Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

A new approach to information sharing - our Trusted Sharing Consultancy Service John Edwards
20 December 2016

our services

For 20 years, I practiced law offering, among other things, a specialty in “information and privacy law”. Clients would come to me and say “we are thinking about doing X; Is that allowed under the Privacy Act?” My response was almost always “don’t ask me if you can do X, ask me how can we do X”.

The Privacy Act is a much more enabling statute than many realise. Its information privacy principles are expressed in general terms, meaning many projects or initiatives can be structured in ways that are consistent with them. If they can’t be, there are a range of other options for managing the risk of a breach, or for making something that might otherwise be unlawful, lawful.

The generality of the information privacy principles, while providing flexibility and the benefit of being technology neutral, also introduces uncertainty.

Helping with uncertainty

Uncertainty in law can provoke unnecessary risk aversion, meaning worthwhile initiatives or ideas stay on the shelf out of misguided concern they might breach the Act.

Here at the Office of the Privacy Commissioner, we have self-identified as “regulators”. And that does describe part of what we do. We investigate and resolve disputes, we are a gatekeeper for the Human Rights Review Tribunal, and we even write laws, in the form of codes of practice.

In the past, this has lead to a reluctance to go out on a limb and give legal advice.  For many years interactions with the Office began with the caveat “we can’t give legal advice ….. but … [*gives legal advice*].

Lawyers specialising in privacy

On coming into the Office, I was puzzled by this approach. We have more lawyers specialising in privacy than anywhere else in the country. We do privacy law every single day. It’s just about all we do. Why wouldn’t we actively market that service? Not only that, I have a statutory duty to “provide advice to a Minister or an agency on any matter relevant to the operation of the Privacy Act”.

Earlier this year, we launched the Advisory Opinions policy. Under that policy, we will commit to a position where an agency is uncertain about how the law applies to their proposal.

Putting aside the regulatory hat

Today we are launching another initiative to assist with uncertainty, the Trusted Sharing Consultancy Service.

We chose that name to reflect a “service”, and “consultancy” model and to get us away from the regulatory hat that many in the sector are familiar with.

The service will help agencies understand their information sharing needs, and design business processes that meet their needs, foster trust, and maintain individual autonomy.

I have recruited a senior consultant, and have redeployed senior staff to make this initiative a top priority for 2017. We’ve got a whole lot of initiatives to get on with already, but we look forward to hearing from you about your projects, and how we might be able to help.  


, ,



No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.