• forIndividuals
  • forBusiness
  • forCommunity
search
About usFact sheetsPrimary legislationWhat's new?
DictionaryTeachingContact usSite mapLinks
click to go home


Our Fact Sheets provide a detailed account of 29 areas of law as they apply to the Internet

Fact Sheets



IIA releases draft Cybercrime Code of Practice in July 2003

Privacy

Updated as at 01/01/2002 ('(e) Spamming' updated 23/09/04)

1. What is privacy?

Privacy may be defined as the claim of individuals, groups or institutions to determine when, how and to what extent information about them is communicated to others. (1) Privacy is your right to control what happens with personal information about you.

In Australia there is no general right to privacy. Some protection is afforded through the operation of certain Federal and State legislation, together with the law of contract, tort and confidential information.

2. Privacy and the internet

The use of the internet can affect the privacy rights a person has in his or her identity or personal data. Internet use and transactions generate a large amount of personal information which provide insights into your personality and interests.

Privacy issues relating to identity include the possible appropriation of a person’s email identity and address. Ease of access to and the appropriation of email addresses has led to the practice of sending vast amounts of unsolicited e-mails (known as spamming). Identification through email and website transactions and the ability to locate people’s physical addresses easily through national and international directories have raised new privacy concerns.

Privacy issues relating to personal data arise from insecure electronic transmissions, data trails and logs of email messages, online transactions and the tracking of web pages visited. Privacy invasion issues arise from data matching (the process of wholesale cross checking of data from one source against another source such as tax and social security data) and personal profile extraction processes which use this data alone or in combination with other publicly available data.

3. Role of Privacy Commissioners

Privacy Commissioners exist federally,in NSW and Victoria but currently not in other states.

Privacy Commissioners have certain responsibilities under the relevant Commonwealth and state Privacy Acts. One of their functions is handling complaints by individuals who feel their privacy rights may have been breached.

4. Public sector Commonwealth legislation

The Privacy Act 1988 (Cth)(Act) embodies 11 Information Privacy Principles (IPPs). Federal and ACT government departments and agencies must comply with these principles. The IPPs deal with the collection, solicitation, storage, security, access, alteration, and use and disclosure of personal information.

Personal Information is defined as:

Information or an opinion (including information or an opinion forming part of a database) whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Despite this definition in the Privacy Act, it is not always clear what is ‘personal information’. The general principle is that any information about an individual whose identity is apparent, or can reasonably be ascertained from the information, is ‘personal information’.

Where it is possible for information that is not personally identifiable to be easily correlated with information that is personally identifiable, the original information may be viewed as personal information.

For example, the Privacy Commissioner may judge an ISP to be in possession of personal information, if that ISP collects information about web-sites visited by a subscriber. Although the information by itself is not identifiable of an individual, it may be easily correlated with other information initially supplied to the ISP by the subscriber to enable the persons identity to be established.

Private sector business must comply with the Act as follows:

* credit providers and credit-reporting agencies must comply with credit reporting rules in the Act and in the legally binding code of conduct dealing with credit rating information of individuals;

* all organisations that store and use tax file number information must comply with tax file number guidelines issued by the Privacy Commissioner. (2)

5. Private sector Commonwealth legislation

The Privacy Amendment (Private Sector) Act 2000 (Cth) (PSA) takes effect from 21 December 2001.

The PSA establishes ten (10) National Privacy Principles (NPPs) as the minimum privacy standards for the private sector. The NPPs differ slightly to the IPPs to reflect the different issues that operate in a commercial environment, such as provisions relating to direct marketing. The NPPs deal with the same main issues as the IPPs: the collection, use, disclosure, storage and security of information and rights to access this information.

However, the NPPs require organisations to allow individuals to deal with them anonymously provided this is lawful and practicable. For example, this would require electronic road toll systems and payphone providers to provide an anonymous payment option such as cash or prepaid cards.

With the advent of this new law directed at the private sector, the Federal Office of the Privacy Commissioner has released the National Privacy Principle Guidelines (the NPP Guidelines). The NPP Guidelines give an indication to the factors the Commissioner may take into account when handling a privacy complaint while also providing organisations with further information on how to comply with the NPP’s.

The Federal Office of the Privacy Commissioner has also released Guidelines relating to the use of Public Key Infrastructure in relation to Government handling of personal information.

See the Secure Electronic Transactions Fact Sheet.

The Commissioner has other responsibilities arising under the National Health Act 1953. In consideration of the sensitivity of health information, the Commissioner has also released Guidelines on Privacy in the Private Health Sector .

6. The National Privacy Principles

Personal information for the purposes of the NPP’s is defined under the Privacy Act as described above under the heading ‘Public sector Commonwealth legislation’.

(a) The NPPs cover:

* Fair Collection: Collection of personal information is only allowed if it is necessary for the function or activity of the organisation. Organisations must explain their information practices to individuals at the time when they collect their personal information.

The NPP Guidelines stipulate that it would not ordinarily be acceptable for an organisation to collect personal information on the condition that it may become necessary for one of its functions or activities. Other organisations that collect personal information using cookies, web bugs or other means must give a statement clearly available on their website to satisfy this NPP.

* Use and Disclosure: Personal information should generally not be used or disclosed for the purpose other than for which it is collected without the consent of the individual concerned.

This purpose is referred to as a primary purpose and is usually easily determinable. Use and disclosure of information for a secondary purpose must fall within an exception listed under this NPP.

Broadly, the secondary purpose must be something that arises in the context of the primary purpose. If the personal information is sensitive information, the use or disclosure must be directly related to the primary purpose of collection.

The use and disclosure must also be within the reasonable expectation of the individual about whom the information relates. The NPP Guidelines suggest this test is applied from a point of view of what an individual with no special knowledge of the industry or activity would expect.

* Data Quality: Organisations must take reasonable steps to ensure that personal information collected used or disclosed by them is accurate, complete and up to date.

Organisations only need to take reasonable steps to confirm the accuracy, completeness and currency of the personal information at the time they collect, use or disclose it and are not required to check the information at other times. An organisation may be obliged to correct information it holds about an individual, should that individual establish that the information is inaccurate, incomplete or out of date.

* Data Security: Organisations must take reasonable steps to protect personal information they hold, and must not hold data longer than it needs. A definition of reasonable steps will depend on the particular circumstances but may include factors such as:
- the sensitivity of the information;
- the harm likely to be caused if there was a breach of security;
- the information storage, processing and transmission procedures of the organisation; and
- the size of the organisation.

The NPP Guidelines provide an indication as to the level of appropriate protection for personal information. Physical security of the information, computer and network security, communications security and personnel security (limiting access to authorised or approved staff within an organisation) should all be considered when protecting personal information.

* Openness: Organisations must clearly express and make available their policies about how they collect, hold, use and disclose personal information.

A documented general policy setting out:
- whether an organisation is bound by the NPP’s or an approved privacy code;
- any exemptions under the Privacy Act that apply to any personal information the organisation holds; and
- a willingness to make available more information regarding the management of personal information to individuals on request
will generally be sufficient to constitute compliance with this NPP.

* Access and Correction: Organisations must provide individuals with access to information on request and the right to have that information corrected if it is not accurate, complete and up-to-date.

The NPP Guidelines suggest that organisations should take steps to ensure the individual who is seeking the information is in fact the same individual to whom the information held relates. A response time for such a request may vary depending on the complications involved, but granting access should generally not take longer than 30 days.

* Identifiers: An organisation must not adopt as its own identifier of an individual an identifier of the individual that has been assigned by:

(i) an agency (includes company and government department); or
(ii) an agent of an agency acting in its capacity as agent; or
(iii) a contracted service provider for a Commonwealth contract acting in its capacity as contracted service provider for that contract.

NB: An ABN number is exempt from this principle.

* Anonymity: Where lawful and practical, individuals must be given the option of remaining anonymous when entering into a transaction with an organisation.

* Transborder Data Flows: An organisation in Australia may transfer personal information about an individual to someone who is in a foreign country only if:

(i) the organisation reasonably believes that the recipient of the information is subject to a rule of law that effectively upholds principles for fair handling of the information that are substantially similar to the NPPs; or

(ii) the individual consents to the transfer, or broadly speaking, the transfer is for the benefit of the individual.

The NPPs do no prevent the transfer of personal information outside Australia by an organisation to another part of the same organisation, or to the individual concerned.

An organisation relying on this NPP to justify the transborder flow of data would need to show evidence of the basis on which it decided that it has met the requirements of reasonable belief under this NPP.

* Sensitive Information: Organisations must not collect sensitive information about individuals unless the individual consents, or if the organisation is required to do so by law.

Sensitive Information includes:

(i) information or an opinion about an individual’s:
* racial or ethnic origin;
* political opinions;
* membership of a political association;
* religious beliefs or affiliations;
* philosophical beliefs;
* membership of a professional or trade association;
* membership of a trade union;
* sexual preferences or practices; or
* criminal record;
that is also personal information.

(ii) health information about an individual. (3)

(b) Who does the legislation apply to? (4)

As of 21 December 2001, private sector organizations (defined to include partnerships, trusts and individuals) will be required to comply with the NPPs unless they have in place a code of practice approved by the Privacy Commissioner. The Commissioner will not register codes that provide a lower level of privacy protection than what is provided by the NPPs.

The following exemptions are available:

(i) Small business operators with an annual turnover of $3m or less. To qualify, an entity must:

* have an annual turnover of $3 million or less;
* not be related to a business with an annual turnover of greater than three million dollars;
* not provide a health service and hold health records;
* not disclose personal information about an individual for a benefit, service or advantage;
* not provide a benefit, service or advantage to collect personal information; or
* not be a contracted service provider for a Commonwealth contract (even if the entity is not a party to the contract).

(ii) Acts done or practices engaged in by media organizations ‘in the course of journalism’.

This phrase is not defined and is intended to apply to all media regardless of its mode and method of delivery. Internet news site providers will be exempt from the legislation.

(iii) Employee records where the organisation is or has been an employer of the individual in question and the act or practice is directly related:

* to a current or former employment relationship between the employer and the individual, and

* is an employee record held by the organisation and relating to the individual.

Employee record is defined and includes health information, personal and emergency contact details, the employee’s membership of a professional or trade association or trade union membership and the employee’s taxation, banking or superannuation affairs. This appears to be a subset of the items that might exist on an employee’s employment record. Great care should thus still be taken with employee records.

(iv) Acts and practices of organisations performed in relation to a contract with a State or Territory instrumentality where that contract involves handling personal information. Such acts and practices will be covered by State or Territory privacy standards (see below).

(v) Various further exemptions exist for members of Parliament and others in relation to practices relating to elections or referendums.

(c) Complaints and Enforcement

Complaints about infringements of privacy rights can be made to the Privacy Commissioner who has discretion to investigate or take other action.

The remedies available under the Commonwealth Privacy Act vary significantly from those in the various State jurisdictions.

The Privacy Commissioner has the power to

* investigate a complaint made to the Privacy Commissioner;
* investigate a complaint that a code adjudicator has referred to the Privacy Commissioner;
* to hear appeals from a decision of a code adjudicator;
* investigate all complaints made about a federal Government contractor;
* investigate an act or practice that may be a breach of privacy (even if no complaint has been made);
* seek an injunction from the Federal Court to restrain or prohibit a person from engaging in conduct that does or would breaching the Privacy Act. No undertaking as to damages is required if application is made by the Commissioner;
* make a determination that the complainant is entitled to a specified amount by way of compensation for any loss or damage suffered by reason of the breach of privacy.(5)(6)

No appeal to a court or tribunal on the merits is available from decision of the Privacy Commissioner.

7. Other Commonwealth laws concerning privacy

The Commonwealth Spent Convictions Scheme came into force on 30 June 1990 under the Crimes Act 1914 (Cth). (7) The scheme entitles a person to not disclose (if requested) certain criminal convictions after ten years (or five years in the case of juvenile offenders) and provides protection against unauthorised use and disclosure of this information. It covers minor convictions for federal, state and foreign offences. The protection varies according to the type of offence. The scheme covers pardons and quashed convictions.

Data Matching Program (Assistance and Tax) Act 1990 (Cth) regulates the way tax file numbers are used in matching data held by the Australian Tax Office with data supplied by applicants for social security benefits and other forms of financial assistance.

The National Health Act 1953, under which the Commissioner is required to issue guidelines covering the storage, use, disclosure and retention of individuals’ claims information under the Pharmaceutical Benefits Scheme and the Medicare program. The privacy of telecommunications is regulated by the Telecommunications Act 1997 (Cth) and the Telecommunications Interception Act 1979 (Cth) .

See the Telecommunications Fact Sheet .

8. State and Territory privacy laws

(a) New South Wales
The Privacy and Personal Information Act 1998 (NSW) sets up the NSW Office of the Privacy Commissioner and confers on the Commissioner powers concerning research, advice and handling complaints about breaches of privacy. The NSW Information Privacy Principles (IPPs) are similar to the Federal IPPs. They apply to the NSW public sector and include an obligation for the development and implementation of Privacy Management Plans. These standards regulate the way public sector agencies deal with personal information.

The NSW Privacy Commissioner may investigate and conciliate complaints about breaches of privacy by organisations and individuals who are not public sector agencies.

In NSW there is a merits review of certain decisions of the Privacy Commissioner to the NSW Administrative Decisions Tribunal.

(b) Victoria
The Information Privacy Act 2000 (Vic) creates the office of a Privacy Commissioner in Victoria. The Commissioner may undertake research and monitor developments in data processing and computer technology (including data matching and data linkage) to ensure any adverse effects on personal privacy are minimised. The Act sets out its own set of ten(10) Information Privacy Principles. These are almost identical to the federal NPPs which apply to the private sector but in Victoria apply only to the public sector.

An individual or organisation whose interests are affected by a decision of the Privacy Commissioner to serve a compliance notice may apply to the Victorian Civil and Administrative Tribunal for review of the decision.

The Surveillance Devices Act 1999 (Vic) regulates data surveillance devices.

A ‘data surveillance device’ is any device capable of being used to record or monitor the input of information into or the output of information from a computer, but does not include an optical surveillance device.

A law enforcement officer must not knowingly install, use or maintain a data surveillance device to record or monitor information input or output from a computer without the express or implied consent of the person on whose behalf that information is being input or output.

An exception is where the installation, use or maintenance of a data surveillance device is in accordance with a warrant, an emergency authorisation or a Commonwealth law. Where such a device is lawfully installed, it is an offence to interfere with or damage such a device.

(c) Other
There are various other State and Territory provisions which deal with listening devices, health records and credit reporting agents but these are dated and have little application to privacy issues arising on the Internet. There is however legislation regulating data surveillance devices in the Northern Territory. (8)

The Northern Territory in October 2001 also introduced a Freedom of Information and Privacy Bill into its Parliament. The Bill proproses establishing a Privacy Commissioner for the Northern Territory.

9. Other laws

The laws of nuisance and breach of confidence may sometimes be used to provide a remedy for invasions of privacy of personal information. Actions for defamation and breach of copyright may also be relevant in certain circumstances. See the Defamation, Copyright and Confidential Information Fact Sheets.

The law of nuisance may provide limited scope for protection against intrusive information collection practices. Nuisance is a remedy against unreasonable intrusion upon the enjoyment of land. Telephone harassment (9) constitutes an action in nuisance and a breach of the tort of intentional infliction of emotional distress. Automatic video surveillance of a Sydney backyard has also been held to be an actionable nuisance. (10) If email is shown to be an integral part of the enjoyment of the home (similar to the telephone) harassment by email may constitute a nuisance.

An action for breach of confidence can be used to protect personal information if the required elements of the action are present. The information imparted must be confidential and imparted in circumstances imposing an obligation of confidence. Whether a confidential relationship between an individual and an organization can be established will depend on the terms of the relationship (generally in contract). The terms of a website’s privacy policy may indicate the nature of the relationship. Confidence is not breached where the unauthorised disclosure is made in the public interest. The defence requires the court to balance the public interest in maintaining confidentiality against the public interest in disclosure.

10. US Privacy Policy

In the US the Federal Trade Commission recommended in May 2000 that websites must:

* provide consumers with clear notice about their information practices including the information they collect and the means of information collection (this includes passive data collection methods enabled by web hosts or web bugs used by third parties (such as advertisers) to track consumer preferences;
* offer consumers choice about how their personal identifying information is used beyond the use for which the information is provided;
* offer consumers access to the information about them collected by the website; and
* take reasonable steps to protect the security of the information collected from consumers.

As at December 2001 these recommendations had not found their way into law and were not enforceable.

Congress enacted the Children's Online Privacy Protection Act (COPPA) to prevent the collection of personally identifiable information from young children without their parents' consent.

The Identity Theft and Assumption Deterrence Act of 1998, makes the FTC a central clearinghouse for identity theft complaints

The FTC plays a key role in protecting privacy in the US.

While the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union (referred to below). The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self regulation.

In order to bridge these different privacy approaches and provide a streamlined means for U.S. organisations to comply with the European Union Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "safe harbor" framework. The safe harbor — approved by the EU in July of 2000 — is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. Certifying to the safe harbor will assure that EU organisations know that your company provides "adequate" privacy protection, as defined by the Directive.

11. European Union (EU) Privacy Directive

The European Union in July 1995 adopted a Directive on the protection of personal data to regulate the handling of personal information. The directive provides regulation of situations where data is transferred to non-EU countries. The basic rule is that the non-EU country receiving the data should ensure an adequate level of protection for the personal information, although a practical system of exemptions and special conditions also applies. The advantage for non-EU countries who can provide adequate protection is that the free flow of data from all EU states will be assured.

The EU has expressed concerns that the Australian privacy legislation to be introduced on 21 December 2001, does not provide adequate protection under the EU directive. The result is that Australian organisations may need to develop their own compliance with EU rules to be able to do business with EU members.

In response the Internet Industry of Australia (IIA) has drafted it’s own privacy code to be registered under the Privacy Act. Once the code has been given EU approval, Australian organisations will be able to adopt this code in order to do conduct European business.

The IIA however consider this an interim solution while government negotiations continue regarding the compliance of the NPP’s to the EU directive.

12. Non-Legislative Measures to Protect Privacy

(a)Privacy Seals

Many sites now carry a privacy seal of approval issued by an operator of an online seal program. The most widely used is http://www.truste.org/. The use of the seal on the site indicates that the operator claims to have met a series of privacy requirements that are mandated by the organisation providing the seal. In the case of TRUSTe, it signifies the site operator has agreed to comply with ongoing oversight and consumer resolution procedures based on the US Federal Trade Commission principles.

Privacy seals have no legal effect. They simply indicate to visitors that privacy representations made by a website are backed by a third party.

The Australian Direct Marketing Association (ADMA) provides a form of seal for direct marketers which indicates they are compliant with their direct marketing code. This code does not have any formal status under the private sector privacy regime.

Both the IPPs and NPPs include the principle that personal information must be properly secured by the holder of the information. Employing secure socket layer technology for transfer of any personal information would seem to meet this obligation.

See the Secure Electronic Transactions Fact Sheet for relevant laws.

(b)Privacy statements on websites

The PSA amendments to the Privacy Act 1988 (Cth) require organisations to set out their policy on personal information management in a publicly available document. Organisations must take ‘reasonable steps’ to advise any person who asks what sort of personal information it holds, for what purposes and how it collects, holds, uses and discloses that information. After 21 December 2001, every organization that collects personal information will be required to have a privacy policy. Privacy is still a key consumer concern for e-commerce. E-commerce websites should prominently display their privacy policy.

Similar to the content rating options now available in browsers, there are moves (11) to incorporate specified privacy standards into browsers to allow the rating and blocking of sites that don’t meet the particular standard set (by the user) in the browser. This would provide a significant incentive to have a ‘complying’ privacy policy on the website.

Privacy policy statements need to be accurate and reflect the actual practices of the organisation. If not, legal action may be taken under trade practices legislation for misleading and deceptive conduct. It is important not to leave out significant facts as silence can be misleading or deceptive.

(c)Anonymity Tools

Different approaches to anonymity exist. One of these is Remailers. These allow a person to keep their email address protected from disclosure by providing another path through which the message is delivered to its final destination. There are cloaking technologies such as Pretty Good Privacy or suites of software such as www.freedom.net that claim they can provide untraceable encrypted email and anonymous browsing and chat. Some of these technologies have created concern for law enforcement agencies but currently would not themselves be illegal in Australia.

(d)Cookies

A cookie is a record stored on a user's machine as a result of a web-server instructing a web-browser to do so. A cookie indicates to the website server what parts of the website are visited. A cookie itself is unlikely to contain personal information but can be used to build up a profile of the user. Cookies facilitate the speed of access to sites on subsequent visits and are widely used.

E-Businesses that send cookies from their web-sites, are advised to include a statement to this effect in their privacy policy.

Unless a browser is set to disable cookies or prompt the user that cookies are being downloaded onto their machine, the user will be unaware this is occurring.(12) In the absence of such a setting there is an intrusion into the computer that is connected to the Internet. The cookie remains on the hard drive of the computer.

Any unprivileged interference with a chattel in possession of another, provided the injury is direct and immediate (rather than consequential) is a trespass.(13) The storage of cookies on the hard drive may constitute trespass to a chattel. This remedy is unlikely to be granted by a court as an easy 'self-help' remedy exists and the storage of cookies on a hard drive is unlikely to constitute damage from the loss of use of a non-profit earning chattel.(14)

Another option may be an action for misleading and deceptive conduct under the trade practices legislation for those sites that do not indicate on their home page they use cookies.

(e)Spamming

New Australian legislation relating to spam - the Spam Act 2003 - came into effect on 10 April 2004. It is now illegal to send, or cause to be sent, 'unsolicited commercial electronic messages'. The Spam Act is enforced by the Australian Communications Authority (ACA). For information on spam laws, spam reduction, internet security tips and how to report spam, visit www.spam.aca.gov.au.

NPP 1 provides that personal information collected must be necessary for one or more of an organisation's functions or activities, must be collected only by lawful and fair means and not in an unreasonably intrusive way, and organisations must explain to customers how they intend to use their information. NPP2 states that an organisation can send a direct marketing communication to an individual without their consent:

* if it was not practicable to obtain consent at the time when their personal information was first collected, and
* provided the individual is given the opportunity to opt out of further communications.

An important issue relating to spamming is how high the bar will be set in terms of what is practicable for organisations in obtaining consent from individuals for the use of their personal information for direct marketing purposes.

The Internet Industry Association Code of Practice encourages Internet Service Providers to block incoming bulk postings from non-subscribers.

Self help remedies including blocking particular incoming email addresses. Most email software has an option to do this in the 'Mail Preferences' tag or equivalent.

(f)Medical Records

As Federal and State governments move towards systems of electronic health records it is likely several states will implement specific health privacy legislation covering the handling of health information in electronic records in public and private sectors. The Health Records Bill 2000 (Vic) is expected to be passed in 2001, and the New South Wales Government recently announced it would introduce state health privacy legislation in an effort to ensure confidence in electronic health records.

(g)Chat rooms

Chat rooms are places where real time conversation takes place in a text mode. Chat rooms are usually public although private chat rooms are offered on some sites. Most people use pseudonyms and so real identity is not apparent. If you make your real identity or your email address known in a public or private chatroom, then another person who chooses to enter the chatroom may gain access to this personal information. Also, records of 'real time' conversations remain accessible by others for quite some time after the conversation took place.



Other relevant Fact Sheets:

Sources of Law
Privacy Act 1988 (Cth) (Act)
Privacy Amendment (Private Sector) Act 2000 (Cth)
Crimes Act 1914 (Cth)
Data Matching Program (Assistance and Tax) Act 1990 (Cth)
Spam Act 2003
Telecommunications Act 1997 (Cth)
Telecommunications Interception Act 1979 (Cth)
The Privacy and Personal Information Act 1998 (NSW)
The Information Privacy Act 2000 (Vic)
The Surveillance Devices Act 1999 (Vic)

See generally the Office of the Federal Privacy Commissioner at http://www.privacy.gov.au

Private sector privacy legislation can be found at http://www.privacy.gov.au/news/pab.html


End Notes
1. Westin AF, Privacy and Freedom (New York: Atheneum, 1967), 7

2. Issued under section 17 of the Privacy Act 1988.

3. The NPPs can be found at www.privacy.gov.au/news/pab.html

4. For an information paper on this Act prepared by the Attorney-General’s department see www.law.gov.au/privacy/royalinfo.html.

5.and 6. Sections 52(1) and 55A Privacy Act 1988.
The loss or damage includes injury to the complainant’s feelings or humiliation suffered by the complainant (5). Whilst such a determination of the Commissioner is not binding or conclusive between any of the persons involved, the complainant or the Commissioner may subsequently initiate proceedings in the Federal Court to obtain an order enforcing the determination.)

7. See Part VIIC

8. Surveillance Devices Act 2000 (NT)

9. Khorasandjian v Bush[1993] 3WLR 476

10. Raciti v Hughes [1995] Supreme Court of NSW, unreported 19 Oct 1995, Young J.

11. The Platform for Privacy Practices (P3P) is being developed by the World Wide Web consortium (W3W) in the US. ZD Net News reported on 22 June 2000 that Microsoft will use the protocol in its next version of Windows.

12. In browser Internet Explorer 5, see Internet Options/Security/Internet/Custom Level/Cookies

13. John G Fleming, The Law of Torts, Ninth Edition (1998) p 58.

14. Halsburys Laws of Australia – Damages to goods.



"For a successful technology, reality must take precedence over public relations, for nature cannot be fooled", Richard Feynman
FactSheets/