Dated 10 June 2002
This document is at http://www.privacy.org.au/Papers/SubmnNSWOSR0206.html
Thank you for the opportunity to make a submission to this review.
The Australian Privacy Foundation submits that the debt recovery regime under the Fines Act 1996 represents a disproportionate use of State power involving excessive intrusion into the privacy of all NSW residents - not just fine defaulters. It also sets a dangerous precedent for future claims by other agencies for equivalent powers in other contexts.
We are particularly concerned to refute the suggestion made in a recent Audit Office report that the Privacy and Personal Information Protection Act 1998 (PPIPA) is an obstacle to the operation of the Fines Act regime. This is simply misinformed - if anything the PPIPA does not apply sufficiently to the regime.
Information about the Privacy Foundation and its role can be found at http://www.privacy.org.au
The breadth of the SDRO's powers under the Fines Act and the extent to which intrusions into individuals' privacy are authorized are extraordinary by comparison with other agencies, particularly having in mind the amounts of the debts typically involved. The debt recovery regime gives SDRO access to information on the basis of a mere administrative request which is denied to other agencies dealing with much more serious crimes and liabilities without more onerous safeguards such as the requirement to obtain a judicial warrant.
In privacy terms, the Fines Act abandons the principle of proportionality which underlies the Privacy and Personal Information Protection Act 1998 (PPIPA) and is embodied in its collection principles (IPP1, s 8 - `collection reasonably necessary for [the] purpose, and IPP 4 (s.11) - `collection does not intrude to an unreasonable extent' (having regard to the purpose)). However, compulsory collection from any agency is `reasonably necessary' simply because the Fines Act says it is and is not an `unreasonable intrusion' for the same reason. The intention of the PPIPA to require intrusions into privacy to be proportional to other public interests is overridden in this case - fine enforcement is seen as paramount objective, outweighing all other interests and justifying highly intrusive powers.
A recent report from the Audit Office of NSW on the SDRO recommends continued refinement of data-matching and search methodologies to improve the likelihood of identifying the correct defaulter (and by implication, locating them for enforcement action).
The technique of data-matching is known to be fraught with difficulties, primarily because it usually involves comparisons between essentially different data, using different definitions, time periods, conventions and levels of accuracy and precision. It is for this reason that data matching has been subjected to rigorous controls and safeguards in many jurisdictions, including the Commonwealth (Data-matching Program (Assistance and Tax) Act 1990, and Privacy Commissioner Guidelines), and New Zealand (Privacy Act 1993 Part X).
Regrettably, NSW does not yet have any such controls or safeguards. In the Foundation's view, further data-matching for the purposes of debt recovery should not be approved until the technique is governed by procedural safeguards at least as good as the Commonwealth legislation and guidelines
The Audit Office Report also identified privacy as a constraint on fine enforcement process and recommended amendment of the PPIPA to improve SDRO's access to information from other government agencies.
Unfortunately this perpetuates the common myth in the NSW public service that the PPIPA somehow interferes with exchanges of information necessary for enforcement activity including revenue collection.
In fact, the PPIPA has one of the most generous regimes of any comparable Privacy law in relation to such information exchanges. S.23(5) expressly exempts agencies from the non-disclosure principle (IPP11, s.18) where disclosure is "reasonably necessary for the protection of the public revenue, or in order to investigate an offence...". Furthermore, S.25 expressly exempts agencies from compliance with most of the Principles (including IPP11) where "non-compliance is otherwise permitted or is necessarily implied or reasonably contemplated) under an Act or any other law..." (s.25(b)).
Put together with the clear powers of the SDRO under the Fines Act and the requirement under s.117 of that Act for other agencies to provide SDRO with information, there is no basis for the claim that the privacy law obstructs SDRO in the performance of its functions.
The only circumstances in which another agency could legitimately withhold information from SDRO would be where it is subject to an Act which expressly prevents it from disclosing, and where that Act is not overridden by the Fines Act. There may not be any such circumstances, but if there are it is right and proper that any change should be effected by amendment of the restraining law, after due consideration of the balance of interests.
If there is a problem, it lies in a misunderstanding by other agencies of the way the PPIPA works and interacts with other legislation. There is no case for any changes to the PPIPA, which already provides generous exemptions from privacy protection principles for revenue protection activities.
The Audit Office Report findings have been widely reported as indicating comparatively low levels of recovery. Unfortunately media reports and political reactions have not adequately acknowledged the distinction that the Audit Office iteslf makes between current recovery rates, which are reasonable, and the very low recovery rates for the `old' debts inherited by the SDRO. It is inevitable that most of these old debts will have to be written off, and debate about the efficacy of the regime should really be based only on the current performance.
As well as having concerns about the Fines Act regime itself, we are also very concerned about the possible precedent effect of such draconian and privacy intrusive legislation. Not surprisingly, agencies involved in the investigation and prosecution of much more serious offences and crimes are envious of the `administrative' access to personal information that the SDRO enjoys.
There are very good reasons why access to personal information for most law enforcement (and revenue protection) purposes is strictly regulated, and often requires the agencies concerned to apply for judicial warrants. This is well established and consistent with the public policy of respect for privacy embodied in the PPIPA and other laws.
There should be no argument that other agencies, even if they appear more `deserving' than the SDRO in terms of the public interests they seek to advance, can be given equivalent powers. To resist any such pressure, it needs to be recognised that it is the Fines Act that is anomalous and inconsistent, and its provisions need to be wound back more in line with standard practice under other laws.
Go to the APF Home Page.
Created: 7 February 2003
Last Amended: 7 February 2003
APF thanks its site-sponsor: