NSW Labor moves to close privacy loophole

The NSW opposition is attempting to close a gap between different sets of privacy rules that has left customers of some of the state’s largest utilities without any external protection from misuse of their personal information.

Shadow Attorney-General Paul Lynch yesterday introduced a bill in the legislative assembly seeking to amend the existing NSW Privacy and Personal Information Protection Act 1998 to cover state-owned corporations.

The state’s privacy law covers 'public sector agencies’ - wording that excludes state-owned corporations like energy companies, water utilities and port authorities.

Back when the Act was originally drafted, these organisations were exempted under the rationale that they needed every chance to compete with the private sector on a level regulatory playing field.

However, as commonwealth legislation has caught up, Labor and the state’s Information and Privacy Commission believe this reasoning has become redundant.

They argue it creates a dangerous loophole in the provision of external redress for privacy complaints.

Accordingly, the opposition has moved to act on changes that the IPC and privacy commissioner Elizabeth Coombs have long lobbied for.

“Public concerns over these issues and potential breaches are getting greater rather than receding. There are increasing worries, for example, about big data,” Lynch told NSW parliament.

“The government has taken no steps to act on this sensible recommendation."

Ten government-owned businesses remain outside the jurisdiction of both the NSW laws and the commonwealth privacy act. The list includes Water NSW, the Port Authority of NSW, Sydney Water Corporation and Endeavour Energy.

Only Essential Energy, Endeavour Energy and AusGrid have taken up the opportunity to opt-in to the Commonwealth regime, under a clause that allows for voluntary admission.

In her February 2015 report on the the NSW privacy rules, Coombs argued that even though the exempted state-owned corporations appeared to be treating their customer data responsibly, voluntary compliance was a shaky foundation for customers to rely on.

“I am concerned about the lack of formal privacy protection for clients of some state-owned corporations (SOCs) and recommend that all NSW SOCs be subject to privacy regulation,” she said.

Debate on the bill is set to resume at a later date. NSW parliament sits again from Monday next week.

An earlier version of this story listed TransGrid and one of the organisations that had opted in to the commonwealth privacy laws. This was incorrect. iTnews apologises for any confusion.