Privacy may be defined as the claim of individuals, groups or institutions to determine when, how and to what extent information about them is communicated to others (Westin AF, Privacy and Freedom New York: Atheneum, 1967, page 7).
Privacy is your right to control what happens with personal information about you.
there is no general right to privacy. Australia
Some protection is afforded through the operation of certain Federal and State legislation, together with the law of contract, tort and confidential information.
The use of the Internet can affect the privacy rights a person has in his or her identity or personal data. Internet use and transactions generate a large amount of personal information which provide insights into your personality and interests.
Privacy issues relating to identity include the possible appropriation of a person’s email identity and address.
- Ease of access to and the appropriation of email addresses has led to the practice of sending vast amounts of unsolicited e-mails (spam).
- Identification through email and website transactions and the ability to locate people’s physical addresses easily through national and international directories have raised new privacy concerns.
Privacy issues relating to personal data arise from
- insecure electronic transmissions,
- data trails and logs of email messages,
- online transactions and the
- tracking of web pages visited.
Privacy invasion issues arise from data matching (the process of wholesale cross checking of data from one source against another source such as tax and social security data) and personal profile extraction processes which use this data alone or in combination with other publicly available data.
The first half of Roger Clarke’s article Introducing PITs and PETs: Technologies Affecting Privacy  also highlights some of the privacy concerns arising from the Internet and technology generally.
- federally (http://www.privacy.gov.au), in
- NSW (http://www.lawlink.nsw.gov.au/pc.nsf/pages/index) and
- but currently not in other states.
Privacy Commissioners have certain responsibilities under relevant Commonwealth and State privacy legislation. Their functions include:
- handling complaints by individuals who feel their privacy rights may have been breached;
- assisting governments and private sector bodies (where applicable) comply with relevant privacy legislation;
- providing information advice to the public about their privacy rights; and
- policy development.
More information about the role of the Privacy Commissioners can be obtained from:
- Federal – http://www.privacy.gov.au/about/index.html
– http://www.lawlink.nsw.gov.au/pc.nsf/pages/whatwedoindex New South Wales
– http://www.privacy.vic.gov.au/dir100/priweb.nsf. Victoria
Privacy Act 1988 (Cth)The Privacy Act 1988 (Cth)  embodies eleven Information Privacy Principles (IPPs). Federal and ACT government departments and agencies must comply with these principles.
The IPPs prescribe how ‘personal information’ must be handled by an organisation.
Personal information under s 6 of the Privacy Act is defined as:
Information or an opinion (including information or an opinion forming part of a database) whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Despite this definition in the Privacy Act, it is not always clear what is ‘personal information’.
The general principle is that any information about an individual whose identity is apparent, or can reasonably be ascertained from the information, is ‘personal information’.
Where it is possible for information that is not personally identifiable to be easily correlated with information that is personally identifiable, the original information may be viewed as personal information.
For example, the Privacy Commissioner may judge an
ISPto be in possession of personal information, if that ISPcollects information about websites visited by a subscriber. Although the information by itself is not identifiable of an individual, it may be easily correlated with other information initially supplied to the ISPby the subscriber to enable the person’s identity to be established.
More information about the IPPs can be gained from the Office of the Federal Privacy Commissioner’s Guidelines to the IPPs. 
Private sector business must comply with the Act as follows:
- credit providers and credit-reporting agencies must comply with credit reporting rules in the Act and in the legally binding code of conduct dealing with credit rating information of individuals;
- all organisations that store and use tax file number information must comply with tax file number guidelines issued by the Privacy Commissioner (s 17 Privacy Act).
There are other obligations of private sector bodies generally after 2001 (see below).
Privacy Amendment (Private Sector) ActThe Privacy Amendment (Private Sector) Act 2000 (Cth)  (
PSA) took effect on the 21 December 2001.
PSAestablishes 10 National Privacy Principles (NPPs) as the minimum privacy standards for the private sector.
The NPPs deal with the same main issues as the IPPs:
- storage and
- security of information and
- rights to access this information.
They do however, differ slightly to the IPPs to reflect the different issues that operate in a commercial environment, such as provisions relating to direct marketing.
The NPPs require organisations to allow individuals to deal with them anonymously provided this is lawful and practicable.
For example, this would require electronic road toll systems and payphone providers to provide an anonymous payment option such as cash or prepaid cards.
Personal information for the purposes of the NPPs is the same definition used in the public sector that is contained in s 6 of the Privacy Act. Apart from their application, the major difference between the IPPs and NPPs is NPP number seven and eight.
NPP GuidelinesWith the advent of this new law directed at the private sector, the Office of the Federal Privacy Commissioner (OFPC) has released the National Privacy Principle Guidelines (the NPP Guidelines). 
The advisory Guidelines give an indication to the factors the Commissioner may take into account when handling a privacy complaint, while also providing organisations with further information on how to comply with the NPP’s.
The OFPC has also published numerous information sheets about specific NPPs to further aid organisations on complying with this legislation. 
PKI GuidelinesThe Office of the Federal Privacy Commissioner has also released Guidelines relating to the use of Public Key Infrastructure in relation to Government handling of personal information. 
HealthThe Commissioner has other privacy responsibilities arising under the National Health Act 1953.
In light of the sensitivity of health information, the Commissioner has also released Guidelines on Privacy in the Private Health Sector to aid health organisations in complying with relevant privacy legislation and standards. 
Electronic medical recordsNSW HRIPPA – backflip?
Application of the NPPs
As of 21 December 2001, private sector organizations (defined to include partnerships, trusts and individuals) will be required to comply with the NPPs unless they have in place a code of practice approved by the Privacy Commissioner.
The Commissioner will not register codes that provide a lower level of privacy protection than what is provided by the NPPs (see http://www.privacy.gov.au/business/codes for more information about Privacy Codes).
Small business operators
Media organizations ‘in the course of journalism’
Employee record is defined and includeso health information,o personal and emergency contact details,o the employee’s membership of a professional or trade association ando the employee’s taxation, banking or superannuation affairs.
This appears to be a subset of the items that might exist on an employee’s employment record. Great care should thus still be taken with employee records.
Contract with a State or Territory
- Acts and practices of organisations performed in relation to a contract with a State or Territory instrumentality where that contract involves handling personal information. Such acts and practices will be covered by State or Territory privacy standards.
Members of Parliament
- Various further exemptions exist for members of Parliament and others in relation to practices relating to elections or referendums.
Complaints about infringements of privacy rights can be made to the Privacy Commissioner who has discretion to investigate or take other action.
The remedies available under the Privacy Act vary significantly from those in the various State jurisdictions.
The Privacy Commissioner has the power to:
- investigate a complaint made to the Privacy Commissioner;
- investigate a complaint that a code adjudicator has referred to the Privacy Commissioner;
- to hear appeals from a decision of a code adjudicator;
- investigate all complaints made about a federal Government contractor;
- investigate an act or practice that may be a breach of privacy (even if no complaint has been made);
- seek an injunction from the Federal Court to restrain or prohibit a person from engaging in conduct that does or would breaching the Privacy Act. No undertaking as to damages is required if application is made by the Commissioner; and
No appeal to a court or tribunal on the merits is available from decisions of the Privacy Commissioner.
Spent ConvictionsThe Commonwealth Spent Convictions Scheme came into force on
30 June 1990under the Crimes Act 1914 (Cth)  . The scheme entitles a person to not disclose (if requested) certain criminal convictions after ten years (or five years in the case of juvenile offenders) and provides protection against unauthorised use and disclosure of this information. It covers minor convictions for federal, state and foreign offences. The protection varies according to the type of offence. The scheme also covers pardons and quashed convictions.
Data MatchingData Matching Program (Assistance and Tax) Act 1990 (Cth)  regulates the way tax file numbers are used in matching data held by the Australian Tax Office with data supplied by applicants for social security benefits and other forms of financial assistance.
National Health ActThe National Health Act 1953 (Cth)  , under which the Commissioner is required to issue guidelines covering the storage, use, disclosure and retention of individuals’ claims information under the Pharmaceutical Benefits Scheme and the Medicare program.
Privacy and Personal Information ActThe Privacy and Personal Information Act 1998 (NSW)  sets up the NSW Office of the Privacy Commissioner  and
confers on the Commissioner powers concerning research, advice and handling complaints about breaches of privacy.
The NSW Information Privacy Principles (IPPs) are similar to the Federal IPPs.
They apply to the NSW public sector and include an obligation for the development and implementation of Privacy Management Plans. These standards regulate the way public sector agencies deal with personal information.
NSW Privacy CommissionerThe NSW Privacy Commissioner may investigate and conciliate complaints about breaches of privacy by organisations and individuals who are not public sector agencies.
In NSW there is a merits review of certain decisions of the Privacy Commissioner to the NSW Administrative Decisions Tribunal.
The NSW Privacy Commissioner’s website provides a detailed overview of the Privacy and Personal Information Act 1998 (NSW) and the IPPs. 
Health Records and Information Privacy ActThe Health Records and Information Privacy Act  provides privacy protections for medical information.
Information Privacy ActThe Information Privacy Act 2000 (Vic)  creates the office of a Privacy Commissioner in
.  Victoria
The Commissioner may undertake research and monitor developments in data processing and computer technology (including data matching and data linkage) to ensure any adverse effects on personal privacy are minimised.
The Act sets out its own set of 10 Information Privacy Principles. These are almost identical to the federal NPPs which apply to the private sector but in
apply only to the public sector. Victoria
An individual or organisation whose interests are affected by a decision of the Privacy Commissioner to serve a compliance notice may apply to the Victorian Civil and Administrative Tribunal for review of the decision.
Surveillance Devices ActThe Surveillance Devices Act 1999 (Vic)  regulates data surveillance devices and their use by law enforcement officers.
Health Records ActThe Health Records Act 2001  establishes privacy protections for medical information.
It is expected that
will introduce state privacy legislation within the next five years. Currently, Queensland has an administrative privacy regime based on Queensland Information Standard 42 – Privacy.  This standard applies to all Queensland Government agencies and while it does not have the full force of law it seems to have achieved widespread compliance. The core of IS42 is a set of Information Privacy Principles which mirror the Commonwealth IPPs. Queensland
Other State privacy legislation
There are various other State and Territory provisions which deal with listening devices, health records and credit reporting agents but these are dated and have little application to privacy issues arising on the Internet. There is however legislation regulating data surveillance devices in the
(Surveillance Devices Act 2000). Northern Territory
The laws of nuisance and breach of confidence may sometimes be used to provide a remedy for invasions of privacy of personal information. Actions for defamation and breach of copyright may also be relevant in certain circumstances.
NuisanceThe law of nuisance may provide limited scope for protection against intrusive information collection practices:
- Nuisance is a remedy against unreasonable intrusion upon the enjoyment of land.
- Telephone harassment constitutes an action in nuisance and a breach of the tort of intentional infliction of emotional distress (Khorasandjian v Bush  3WLR 476).
- Automatic video surveillance of a
Sydneybackyard has also been held to be an actionable nuisance (Raciti v Hughes  NSWSC, unreported 19 Oct 1995, Young J).
- If email is shown to be an integral part of the enjoyment of the home (similar to the telephone) harassment by email may constitute a nuisance. Currently (as at 4 April 2003) in the United States the California Supreme Court is faced with the issue of deciding whether excessive emailing by a third party to a company’s internal email system can constitute a trespass to goods (see Howard Mintz, ‘Ex-Intel worker's case goes to high court’ The Mercury News  ).
Breach of confidenceAn action for breach of confidence can be used to protect personal information if the required elements of the action are present.
The information imparted must be confidential and imparted in circumstances imposing an obligation of confidence.
Whether a confidential relationship between an individual and an organization can be established will depend on the terms of the relationship (generally in contract).
Confidence is not breached where the unauthorised disclosure is made in the public interest. The defence requires the court to balance the public interest in maintaining confidentiality against the public interest in disclosure.
Many sites now carry a privacy seal of approval issued by an operator of an online seal program. ‘Trust-e’ seals are the most widely used.  The use of the seal on the site indicates that the operator claims to have met a series of privacy requirements that are mandated by the organisation providing the seal. In the case of TRUSTe, it signifies the site operator has agreed to comply with ongoing oversight and consumer resolution procedures based on the US Federal Trade Commission principles.Privacy seals have no legal effect. They simply indicate to visitors that privacy representations made by a website are backed by a third party.
Privacy statements on websites
Different approaches to anonymity exist. There are cloaking technologies such as Pretty Good Privacy or suites of software such as Freedom Security & Privacy Suite  that claim they can provide untraceable encrypted email and anonymous browsing and chat. Some of these technologies have created concern for law enforcement agencies but currently would not of themselves be illegal in
. Other examples of anonymity tools include ECash and anonymous remailers (See Roger Clarke’s Introducing PITs and PETs: Technologies Affecting Privacy.  ) Australia
Another online identity protection option is the use of intermediary-operated services in the data transfer process. Each intermediary is only aware of the identity of the intermediary that it directly receives data from or directly transfers data to, and the system is such that it is unable to track the data originator or receiver.
In the above article Clarke draws attention to the inherent problems anonymity technologies create for law enforcement agencies. He notes that complete anonymity – while favouring individual freedom – may tip the balance towards creating an environment where e-crime could prosper. In response to this concern, some commentary advocates the use of ‘pseudonymity’ measures: where very substantial privacy protections are provided for individuals' identities, but where those protections may be breached when particular conditions are fulfill.
 http://www.anu.edu.au/people/Roger.Clarke/DV/PITsPETs.html http://scaletext.law.gov.au/html/comact/6/3324/top.htm http://www.privacy.gov.au/publications/index.html http://scaletext.law.gov.au/html/comact/10/6269/top.htm http://www.privacy.gov.au/publications/nppgl_01.html http://www.privacy.gov.au/publications/index.html (Privacy and Public Key Infrastructure: Guidelines for Agencies using
PKIto communicate or transact with individuals http://www.privacy.gov.au/publications/pki.doc) http://www.privacy.gov.au/publications/hg_01.html http://scaletext.law.gov.au/html/pasteact/0/28/top.htm http://scaletext.law.gov.au/html/pasteact/0/445/top.htm http://scaletext.law.gov.au/html/pasteact/0/173/top.htm http://scaletext.law.gov.au/html/pasteact/2/3021/top.htm http://scaletext.law.gov.au/html/pasteact/0/464/top.htm http://www.austlii.edu.au/au/legis/nsw/consol_act/papipa1998464 http://www.lawlink.nsw.gov.au/pc.nsf http://www.lawlink.nsw.gov.au/pc.nsf/pages/generalinfo http://www.austlii.edu.au/au/legis/nsw/consol_act/hraipa2002370 http://www.austlii.edu.au/au/legis/vic/consol_act/ipa2000231 http://www.privacy.vic.gov.au http://www.austlii.edu.au/au/legis/vic/consol_act/sda1999210 http://www.austlii.edu.au/au/legis/vic/consol_act/hra2001144/ http://www.governmentict.qld.gov.au/02_infostand/standards/is42.pdf http://www.corpwatch.org/article.php?id=6208 http://www.truste.org see www.freedom.net http://www.anu.edu.au/people/Roger.Clarke/DV/PITsPETs.html