The insurance industry has cautioned against making changes to the Privacy Act in a submission to an issues paper seeking feedback on whether the scope of the legislation and its enforcement mechanisms remain fit for purpose in the digital age.

The submission from the Insurance Council of Australia (ICA) to the Attorney-General’s Department says the industry is comfortable with Section 2A of the legislation setting out the objects of privacy protection of individuals.

“These recognise that the protection of the privacy of individuals needs to be balanced with the ability for businesses to carry on their legitimate activities,” ICA says.

“Members are bound by the Australian Privacy Principles and take active steps to ensure compliance and recognise their importance in upholding robust privacy protections for consumers.”

ICA says its members are concerned about the implications of introducing a requirement for an express notice to be given when collecting personal information. Presently information collected by insurers is limited so that they may only deliver products or services that are requested by consumers.

“The purpose of information collection in insurance is not for large scale aggregation purposes by advertisers,” ICA says. “The current framework allows insurers to collect, use and disclose information where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim.”

There are already a number of appropriate, written notifications to consumers when collecting information to provide insurance products.

ICA says introducing a specific “notice of collection” may have the opposite impact intended.

“Given that consumers already receive many disclosures and notices regarding insurance, providing additional ones may result in confusion and/or refusal to properly read and understand the information supplied,” ICA warned.

On whether a statutory tort for invasions of privacy is needed, ICA says its members are wary of the likely fallout should such a measure be introduced. A tort has the potential to increase the risk policyholders’ exposure to public liability claims in particular.

“Insurers would need to reflect the greater risk they were taking on, by either specifically excluding the tort from coverage or re-evaluating the price of insurance products,” ICA says. “If a statutory tort is introduced, it should be confined to intentional or reckless invasions of privacy.”

Consumer advocates say they support the introduction of a statutory tort for serious invasions of privacy. They say such a measure will protect consumers whose claims are being investigated by insurers.

“In insurance claims handling, assessment and investigation practices have a significant impact upon consumers,” the joint submission from the Financial Rights Legal Centre, Consumer Action Law Centre and Financial Counselling Australia says.

“Without a statutory action for invasion of privacy any person can without your consent take photographs, still pictures and videography of you in a public place.”

The Government is reviewing the Privacy Act in response to the Australian Competition and Consumer Commission’s Digital Platforms Inquiry final report, which was released last year.

The review will consider issues and recommendations made in the final report, including whether a statutory tort for serious invasions of privacy should be introduced, and whether the Privacy Act should include a “right to erasure”.

The issues paper outlines the current law and seeks feedback on potential issues relevant to reform. A discussion paper will be released in early 2021, seeking more specific feedback on preliminary outcomes, including any possible options for reform.

Click here for the issues paper.