A conflict between the Australian and New Zealand Privacy Acts has been highlighted by the decision of several banks to transfer their IT operations across the Tasman.
While the New Zealand Privacy Act covers both the private and public sectors, the Australian version does not cover the private, raising questions as to the confidentiality of bank records transferred from New Zealand.
Bruce Slane, of the Privacy Commission, says it is difficult to comment.
“There is a possibility that such a claim would have to be investigated, and therefore I have an area of jurisdiction.”
Under Section 10 of the Privacy Act, entitled “Applications Of Principles To Information Held Overseas”, point two is quite clear in stating that “information held outside New Zealand by an agency” falls under the jurisdiction of the Privacy Commissioner. This particular clause does have a catch — that the commission does not apply any of the overseas rules if a company is required to undertake certain actions under law in the country from which it is operating.
Under Australian law, privately owned companies are not required to adhere to the Australian Privacy Act. So does this mean that an Australian bank can sell, or pass on, information regarding its clients?
Privacy law specialist Don McIlroy doesn’t believe so. Says McIlroy: “It is important to remember that this legislation was requested by the OECD, and since the OECD will enact similar legislation, location is irrelevant.”
Any suggestions of confusion over the act are dismissed by McIlroy.
“Basic principles apply. If a company does have to answer to the commission then it will have to be able to explain why it thought it didn’t have to comply with act, and as such show the appropriate legis-lation.”
McIlroy suggests that the best solution is for companies to be fully aware of the implications of the act.