Asia Pacific Privacy Authorities

View printable version of this page

Table of contents

• Introduction
• Statement of Objectives
• Statement of Common Administrative Practice: Case Note Citation
• Statement of Common Administrative Practice: Case Note Dissemination
• 27^th APPA Forum (including Communiqué)
• 28^th APPA Forum (including Communiqué)
• 29^th APPA Forum (including Communiqué)
• 30^th APPA Forum (including Communiqué)
• APPA members list
• When meetings are held?
• International Conference on Privacy and Personal Data Protection
• Privacy Awareness Week

Introduction

Asia Pacific Privacy Authorities (APPA) is the principal forum for privacy authorities in the Asia Pacific Region to form partnerships and exchange ideas about privacy regulation, new technologies and the management of privacy enquiries and complaints.

APPA convenes twice a year, discussing permanent agenda items like jurisdictional reports from each delegation and an initiative-sharing roundtable. Topical issues canvassed by forums have included privacy and security, a World Anti-Doping Code, cross-jurisdictional law enforcement in the Pacific Rim, privacy legislation amendments, cryptography and personal data privacy.

Background 

Asia Pacific Privacy Authorities (APPA) was formerly known as PANZA and PANZA+ (Privacy Agencies of New Zealand and Australia plus Hong Kong and Korea).

Following an internal review of PANZA+ during 2005, the participants agreed to update the Forum. A title more accurately reflecting the composition of the group was adopted and a formal structure was put in place to assist the Forum to engage strongly on privacy matters in the region. The first outcomes of this enhanced and directed focus is the APPA Statement of Objectives and the Statement of Common Administrative Practice outlined below.

Statement of Objectives

Meeting in Melbourne, Australia, on 17 November 2005, the assembled privacy authorities from Australia, Hong Kong, Korea and New Zealand, resolved as follows:

RECOGNISING that:

• Privacy is a matter of growing international concern
• Information networks closely connect people and organisations in our various jurisdictions regardless of physical borders and differing laws
• Governments and business expect regulators to strive for efficient and effective solutions and that best practice requires privacy authorities to be aware of what similar regulators are doing
• Privacy issues can emerge in one jurisdiction before others and that privacy authorities can benefit from an advanced warning system
• Privacy authorities are increasingly being called upon to contribute to solutions to complaints, or policy challenges, that cross borders
• There is limited specialised data privacy resource in any one jurisdiction and that privacy authorities benefit from reaching abroad for information, inspiration and assistance
• Participants in the forum will benefit from cooperation in information privacy knowledge sharing and technical resources
• Adoption of the APEC Privacy Framework in 2004 has provided a regional restatement of the importance of privacy and transborder information flows and a spur to reinvigorate regional cooperative arrangements

THEREFORE we resolve to:

• Continue the cooperative arrangements established in 1992 and which came to be known as PANZA+ in the ensuing 24 meetings
• Rename the meeting as the Asia Pacific Privacy Authorities Forum
• Encourage further participation from within the region

AND FURTHER RESOLVE to build upon and enhance the current arrangements with the principal objectives of:

• Facilitating the sharing of knowledge and resources between privacy authorities within the region
• Fostering cooperation in privacy and data protection
• Promoting best practice amongst privacy authorities
• Working to continuously improve our performance to achieve the important objectives set out in our respective privacy laws.

Privacy Commissioner of Australia
Privacy Commissioner of New Zealand
Privacy Commissioner for Personal Data, Hong Kong SAR
Privacy Commissioner of New South Wales, Australia
Privacy Commissioner of Victoria, Australia
Information Commissioner of Northern Territory, Australia
Korea Information Security Agency

Statement of Common Administrative Practice

Case Note Citation

Adopted: 24th APPA meeting, Melbourne, Australia, 17 November 2005

Abstract: This statement outlines agreed elements of a system for citing reports of complaints handled by privacy authorities. The citation system seeks to maximise the collective regional benefits of individual report series published by particular privacy authorities by making it easier to clearly identify and refer to reported cases.

Special terms used: "Case note" is intended to encompass any report outlining the outcome of an investigation, conciliation or determination of a complaint that is contained in a series of reports released by a privacy authority.

Background information: Graham Greenleaf, "Reporting Privacy Complaints Part 1: A Proposal for Systematic Reporting of Complaints in Asia-Pacific Jurisdictions" 9/3 Privacy Law & Policy Reporter 41-48, available on-line at http://www.austlii.edu.au/au/journals/PLPR/2002/30.html.

Statement on citation of case notes

Many privacy authorities issue instructive case notes on a selection of complaints that have been handled. It is desirable that all those who wish to refer to a case note can do so by an official citation that unambiguously refers to the same note and has an accepted designator for the privacy authority or other body publishing the report.

APPA particularly wishes to encourage good citation systems given the clear benefit to privacy authorities in the region in the ability to cite reports from other offices. Others engaged in interpreting and applying privacy law will similarly benefit.

It is agreed that all case notes should be issued with a citation including the following elements:

• A descriptor of the case
• The year of publication
• A standard abbreviation for the privacy authority
• A sequential number.

Some variety exists in case descriptors currently used by privacy authorities in the region. This diversity is compatible with this statement of common administrative practice. Current approaches include:

• Australia and Victoria: reference to complainant by letter of the alphabet and respondent through a general description (e.g. J v Superannuation Provider [2005] PrivCmrA 7)
• New South Wales: reference to complainant by letters followed by respondent department's name (e.g. KJ v Wentworth Area Health Service [2004] NSWPrivCmr 7)
• New Zealand, Korea and Hong Kong: a short generalised characterisation of the complaint (e.g. Mobile telecom company provided the details of telephone conversation of a customer to a third party without her consent [2004] KRPIDMC 4); New Zealand and Hong Kong citations add an internal reference number e.g. Man upset that employer disclosed epilepsy to other employees (Case Note 16723) [2003] NZPrivCmr 11).

The year of the note appears in brackets, followed by the abbreviation of the issuing authority and the sequential case note number.

The following abbreviations have been adopted for APPA participants:

• HKPrivCmr - Hong Kong Privacy Commissioner for Personal Data
• KRPIDMC - Korean Personal Information Dispute Mediation Committee
• NSWPrivCmr - New South Wales Privacy Commissioner
• NTICmr - Northern Territory Information Commissioner
• NZPrivCmr - New Zealand Privacy Commissioner
• PrivCmrA - Privacy Commissioner of Australia
• VPrivCmr - Victorian Privacy Commissioner

Statement of Common Administrative Practice

Case Note Dissemination

Adopted: 26th APPA meeting, Hong Kong, 9 November 2006

Abstract: This statement outlines recommended steps for disseminating privacy case notes. These steps seek to maximise the collective regional benefits of individual case note series published by particular privacy authorities by making it easy to obtain case notes on-line and by facilitating re-publication.

Special terms used: "Case note" encompasses any report outlining the outcome of an investigation, conciliation or determination of a complaint that is contained in a series of reports released by a privacy authority.

Related statement: APPA Statement of Common Administrative Practice on Case Note Citation adopted at the 24th Meeting, Melbourne, Australia, 17 May 2005.

Statement on dissemination of case notes

Many privacy authorities issue instructive case notes on a selection of complaints that have been handled in their jurisdiction.

Privacy authorities disseminate their case notes domestically in a variety of ways depending upon their priorities, budget and target audiences. For instance, some:

• maintain a distribution list to which printed copies of case notes are mailed
• reprint the text of case notes in annual reports
• publicise summaries in newsletters
• post case notes on their own website
• distribute electronic copies through RSS feeds or email subscription lists
• cooperate in re-publication by local legal publishers
• periodically publish indexed compilations.

APPA actively encourages privacy authorities to make their case notes widely available to increase comparative knowledge and stimulate research and debate.

This statement is focused upon steps that facilitate the dissemination or availability of case notes throughout the region.

APPA encourages privacy authorities:

• to cooperate with third party publishers who wish to re-publish their case notes, and
• to make their case notes available, in an electronic form suitable for re-publication, to a recognised regional consolidated point of access.

Third party publishers

APPA recognises that third party publishers can enable case notes to be made more widely available to the public, specialist bodies, professional advisers and researchers.

Privacy authorities should facilitate re-publication of case notes by third party publishers. This should be done by giving a general licence for re-publication of their case notes with proper acknowledgement.

The general licence can be made subject to revocation if inappropriate (e.g. salacious) use is made.

The general licence should be included within the usual copyright notice posted on each privacy authority's website.

Consolidated point of access

APPA sees considerable value in having a consolidated point of access for case notes. An access point now exists in the World Legal Information Institute's Privacy Law Library (www.WorldLII.org/int/special/privacy). The single point of access brings a variety of benefits including the ability to search across a range of case note series from within and beyond the region.

Privacy authorities should supply electronic case notes to WorldLII at the same time as they distribute the case notes in the ordinary way or as soon as reasonably practicable after that.

APPA Members List

Below is a list of the current APPA members. Authorities from other countries are eligible for membership if the authority (or agency) has been accredited through the international meetings of Data Protection and Privacy Commissioners.

APPA generally meets over two or two and a half days, one to one and half days being reserved for Privacy Commissioners (APPA's formal members) and their staff and the remaining day including invited representatives of government agencies/departments involved in privacy administration or privacy-related issues.

Current APPA members include:

Members	Commissioners
Office of the Privacy Commissioner for Personal Data, Hong Kong www.pcpd.org.hk	Mr Roderick B Woo, Privacy Commissioner for Personal Data, Hong Kong
Office of the Privacy Commissioner, Australia www.privacy.gov.au	Ms Karen Curtis, Privacy Commissioner (Australia)
Office of the New South Wales Privacy Commissioner www.lawlink.nsw.gov.au/lawlink /privacynsw/ll_pnsw.nsf/pages/PNSW_index	Judge K V Taylor, AM, RFD, NSW Privacy Commissioner
Office of the Victorian Privacy Commissioner www.privacy.vic.gov.au	Ms Helen Versey, Privacy Commissioner Victoria
Office of the Information Commissioner Northern Territory www.privacy.nt.gov.au	Ms Zoe Marcham, Acting Information Commissioner
Korean Information Security Agency www.kisa.or.kr	Mr Kwangjin Park, Privacy Commissioner
Office of the Privacy Commissioner, New Zealand www.privacy.org.nz	Ms Marie Shroff, Privacy Commissioner (New Zealand)
Office of the Privacy Commissioner, Canada www.privcom.gc.ca/index_e.asp	Ms Jennifer Stoddart, Privacy Commissioner (Canada)
Office of the Information and Privacy Commissioner, British Columbia www.oipcbc.org	Mr David Loukidelis, Information and Privacy Commissioner (British Columbia)

When meetings are held?

There are two APPA forums every year, with hosting duties rotating between APPA members.

Privacy Awareness Week

Privacy Awareness Week is a promotional campaign first initiated by Privacy Victoria in 2001. For the first time, Privacy Awareness Week, 26 August to 1 September 2007, was jointly promoted internationally by the APPA members.

A major joint activity undertaken by the APPA members, was the International Privacy Competition for secondary school students. The competition required students to submit a written piece of work based on the 2007 Privacy Awareness Week theme, ‘privacy is your business.’ The competition closed on 3 August 2007 and winners were announced during Privacy Awareness Week.

Media Release: Melbourne girl wins international youth privacy competition