The recent case of SF v Shoalhaven City Council  NSWADT 94 (discussed above) provides a timely reminder of the potential liabilities councils face under privacy laws. Although the legislation in that case applied strictly to the New South Wales jurisdiction, and given that local government in South Australia is not bound by similar legislation or the Privacy Act 1988 (Privacy Act), many councils, pursuant to their privacy policies, bind themselves to the National Privacy Principles and the Information Privacy Principles of the Privacy Act, as well as the specific requirements of those policies.
Councils are obviously aware that privacy issues do not just relate to the use of CCTV cameras as discussed above. Councils need to consider the privacy implications of data retention of its residents’ and ratepayers’ personal information and the subsequent use of that information.
Councils are operating in a commercial landscape where technological advances are allowing councils to function in a more innovative and efficient ways. As such, councils need to be wary of how information is held and used in relation to software, programs and networks. In the past we have advised the Local Government Association (LGA) and a number of councils on the appropriateness and involved risks of data being held in foreign countries.
With the launch of SA Connected, the State’s ICT Strategy, which was recently released for consultation (see here), and a general movement towards open data (see for example, the US Government’s recent statement here), government is being encouraged to make anonymised data available to entrepreneurs and innovators with a view to having those people use the data for the public good.
For example, the LGA is currently involved with many councils in the Unleashed competition, the Adelaide node of the federal GovHack initiative, to promote and encourage digital entrepreneurs to develop innovative programs and applications using government data to bring long term benefits to the community. To facilitate the competition, adequate data protection has been sought through licensing arrangements.
To keep up with the commercial environment they operate in; councils need to consider the privacy issues associated with holding and using ratepayers’ personal information and ensuring that appropriate consents and documentation are in place to comply with their privacy policies and procedures.