Why Should the Privacy Commissioner be Granted a Power to Issue Compliance Notices?

Abstract

There is no doubt that the Privacy Act of 1993 has positively contributed to protecting privacy interests and preventing privacy breaches after being in force for almost 20 years. The Privacy Commissioner is seen to play a crucial and central role in these achievements as a “statutory guardian for privacy interests”. However, as a result of the development of the internet and modern technology, breaches of personal information have become more and more sophisticated and difficult to discover and tackle in a timely fashion. Although the Privacy Commissioner has, in principle, extensive functions pursuant to the Privacy Act and other legal instruments, its power should be adjusted to operate more effectively and in conformity with overseas regulations. Many experts support that the power to issue compliance notices is one new tool that should be granted to the Privacy Commissioner. The Law Commission has also recommended in its report to changes for the present Privacy Act including analyses that indicate the Privacy Commissioner should have such reserve power. This paper discusses whether the Privacy Commissioner should have the power to issue compliance notices to an agency that is in breach of the Privacy Act 1993. The paper first examines the definitions of terms such as compliance notices and privacy breaches. It then looks at specific regulations of several overseas jurisdictions, in which Privacy Commissioners are granted this function. In the next stage, this paper mentions some main arguments about whether the new power to the Privacy Commissioner is necessary. Finally, it provides recommendations for changing the Privacy Act in terms of the power to serve compliance notices.