The biggest review to date of Australia's privacy laws has recommended the federal government consider legislating over the top of the states, and finds the current legal situation to be inconsistent, fails in its objectives and negatively impacts on business efficiency.
Handed down by Federal Privacy Commissioner Karen Curtis, the wide-ranging review into private sector provisions of Australia's federal Privacy Act finds current federal privacy laws have not achieved their objective of establishing a "single comprehensive national scheme for the protection of personal information".
"The lack of national consistency contributes significantly to the costs imposed on business," the report says.
Spanning technology-intensive areas including health information, workplace surveillance and direct marketing, the 356-page document contains 85 recommendations.
On health, the privacy commissioner believes the federal government should consider going it alone on health information legislation if states fail to agree on two national schemes governing the transfer of patient information (identifiers and client information) and health records between health service providers.
Specifically, the report recommends that, should the states refuse to play ball, the federal government consider adopting both the National Health Privacy Code and the Health Ministers' Advisory Council code as schedules to the current Privacy Act.
The recommendations have major implications for all health IT players as they directly impact on the way health information is handled and transferred between state, federal and private sector organizations and agencies.
On the acrimonious issue of workplace surveillance legislation - currently decided by the states - the Privacy Commissioner appears to have a similar frame of mind, but has stopped short of exploring legislation to override existing state industrial relations and workplace powers.
"The Australian government should consider setting in place mechanisms to address inconsistencies that have come about, or will come about, as a result of exemptions in the Privacy Act, for example, in the area of workplace surveillance", states one recommendation on achieving "national consistency".
Tellingly, the report also says the "lack of clarity leaves the way open to a state or territory to pass its own laws on the ground that there is no constitutional barrier to doing so", an effective admission that the current Privacy Act is incapable of overriding existing state industrial powers.
NSW has already put workplace surveillance legislation before its parliament, with Victoria, Queensland and other states opting to wait for the findings of the current privacy review before deciding whether to follow suit.
At the same time, Prime Minister John Howard has taken personal control of the federal government's bid to wrest industrial relations powers (which cover workplace surveillance) from the states under the Corporations Act.
Howard is expected to reveal the his new industrial relations agenda at the Council of Australian Governments meeting on June 3, having previously cancelled the last three meetings between federal and state industrial relations ministers.