|
|
[Home] [Databases] [Search] [Feedback] [Help] | |
Privacy Law Resources |
Industry wide privacy codes can take many forms. As mentioned above, in New Zealand codes of practice are negotiated between the Privacy Commissioner and industry representatives. Although based on the information privacy principles contained in the Privacy Act, the codes can be customised to meet the particular needs of industries and professions while maintaining an acceptable level of privacy for individuals.
Industry wide privacy codes do not necessarily have to be initiated by a government agency or privacy organisation. There is nothing to prevent an industry from choosing to adopt a position on privacy itself, and there are numerous models to follow.
In Australia, in the lead up to privatisation of the telecommunications industry, attempts have been made to develop policy on privacy protection within that industry itself. This initiative will complement the work of federal and state privacy organisations, and will also bring together people with specific telecommunications expertise. The Telecommunications Privacy Committee established by the Australian Telecommunications Authority (AUSTEL) has been in operation for less than a year, so it is difficult at this stage to assess the effectiveness of this approach.
Developing a code for the smart card industry in Australia presents a number of difficulties. The industry must itself have the initiative to develop the code, and there is no exact definition of who or what the smart card industry is. Should it include banks? Should it include telecommunications carriers? No-one is really sure what future shape the industry will take on. In addition, the development of an industry code requires the co-operation of the smart card promoters. As yet, there is little evidence that the smart card promoters competing for business in Australia have the necessary will to co-operate in the development of such a code.
One example of an industry wide code of practice, which includes some provisions relating to privacy protection, is the Australian EFT (electronic funds transfer) Code of Conduct. The EFT Code of Conduct may prove to be a useful starting point for the development of a code for the smart card industry, especially for stored value cards and multi-function cards.
The EFT Code is well established. It is reviewed regularly by the Trade Practices Commission and the Treasury, and in the current review attention is being paid to the application of the Code to new technologies.
The pace of development of new electronic funds transfer technologies and applications has been rapid in recent years. However, most of the proposed and existing new technologies are not covered by the current version of the EFT Code.
The Code's coverage is limited to:
"Transactions intended to be initiated by an individual through an electronic terminal by the combined use of an EFT plastic card and a personal identification number (PIN). "
Technology has now developed to a stage where it is not uncommon for individuals to be able to transfer value electronically without using both a card and a PIN.
This is recognised in recommendation 9.1 of the interim report of the working party reviewing the EFT Code:
"A federal government working party should be immediately established to consider, in consultation with appropriate consumer and industry representatives, the real and potential impact of new technologies that allow a consumer to transfer funds electronically, but do not require both a card and a PIN to effect the transaction.
The working group should assess the potential consumer problems from these new technologies and propose either appropriate changes to the EFT Code to accommodate these new technologies or develop a separate mechanism covering new technologies." 48
The EFT Code of Conduct may have a number of faults, in that membership is voluntary and the provisions of the code are difficult to enforce. However, through regular review and amendment of the Code, improvements can be made.
If smart card technology could be added to the Code, or if a similar code could be developed specifically for smart cards, this would provide the second "layer" necessary for privacy and consumer protection in the regulation of smart card systems. This code, which would have a greater emphasis on consumer protection, and would sit well along-side a privacy code developed under privacy and data protection legislation, as discussed above.