- Advice Summaries
- Case Notes
- Codes of Conduct
- Compliance Notes
- Fact Sheets
Towards Government 2.0: Issues Paper; Submission to Government 2.0 Taskforce (August 2009)
Submission to Government 2.0 Taskforce
- The Office of the Privacy Commissioner (the ‘Office') welcomes the opportunity to provide input into the Towards Government 2.0: Issues Paper (the ‘Issues Paper’) released by the Government 2.0 Taskforce (the ‘Taskforce’).
- In the Office’s view it will be important to embed privacy protections at all stages of government sponsorednetworked information communications technology (‘ICT’). The Office believes that this will help individuals to trust these systems, and will ensure that Australian government agencies fully realise the opportunities offered byWeb 2.0 initiatives.
- On this basis, the Office suggests that the following strategies could be adopted to assist embedding privacy in the further use of Web 2.0 by Australian government agencies:
- Those involved in developing and operating collaborative technologies could be given training and other guidance about how to implement good privacy practices and comply with the Information Privacy Principles in section 14 of the PrivacyAct 1988 (Cth) .
- It would be useful to undertake privacy impact assessments on existing systems proposed for use in government sponsored Web 2.0 initiatives and where applicable, on any new systems developed for this purpose, to ensure that privacy protections are applied to all aspects of the information lifecycle.
- Consideration could be given toharnessing appropriate privacy enhancing technologies such as data separation, systems that allow pseudonymous transactions and privacy-friendly identity management systems.
- The Office would suggest educating users to ensure they are able to make informed privacy decisions when interacting with government sponsored networked ICT, for example through the development of accessible online privacy policies.
- The Office also considers that there would be merit in creating an overarching framework to guide the development of government sponsored Web 2.0 initiatives. The Office could have a consultative role at an appropriate stage in relation to personal information handling aspects of any proposed framework.
Office of the Privacy Commissioner
1. The Office of the Privacy Commissioner (‘the Office') is an independent statutory body whose purpose is to promote and protect privacy in Australia. The Office has responsibilities under the Privacy Act 1988 (Cth) (the ‘Privacy Act'). The Privacy Act contains eleven Information Privacy Principles (‘IPPs') which apply to Australian and ACT Government agencies. It also includes ten National Privacy Principles (‘NPPs') which generally apply to all businesses with an annual turnover of more than $3 million (and some small businesses)  .
2. The coverage of the Privacy Act is limited to ‘personal information'. This is defined in section 6 (1) of the Act as information or an opinion, whether true or not, about an individual whose identity is apparent or can be reasonably ascertained from that information.
3. The Office welcomes the opportunity to provide comments in relation to the Towards Government 2.0: Issues Paper (the ‘Issues Paper’) released by the Government 2.0 Taskforce (the ‘Taskforce’)  .
4. The Office notes that the Taskforce’s terms of reference include advising and assisting the government to make public sector information more accessible and useable, to make government more consultative, participatory and transparent, to build a culture of online innovation and to promote collaboration across agencies in online and information initiatives  . The Issues Paper outlines a number of potential barriers to achieving these goals, and poses questions about how these could be addressed.
5. In this submission, the Office outlines privacy considerations that could usefully assist the Taskforce in its advice to government.
6. The Office considers that developing individuals’ trust and confidence in the privacy practices associated with any networked information communications technology (‘ICT’) innovations will be integral in encouraging individuals to engage with the government online. This involvesensuring that good privacy practicesare embedded at all stages of any online initiatives. In doing this, appropriate strategies mightinclude:
- Awareness of good privacy practice – educating those involved in developing and operating collaborative technologies about how to implement good privacy practices and comply with the Information Privacy Principles.
- Privacy impact assessments – undertaking privacy impact assessments on existing systems proposed for use in government sponsored Web 2.0 initiatives and where applicable, on any new systems developed for this purpose, to ensure that privacy protections are applied to all aspects of the information lifecycle from collection, use and storage of information through to disposal or deletion.
- Technology solutions – harnessing privacy enhancing technologies such as data separation, systems that allow pseudonymous transactions and privacy-friendly identity management systems.
- End user empowerment – educating users to ensure they are able to make informed privacy decisions when interacting with government sponsored Web 2.0 technologies.
7. These strategies are outlined below in more detail in response to specific questions raised in the Issues Paper.
What are the ways in which we build a culture within government which favours the disclosure of public sector information? What specific barriers exist that would restrict or complicate this and how should they be dealt with?
Disclosures under the Privacy Act
8. The Office notes that for the purposes of the Issues Paper, public sector information is taken to exclude personal information that would not be available for publication or reuse under Australian privacy laws or other legislation  . However, agency staff may be hesitant to disclose public sector information as they may not be clear about the type of information covered by the Privacy Act or whether such disclosure is permitted under the Privacy Act.
9. In this regard, the Office notes that the definition of ‘personal information’ in the Privacy Act is context-sensitivein that it includes information or an opinion about an individual whose identity can be reasonably ascertained  . As such, it may be difficult to identify whether particular public sector information is personal information covered by the Privacy Act, or whether it has or can be adequately de-identified.A number of well known examples illustrate the difficulty of determining whether information is ‘personal information’. For example, in 2006 search records of 650,000 America Online LLC (AOL) users were purportedly de-identified andtheir web search queries made publicly available. Journalists could later identify certain users by examining linkages between different searches  .
10. Also, on occasion the Privacy Act may be incorrectly perceived as a block to the disclosure of individual’s personal information, where in fact the disclosure may be permitted under an exception to the Privacy Act. For example, an agency may disclose an individuals’ personal information where an individual consents to the disclosure (IPP 11.1(b)) or where the disclosure is required or authorised by or under law (IPP 11.1(d))  .
11. The Office considers that to build a culture which favours the disclosure of public sector information, those involved in developing and operating government sponsoredWeb 2.0 initiativesmay need further education, possibly through the issue of guidance material. This guidance could outlinehow to recognise and de-identify personal information covered by the Privacy Actand the circumstances in which personal information may be publicly disclosed in accordance with the Information Privacy Principles.
Secrecy laws and the Privacy Act
12. The Office also considers that the disclosure of public sector information may be inhibited in some cases by a lack of clarity around the difference between privacy and secrecy laws. This was noted in the Australian Law Reform Commission’s review of secrecy laws, where it found ‘it is evident there is much confusion in the public arena about what is a privacy matter and what is governed by secrecy provisions’  .
13. The Office notes that there are important differences in the way secrecy and privacy laws operate. Unlike secrecy obligations which are set out in many different laws, the IPPsare found in section 14 of the Privacy Act and only apply to the handling of ‘personal information’. Also, while the IPPs provide a general framework for the way agencies handle personal information, these principles are balanced by a range of exceptions.
14. In the Office’s view,agency staff may be more confident about whether they could disclose personal informationif they understood better the distinction and interaction between obligations in applicable secrecy laws and those in the Privacy Act.
Proposed Office of the Information Commissioner
15. The Office notes that the Government proposes to establish the Office of the Information Commissioner, which would consist of a newly established Information Commissioner and Freedom of Information Commissioner as well as the Privacy Commissioner  .
16. The Information Commissioner would have broad functions to report on government policy and practice regarding the handling and accessibility of information held by the Government  . The Office also notes that the Taskforce will identify policies and frameworks to assist the Information Commissioner (and other agencies) to among other things, develop and manage a whole of government information publication scheme to encourage greater disclosure of public sector information  . The Office believes that these developments will positively contribute to the Government’s overarching objective to deliver consistent information policy across government and will significantly assist in promoting a culture of coordinated and responsible information handling and management  .
17. The Office also notes that the establishment of an Office of the Information Commissioner would integrate the different public policy objectives of improving transparency and openness in government (under the Freedom of Information Act 1982 ( Cth )) and protecting individuals’ personal information (under the Privacy Act 1988 (Cth) ). In the Office’s view, this will contribute to a cohesive approach to government information handling and release.
What are the possible privacy, security, confidentiality or other implications that might arise in making public sector information available? What options are there for mitigating any potential risks?
18. The Office considers that there are a number of possible circumstances in which personal information may be made available online, whether inadvertently or pursuant to an exception in the Privacy Act. Such disclosures may have unintended consequences for the privacy of individuals concerned.
19. Also, once an appropriate platform for disclosing public sector information is established, it is possible that there may be some function creep, where legislative measures incrementally and cumulatively expand in scope to have greater affect than was initially envisaged. This could lead to more personal information being made available than was initially intended.
Privacy impact assessments
20. The Office believes it would help to identify potential privacy risks by undertaking privacy impact assessments on existing systems proposed for use in government sponsored Web 2.0 initiatives and where applicable, on any new systems developed for this purpose. A privacy impact assessment is an assessment tool that describes in detail the personal information flows in a project, and analyses the possible privacy impacts of the project. A privacy impact assessment may do this by helping agencies to identify when the collection of particular information is unnecessary for a given project, or where additional accountability or oversight processes may reduce privacy risks.
21. The elements that make up a privacy impact assessment (including identification, analysis and management of privacy risks) help agencies to develop and implement good privacy practice and underpin good public policy. Privacy impact assessments also help to engender community trust in ICT proposals if the issues raised during the privacy impact assessment are responded to adequately through the proposal’s development.
22. The Office suggests the Taskforce emphasise the importance of privacy impact assessments to embedding privacy protections in new open government initiatives. Further information on privacy impact assessments can be found in the Office’s Privacy Impact Assessment Guide  .
23. While it would depend on the particular risks identified, some general options for responding to negative impacts uncovered in a privacy impact assessment include:
- Carefully considering any available privacy enhancing technologies (discussed in more detail in paragraph 24below)
- Creating a framework for the development of open government initiatives which among other things facilitates good privacy practices (discussed in more detail in paragraphs 25 to 28below)
- Providing adequate notice to individuals about measures affecting individuals’ privacy and publishingaccessible privacy policies
- Where necessary, specifically authorising uses or disclosures of personal information under law and
- Ensuring agencies are accountable for how they handle personal information, including through effective complaint handling, audit and oversight  .
Privacy enhancing technologies
24.Privacy enhancing technologies illustrate the important role of technology in supporting privacy and e-security. They achieve this by meeting security and other objectives, while at the same time providing individuals with appropriate control and choice over how their personal information is handled  . Privacy enhancing technologies tend to fall into several categories, for example:
- General information security tools – these include encryption, logical access controls, use of digital certificates etc.
- Data separation – this refers to systems that detach identifying information from other personal information so that the individual’s privacy is protected during processing and storage of their personal information. Generally only an authorised person with a digital key is able to re-identify information  .
- Privacy metadata – this refers to information ‘tags’ that can be attached to personal information during processing. These tags contain additional information such as the source of the information, the consent obtained, how it may be used and the policies to which it is subject. Personal information can also be assigned particular conditions or ‘obligations’ which detail the length of time that information may be retained and whether the person has given consent for the information to be disclosed to any third parties  .
- Privacy management systems – theseallow individuals to find out the privacy practices or processing policies of agencies that handle personal information and see if these match their preferences. The systems can improve the transparency of the information processing for the individual  .As the UK Information Commissioner has pointed out, these tools ‘...may also advise users of the consequences of the information processing performed leading to an improved understanding of privacy-related issues’  .
- Anonymising tools – these include tools that hide the IP address or email address of the individual  .
Framework for open government initiatives
25.The Office notes a recent post to the Taskforce’s blog by Kevin Cox, in which he suggests adopting principles (rather than more specific rules and regulations) as a framework to guide the development of open government initiatives  . Mr Cox provided some example principles, one of which related to personal information handling, while others related to public sector information handling more generally.
26.In the Office’s experience, there are many benefits associated with applying technologically neutral privacy principles to regulate personal information handling operations of Australian organisations and agencies. In particular, these provide sufficient regulatory flexibility to accommodate technological change, which will continuously enhance the speed, efficiency and scope for information flows in society generally  .
27.The Office considers that if principles were developed along the lines suggested by Mr Cox, they would need to be clearly distinguished from theInformation Privacy Principles which have a legislative basis in section 14 of the Privacy Act. It may help to clarify this distinction if instead of referring to open government ‘principles’, these were referred to as a ‘framework’ to guide open government initiatives.
28.The Office suggests itcould have a consultative role at an appropriate stage in developing any such framework, to help ensure that parts of the framework relating to personal information handling reflect good privacy practice.
What is needed to make the large volume of public sector information (a) searchable and (b) useable? And in each case, what do we do about legacy information in agencies? How might the licensing of on-line information be improved to facilitate greater re-use where appropriate?
29.The Office recognises the many benefits to the community of making public sector information searchable and useable.
30.The Office notes that increasing accessibility to and searching of large volumes of public sector data can lead to datasets of previously anonymous information being linked to re-identify the individual to whom the information relates. This can also result in disparate sources of personal information being linked to profile individuals (including where this information was collected in different contexts and for different purposes)  .
31.In each case individuals’ ability to maintain different legitimate identities in different contexts, such as a professional identity, a community identity, a personal identity and a citizen identity, may be undermined.
32.Accordingly,the Office would reiterate its suggestion at paragraph 11 above, that staff involved in developing and operating government sponsored Web 2.0 initiatives may need further educationabout how to ensure the complete de-identification of data (where this is required under the Privacy Act) before such data becomes searchable. More generally, the Office would suggest thatcare be taken in developing and operating any such initiativesto minimise the possibility of data from different sources being inappropriately aggregated and personal information being disclosed outside of the reasonable expectations of the individual.
Are these complaints and appeals processes sufficient? Are additional processes needed for government as it engages in the Web 2.0 world?
33.The Privacy Commissioner has complaint handling responsibilities in part V of the Privacy Act. In general terms, individuals may make a complaint to the Privacy Commissioner if they believe their privacy has been interfered with by an Australian or ACT government agency, or a private sector organisation covered by the Act  .The Commissioner has powers to investigate an alleged breach  , conciliate the complaint or, where conciliation is not possibleto make a Determination  .
34.The Issues Paper notes that as more government information is made available online, there is an increased risk of unintentional or inappropriate release of information (including personal information) that may be damaging for an individual  .
35.The Office also notes that where government sponsored collaborative online forums are introduced, there is a greater risk that individuals may post material on the forum which includes a third party’s personal information. As an individual cannot generally make a complaint under the Privacy Act about another individual acting in their own capacity, in most circumstances the third party would not have redress against that individual under the Privacy Act or against any other individual who subsequently used or disclosed that information (see paragraphs 61 to 63 below).
36.Given these increased risks, the Office suggests that the Taskforce emphasise the importance of agencies that adopt Web 2.0 initiatives handling personal information security breaches in an appropriate and timely manner. To help agencies do this, the Office has developed a ‘Guide to Handling Personal Information Security Breaches’, which provides general guidance on key steps and factors for agencies (and organisations) to consider when responding to a personal information security breach  .
37.It may also be relevant to note that the ALRC recommended in its recent review of privacy law, that the Privacy Act should be amended to include a new part on data breach notification. This would generally provide that an agency is required to notify the Privacy Commissioner where specified personal information has been (or is reasonably believed to have been) acquired by an unauthorised person and this may given rise to a real risk of serious harm to the affected individual  .
What should government do to foster a culture of compliance with information and records management policies and best practice?
38.The Office considers that agency staff involved in government sponsored Web 2.0 initiatives should understand their responsibilities under the Privacy Act and good privacy practice more broadly. This may involve formally training these individuals as well as releasing guidance material which specifically focuses on the relationship between privacy and online channels of communication (see for example the guidance suggested at paragraph 11 above).
39.The Office notes that in its review of privacy laws the Australian Law Reform Commission (the ‘ALRC’) recommended that the Office develop guidance on generally available publications in electronic form. The Office supported a similar proposal in the ALRC’s Discussion Paper 72  . The ALRC recommended that the guidance should:
- Apply whether or not the agency or organisation is required by law to make the personal information publicly available
- Set out the factors that agencies and organisations should consider before publishing personal information in an electronic format (for example, whether it is in the public interest to publish personal information on a publicly accessible website) and
- Clarify how the [privacy principles] apply to the collection of personal information from generally available publications to include in a record or other generally available publication  .
40.The Office suggests that developing this kind of guidance material may help to foster good privacy practice amongst agencies involved in new government ICT initiatives.
How can best practice be facilitated, identified, rewarded, and further propagated?
41.The Office considers that best privacy practice can be facilitated by ensuring privacy protections are built into every aspect of a system for every stage of its lifetime. The Office has noted on many occasions the importance of privacy being addressed at the design stage of new projects and being built in to system architecture and the parameters governing what information is collected and what information flows are possible  . The UK Information Commissioner has also noted the importance of building in privacy in a recent report which notes that this ‘...approach will ensure that privacy controls are stronger, simpler to implement, harder to by-pass, and totally embedded in the system’s core functionality’  .
42.A useful way to identify how privacy can be built into a new or existing system is to undertake privacy impact assessmentsvery early in the concept design stage of the project.
43.In uncovering any potential risks associated with a system, a privacy impact assessment may point to appropriate options for mitigating these risks. As noted in response to question 4 above, some of the options which could help facilitate best privacy practice include adopting appropriate privacy enhancing technologies, providing notice to individuals about how their personal information will be handled and publishing accessible privacy policies (see paragraph 23 above).
44.The Office also considers that good privacy practice can be encouraged by actively promoting awareness about the potential impact of collaborative technologies on individuals’ privacy and by adopting approaches to enhance individuals’ privacy. This may involve developing guidance material for those involved in government sponsored networked ICT initiatives which outline good privacy practices associated with these technologies. In addition, formal training sessions about good privacy practices could ensure a consistent message is conveyed to staff about appropriate practices and procedures for identifying and handling individuals’ personal information.
45.Further, best practice may be encouraged through reward. For example, the Office offers annual Australian Privacy Awards including to government agencies to recognise, encourage and reward commitment to engaging in good privacy practices.
What sort of privacy issues might dissuade individuals from engaging with government via collaborative technologies? What sort of steps can we take to ensure that personal information is used appropriately? What options are there for mitigating any potential privacy risks?
46.The Office considers that garnering individuals’ trust will be a key factor in the overall uptake of collaborative technologies.
47.The Office submits that platforms with good privacy practices are likely to generate trust among individual users, whereas poor privacy practices can destroy trust overnight, as in the case of a major data breach. Individuals may be disinclined to participate in interactive online initiatives for fear that their personal information will be compromised or handled inappropriately. Individuals may also be concerned about who may access and use the information they provide for purposes unrelated to the issues being discussed.
48.The Office notes that there is considerable concern in the community about the trustworthiness of providing information over the internet. In a community attitudes survey commissioned by the Office in 2007, 50% of respondents said they were more concerned about providing information over the internet than they were two years before and 65% of respondents felt more concerned about providing their details online rather than in hard copy format  .
49.In the Office’s opinion, adopting a multi-faceted approach to implementing strong privacy protections and good information handling practices may help to establish a good online reputation. The key features ofthis approach may include permitting individuals to retain control over their personal information, adopting good identity management practices and facilitating anonymous (or pseudonymous) participation in online forums. These interrelated features are discussed in more detail below.
50.Under the Privacy Act, individuals have a legitimate interest in controlling the dissemination of information about them. Also, individuals may usually expect that where they provide their personal information to different agencies and organisations for one purpose, this information will not be used or disclosed for another purpose. For this reason it is important to consider appropriate ways of ensuring individuals know how their personal information will be handled and where possible, ensuring individuals can maintain a measure of control over their personal information.
52.The Office also suggests empowering the end user through education to ensure that individuals are able to make informed privacy decisions when interacting with technology. This may involve explaining how much personal information individuals need to provide to participate in an online forum, making it easier for users to change their online privacy settings and ensuring that individuals understand the risks and benefits of doing so  .
Good identity management
53.In the Office’s view, agencies may also increase consumer trust and confidence in collaborative online forums by adopting good identity management practices  .
54.Online transactions raise a number of identity management issues that may impact on privacy, including:
- The possibility of hackers and identity thieves inappropriately accessing personal information while it is being transmitted or stored
- The emerging importance of measures, such as digital certificates and public key infrastructure, to allow agencies to properly authenticate the identity of an individual to enhance security and minimise the risk of fraudulent claims
- How to recognise that individuals may have multiple elements to their identity, depending on, for example, whether they are acting as a customer, an employee or a member of a family and that any online transaction need only authenticate the legitimacy of such identities to the extent necessary to enable the particular interaction and
- The enhanced capacity to link personal information with other information already held or collected by electronic means  .
55.The Office considers that some of these issues may be addressed by ensuring that personal information is only collected about an individual to the extent necessary for a transaction. How much information needs to be collected will depend on the particular circumstances of the transaction, including the risks associated with the transaction. For example, good identity management will permit agencies to properly authenticate individuals’ identity where individuals are claiming government benefits, to minimise the risk of fraud.
56. The Office would also suggest exploring options to encourage privacy-friendly identity management processes by government transacting online. This could include evaluating the merits of adopting different privacy enhancing technologies (discussed in more detail at paragraph 24 above).
Anonymity and pseudonymity
57.The Office’s community attitudes survey indicated that 58% of respondents aged between 18 and 24 years provide false information online as a means of protecting privacy  . The Office considers that individuals may be more inclined to participate and submit their truthful views online if there is an opportunity to remain anonymous or at least to adopt a pseudonym. This may particularly be the case where individuals are invited to express their political opinions, which individuals may consider sensitive  .
58.Accordingly, in adopting collaborative ICT technologies the Office suggests that agencies could be encouraged to allow for anonymity where this is lawful and practicable. For example, it would not be lawful or practicable for an individual to interact anonymously where he or she wished to fraudulently claim government benefits to which that individualwas not entitled  .
59.The Office notes that this would be consistent with the ALRC’s recommendation in its review of Australian privacy laws, that wherever it is lawful and practicable in the circumstances agencies and organisations should give individuals the clear option of interacting by either not identifying themselves or identifying themselves by a pseudonym  .
How does government provide sufficient room for personal debate and passionate dissent but still ensure appropriate levels of moderation in online forums? Should moderation be ‘outsourced’ and if so in what circumstances and how? How might volunteers from the commenting community be selected to moderate?
60.The Office supports adopting a transparent process of moderating online forums, which specifies the parameters of editorial control  .
61.The Office notes that online debate could lend itself to an individual intentionally or inadvertently disclosing another person’s personal information online without that person’s (the ‘complainant’s’) knowledge or consent. As a result, the complainantcould lose control over information about them, which may or may not be accurate. This would potentially undermine the complainant’s privacy and in some cases may lead to embarrassment, financial loss, harassment or discrimination.
62.If the individual who posted this information was acting in his or her personal capacity, in most circumstances such disclosure would not breach the Privacy Act, and the complainantwould not have redress against that individual under the Privacy Act. However, as noted in the Issues Paper, the complainant may instead be able to make a complaint against the government agency which published the information about the complainant  .This is because the government agency is responsible under the Privacy Act for personal information collected for inclusion in a record, and for disclosing that information including by publishing it online  .
63.Moreover, if the government outsources moderation of the forum, the contracted service provider (including a small business) would also need to comply with the Privacy Act in relation to activities engaged in under the contract  . For example, the complainant may be able to make a complaint against the contracted service provider if it was responsible for publishing information about the complainant in similar circumstances.
64.Accordingly, government agencies will need to ensure they appropriately comply with the Privacy Act when moderating online forums. This may include ensuring that individuals providing information are aware that they may not include any identifying information about another person in a post. It may also include establishing clear processes to ensure that information provided by third parties which is to be published online does not include another individuals’ personal information.
65.Some other matters government agencies may wish to consider in establishing appropriate moderation processes that comply with the Privacy Act include:
- The purpose of the online forum
- The capabilities of any software such as anti-trolling software, which will moderate posts before they are published online
- Whether any guidelines for moderators clearly explain obligations under the Privacy Act
- Whether it is possible to determine if an individual’s personal information has been inappropriately included in a post, before publishing that information online and
- Any resourcing or timing constraints that may affect a moderator’s ability to remove online content containing personal information.
66.It may also be relevant to note that in its review of privacy laws, the ALRC recommended that federal legislation should provide for a statutory cause of action for a serious invasion of privacy where there is a reasonable expectation of privacy and the act or conduct complained of is highly offensive to a reasonable person of ordinary sensibilities (subject to certain defences). According to the ALRC, a serious invasion of privacy could include where an individual’s correspondence has been interfered with, misused or disclosed or where sensitive facts relating to an individual’s private life have been disclosed  .
67.If a statutory cause of action is introduced, complainants would have access to a broader range of remedies to redress the invasion of their privacy including by other individuals.
To what extent can government assist the uptake of Government 2.0 by centrally providing standard business management guidance and tools to avoid agencies having to ‘reinvent the wheel’ when considering their own online engagement guidelines
68.For the reasons set out in its response to questions 2 and 4 above, the Office would support the issue of standard guidance on implementing good privacy practice in developing and operating Web 2.0 initiatives (see paragraphs 8 to 11, 18 to 19 and 25 to 28 above).
 Government 2.0 Taskforce 2009, Towards Government 2.0 Issues Paper , p. 4.
 Government 2.0 Taskforce 2009, Towards Government 2.0 Issues Paper , p. 12.
 See the definition of ‘personal information’ in section 6(1) of the Privacy Act.
 Barbaro M. & Zeller T. 2006, ‘A Face Is Exposed for AOL Searcher No. 4417749’, New York Times ,9 August, see www.nytimes.com/2006/08/09/technology/09aol.html?ei=5087&en=fc3fb3310bf58bd7&ex=1171771200&excamp=mkt_at1&pagewanted=all .
 For further information about the exceptions to the use and disclosure principles in IPPs 10 and 11, see Office of the Privacy Commissioner, Plain English Guidelines to Information Privacy Principles 8 – 11 , see www.privacy.gov.au/materials/types/guidelines .
 ALRC 2009, Discussion Paper 74Review of Secrecy , paragraph 4.194, see www.austlii.edu.au/au/other/alrc/publications/dp/74/ .
 Government 2.0 Taskforce, Towards Government 2.0Issues Paper Appendix 2 Terms of Reference.
 Office of the Privacy Commissioner, Submission to the Department of the Prime Minister & Cabinet on the Exposure Draft of the Information Commissioner Bill 2009 and Freedom of Information Amendment (Reform) Bill 2009 , May 2009, seewww.privacy.gov.au/materials/types/submissions?sortby=65 .
 Privacy enhancing technologies are discussed in greater detail in Privacy Enhancing Technologies: A Whitepaper for Decision Makers , published by the Dutch Government, see www.dutchdpa.nl/downloads_overig/PET_whitebook.pdf .
 See Privacy Enhancing Technologies: A Whitepaper for Decision Makers and published by the Dutch Government, see www.dutchdpa.nl/downloads_overig/PET_whitebook.pdf
 UK Information Commissioner’s Office, Privacy by design , November 2008, p9, see www.ico.gov.uk/about_us/news_and_views/current_topics/privacy_by_design.aspx .
 Privacy Enhancing Technologies: A Whitepaper for Decision Makers published by the Dutch Government, see www.dutchdpa.nl/downloads_overig/PET_whitebook.pdf .
 UK Information Commissioner’s Office, Privacy by design , November 2008, p9, see www.ico.gov.uk/about_us/news_and_views/current_topics/privacy_by_design.aspx .
 UK Information Commissioner’s Office, Privacy by design , November 2008, p9, see www.ico.gov.uk/about_us/news_and_views/current_topics/privacy_by_design.aspx .
 See post by Kevin Cox on 5 August 2009 on Government 2.0 Taskforce, ‘The Theory of Spin: Serial Professional Innovation Negation’, Gov 2.0 Blog , http://gov2.net.au/blog/2009/08/04/the-theory-of-spin-serial-professional-innovation-negation/
 Office of the Privacy Commissioner, Submission to ALRC’s Review of Privacy- Issues Paper 31 , February 2007, chapter 11, http://gov.au/materials/types/submissions/view/6757 .
 Office of the Privacy Commissioner, Submission to ALRC’s Review of Privacy- Issues Paper 31 , February 2007, chapter 11, paragraph 33, seewww.privacy.gov.au/materials/types/submissions/view/6757 .
 See section 27(1) of the Privacy Act 1988 (Cth).
 See section 52 of the Privacy Act 1988 (Cth).
 Government 2.0 Taskforce 2009, Towards Government 2.0 Issues Paper , p. 17.
 Office of the Privacy Commissioner, Guide to Handling Personal Information Security Breaches , www.privacy.gov.au/materials/types/guidelines/view/6478 .
 ALRC 2008, ALRC 108 For Your Information: Australian Privacy Law and Practice , recommendation 51-1see www.austlii.edu.au/au/other/alrc/publications/reports/108/ .
 ALRC 2008, ALRC 108For Your Information: Australian Privacy Law and Practice , recommendation 11-1, see www.austlii.edu.au/au/other/alrc/publications/reports/108/ . In recommendation 11-1 the ALRC refers to the model unified privacy principles, which the ALRC recommended introducing at recommendation 18-2.
 See, for example Office of the Privacy Commissioner submission to Department of Human Services on the proposed Health and Social Services Access Card, August 2006, see www.privacy.gov.au/publications/accesscard_sub_082006.html .
 UK Information Commissioner’s Office, Privacy by design , November 2008, p3, see www.ico.gov.uk/about_us/news_and_views/current_topics/privacy_by_design.aspx .
 For further discussion about options to help individuals to control access to their personal information seeGlobal Public Sector Practice, Internet Business Solutions
Group and Cisco 2007, ‘Safe To Play: A Trust Framework for the Connected Republic’, pp. 20 – 21, seewww.iispartners.com/Publications/index.html .
 See for example UK Information Commissioner’s Office, Privacy by design , November 2008, p. 7.
 Office of the Privacy Commissioner, Submission to ALRC’s Review of Privacy- Issues Paper 31 , February 2007, chapter 11, see www.privacy.gov.au/materials/types/submissions/view/6757 ..
 This is reflected in section 6 (1) of the Privacy Act, which defines information about a person's political opinions as 'sensitive information'. Such information is especially sensitive because it could lead to individuals being stigmatised, embarrassed or discriminated against, and therefore it should be handled with particular care.
 For other examples of where it may not be lawful and practicable to transact anonymously, see ALRC 2008, ALRC 108For Your Information:Australian Privacy Law and Practice , chapter 20, see www.austlii.edu.au/au/other/alrc/publications/reports/108/ .
 ALRC 2008, ALRC 108For Your Information:Australian Privacy Law and Practice , recommendation 20-1, see www.austlii.edu.au/au/other/alrc/publications/reports/108/ .
 Government 2.0 Taskforce 2009, Towards Government 2.0: An Issues Paper , p. 28.
 Government 2.0 Taskforce 2009, Towards Government 2.0: An Issues Paper , p. 27.
 See Information Privacy Principles 1, 3 and 11 in section 14 of the Privacy Act 1988 (Cth).
 See sections 6D(4)(e) and 95B of the Privacy Act.
 ALRC 2008, ALRC 108 For Your Information: Australian Privacy Law and Practice , recommendations 74-1 and 74-2, www.austlii.edu.au/au/other/alrc/publications/reports/108/ .