The Western Australian government is facing renewed calls to introduce public sector privacy laws following a spate of high-profile data breaches in the private sector and questions over data retention practices at WA Police.
WA is one of only two jurisdictions in Australia without dedicated privacy legislation, the other being South Australia. Attempts to introduce it date back to 2007, when the former Labor government tried and failed to pass an information bill.
The government has been working to develop dedicated privacy and data sharing legislation since 2017, as was recommended in the 2016 Data Linkage Review chaired by the state’s Chief Scientist Professor Peter Klinken.
The review said that while “WA has a long and highly successful history of linking data” there was “evidence to suggest that other states and countries are hesitant to share data with WA due to the lack of privacy legislation”.
“With this concern, coupled with the requirement for a whole-of-government model where data from numerous government agencies can be access and linked, there is a strong need for privacy legislation,” the report said.
But there has been little to no movement with the reforms since the government first started consulting on Privacy and Responsible Information Sharing legislation in August 2019 to “bring WA into line with other jurisdictions”.
A summary report published last September suggested the reforms had been delayed by COVID-19 and the subsequent economic recovery, with “the government to continue the legislative party of this initiative when appropriate”.
In light of the Optus data breach and revelations that WA Police will retain data collected by the G2G Pass border management system for at least 25 years, Daylight Saving Party MP Wilson Tucker this week called for a renewed focus on privacy.
“WA is not taking data privacy seriously,” Mr Tucker said during a debate on accountability in state Parliament, adding that “we have not seen any action for reform” since the promise of legislation in 2019.
Mr Tucker said the Attorney General was “falling very short” of the mark and stressed that the “longer that we do not have this, the more colourful the examples we will see of the need for uniform data privacy legislation, like we recently saw with G2G passes”.
“The lack of data privacy legislation means that the personal information of Western Australians that was collected, which… had the sole purpose of managing the pandemic, has now defaulted to the public state archives,” he said.
“It also increases the risk that information [is] not being secured or handled with the respect that it deserves, and it is also open to risk. When we have these data breaches it also means that we erode the trust of the public in public institutions moving forward.”
A spokesperson for Attorney General John Quigley told InnovationAus.com the government “remains committed to introducing a comprehensive framework to protect personal privacy” but would not provide a timeline for when this might occur.
“The drafting of bills and their introduction into Parliament is a decision of cabinet and is therefore cabinet-in-confidence,” the spokesperson said.
Do you know more? Contact James Riley via Email.