major political parties as well as a raft of smaller contenders with essentially no external oversight or control.
Political parties are also able to electronically access the Electoral Roll for campaign purposes, a restricted privilege that, unlike political party campaign databases, comes with strict usage parameters.
With the incidence of foreign espionage now routinely increasing around election times, many in cybersecurity believe it is only a matter of time before campaign databases are compromised if they have not been already.
Both the Coalition and Labor continue to oppose the inclusion of their campaign databases under the Privacy Act.
The court-enforceable undertaking states that "WAMI advised it ceased to have access to the website from 22 February 2019."
