Energy Council | - Advice on Privacy for the National … · Web viewFor the purpose of this report, Smart meters are meters that are consistent with the approved minimum smart meter

document.docxSeed Advisory Pty Ltd (ACN 134 085 886) www.seedadvisory.com.au

Seed Advisory

Advice on Privacy for the National Smart Metering Program: Consultation Draft

Draft Report for the Energy Market Reform Working Group

18 May 2023


Contents

1. EXECUTIVE SUMMARY....................................................................................... 4

1.1. Introduction..................................................................................................................... 4

1.2. Key findings..................................................................................................................... 5

1.3 Key recommendations...................................................................................................... 7

1.4 High level implementation plan........................................................................................8

2. INTRODUCTION................................................................................................ 12

2.1. Background.................................................................................................................... 12

2.2 Scope of work................................................................................................................ 13

2.3 Our approach to the analysis..........................................................................................16

2.4 Summary of Lockstep recommendations........................................................................20

3 LEGAL ANALYSIS............................................................................................... 24

3.1 Overview of privacy legislation in Australia.....................................................................24

3.2 Summary of key changes to the National Privacy Act......................................................25

3.3 Overview of jurisdictional specific privacy legislation and regulations.............................26

3.4 Implications of changes to the federal Privacy Act and jurisdictional privacy legislation. .28

3.5 Overview of relevant energy market rules and regulations.............................................33

3.6 Implications of energy market rules and regulations.......................................................34

3.7 Summary........................................................................................................................ 45

4 COMMERCIAL ANALYSIS................................................................................. 47

4.1 Our considerations......................................................................................................... 47

4.2 Uses of metering data....................................................................................................50

4.3 Differentiating between possible suppliers: competitive effects......................................67

4.4 Summary and recommendations....................................................................................72

1


4.5 Implications for implementing Lockstep’s recommendations..........................................76

5 RECOMMENDATIONS......................................................................................83

5.1 Key recommendations....................................................................................................87

5.2 Next steps/implementation............................................................................................89

A. REFERENCES...................................................................................................... 90

Privacy legislation and regulation.............................................................................................90

Energy industry rules and regulatory instruments.....................................................................90

Government and regulatory reports and papers.......................................................................93

Consultant reports.................................................................................................................... 93

B. AUSTRALIAN PRIVACY PRINCIPLES...........................................................94

Part 1—Consideration of personal information privacy.............................................................94

Part 2—Collection of personal information...............................................................................95

Part 3—Dealing with personal information...............................................................................98

Part 4—Integrity of personal information...............................................................................103

Part 5—Access to, and correction of, personal information.....................................................104

C. COMPARISON OF APPS TO NPPS...............................................................108

D. DETAILED ANALYSIS OF ENERGY MARKET REGULATIONS..............160

NATIONAL (NEM JURISDICTIONS ONLY)..................................................................................161

SOUTH AUSTRALIA................................................................................................................. 171

NEW SOUTH WALES................................................................................................................ 189

QUEENSLAND......................................................................................................................... 200

AUSTRALIAN CAPITAL TERRITORY...........................................................................................204

TASMANIA............................................................................................................................. 211

VICTORIA................................................................................................................................ 213

WESTERN AUSTRALIA.............................................................................................................228

2


E. COMPARISON OF NER (7.7(A) AND 8.6) TO WA EQUIVALENTS......241

Authors: This report was written by Seed Advisory Pty Ltd and Etrog Consulting Pty Ltd with input from Johnson Winter and Slattery.

3


1. Executive Summary

1.1. Introduction

1.1.1 BackgroundIn December 2007, the Ministerial Council on Energy (“MCE”), now the Standing Council on Energy and Resources (“SCER”), committed to work with stakeholders and the appropriate jurisdictional authorities to review the appropriateness of customer protection and safety arrangements and ensure they remain appropriate where smart meters1 are rolled out. Consistent with this commitment, SCER is currently developing a national framework to support the roll-out and use of smart meters.

In 2011, as part of its Advanced Metering Infrastructure program review, the Victorian Government commissioned an assessment of the application of privacy regulations for smart metering infrastructure. The assessment undertaken by Lockstep (“the Lockstep Report” or “the Report”) found that privacy controls are relatively strong in the electricity industry and therefore likewise in the smart meter program, with metering data suitably protected2. However, the Report concluded that there were areas where regulatory requirements should be strengthened and consumers should be better informed as to how their data is kept secure.

The Lockstep assessment took into account the National Privacy Principles (“NPPs”), Victorian regulation and the confidentiality provisions in the National Electricity Rules (“NER”) all as at 2011, and was informed by interviews with industry participants and the submissions to the Victorian Government’s review of its Advanced Metering Infrastructure (“AMI”) program. The scope of the assessment excluded a consideration of the adequacy of national privacy legislation, any proposed changes to national privacy legislation, the privacy legislation in States and Territories other than Victoria and, whether there are other relevant issues in the National Electricity Law and Rules.

Since the Lockstep Report was prepared, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (“Amending Act”) was passed by the federal Parliament on 29 November 2012 and will become effective in March 2014. The Amending Act implements the Government’s first stage response to the Australian Law Reform Commission’s Report into Privacy. The Amending Act contains the Australian Privacy Principles (“APPs”) as Schedule 1. The APPs will replace the Information Privacy Principles (“IPPs”) and NPPs as a single set of privacy principles applicable to government agencies and private organisations (APP entities).

As part of its work program, the Energy Market Reform Working Group (“EMRWG”) is currently considering whether the findings and recommendations from the Victorian assessment are generally applicable nationally and warrant consideration for broad application. The EMRWG is seeking to answer: whether there are any material differences in jurisdictional privacy legislation that impact on the applicability of the

1 For the purpose of this report, Smart meters are meters that are consistent with the approved minimum smart meter functionality requirements.2 The Lockstep Privacy Impact Assessment Report, Version 1.2, August 2011

4


Victorian recommendations to other jurisdictions3; the ability to implement the recommendations as part of national energy regulation; and on any adverse outcomes that may occur due to interactions with the energy laws.

1.2. Key findings

1.2.1 Changes to the Privacy Act and differences in jurisdictional privacy legislationWe have compared the NPPs on which the Lockstep recommendations are based with the APPs and the relevant privacy instrument in each jurisdiction (see Section 3.3 for details on the instruments considered). As a result, we have not identified any inconsistency between the APPs or State and Territory privacy legislation and the NPPs that would render the recommendations of the Lockstep Report incompatible with the APPs or State and Territory privacy legislation. Some aspect of the recommendations will need some fine-tuning in order to ensure compliance with the APPs (see Section 3.4.2).

The changes to the Privacy Act passed in late 2012 by the Australian Parliament would not change the practical effect of the recommendations. By adopting the precautionary approach and considering all metering data as personal information (see the discussion in Section 3.4), Lockstep anticipates the requirements of the Amending Act, in particular in view of the new definition of personal information and the possible application of the APPs to metering data. Lockstep recommended considering all interval metering information as personal information within the meaning of the Privacy Act even though interval metering data might technically not qualify as personal information in all circumstances (see Section 3). Lockstep’s approach recommending that individuals should provide express consent to any use for secondary purposes of their personal information is also consistent with the APPs and State privacy legislation, which provide that consent constitutes an exception to the general prohibition against use and disclosure of personal information for secondary purposes. The APPs, however, do not require express consent.

1.2.2 Jurisdictional coverageThe extension of State and Territory privacy legislation to electricity market participants depends on the precise language of the relevant State or Territory legislation, as well as the corporate form of the entity being considered. Corporations, federal government agencies and, following the ACT’s approach to privacy obligations, ACT government agencies will be covered by the APPs. State specific requirements cover other entities, including state owned corporations and agencies. However, where the state owned entity in question is a registered market participant in the electricity market, its management of metering data is required to meet the requirements of national energy legislation, which Lockstep concluded was appropriate. The issues associated with coverage are discussed in greater detail in Section 3.3. Our scope of work does not extend to the assessment of the coverage of individual state owned entities.

3 Subject to specific limitations in the case of Western Australia and the Northern Territory: see Section 2.2.1.

5


1.2.3 The ability to implement the recommendations as part of national regulationThe Lockstep recommendations can mostly operate consistently with existing federal privacy law and jurisdictional legislation, including national energy legislation, although in respect of Recommendation 4, the proposed Opt-In model for all “secondary uses”, which requires explicit consent for each proposed secondary use, the Lockstep recommendations are more onerous than the requirements of existing or proposed federal privacy law.

1.2.4 Any adverse outcomes that may occur due to interactions with the energy laws and commercial practicesSpecifically in the context of their interaction with energy laws, in a small number of important areas, the Lockstep recommendations may have adverse impacts or unintended consequences. In particular: the proposed definition of the primary purpose for interval metering data is

inconsistent with some identified national and State energy laws and regulations and may be inconsistent with other instruments not reviewed; and

the Opt-In model is inconsistent with some jurisdictional energy regulations.

These inconsistencies would be required to be identified, assessed and addressed, potentially by widespread changes to energy laws. In addition, we have identified some issues where the issue is not one of strict legal compliance but whether the associated recommendation is in all circumstances practicable; that is, what the appropriate instrument for achieving the recommended outcome should be and, in some cases, whether the coverage of energy laws and regulations can be extended to achieve the desired objective.

In building on the legal analysis to consider the commercial implications of the recommendations, we have considered: Customers’ concerns and customer protection issues relating to the potential uses of

interval metering data by energy market participants and third parties. The high level benefits and costs likely to be associated with the options we identify.

― As a starting point for our analysis, we have adopted SCER’s catalogue of the benefits of interval metering, that is: enabling consumers to make more informed choices and better manage their electricity use and greenhouse gas emissions; reducing demand for peak power with potential infrastructure savings; and, driving efficiency and innovation in electricity business operations and retail market competition and, considered the potential for affecting the extent of the benefits to be achieved on a qualitative basis only.

― In relying on previous studies of the benefits of interval metering data, we have looked at uses of data irrespective of whether the benefits are easily quantifiable or are in the form of “wealth transfers”. The previous studies we have relied on that consider data benefits as part of the benefits estimation in cost-benefit analysis studies include: Studies that were conducted by the Essential Services Commission and by

the Victorian Government in conjunction with the Victorian electricity supply industry, which led to the decision to roll out AMI in Victoria;

A national cost-benefit analysis undertaken for the MCE; and

6


Reviews undertaken in Victoria after rollout had commenced by Futura Consulting with additional commentary from Oakley Greenwood and by Deloitte.

The potential implications for competition and innovation, considering the party initiating the data use and the classes of possible service providers.

― In thinking about the issues raised by the party initiating the data use, our position starts from the perspective that there is no case for restricting choices that customers initiate on their own behalf. Following from this principle, the implications for competition and innovation from industry specific regulation need to be considered: to what extent are existing providers disadvantaged relative to potential providers and what is the additional cost, considered in benefits foregone, of this disadvantage?

― Possible service providers could include: existing classes of energy industry participants; potential and existing energy market service providers who may wish to access data from the energy market system which has been the subject of a scoping study by the Commonwealth, for example; and, other potential suppliers dealing directly with customers. In considering how this last group in particular in relation to industry specific regulation, issues arise relating to the ability of energy law to include this group in industry specific regulation. There are also implications for competition and the achievable benefits of interval meters.

1.3 Key recommendationsIn building on the legal analysis and the discussion in Section 4, we recommend: applying a limited industry specific privacy regime to energy market participants,

preferably through the development of common standard contract terms to cover permitted uses of metering data, that is, all agreed primary and secondary purposes of metering data;

subject to the outcome of the further analysis recommended, adopting an Opt-Out regime for the use of interval metering data in direct marketing and the marketing of load control and demand management services by distributors and retailers;

relying on the APPs for businesses falling below the threshold annual revenues required for the Privacy Act to apply; and

relying on the APPs where the customer initiates the use of the metering data.

Broadly, our recommendations are consistent with the EMWRG’s approach to third party offerings, particularly those not requiring meter access4. Our recommendations relating to classes of service provider are summarised in Table 4.10 and repeated in Table 1.2 for convenience.

We have also identified other, more minor recommendations, which are outlined in Section 5.1.1.

4 Standing Council on Energy and Resources Senior Committee of Officials’ Energy Market Reform Working Group, 2012

7


1.3.1 Summary of implications of implementing of Lockstep recommendationsIn analysing the Lockstep recommendations in the most effective and efficient manner we have categorised our assessment on a four tier scale. The table below summarises the basis of our categorisation and the recommendations within each category. We also strongly recommend implementing the awareness and education related recommendations, Recommendations 5, 10, 11 and 12. These should be implemented to provide further customer certainty and to address customer concerns arising from lack of information. The implementation of these recommendations should occur only when major issues relating to other key recommendations noted below have been addressed.

Further detail on our analysis is contained in Section 4.5.

Table 1.1: Summary of implications for implementing Lockstep recommendations by materiality – commercial perspective

Category Definition or basis Recommendation numbers

Red Intent of the recommendations should be implemented: Major issues or potential conflicts/inconsistencies identified in the approach that need to be addressed prior to considering implementing.

Recommendations 1, 2, 4, 9 and 22.

Yellow Intent of the recommendations should be implemented: Minor issues or potential conflicts/inconsistencies identified in the approach to be addressed prior to implementation.

Recommendations 15, 19 and 21.

Green Intent of the recommendations should be implemented. Minimal or no issues - only minor points of clarification and implementation level detail identified in the approach to be addressed prior to implementing the recommendations.

Recommendations 14 and 24.

White Value of implementing recommendation requires clarification, given current circumstances.

Recommendations 3, 6, 7, 8, 13, 16, 17, 18, 20 and 23.

8


Table 1.2 Summary of recommended regulatory coverage by source of the data and company turnover

Who provides the data

Turnover

<$3m per annum >$3m per annum

Customer directly Coverage by APPs5 No Yes

Recommendation No opt in to APPs or energy market specific privacy regulations required.

No additional energy market privacy related regulations required.

Rationale Consumer sovereignty Energy data not a special

case warranting more onerous treatment than that provided by APPs.

Consumer sovereignty; facilitates maximum customer choice and flexibility

APPs should provide sufficient customer protection.

Energy market participant (e.g. DB or RB), drawing on customer records

Coverage by APPs No Any third party acting as

agent for energy market participant will be subject to relevant APPs and/or state equivalents, as well as relevant energy market regulations.

Yes Any third party acting as


Recommendation Permitted uses to be specified in common customer contract terms

Subject to evaluation, may exclude certain marketing activities requiring metering data, potentially as part of direct marketing Opt-Out.

Permitted uses to be specified in common customer contract terms


Rationale Balance of market functions and risks to individual customer’s privacy.

Balance of market functions and risks to individual customer’s privacy.

Directly from the smart meter or the HAN

Coverage by APPs No Yes

Recommendation Depends on whether customer directly provides access or energy market participant utilising own access.

See comments relating to these categories above.

Depends on whether customer directly provides access or energy market participant utilising own access.

See comments relating to these categories

5 Whether an entity is actually covered by the APPs or any State or Territory privacy statute/instrument depends on the entity's status and the relevant statute/instrument. Therefore before making a definitive conclusion, it is necessary to examine each entity to determine whether the APPs or a State/Territory privacy regime apply. The turnover is not alone decisive.

9



Turnover


above. Rationale See comments relating to

the relevant categories above.

See comments relating to the relevant categories above.

Consumer energy data access system


Recommendation Again, depends on whether customer directly provides access or energy market participant utilising own access. See comments relating to these categories above.

However, regardless of If data sourced from energy market data system, user should be required to adhere to relevant energy market regulatory requirements (e.g. those requirements to be applied to this class of participants for data confidentiality, security etc.)6.

Again, depends on whether customer directly provides access or energy market participant utilising own access. See comments relating to these categories above.


Rationale Respects consumer sovereignty; provides competitive neutrality with energy market participants and ensures customer data and integrity of data security from energy market data system maintained.

Respects consumer sovereignty; provides competitive neutrality with energy market participants and ensures customer data and integrity of data security from energy market data system maintained.

Direct from the appliance (i.e. not via smart meter or HAN)


Recommendation No specific privacy regulations required.

No additional energy market specific privacy regulations required.



If sourced from appliance

Consumer sovereignty Energy data not a special



6 We have not assessed whether, however, these should be the requirements that apply to existing market participants or some other lower or higher group of requirements.7 See Footnote 59.

10



Turnover


directly also no issue with compromising security and integrity of smart meter or HAN.


1.4 High level implementation planOur four tier scale categorises the Lockstep recommendations, providing a basis for developing a high level implementation plan. In brief, we recommend the following approach to implementing the Lockstep recommendations: Address major issues – in particular the permitted uses of metering data and

coverage of existing and potential service providers. This would also include consideration of all data stored and/or created by a smart meter beyond metering data;

Address less material issues – in particular those discussed in Sections 4.5 and 5.1.1; Develop timing for implementation of remaining recommendations – once key issues

are addressed the timing for implementation can be more readily developed; and Implement relevant recommendations.

11


2. Introduction

2.1. Background

22.1

2.1.1 National Energy Policy ContextIn December 2007, the Ministerial Council on Energy (“MCE”), now called the Standing Council on Energy and Resources (“SCER”), committed to work with stakeholders and the appropriate jurisdictional authorities to review the appropriateness of customer protection and safety arrangements and ensure they remain appropriate where smart meters8 are rolled out.

Consistent with this commitment, SCER is currently developing a national framework to support the roll-out and use of smart meters. SCER sees the benefits of smart meters as: enabling consumers to make more informed choices and better manage their electricity use and greenhouse gas emissions; reducing demand for peak power with potential infrastructure savings; and, driving efficiency and innovation in electricity business operations and retail market competition.

Consumer groups, however, have raised concerns about the privacy implications of the technology and information gathered by smart meters 9. Much of the concern focuses on the uses of the data and who has access to this data, given that granular information can potentially reveal much more information about a household’s usage habits than accumulation data.

2.1.2 Victorian Privacy Impact AssessmentIn 2011, as part of its Advanced Metering Infrastructure program review, the Victorian Government commissioned an assessment of the application of privacy regulations for smart metering infrastructure. The assessment undertaken by Lockstep (“the Lockstep Report”) found that privacy controls are relatively strong in the electricity industry and therefore likewise in the smart meter program, with metering data suitably protected10.

However, the Report concluded that there are areas where regulatory requirements should be strengthened and consumers should be better informed as to how their data is kept secure. The report made 24 recommendations which are detailed in Section 2.4.1 of this report.

The Lockstep assessment took into account the National Privacy Principles, Victorian regulation and the confidentiality provisions in the National Electricity Rules (NER) all as at 2011, and was informed by interviews with industry participants and the submissions to the Victorian Government’s review of its Advanced Metering Infrastructure (“AMI”)

8 For the purpose of this report, Smart meters are meters that are consistent with the approved minimum smart meter functionality requirements.9 Submissions to the Officials’ Report on National Smart Meters Consumer Protection and Safety Review published in November 2012 highlighted these concerns.10 The Lockstep Privacy Impact Assessment Report, Version 1.2, August 2011

12


program. The scope of the assessment excluded a consideration of the adequacy of national privacy legislation, any proposed changes to national privacy legislation, the privacy legislation in States and Territories other than Victoria and, whether there are other relevant issues in the National Electricity Law and Rules.

In response to the Lockstep findings, the Victorian Government asked the Essential Services Commission of Victoria (“ESCV”) to conduct a review of the findings with a view to potentially strengthening the regulatory arrangements by providing clear guidance to businesses on what constitutes personal information and how it should be treated. At this stage the ESCV has only issued a draft report11, and no decision has been published on how best to address their draft findings and conclusions.

2.1.3 National Privacy ReformsThe Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (“Amending Act”) was passed by the federal Parliament on 29 November 2012 and will become effective in March 2014. The Amending Act implements the Government’s first stage response to the Australian Law Reform Commission’s Report into Privacy. The Amending Act contains the Australian Privacy Principles (“APPs”) as Schedule 1.

Under the current Privacy Act 1988 (Cth) (“Privacy Act”), the Information Privacy Principles (“IPPs”) govern the handling of personal information by Commonwealth government agencies. The National Privacy Principles (“NPPs”), as Schedule 3 to the Privacy Act, provide the privacy standards that all private sector organisations with a turnover in excess of $3 million/annum need to comply with in relation to personal information they collect and hold. The APPs will replace the IPPs and NPPs as a single set of privacy principles applicable to government agencies and private organisations (APP entities).

Further detail on these changes can be found in Section 3.1 and Appendices B and C.

2.1.4 National Energy Market ImplicationsAs part of its work program, the Energy Market Reform Working Group (“EMRWG”) is currently considering whether the findings and recommendations from the Victorian assessment are generally applicable nationally and warrant consideration for broad application. This is consistent with the transition from jurisdictional based regulation to nationally based regulation. The EMRWG is seeking to answer: whether there are any material differences in jurisdictional privacy legislation that impact on the applicability of the Victorian recommendations to other jurisdictions; the ability to implement the recommendations as part of national energy regulation; and, on any adverse outcomes that may occur due to interactions with the energy laws.

This report is designed to assist the EMRWG to answer these questions.

2.2 Scope of workOur scope of work was to assist the EMRWG in considering whether the findings and recommendations from the Victorian privacy assessment contained in the Lockstep Report are generally applicable nationally and warrant consideration for broad application12.

11 Essential Services Commission, 2012, Smart Meter Privacy Impact Assessment – Draft Report, May 2012

13


The EMRWG is seeking advice on: whether there are any material differences in jurisdictional privacy legislation that impact on the applicability of the Victorian recommendations to other jurisdictions; the ability to implement the recommendations as part of national energy regulation; and, on any adverse outcomes that may occur due to interactions with the energy laws.

Our scope of work and subsequent analysis was based on two key principles: All smart meter data is considered Personal Information13 as defined in the relevant

privacy regulations. This is consistent with the approach used in the Lockstep Report. We have neither validated this assumption, nor assessed the implications of changing this assumption on the Lockstep recommendations and our recommendations.

Our assessment is only focused on privacy with respect to smart meter energy consumption and production data14 covering elements such as uses, security and access to the data. Other energy sector privacy related issues have not been considered as part of this report.

Given these two key principles, our report provides: Advice on whether the Lockstep recommendations made in the privacy impact

assessment of the Victorian Advanced Metering Infrastructure program are applicable in other jurisdictions and on the implications of implementing these recommendations as part of national energy laws and rules.

Advice on any adverse outcomes due to the interaction with the energy laws should the recommendations be implemented, including:

― Whether the changes to the Privacy Act passed in late 2012 by the Australian Parliament would change the practical effect of the recommendations;

― Whether the existing federal privacy law and jurisdictional legislation, including national energy legislation, provides adequate protections in the context of smart metering and if not, what changes would need to be made to jurisdictional legislation;

― Whether any jurisdictional differences in privacy regulation would alter the applicability of the findings and recommendations of the Lockstep Report to other jurisdictions;

― Any areas where the implementation of the recommendations may have adverse impacts or unintended consequences, including due to interactions with the energy laws; and

― How the recommendations could be implemented in the most efficient and effective manner to protect consumers’ privacy and ensure that the benefits envisaged through greater availability of energy data are realised.

12 The scope of this project is national. However, there are some limitations to the scope for Western Australia and the Northern Territory which are discussed later in Section 2.2.1 of this report. 13 We have, however, not assumed that this data is considered ‘sensitive information’ as defined in the Privacy Act or the Amending Act as, on the information available to us, it does not appear that metering data would fall into this definition.14 Smart meters can generate and store various elements of information including voltage detection, connection and disconnection data and various alarms. However, for the purposes of our analysis we have focussed only on interval metering or consumption data. Our reasons for this choice are that metering data is the most useful and valuable element of information and would most likely provide the greatest privacy concerns. It is also consistent with the Lockstep approach. See also the discussion in Section 4.1.3.

14


Advice on the appropriate level of privacy regulation for third party service providers who access metering data in the course of providing their services to customers. In this regard we discuss whether interval metering data from a smart meter has any special characteristics that means the exemption for small business provided in the Privacy Act should not apply.

Views on all material uses and benefits of metering data that are needed to meet obligations under the National Electricity Law (“NEL”), National Electricity Rules (“NER”), National Energy Retail Law (“NERL”), National Energy Retail Rules (“NERR”) and any other relevant energy market legislation.

Our report and scope of work excluded the following: validating any business’s compliance with the Privacy Act and any applicable

jurisdictional privacy regulation. This report is not an assessment of the privacy practices of the electricity industry;

considering any privacy implications beyond the uses, security and access to smart meter data including elements of data beyond metering or consumption data;

modelling of costs or benefits. Our work provides qualitative views only; drafting of specific rule and/or regulation changes any changes recommended will

be at a high level only; coverage of Western Australia and Northern Territory beyond the outline below; an assessment of the adequacy of privacy protections in the context of smart

metering independently of the assessment by Lockstep. Our work was to identify jurisdictional differences to Victoria and consider how, if at all, this affects the Lockstep recommendations; and

replicating or substantially testing the work done by Lockstep. This report leverages off the work undertaken by Lockstep.

2.2.1 Western Australia and Northern Territory: Scope and AssumptionsGiven the different market structures in Western Australia (“WA”) and the Northern Territory (“NT”), we have agreed a simplified scope and approach in the coverage of these jurisdictions.

At a high level, for WA and NT our scope was to understand and document what general privacy laws apply to WA and NT retailers and distributors and the implications of these laws for the Lockstep recommendations.

For WA we also looked at some energy specific regulations. For NT we have not looked at any energy market regulations and our work is purely based on the general privacy laws and regulations.

For WA, the energy specific laws and regulations we considered were reviewed to: Confirm whether WA has similar provisions to Rule 7.7 of the National Electricity

Rules (“NER”) and the NER provisions in Chapter 8 regarding the confidentiality of metering data.

Document what energy specific privacy or confidentiality requirements relating to metering data are imposed on electricity retailers and distributors, by the following instruments15:

15 The list of instruments to review was as advised to us by the Department of Resources, Energy and Tourism.

15


― Code of Conduct for the Supply of Electricity to Small Use Customers (Electricity) – Part 10;

― Electricity Industry (Metering) Code 2012 – Clause 5.17A and Part 7;― Electricity Industry Customer Transfer Code 2004 (contestable customers only)

– Part 3;― Electricity Industry (Customer Contracts) Regulations 2005 – Regulation 19;― Electricity Industry (Wholesale Electricity Market) Regulations (the WEM Rules),

with a specific focus on Chapter 10; and― Energy Coordination Act 1994 – Part 4. The powers within this Act are broad in

nature so this has only been considered at a high level. In completing the commercial element of our analysis in Section 4 we have not considered any specific WA or NT uses of data, commercial practices or regulatory obligations. Rather we have made the simplifying assumption that the requirements of the NEL, NERL, NER and NERR and commercial practices in the National Electricity Market (“NEM”) would be appropriate proxies for these regions.

2.3 Our approach to the analysis

2.3.1 OverviewWe assessed the implications on the Lockstep recommendations from factors such as the changes to the National Privacy Act, the National Electricity Law/National Electricity Rules and privacy regulations across jurisdictions (Figure 2.1).

In completing this analysis we have summarised our findings and recommendations against each initial Lockstep recommendation by factors such as jurisdictional difference and Australian Privacy Principles. Our analysis also provides an indicative materiality rating to highlight material or potentially material issues using a low, medium and high scale.

In developing our analysis and recommendations we also considered issues such as the uses of metering data, third party service provider implications and options for effective and efficient implementation of these recommendations.

2.3.2 Key steps in our analysisOur analysis involved: Reviewing key background reports and materials – a structured review of key

documents as outlined in Appendix A, including:― the Lockstep Report;― the smart meter national minimum functionality specification;― the Smart Meter Consumer Protection and Safety Review Officials’ Paper; and― the scoping study for a consumer energy data access system.

Developing the analysis – as illustrated in Figure 2.1, the framework’s purpose is to succinctly summarise the key findings and recommendations of our analysis and to provide a view of materiality of our findings.

Legal analysis – working from the findings from the background review of the Lockstep Report and other relevant materials, we reviewed the recent Privacy Act changes including the Australian Privacy Principles, the National Energy Retail Law and Rules and the National Electricity Law and Rules, as well as any relevant jurisdictional privacy legislation.

16


This review identified initial areas where the recommendations from the Lockstep Report may present issues in specific jurisdictions and will provide the foundations and direction for the energy market and commercial analysis.

Energy market and commercial analysis – this analysis identified areas where the implementation of the Lockstep recommendations may have adverse impacts or unintended consequences, including due to interactions with the energy laws. This also covered:

― Assessing the appropriate level of privacy regulation for third party service providers who access metering data in the course of providing their services to customers including understanding if the exemption for small business provided in the Privacy Act should not apply;

― Identifying all material uses of metering data that are needed to meet obligations under the National Electricity Law, National Electricity Rules, National Energy Retail Law, National Energy Retail Rules and any other relevant legislation;

― Understanding the implications of the smart meter national minimum functionality specification; and

― Determining how the recommendations could be implemented in the most efficient and effective manner to protect consumers’ privacy and ensure that the benefits envisaged through greater availability of energy data are realised.

Recommendations development – Our final stage of work involved synthesising the legal and energy market / commercial analysis to develop a set of recommendations for the EMRWG to consider and a high level implementation plan to deliver these recommendations.

17


Figure 2.1: Overview of our analytical approach

NEL / NERImplications

NationalPrivacy Act

Changes

JurisdictionalDifferences

Lockstep Recommendations

Framework for analysis categorised by:• Lockstep Recommendation • Jurisdiction• Australian Privacy Principle• Materiality of Findings

Interdependency

Interdependency

Interdependency Third Party Service Provider Implications

Uses of Metering Data /Minimum Smart Meter

Functionality

ImplementationOptions

18


2.3.3 Definition of materialityTo assist in identifying key issues and recommendations we have categorised our findings based on a high level and simplified view of materiality. Our approach to materiality is not based on quantitative modelling or detailed analysis, nor is it meant to represent a legal perspective of the complexity of the issues associated with each recommendation. Rather it is a simple basis for classifying findings.

We have used separate bases for our legal and commercial analysis. Our definitions for each are outlined below.

2.3.3.1 Legal analysis materialityFrom the perspective of the legal analysis, strictly speaking, all issues could be deemed to be material if they result in a breach or potential breach of existing rules and regulations. We have categorised our detailed findings on a three tier scale as outlined in the table below. Where any recommendation would result in a breach of existing rules and regulations, we have either assumed it would not be implemented in the form proposed (for example, Recommendation 13) or that a change to existing rules and regulations to allow its implementation would be required (Recommendation 9). Our assessment of the Lockstep recommendations reflects these judgements16.

Table 2.3: Definition of materiality – legal analysis

Category Definition or basis

Red Major issues or potential conflicts/inconsistencies identified

Yellow Minor issues or potential conflicts/inconsistencies identified

Green Minimal or no issues - only minor points of clarification and implementation level detail identified.

2.3.3.2 Commercial analysis materialityTable 2.4: Definition of materiality – commercial analysis


Red Intent of the recommendations should be implemented: Major issues or potential conflicts/inconsistencies identified in the approach need to be addressed prior to considering implementation.


Green Intent of the recommendations should be implemented: Minimal or no issues - only minor points of clarification and implementation level detail identified in the approach to be addressed prior to implementation.


16 See the discussion in Sections 3.4.2 and 3.6.2 in relation to the assessment of individual recommendations.

19


2.4 Summary of Lockstep recommendationsThe key findings from the Lockstep Report included: the privacy controls around the usage data from the meters in the AMI program are

generally relatively strong; industry has adopted good information security standards and practices; metering data is suitably protected in transit and at rest, and is subject to

confidentiality provisions in the relevant jurisdictional and the national regulation; the security of smart meters themselves is well designed. In particular, the wireless

communications links between meters and the distribution businesses, and between meters and Home Area Networks, appear very sound and all wireless links are encrypted;

privacy and access rights could be further clarified to ensure that customers are aware of how their data is being protected and used by industry; and

smart meters will not have the same security vulnerabilities as the regular Wi-Fi that many of us have in our homes.

The Report concluded with a series of 9 critical and 15 other recommendations to be implemented. The recommendations can be categorised as follows: Data security, retention and audit – Recommendations 1, 6, 7, 8, 17 and 20; Privacy policies and notices – Recommendations 2, 3, 14 and 15; Secondary data uses, small organisations accessing data and third parties –

Recommendations 4, 16, 18, 22 and 23; Awareness campaigns and customer information provision – Recommendations 5,

10, 11 and 12; Document review and wording – Recommendations 9 and 24; Change of tenancy at premise – Recommendations 13 and 21; and Data formats – Recommendation 19.

Lockstep’s view was that none of these recommendations would require any immediate operational changes and no changes would be required in the licence conditions of any Registered Participants. Lockstep believed that, in the medium term, an Opt-In model should influence the design of business processes for activities such as HAN activation or for sharing metering data with third parties through the HAN.

2.4.1 Detailed Lockstep recommendationsThe table below details in full the 24 recommendations from the Lockstep Report. For brevity, other sections of this report will generally only refer to the relevant recommendation number and not the full text of the recommendation.

20


Table 2.5: Lockstep Recommendations

No. Lockstep Recommendation

Critical Recommendations

1 All metering data from or about residential meters should be handled throughout the AMI system in accordance with the NPPs, in order to safeguard it against potential abuse, better control future secondary usage by unregistered third party participants, and to more clearly demonstrate to customers and the public that the industry is committed to privacy.

2 Privacy Policies of Distribution Businesses and Retail Businesses should be reviewed and updated to describe each organisation’s commitment to the NPPs, including explanations of why smart metering data is collected, how it is used, under what circumstances is it disclosed and the range of regulatory and operational safeguards that protect it.

3 Even though details of how third party services and HANs will operate remain sketchy, it would be appropriate at this stage for RBs’ and DBs’ Privacy Policies to anticipate the sharing of data beyond their businesses and circumscribe access to metering data.

Note that this action should satisfy the ESC’s call for “privacy principles” to be developed before IHDs are deployed.

4 The industry should adopt and promote an Opt-In policy of not putting metering data to any secondary purposes without express customer consent.

For the avoidance of doubt, and to maximise consumers’ sense of control, such secondary uses should include even those that seem reasonably related to the primary purpose for collection, such as the provision of efficiency advice. The industry should ensure that consent to secondary uses is always freely given, is not conditional, and is never bundled into acceptance of an electricity supply contract.

The AMP Policy Committee should review any suggested exceptions to the Opt-In that might be put forward by Registered Participants, and if agreed, officially specify them.

5 A fresh awareness campaign should be mounted to improve consumers’ understanding of smart metering and privacy. The campaign should be centred on a commitment by all organisations involved in AMI to (a) complying with the NPPs in the handling of metering data, and (b) not putting metering data to any secondary use without the consumer expressly opting in.

Specific messages for consideration are provided under “Other recommendations” below.

6 As and when DBs and RBs implement new databases as part of the AMI adoption, they should take care to keep raw metering data (keyed by NMI alone) separate from all other identifiable customer records in order to mitigate against ready re-identification. In general it is essential that teams implementing, configuring and maintaining databases are fully aware of the NPPs and the broad legal definition of Personal Information, to help them avoid inadvertent privacy problems.

7 Consideration should be given to a review of the National Electricity Rules to consider (a) whether duplicate interval data really needs to be kept in triplicate at Distribution Businesses, AEMO and Registration Businesses, and (b) if it is really necessary to keep all the data at the half-hourly granular level. From a privacy perspective, some aggregation after two years would be preferable.

21



8 Consideration should be given to clarifying what meter data may be (or should be) disposed of after seven years. From a privacy perspective, unless there is a clear reason to retain fine grain interval data at each Participant, it should be destroyed, or aggregated to the greatest reasonable extent.

9 The ESC should consider reviewing the Electricity Marketing Code with a view to extending it to cover Distribution Businesses and other parties potentially making use of metering data. In particular, the Code may need to clarify a broader meaning of “marketing” beyond the formation of new retail contracts. The review should come before the possible incorporation of the Code into the NECF.

Other Recommendations

10 The recommended awareness campaign could be coordinated by a reenergised AMI Communications Working Group. The campaign might include fresh letters to householders, new FAQs and other materials that would best be defined in detail by communications professionals.

11 New messaging about smart metering privacy should probably come from government, to lend it authority and credibility, and because there is not a widespread understanding in the community of the role of electricity distributors and retailers, or even awareness of all the players. Further, the new government’s past undertakings to review the AMI program makes it logical for an appropriate Minister to lead the new messaging.

12 The awareness campaign should consider promoting the following privacy positive features of AMI: existing regulations and sanctions under the NERs, ESC and so on that protect

consumers against abuse of metering data the purpose of interval data collection how TOU pricing works the meaning of the flashing lights the policy of Recommendation 4 (to be confirmed) that all secondary uses of

metering data shall be subject to express consent how direct load control works security measures taken to protect meters, detect tampering etc. security measures taken to protect access to consumption data the absence of name and address details in transmitted metering data, which is

identified only by NMI the governance measures that control HANs and restrict access the extent to which any party can tell if a home alarm system is present the fact that all meter-to-DB communications and all HAN traffic is encrypted.

13 Processes may need to be developed, with assistance from consumer groups, for granting incoming residents access to defined aspects of past previous residents’ meter data. Technical protocols will be needed to inform DBs and to delete old meter data at some point. This action should take into account NPP 4.2 (Security: Data Retention). Some amendment to the NECF or NER may also be needed.

14 Review “Privacy Notices” provided to smart meter customers – whether they be explicit or implicit (as is often the case where passages of legal text are incorporated into other customer communications) – and ensure that the notices properly anticipate the potential secondary uses of metering information (such as providing energy efficiency advice direct to consumers, supporting third party services on an Opt-In basis and so

22



on).

15 Consider developing a common skeletal layered Privacy Notice that all organisations involved in AMI can use as a basis for their own notices, setting out the industry’s regulatory protections, the reasons and uses for smart meter data collection, and the controls that consumers have over how meter data is used.

16 Require that small Retail Businesses that might otherwise fall below the SME criterion for the Privacy Act expressly opt in to the NPPs with the Office of the Privacy Commissioner.

17 Consider industry-wide minimum security policy settings for protecting interval data against misuse, including the following possibilities: DBs should quarantine all data containing customer names from raw interval data DBs and RBs should audit log all access by users to interval data retained interval data aged between two and seven years should be subject to more

limited access rights than more recent data that might be needed to resolve billing issues.

18 In order to support future options for sending consumption and/or appliance data from Retail Businesses to third party service providers (with specific consumer consent as recommended above) a change to NER Chapter 7 should be considered.

19 In order to give consumers access to their interval data (as required by the Access & Correction Principle NPP 6), protocols should be developed for providing data in standard forms such as Excel spreadsheets.

20 In order to boost consumer confidence in the security of the system, DPI should consider commissioning an independent Threat & Risk Assessment (TRA) of any new online portals. We note that very recent regulatory developments in California have raised security standards for smart meters, with new requirements coming to conduct regular security audits.

21 Protocols will need to be developed for preventing old occupants from still having access to and/or control over the HAN after they vacate premises. Ideally, when a smart meter’s customer changes, there should be an automatic unbinding of devices from the HAN, and the access code for establishing a HAN on that meter should be changed. It may be prudent to amend the NECF or NER to legislate these measures.

22 When the BPPWG comes to develop business processes and protocols for HAN activation, it should enact the Opt-In policy of Recommendation 4 above (to be confirmed) that all secondary uses of metering data shall be subject to express consent. Further, the BPPWG should consider enforceable requirements that data is handled across all HANs in accordance with the NPPs.

23 If in future individuals within a household enter into third party contracts relating to use of smart meter data, such contracts should be signed by both the individual and the main electricity account holder.

24 The ESC should amend the wording of its decision to refer to Privacy Policies or Codes, rather than “Privacy Principles” because the latter term has a technical meaning in legislation.

23


3 Legal analysis

3.1 Overview of privacy legislation in AustraliaBoth federal and State or Territory laws govern the collection, use and disclosure of personal information by government and private sector entities. The Privacy Act 1988 (Cth) governs the collection, use and disclosure of personal

information by:― federal agencies; and― private sector organisations throughout Australia, except some small business

operators17.Under the current legislation, two sets of privacy principles apply to the different sectors: The Information Privacy Principles (“IPPs”) regulate how government agencies of the

Commonwealth and the ACT manage personal information, in particular, how and when personal information can be collected, how it should be used and disclosed, as well as storage and security of personal information. They also allow individuals to access that information and have it corrected if it is inaccurate, irrelevant, out of date, incomplete or misleading; and

The National Privacy Principles (“NPPs”) regulate how private sector organisations manage personal information. The NPPs cover the collection, use and disclosure and, secure management of personal information. They also allow individuals to access that information and have it corrected if it is inaccurate, incomplete or out of date.

After the commencement of the Amending Act in March 2014, a single set of privacy principles, the Australian Privacy Principles (“APPs”) will replace the IPPs and NPPs and will regulate how both federal agencies and Australian private sector entities manage personal information.

At a state level, the following States and Territories have legislative instruments (described in more detail below) that govern how the State’s or Territory’s public sector agencies manage personal information: Australian Capital Territory; New South Wales; Northern Territory; Queensland; South Australia; Victoria; and Tasmania.

Many instruments specify that in addition to public sector organisations or agencies, contracted services providers must comply with their rules, i.e. private sector organisations that are carrying out services for the agency under a contract for services.

3.2 Summary of key changes to the National Privacy Act17 A small business operator is an individual, body corporate, partnership, unincorporated association or trust that carries on one or more small businesses. A small business is defined as a business with a turnover of less than $3m per annum.

24


This Section outlines the key changes contained in the Amending Act. As previously discussed, the Amending Act replaces the IPPs and the NPPs with one set of principles called the Australian Privacy Principles (“APPs”) While many of the 13 APPs are based on the existing IPPs and/or NPPs, there are some notable changes, including: reference to new definitions of personal information and sensitive information. In

particular, sensitive information will include biometric information and templates. Sensitive information may not be collected except where permitted by specified exceptions, which reflect the public interest in allowing entities to perform certain functions and activities;

an obligation to manage personal information in an open and transparent way. The list of items that must be included in an APP entity’s privacy policy has been extended, and the privacy policy must be readily available;

an obligation to establish practices, procedures and systems that enable compliance with the APPs;

a general prohibition, subject to exceptions, on direct marketing; the introduction of a new privacy principle in relation to unsolicited personal

information that imposes an obligation to destroy personal information if the APP entity should not have collected the personal information; and

a new regime in relation to the cross-border disclosure of personal information.

Definition of personal information

As mentioned above, the Amending Act provides a new definition of personal information that is sufficiently flexible and technology-neutral to encompass changes in the way that information identifying an individual is collected and handled. The new definition is not intended to change significantly the scope of what is considered to be personal information. However, personal information should no longer be limited to information about an individual whose identity is apparent or can reasonably be ascertained “from the information”. The Amending Act refers to information about “an individual who is reasonably identifiable”. An individual is “reasonably identifiable” when the individual can be identified from information in the possession of an agency or organisation or from that information and other information the agency or organisation may access without unreasonable cost or difficulty.

Definition of sensitive information

The Amending Act also provides a new definition of sensitive information. In particular, sensitive information will include biometric information and templates. Sensitive information may not be collected except where permitted by specified exceptions, which reflect the public interest in allowing entities to perform certain functions and activities.

Direct marketing

APP 7 addresses direct marketing separately within a discrete principle rather than as a subset of secondary purposes (covered by APP 6), as was the case under NPP 2. Under APP 7, there remains a general prohibition against the use or disclosure of personal information for the purpose of direct marketing, which also applies to agencies engaging in commercial activities. APPs 7.2 to 7.5 state exceptions to the general prohibition, including consent from the individual coupled with the possibility for the individual to request not receiving direct marketing communications.

25


The Parliament adopted a discrete APP to deal with direct marketing because of the significant community interest about the use and disclosure of personal information for that purpose. This consideration provides support to any recommendation in the Lockstep Report that requires individuals to consent to the use or disclosure of their personal information for secondary purposes.

Cross-border disclosure of personal information

Under the current regime, the transfer of personal information by an organisation in Australia to a third party located in a foreign country is prohibited unless an exception under NPP 9 is met, for example the individual consents to the transfer or the recipient of the personal information is subject to obligations similar to those under the NPPs in relation to the handling of personal information. The new regime changes the focus from “transfer” to “disclosure” of personal information. Further, APP 8.1 removes the existing prohibition but imposes a positive obligation on APP entities to take reasonable steps, in the circumstances, before the information is disclosed to ensure the overseas recipient does not breach APPs 2-13 in relation to the information. The APP entity will be liable for breaches by the overseas recipient. Exceptions to APP 8.1 apply, such as where the individual consents to the disclosure of his or her personal information after having been informed expressly that APP 8.1 would not apply in the event of consent.

3.3 Overview of jurisdictional specific privacy legislation and regulationsThis Section outlines the key State and Territory specific privacy legislation, other than Victoria. Victoria was excluded as the Lockstep analysis was a Victorian centric analysis and our scope of work to analyse the implementation of the Lockstep recommendations across Australia in jurisdictions outside of Victoria.

We have summarised the key legislation or regulations that govern the State or Territory specific privacy requirements. In completing our analysis in Section 3.4 we have reviewed the requirements of the legislations/regulations and identified any issues these may present in implementing the Lockstep recommendations.

In summary, the extension of State and Territory privacy legislation to electricity market participants depends on the precise language of the relevant State or Territory legislation, as well as the corporate form of the entity being considered. Corporations, federal government agencies and, following the ACT’s approach to privacy obligations, ACT government agencies are covered by the APPs. State specific requirements cover other entities, including state owned corporations and agencies. However, where the state owned entity in question is a registered market participant in the electricity market, its management of metering data is required to meet the requirements of national energy legislation, which Lockstep concluded was appropriate. Our scope of work does not extend to the assessment of the coverage of individual state owned entities.

3.3.1 Australian Capital TerritoryThe Privacy Act 1988 (Cth), as amended by Schedule 3 of the Australian Capital Territory Government Service (Consequential Provisions) Act 1994 (ACT), applies to ACT government agencies. Essentially, Schedule 3 of the Australian Capital Territory Government Service (Consequential Provisions) Act 1994 provides amended definitions and special provisions relating to the application of the IPPs in relation to the ACT.

26


Given the overlap between the ACT privacy legislation and the Privacy Act our analysis for ACT only focused on the federal legislation.

3.3.2 New South Wales The Privacy and Personal Information Protection Act 1998 (NSW) (“PPIP Act”) governs the collection of personal information by NSW public sector agencies. The PPIP Act adopts Information Protection Principles as Part 2.

The PPIP Act gives powers to the NSW Privacy Commissioner to investigate and conciliate privacy breaches by organisations and individuals who are not public sector agencies.

3.3.3 QueenslandThe Information Privacy Act 2009 (Qld) (“QIP Act”) regulates the handling of personal information by Queensland government agencies. It contains 11 Information Privacy Principles as Schedule 3 that set out the way that all Queensland government agencies except Queensland Health are to handle personal information.

Schedule 2 indicates entities to which the privacy principles do not apply.

Chapter 2 (Privacy Principles), Part 4 provides for compliance with Parts 1 to 3 by contracted service providers.

3.3.4 South AustraliaSouth Australia does not have a privacy act but has issued an administrative instruction, the Cabinet administrative instruction 1/89, also known as the Information Privacy Principles Instruction, and Premier and Cabinet Circular 12 (as amended by Cabinet 18 May 2009), requiring government agencies to comply generally with a set of Information Privacy Principles. The Information Privacy Principles in Part II of the Instruction are binding on public sector agencies.

Clause 5 of the Instruction provides that acts by contracted service providers under the contract for services with an agency are considered as acts of the agency for the purposes of the Instruction.

Under Clause 5(A) a contract for service necessitating the disclosure of personal information to a contracted service provider must include conditions to ensure that these Principles are complied with as if the Contracted Service Provider were part of the agency. It must also include provisions that enable audit and verification of compliance with these obligations.

3.3.5 TasmaniaThe Personal Information Protection Act 2004 (Tas) (“PIP Act”) regulates the collection, maintenance, use and disclosure of personal information held by personal information custodians, i.e. any of the following18: a public authority; any body, organisation or person who has entered into a personal information

contract relating to personal information; or a prescribed body.

The PIP Act provides for a set of Personal Information Protection Principles as Schedule 1.

18 PIP Act s 3.

27


3.3.6 Western AustraliaWestern Australia does not currently have a legislative privacy regime. On 28 March 2007, the Information Privacy Bill 2007 was introduced to the WA Parliament. The Bill establishes a set of Information Privacy Principles and regulates the handling of personal information by the public sector and the handling of health information by the public and private sectors. The Bill has not progressed since its Second Reading before the Legislative Council in December 2007.

Various confidentiality provisions cover government agencies, and some of the privacy principles are provided for in the Freedom of Information Act 1992.

3.3.7 Northern TerritoryThe Information Act 2002 (NT) incorporates Freedom of Information, privacy principles covering the protection of personal information, and record keeping and archiving by public sector organisations. While the Information Act deals essentially with freedom of information, it also includes Information Privacy Principles as Schedule 2, which govern the collecting and handling of personal information by public sector organisations.

3.4 Implications of changes to the federal Privacy Act and jurisdictional privacy legislationOur approach to undertaking the analysis of implications of changes to the federal Privacy Act and the relevant jurisdictional privacy legislation involved: reviewing the Lockstep recommendations, which are based on the NPPs, against the

APPs. For those areas where we identified differences between the NPPs and the APPs, we examined whether these differences would impact on the Lockstep recommendations; and

analysing the relevant State and Territory legislation to identify any incompatibility between the Lockstep recommendations and any State or Territory legislation. That is, we compared the NPPs on which the Lockstep recommendations are based with the relevant privacy instrument in each jurisdiction referred above.

3.4.1 Key findingsWe have not identified any inconsistency between the APPs or State and Territory privacy legislation and the NPPs that would render the recommendations of the Lockstep Report, adopted on the basis of the NPPs, incompatible with the APPs or State and Territory privacy legislation. We do note that some aspects of the recommendations will need some fine-tuning in order to ensure compliance with the APPs. We discuss these in our detailed findings in Section 3.4.2 below.

Lockstep recommended considering all interval metering information as personal information within the meaning of the Privacy Act even though some interval metering data might technically not qualify as personal information19. It follows from this view that interval metering data ought to be handled in accordance with the NPPs. By adopting the precautionary approach, Lockstep anticipates the requirements of the Amending Act, in particular in view of the new definition of personal information and the possible application of the APPs to metering data. The definition of personal information in State 19 For example, interval metering data not bundled with an address, or without an address but with a NMI in circumstances where a NMI is not a sufficient identifier of the customer’s address, may not be personal information.

28


privacy legislation is the same as, or similar to, the current definition in section 6(1) of the Privacy Act.

Lockstep’s approach recommending that individuals should provide consent to any secondary use of their personal information is also consistent with the APPs and State privacy legislation, which provide that consent constitutes an exception to the general prohibition against use and disclosure of personal information for secondary purposes.

3.4.2 Detailed findings against each Lockstep recommendationThe table below provides further detail of our key findings against each Lockstep recommendation.

Table 3.6: Analysis of Lockstep recommendations against changes to the federal Privacy Act and jurisdictional privacy legislation.

No. Materiality Detailed Finding


1 Green Recommendation 1 is compatible with the APPs and State privacy legislation.

Recommendation 1 ties into the Amending Act’s stated purpose of enhancing privacy protection through the introduction of additional safeguards such as enhanced notification, quality, correction, and dispute resolution mechanisms for individuals20.

Lockstep adopts a precautionary approach and recommends considering all metering information as personal information even though some metering data might technically not qualify as such. While the new definition of personal information under the Amending Act is not intended to change significantly the scope of what is considered to be personal information, any information about “an individual who is reasonably identifiable” is covered by the APPs. An individual is “reasonably identifiable” when the individual can be identified from information in the possession of an agency or organisation or from that information and other information the agency or organisation may access without unreasonable cost or difficulty. On the basis of this new definition, metering data is more likely to qualify as personal information under the Amending Act and be covered by the APPs than under the Privacy Act.

2 Green Recommendation 2 is compatible with the APPs and State privacy legislation subject to the comments below.

APP 5.2 (notification of the collection of personal information) lists the matters that an APP entity must notify to individuals about whom it collects personal information. Including that information in a privacy policy will not be sufficient if that policy is not the subject of a notification to an individual at (or as soon as practicable after) the time the individual’s personal information is collected. The list of information to be disclosed in APP 5.2 is more comprehensive than the matters referred to in NPP 1.3. It also includes matters referred to in similar provisions of State legislation.

Recommendation 2 is compatible with the APPs and State privacy legislation, provided the DBs and RBs comply with the requirements of APP

20 See Privacy Amendment (Enhancing Privacy Protection) Bill 2012, Explanatory Memorandum, page 1

29



5.2 by taking reasonable steps to ensure that all the required information is, or has been, provided to individuals at the time of collection or as soon as practicable afterwards. The further categories of information that may need to be disclosed to individuals include whether the DB or RB is likely to disclose the personal information to overseas recipients and, if so, the countries in which those recipients are likely to be located.


Note that APP 5.2 provides that the information APP entities should disclose to individuals should include details of “any other APP entity, body or person, or the types of any other APP entities, bodies or persons, to which the APP entity usually discloses personal information of the kind collected by the entity”21.


The consent of the individual about whom personal information is collected constitutes an exception to the general prohibition on secondary use or disclosure under the APPs22 as well as under State privacy legislation. “Secondary purpose” is not defined in the legislation otherwise than by reference to the primary purpose: the secondary purpose is any purpose other than the primary purpose, being the particular purpose for which the personal information of an individual was collected. That will be information that is reasonably necessary for, or – in the case of an agency – directly related to, one or more of the entity’s functions or activities (see APP 3.1).

Recommendation 4 goes beyond the requirements of APP 6.1 as the consent of the individual is not required in all circumstances (see for example APP 6.2). Furthermore, where the APPs require consent, they do not specify that the consent must be express.


Note our comments regarding Recommendations 1 and 4 above.


Note our comment regarding the definition of “personal information” under the Amending Act in relation to Recommendation 1 above.

7 Green Recommendation 7 does not raise any privacy issue.

8 Green Recommendation 8 is compatible with the APPs and State privacy legislation, provided the wording “a clear reason” in the Recommendation refers either to the fact that the entity still needs the information for any purpose for which the information may be used or disclosed, or to a requirement on the entity to retain the information.

21 See APP 5.2(f).22 See APP 6.1(a).

30



APP 11.2 states that APP entities must destroy or de-identify personal information they hold about an individual once they no longer need the information for the purpose for which it may be used or disclosed under the APPs, unless the information is contained in a Commonwealth record or the APP entity is required to retain it by law or under a court or Tribunal order.




The recommended awareness campaign will, however, not relieve any DB or RB that is an APP entity from its obligations to adopt a privacy policy that complies with the APPs and disclose all required information to individuals as required by APP 5.2.


Government messaging about smart metering privacy will, however, not relieve any DB or RB that is an APP entity from its obligations to adopt a privacy policy that complies with the APPs and disclose all required information to individuals as required by APP 5.2.


Note our earlier comments regarding Recommendations 10 and 11 in relation to the content of the privacy policy of and required disclosure by APP entities.

13 Green Recommendation 13 is compatible with the APPs and State privacy legislation only if past residents have consented to the disclosure of their metering data to incoming residents. Any process developed under Recommendation 13 would need to account for this requirement.

APP 11.2, which will replace NPP 4.2, limits the circumstances in which an APP entity can retain personal information about an individual once it no longer needs the information “for any purpose for which the information may be used or disclosed by the entity under” the APPs (emphasis added). APP 6 provides for a general prohibition on secondary use or disclosure or personal information about an individual unless an exception applies. It is doubtful that granting access to metering data of past residents to incoming residents would fall within any DBs’ or RBs’ primary purpose. Accordingly, past residents’ metering data can only be kept within the ambit of APP 11.2. Any disclosure is subject to APP 6.

14 Green Recommendation 14 is compatible with the APPs and State privacy legislation, subject to the following comments:

APP 5.2 lists the matters that must be notified to individuals about whom APP entities collect personal information. Any “Privacy Notice” (also referred to as collection statement) provided to Smart Meter customers must contain the information listed in APP 5.2;

31



APP 5.1 states that the APP entity must notify the matters referred to above to the individual about whom the information is collected or otherwise ensure that the individual is aware of these matters. Accordingly, privacy notices or collection statements must not only be comprehensive but also explicit. DBs or RBs may not necessarily satisfy the requirements of APP 5.1 if they simply incorporate the privacy notice in their contract, or in terms and conditions governing their relationship, with the customer;

Any secondary use for direct marketing purposes is subject to the requirements of APP 7. APP 7.1 provides for a general prohibition against the use or disclosure of personal information for the purpose of direct marketing. APPs 7.2 to 7.5 state exceptions to the general prohibition, including consent from the individual coupled with the possibility for the individual to request not receiving direct marketing communications;

In the case of residential premises with multiple occupants who are not related, it might be necessary to provide a collection statement containing the matters referred to in APP 5.2 to each resident individually to the extent that any metering data could be traced to a particular individual. A notification to the account holder may in such circumstances be considered insufficient. Similarly, where consent is required from individuals in relation to the collection, use or disclosure of their personal information, for example for a secondary purpose, it might be necessary to obtain consent from each resident individually.

15 Green Recommendation 15 is compatible with the APPs and State privacy legislation, subject to the proposed privacy notice containing all the information listed in APP 5.2.

Note our previous comments regarding other recommendations above, in particular Recommendations 2 and 14.

16 Green Recommendation 16 is compatible with the APPs and State privacy legislation, it being understood that “small business operators” (and not “Small or Medium Enterprise (SME)”) are not covered by the definition of APP entity under the Amending Act, and are not subject to the APPs as a result.




Note, however, that APP 12 dealing with access to personal information does not mandate any format in which the information should be made available.


Neither the APPs nor State privacy legislation would prevent an independent Threat & Risk Assessment as suggested in Recommendation 20.

32





Note our previous comments regarding recommendation 4 in relation to consent constituting an exception to the general prohibition against secondary use and disclosure of personal information and the other exceptions referred to in APP 6. Note also our comments regarding Recommendation 13 as to the need to prevent disclosure to incoming residents of metering data relating to a previous resident unless the previous resident has consented to such disclosure.

23 Green Recommendation 23 is compatible with the APPs and State privacy legislation if the contracts relating to use of smart meter data refer to a privacy policy that complies with the legislation, and any collection of personal information is accompanied by a notice that satisfies the requirements of APP 5.

Note our previous comments regarding Recommendation 14 in relation to the possible need for DBs or RBs to engage with each adult resident individually in the case of residential premises with multiple adults occupants who are not related. Alternatively, DBs or RBs should ensure that the individual with whom they enter into a contractual relationship has the authority to sign and consent on behalf of all residents. Even in that situation, it might be advisable to notify each individual in accordance with APP 5.

24 Green Recommendation 24 does not raise any privacy issues.

However, note both the expression “Privacy Principles” and “Privacy Codes” have a technical meaning under the privacy legislation so care should be taken when choosing the appropriate term.

3.5 Overview of relevant energy market rules and regulations Our approach to identifying the relevant jurisdictional and national electricity market regulatory instruments23 involved the following key steps: State and territory regulatory instruments were identified by searching regulators’

websites for legislation, regulations and codes applicable in that state or territory. This search was supplemented by a general internet search and a more specific search using a legal research database. Specifically, we looked for subordinate legislation to the key electricity industry regulatory instruments found on regulators’ websites. Electricity metering codes were specifically sought.

Lockstep Recommendation 1 recommends that metering data be handled in accordance with the National Privacy Principles. As such, the first step of our analysis was an assessment of the compatibility of the regulatory instruments with the NPPs. The NPPs are soon to be replaced by the Australian Privacy Principles. However, in substance the NPPs and APPs are similar enough so this change does not affect the results of the analysis.

23 Excluding WA where we used a specific list of instruments as outlined in Section 2.2.1 and NT where we did not review any energy market regulatory instruments.

33


A keyword search was conducted within the regulatory instruments to identify provisions that deal with material that is the subject of the NPPs24. Search results were tabulated and divided into four columns – ‘collection of data’, ‘use and disclosure of data’, ‘data security’ and ‘access to data’ – to reflect the different NPPs considered by the Lockstep Report. The detailed output from this step is included in in Appendix D. In part Appendix D may go further than strictly required. For example, obligations relating to billing data are included. Also, although Victoria was excluded from our scope we reviewed the relevant instruments to understand the context in which the Lockstep recommendations were made. These instruments are included as they provide useful context.

Although the data presented in this manner only corresponds to four out of the ten NPPs, the keyword search was conducted with a view to collecting data relevant to any of the ten NPPs. However, the keyword search only yielded results corresponding to the four abovementioned NPP categories. It did not yield any results that might have been categorised under NPPs 3, 5, 7, 8, 9 or 10. Given this, these six NPPs were not included as categories in our analysis or in the detailed table.

The information presented in Appendix D was then analysed in detail to identify any regulatory instrument provisions that were potentially inconsistent with the identified NPPs.

3.6 Implications of energy market rules and regulations

3.6.1 Key findingsSubject to the discussion below on primary purpose and third party service providers and, other areas of inconsistencies noted below, we consider that the Lockstep recommendations mostly are capable of operating consistently with regulatory instruments.

The regulatory instruments are drafted in a way that metering data is generally treated consistently with the NPPs. In broad terms the regulatory instruments constrain the collection and use of metering data to the activities and functions required by those same instruments, that is, the industry and market activities and functions of industry participants. Metering data is subject to security and confidentiality obligations which should protect it against loss or unauthorised access.

Disclosure for other purposes is allowed with the customer’s explicit informed consent and for other stated reasons. Generally this framework does not create difficulties in that disclosure to third parties who are unconstrained themselves in the use or protection of that data is not permitted. Where there is a permitted disclosure to external advisers and consultants or for investment purposes to financiers and investors, there is an obligation on the discloser to take steps to preserve the confidentiality of the data. We did not find any instance of permitted disclosure to third parties who may wish to use metering data to market energy efficiency advice, products or services.

We have identified some issues where the issue is not one of strict legal compliance but whether the associated recommendation is in all circumstances practicable. Many of the recommendations are not framed as obligations and, therefore, consistency with

24 Keywords used were: metering data; meter data; data; confidential information; information; consumption; billing; privacy; private.

34


obligations in the regulatory instruments cannot be assessed. Some recommendations simply take the form that certain matters be considered, in some instances with a suggestion of what a preferred outcome of such a consideration might be. Regulatory framework design and the content of resulting legislative instruments would flow from consideration of the need for and depth of, any regulation. However, where possible we have provided some comments on the issues raised.

An example is the recommendation that the Energy Marketing Code be extended to distributors. We note that this issue is being addressed as part of the broader consumer protection work. We query the workability of the recommendation. For example, in the National Energy Retail Rules the energy marketing provisions deal with the sale of energy and matters such as “no contact lists”, not entering premises which prohibit canvassing and required disclosures of cooling off rights, prices and contract terms. These obligations do not automatically translate to distributors and third parties in relation to metering data. If there are concerns as to how distributors and third parties might approach customers to request consent to use of their metering data for secondary purposes, it may be better this is done through separate provisions. There may be some overlap (for example the right for a customer to go onto “a no contact list”) with marketing restrictions on retailers.

3.6.1.1 Definition of primary purposeLockstep recommends any use of metering data beyond its primary purpose should require express customer consent. The term ‘primary purpose’ refers to the purpose for which metering data is collected. ‘Metering data’ is a broad category which has several subsets. Given the scope of the Lockstep Report deals with only one such subset of metering data – namely, ‘half-hourly interval meter data’ (‘interval metering data’) – the ‘primary purpose’ is defined narrowly in the Lockstep Report, only by reference to use that can be made of interval metering data specifically25.

The regulatory instruments we analysed, by contrast, infer a broader notion of ‘primary purpose’ – being the use that can be made of metering data to support the workings of the electricity industry26. This is generally drafted by reference to the uses permitted by industry codes, the National Electricity Rules and the Metrology Procedure.

Metering data can be put to a broader range of uses than the subset of uses for interval metering data considered by Lockstep27. There is, therefore, a discrepancy between the definitions of ‘primary purpose’ in the Lockstep Report and the approach of the regulatory instruments. Some of the ‘primary’ purposes for the collection of metering data under the regulatory instruments might be classed as ‘secondary’ by the Lockstep Report, even though those purposes relate to the functions or activities of electricity industry participants.

25 First, to provide frequent high quality interval consumption data to support the national electricity market which settles on a half-hourly basis. Second, to monitor consumption with greater resolution so as to improve network infrastructure management. Together, these make up the two-fold primary purpose for half hourly interval meter data collection. 26 See, for example, section 5.5.2(a) of the Electricity Metering Code (SA).27 Such as billing consumers or providing quotations, for example. In keeping with its scope of work, the Lockstep Report explicitly ignores billing in analysing primary against secondary uses for half-hourly interval meter data, but does seem to recognise it as a primary purpose more generally.

35


It follows that ‘primary purpose’ has the broader meaning attached to metering data that arises from the regulatory instruments, i.e., in general terms, the uses or metering data permitted by industry codes, the National Electricity Rules and the Metrology Procedure.

If the narrower meaning were taken, we expect this would lead to the identification of further inconsistencies to those noted below between the Lockstep recommendations and the regulatory instruments. For example, we expect that there would be uses of metering data permitted by industry codes, the National Electricity Rules and the Metrology Procedure without customer consent which under the Lockstep definition of primary purpose would require customer consent even though the uses support the workings of the electricity industry and have not to date required customer consent. Adopting the narrower Lockstep definition of primary purpose and identifying such inconsistencies would be an exercise of little, if any, value given the broader sense of ‘primary purpose’ in the regulatory instruments has not, to our knowledge, been a problem from a privacy perspective.

An accurate understanding of what is a ‘secondary purpose’ and a ‘primary purpose’, given the electricity industry and regulatory environment, is critical to an effective implementation of the Lockstep recommendations. For example, it is necessary to make sure that any primary use extends to the use of metering data to ensure the safety and operation of networks in accordance with good industry practice, otherwise networks may not be able to use that data for such purposes without customer consent.

Another example is that the regulatory instruments in various circumstances permit disclosure of metering data to facilitate the functioning of the market, in particular disclosure between retailers and distributors and the market operators. Again, the concept of primary purpose needs to be carefully defined so as not to cut across disclosure genuinely required to ensure the continued functioning of the market.

Moreover, it is unclear from the Lockstep Report how it is proposed to control the use of metering data by third parties who may wish to use metering data to market energy efficiency advice, products or services and who obtain metering data from the metering data provider or from the customer directly under contract. A clear definition of the primary purpose as it applies to those parties is relevant to effective regulation.

3.6.1.2 Applicability of regulatory instruments to market participants and third partiesThe primary regulatory instruments of interest, the NER and the metering codes or equivalents in SA, NSW and Victoria, apply to retailers, distributors, responsible persons and metering service providers (in relation to the NER). To that extent, distributors and retailers are subject to restrictions on use and disclosure of metering data and an obligation to keep it confidential. In the ACT the distributor or retailer must not disclose personal information about an occupier to a third party except in accordance with the Privacy Act. Perhaps most importantly, Rule 8.6 of the NER requires all Registered Participants (including retailers and distributors) to use all reasonable endeavours to keep confidential any confidential information that comes into its possession or control.

In relation to storage, retention and security matters, the NER places obligations on the responsible person for the metering installation and metering service providers. Similarly, insofar as the jurisdictional instruments touch on these matters responsibility generally falls to the person responsible for the metering installation. The regulatory

36


instruments do not extend beyond current industry participants, i.e. they do not explicitly cover third parties such as energy services companies (ESCOs).

The Lockstep analysis focused on the Victorian arrangements at the time (2011) and therefore did not fully deal with third party providers or the specific privacy issues of third party providers28.

The lack of explicit recognition of third party providers in the regulatory instruments assessed may present an issue when implementing the Lockstep recommendations. These issues should be considered in parallel with the further policy decisions and implementation of the AEMC work in relation to ESCOs.

3.6.1.3 Other potential inconsistenciesWe have identified five potential inconsistencies between the Lockstep recommendations and the regulatory instruments analysed. These are not necessarily comprehensive but stand as examples of the inconsistencies that may be encountered by jurisdictions upon implementation of the Lockstep recommendations.

Potential inconsistency 1 - Western Australian Metering Code

Section 7.6(2) (d) of the Electricity Industry (Metering) Code 2012 (WA) provides that a code participant29 may disclose or permit the disclosure of confidential information30 with the verifiable consent31 of each affected person32. It also provides that consent must not be unreasonably withheld and that disclosure or permission to disclose must be subject to the conditions of the verifiable consent.

According to Lockstep Recommendation 4:

“The industry should adopt an Opt-In policy of not putting metering data to any secondary purposes without express consumer consent.”

Recommendation 4 provides, furthermore, that consent should always be “freely given” and should not be “conditional”.

Section 7.6(2) (d) therefore seems contrary to Recommendation 4 in placing a fetter on the ability to withhold consent – it may not be unreasonably withheld.

Potential inconsistency 2 - Western Australian Metering Code, Electricity Metering Code (SA), Market Operation Rules (NSW Rules for Electricity Metering) 2001, Electricity Distribution Code 2012 (Victoria), Electricity Metering Code 2011 (Victoria) and NER

Under section 7.6(2)(a)(vi) of the Electricity Industry (Metering) Code 2012 (WA), a code participant33 may disclose or permit the disclosure of confidential information34 to a consultant engaged by the code participant, provided such a person has a reasonable

28 Policy decisions in relation to Energy Services Company’s (“ESCOs”) or other third party service providers have progressed since then, but are still not finalised or implemented. 29 A network operator, a retailer, a generator, an electricity networks corporation acting as the metering data provider or a user who has an access contract with a network.30 Standing data and energy data, or other information which is confidential information of, or commercially sensitive to, a customer or Code Participant. 31 Consent that is given by an affected person expressly, in writing and after the person obtaining the consent has in plain language appropriate to the customer disclosed all matters materially relevant to the giving of the consent.32 In relation to standing data and energy data for a metering point – the customer associated with the metering point.

37


need for the confidential information, including for the purposes of providing professional advice to it.

Similar provisions are contained in the Electricity Metering Code (SA), the Market Operation Rules (NSW Rules for Electricity Metering) 2001, the Victorian Electricity Distribution Code 2012, the Electricity Customer Metering Code 2011 and section 8.6.2 of the NER (allowed disclosure of confidential information).

According to NPP 2: “Use and disclosure”, an organisation must not use or disclose personal information about an individual without their consent for a purpose (the secondary purpose) other than the primary purpose of collection, unless: the secondary purpose is related to the primary purpose of collection; and the individual would reasonably expect the organisation to use or disclose the

information for the secondary purpose.Lockstep Recommendation 4 proposes that use or disclosure of personal information, even for secondary purposes which are reasonably related to the primary purpose of collection, should nevertheless be subject to express consumer consent.

The purpose of providing professional advice to a code participant might be a secondary purpose. As no consumer consent is required before personal information can be disclosed for this purpose, this provision appears to be inconsistent with Lockstep Recommendation 4.

33 A network operator, a retailer, a generator, an electricity networks corporation acting as the metering data provider or a user who has an access contract with a network.34 Standing data and energy data, or other information which is confidential information of, or commercially sensitive to, a customer or Code Participant.

38


Potential inconsistency 3 - Electricity Metering Code (SA), Market Operation Rules (NSW Rules for Electricity Metering) 2001, Electricity Distribution Code 2012 (Victoria), Electricity Metering Code 2011 (Victoria) and NER

Section 5.5.3 of the Electricity Metering Code (SA) provides that the distributor, a person responsible for the metering installation or a retailer may disclose metering data if the disclosure or reproduction of the metering data (amongst other reasons): relates to data already publicly available (paragraph (a)) is required by law, a relevant authority or for the purposes of legal proceedings

(paragraphs (d) and (e)); is trivial in nature (paragraph (f)); is required to protect the safety of personnel or equipment (paragraph (g)); or is reasonably required in connection with the distributor’s, the person responsible

for the metering installation’s or the retailer’s: ― financing arrangements; ― investment in the distributor, the person responsible for the metering

installation or the retailer; or ― disposal of the distributor, the person responsible for the metering installation

or the retailer (paragraph (h)).Similarly, section 9.2.2 of the Market Operation Rules (NSW Rules for Electricity Metering) 2001 provides that an LNSP, a Responsible Person and a Retailer are not prevented from using, disclosing or reproducing a customer’s metering data: if already publicly available (paragraph (1)); is required by law, a relevant authority or for the purposes of legal proceedings

(paragraphs (4) and (5)); to protect the safety of personnel or equipment (paragraph (7)); or in connection with the LNSP’s, the Responsible Person’s or the Retailer’s financing

arrangements, investment in the LNSP, the Responsible Person or the Retailer, or disposal of the LNSP, the Responsible Person or the Retailer (paragraph (8)).

Similar provisions are contained in the Victorian Electricity Distribution Code 2012, the Electricity Customer Metering Code 2006 and section 8.6.2 of the NER (allowed disclosure of confidential information).

To the extent that these are secondary purposes, disclosure of metering data in these circumstances without the consent of the Customer would be contrary to Lockstep Recommendation 4. The general right to disclose information in the public domain is also contrary to the Lockstep recommendations.

Note that NPP 2 allows disclosure of personal information where allowed by law. The above provisions give relatively broad rights to disclose information. It is not clear how these provisions will interact with NPP 2 and Lockstep Recommendation 4. It appears that Lockstep Recommendation 4 wishes to generally override the disclosure right, presumably except disclosure for a primary purpose. This is why identifying the ‘primary purpose’ becomes so critical to regulatory certainty and understanding the interaction between Commonwealth and State Law.

39


Potential inconsistency 4 - Electricity Feed-In Code (ACT) 2012, Annexure B to the Electricity Industry Code (Standard Retail Contract) (Qld), NERR Schedule 1

Schedule 4 of the Electricity Feed-In Code (ACT) 2012 provides that an Electricity distributor or NERL retailer must not disclose personal information about an Occupier to a third party except in accordance with the Privacy Act 1988 (Cth) and the Utilities Act 2000 (ACT).

A similar provision in the Annexure B to the Electricity Industry Code (Standard Retail Contract) (Qld) (for a small customer who has not signed a Negotiated Retail Contract) is that a retailer must keep information about a customer confidential in accordance with the Privacy Act 1988.

Clause 18 (Privacy Notice) to Schedule 1 (Model Terms and Conditions for Standard Retail Contracts) of the NERR provides the following clause be included in standard retail contracts – “We will comply with all relevant privacy legislation in relation to your personal information”.

Each of these provisions requires compliance with the Privacy Act. Accordingly, they would allow disclosure without express consent (as long as it was within the allowed disclosures in NPP 2). To the extent any such disclosure was for a secondary purpose, these provisions would be inconsistent with Lockstep Recommendation 4.

Potential inconsistency 5 - Disclosure to Regulators

Our analysis includes examples of regulators and other authorities having broad statutory powers to require the production to them of information and documents. A wide power of disclosure by those regulators and authorities is allowed. These are not intended to be a comprehensive listing.

NPP 2(g) allows the disclosure of information where required by law.

However, Lockstep Recommendation 4 requires the consent of customers to any secondary use of information and seems to require this irrespective of what would otherwise be permitted by NPP 2. We suggest it needs to be clear Recommendation 4 does not purport to override NPP 2(g) in relation to both the provision of information to and the disclosure of information by, regulators and other authorities unless the policy decision is made that regulators’ rights to require provision of information are to be subject to the Lockstep recommendations and therefore to obtaining customer consent.

3.6.1.4 Western Australian specific questionsWe were asked to confirm whether WA has similar provisions to Rule 7.7 of the NER and the NER provisions (in Chapter 8) regarding the confidentiality of metering data by reference to listed instruments and notified provisions of those instruments.

The NER and WA provisions identified to us are not equivalent. Clause 7.7(a) of the NER operates to limit access to metering data to those parties listed. However, there is no equivalent WA provision. The provision identified in Appendix E relates to access but operates to compel disclosure by the network operator to parties identified by the customer.

In relation to the protection, use and disclosure of confidential information we could not identify a general WA provision equivalent to clause 8.6 of the NER, although there is a confidentiality protection mechanism for market related information and documents.

40


The Electricity Industry (Metering Code) 2012 (WA) contains a regime similar to clause 8.6, in particular in relation to the constraint on disclosure and use of energy data. A similar, though narrower, list of permitted disclosures exists. Thus the Electricity Industry (Metering Code) provides a similar level of protection to the NER in relation to energy data and in that respect is also similar to the metering codes in other jurisdictions.

There may be other instruments, or other provisions, not identified to us which are relevant to this issue. In particular, a broader review of the Electricity Industry (Metering) Code 2012 might reveal useful information.

3.6.2 Detailed findings against each Lockstep recommendationThe table below provides further detail of our key findings against each Lockstep recommendation.

Table 3.7: Analysis of Lockstep recommendations against jurisdictional and national energy regulations.

No. Materiality

Detailed Finding


1 Red Recommendation 1 has the potential to conflict with the reviewed state and national regulatory instruments in particular in relation to the discussions outlined above on Primary Purpose in the regulatory instruments.

2 Green Recommendation 2 is compatible with the reviewed state and national regulatory instruments.

3 Yellow Recommendation 3 is compatible with the reviewed state and national regulatory instruments subject to the comments below.

The regulatory instruments do not deal with the review or content of Privacy Policies.

We assume Lockstep’s reference to “circumscribe access to metering data” is a reference to Recommendation 4 that metering data not be used for a secondary purpose without the customer’s consent. The extent to which third party coverage by the regulatory instruments is intended by this recommendation may also be a consideration in implementing this recommendation.

The regulatory instruments already circumscribe access to metering data by limiting under what circumstances and to whom metering data can be “disclosed”.

Consumer consent is one available condition for metering data being disclosed for secondary purposes. See, for example, section 5.4 of the Electricity Metering Code (SA).

This existing consent requirement would apply to the sharing of metering data by DBs and RBs with third parties beyond their businesses.

Accordingly, there would seem to be no impediment to Privacy Policies noting that third party access to metering data is constrained by the need for the customer’s consent (if they do not already do so). There would also need to be recognition of other allowed disclosures in the regulatory instruments.

However, the exact implementation of this recommendation depends upon a

41


No. Materiality

Detailed Finding

clearer definition of the uses which are primary and uses which are secondary.

It is not clear to us how consumption data within the HAN is a matter for RBs’ and DBs’ Privacy Policies.

4 Red Recommendation 4 has a potential conflict with the reviewed state and national regulatory instruments.

As discussed above, the effectiveness of this Recommendation depends upon a clearer definition of the uses which are primary and uses which are secondary. Given its scope Lockstep’s recommendations were based upon half hourly interval data but the uses to which metering data can be put are broader.

The implementation of this recommendation also requires further thought in relation to the intended coverage of third parties by the regulatory instruments.

5 Green Recommendation 5 is compatible with the reviewed state and national regulatory instruments. However, the awareness campaign should only be implemented once the primary purpose and third party provider issues discussed above are addressed.


7 Yellow Recommendation 7 is in potential conflict with the reviewed state and national regulatory instruments as outlined in the comments below.

The issues canvassed in points (a) and (b) are technical issues, not regulatory.

If some aggregation after two years were to be preferred and implemented as an obligation, it would entail making changes to the following provisions of regulatory instruments which embody inconsistent data storage requirements:

Clauses 10.7 (and potentially 10.2) of the Code of Conduct for the Supply of Electricity to Small Use Customers (WA);

Potentially clause 10.1.1 of the Electricity Industry (Wholesale Electricity Market) Regulations 2004 (WA);

Clause 4.7.1 of the Electricity Metering Code (SA); Clause 10.5 of the Market Operation Rules (NSW Rules for Electricity

Metering) 2001; and Clause 7.11.3 of the NER.


The regulatory instruments dealing with the storage of metering data do not specify what should happen to the data after seven years.

If destruction or aggregation of data after seven years were to be implemented as an obligation, express regulatory provisions would be required and their interaction with the provisions noted in relation to Recommendation 7 considered.


42


No. Materiality

Detailed Finding

The energy marketing provisions in the National Energy Retail Rules (‘NERR’) relate only to the sale of energy and apply to retailers. They deal with matters such as “no contact lists”, non-entry onto premises which prohibit canvassing and disclosure of cooling off rights, prices and contract terms. These obligations do not automatically apply to distributors or other third parties.

If there are concerns as to how distributors and third parties might go about requesting customers’ consent to use their metering data and the use of that data once obtained, a deeper consideration of the particular issues and the appropriate regulatory arrangements is suggested. Simply extending current retailer focused energy sale provisions to distributors and third parties may not be the best approach. This consideration would best be completed as part of addressing the broader third party issue previously discussed.






Incoming residents do not presently have the right to access past previous residents’ metering data under the existing regulatory regime35.

The regulatory instruments require consumer consent before meter data can be “disclosed” for secondary purposes. See, for example, section 5.4 of the Electricity Metering Code (SA).

We note Lockstep does not conclude a position on whether incoming residents should be granted access to defined aspects of past previous residents’ metering data. If a policy was adopted that incoming residents be granted access to previous residents’ metering data in the absence of “express consumer consent” it would be inconsistent with Lockstep Recommendation 4.

It should also be noted that granting incoming residents such unrestricted access would require the amendment of clause 7.7(a) of the NER and related provisions of the regulatory instruments dealing with disclosure.

However, as noted by Lockstep, the appropriate regulatory arrangements and instruments to deal with granting incoming residents’ access to defined aspects of past previous residents’ metering data require appropriate analysis.

14 Green Recommendation 14 is compatible with the reviewed state and national

35 However, the accumulated consumption of the previous occupant can be read from the meter, at least until the new occupant’s consumption commences. This data is unlikely to provide any material information relevant to, for example, energy efficiency and may not provide any additional personal information, for example, where the change of customer follows the sale of a residence.

43


No. Materiality

Detailed Finding

regulatory instruments.



Nothing in the regulatory instruments prohibits the implementation of this requirement.

This requirement might be included as a retailer licence condition or a retailer authorisation condition under the NERL. In relation to “meter providers” and “metering data providers” the requirement might be included in the NER and/or the AEMO Metering Service Provider Accreditation Procedure (2012).

However, we believe this recommendation can be read as not just applying to Retail Businesses, but also “responsible persons”, “meter providers” and “metering data providers” under the NER. It is unclear to what extent this requirement might also apply to third parties who may wish to use metering data to market energy efficiency advice, products or services and who obtain metering data from the metering data provider or from the customer directly under contract.

17 Yellow Recommendation 17 is in potential conflict with the reviewed state and national regulatory instruments as outlined below.

The regulatory instruments and the NER do not deal with the protection of interval data in the terms suggested by Lockstep, but in more general terms.

The NER deal with ‘security’ not in relation to what appear to be data management issues but in relation to access to data (rule 7.8). Nor does rule 7.11.3 (data management and storage) deal with the extent of obligations Lockstep seems to envisage being developed.

Rule 7.11.3 does deal with the retention of metering data and rule 7.7(a) with access, and these rules may need amendment depending on if, and what, industry wide minimum security policy settings are adopted.‐The regulatory instruments require “reasonable endeavours to protect and preserve the confidential nature of the metering data” (for example, section 5.4.1 of the Electricity Metering Code (SA)). However, this recommendation goes into a deeper level of specificity than that contained in the regulatory instruments.

These instruments may need amendment depending on if, and what, industry‐wide minimum security policy settings are adopted.

Lockstep’s recommendation is to consider “industry wide minimum security ‐policy settings for protecting interval data” and gives examples. Whether there are to be such settings and the nature and extent of such obligations is uncertain and requires deeper consideration. That consideration should also consider the placement within, and any amendment of, jurisdictional and national regulatory instruments.

18 Green Recommendation 18 is compatible with the reviewed state and national

44


No. Materiality

Detailed Finding

regulatory instruments.

However, we note that the NER does not deal with appliance data. We agree that a change to NER chapter 7 would be necessary to support future options of this kind.

Specifically, clause 7.7(a) would require amendment if these “future options” are adopted.

19 Yellow Recommendation 19 is in potential conflict with the reviewed state and national regulatory instruments as outlined below.

With the exception of section 27.2 of the Energy Retail Code 2011 (Vic), none of the regulatory instruments deal with the form in which data should be provided to consumers.

Clause 7.7(a) of the NER requires amendment to give consumers direct access to their interval data.

Amendment may also be required to jurisdictional regulatory instruments that purport to give consumers access to their interval data but may be regarded as inconsistent with the NER (for example clause 7.1 of the Victorian Electricity Customer Metering Code 2011).


21 Green Recommendation 21 is compatible with the reviewed state and national regulatory instruments, subject to the comment that the suitability of the NECF and NER as appropriate instruments for implementing policy in relation to HAN related privacy protections may require some consideration.

22 Green Recommendation 22 is compatible with the reviewed state and national regulatory instruments subject to the comments that appropriate instruments for implementing policy in relation to HAN related privacy protections may require some consideration.

23 Red Recommendation 23 is in potential conflict with the reviewed state and national regulatory instruments as outlined below.

The NERR currently regulates contracts for the supply of energy and does not require multiple parties’ consent.

Regulatory arrangements for contracts allowing access to and use of metering data including by third parties will require thorough examination and is beyond the scope of this project.


3.7 SummaryIn adopting the precautionary approach, the Lockstep Report anticipates the changes to the Privacy Act passed in late 2012, in particular the new definition of personal information and the possible application of the APPs to metering data. However,

45


Lockstep’s approach recommending that individuals should provide express consent to any use for secondary purposes of their personal information goes further than the requirements of the APPs. While consistent with the APPs and State privacy legislation, which provide that consent constitutes an exception to the general prohibition against use and disclosure of personal information for secondary purposes, the APPs do not require express consent.

We have compared the NPPs on which the Lockstep recommendations are based with the APPs and the relevant privacy instrument in each jurisdiction. We have not identified any inconsistency between the APPs or State and Territory privacy legislation and the NPPs that would render the recommendations of the Lockstep Report, adopted on the basis of the NPPs, incompatible with the APPs or State and Territory privacy legislation. Some aspect of the recommendations will need some fine-tuning in order to ensure compliance with the APPs.

Considered more specifically in the context of their interaction with energy laws, in a small number of important areas, the Lockstep recommendations may have adverse impacts or unintended consequences. In particular, the proposed definition of the primary purpose for interval metering data is inconsistent with some identified national and State energy laws and regulations and may be inconsistent with other instruments not reviewed, while the Opt-In model is inconsistent with some jurisdictional energy regulations. These inconsistencies would be required to be identified, assessed and addressed, potentially by widespread changes to energy laws. In addition, we have identified some issues where the issue is not one of strict legal compliance but whether the associated recommendation is in all circumstances practicable; that is, what the appropriate instrument for achieving the recommended outcome should be and, in some cases, whether the coverage of energy laws and regulations can be extended to achieve the desired objective.

In the following Section, the commercial and energy policy implications of these issues are explored, building on the results of this review.

46


4 Commercial analysis

4.1 Our considerationsIn this section, we look at the commercial implications of some of the issues raised in the analysis in Section 3, in particular the discussion relating to the uses of metering data (Section 3.6.1) and the issues raised by requiring on Opt-In model for all industry participants, particularly in the context of a narrow view of the uses of metering data. In thinking about commercial implications, we have considered: Customers’ concerns and customer protection issues relating to the potential uses of





A national cost-benefit analysis undertaken for the MCE; and Reviews undertaken in Victoria after rollout had commenced by Futura

Consulting with additional commentary from Oakley Greenwood and by Deloitte.


― In thinking about the issues raised by the party initiating the data use, our position starts from the perspective that there is no case for restricting choices that customers initiate on their own behalf. Following on from this principle, the implications for competition and innovation from industry specific regulation need to be considered: to what extent are existing providers disadvantaged relative to potential providers and what is the additional cost, considered in benefits foregone, of this disadvantage?

― Possible service providers could include: existing classes of energy industry participants; potential and existing energy market service providers who may access data from the energy market system which has been the subject of a scoping study by the Commonwealth, for example; and, other potential suppliers dealing directly with customers. In considering how this last group in particular in relation to industry specific regulation, issues arise relating to the

47


ability of energy law to include this group in industry specific regulation. There are also implications for competition and the achievable benefits of interval meters.

Finally, we discuss possible paths for SCER, taking into account the discussion in Section 3, as well as our views on the preferred treatment of interval meter data.

4.1.1 Interval metering data or all metering data?The Lockstep Report was limited in its considerations to interval metering data. The Report distinguished interval metering data from other forms of metering data and explicitly recognised only the following primary purposes for interval metering data collection:1. Provide frequent high quality interval consumption data to support the national

electricity market which settles on a half-hourly basis. 2. Monitor consumption with greater resolution so as to improve network

infrastructure management36.

The wider relationship between interval metering data and all metering data in the Lockstep Report is unclear. The Report argued that the collection of consumption data for billing is unchanged by the introduction of interval meters. By extension, therefore, one could argue that a range of the possible uses of metering data, while not discussed in the Lockstep Report, are fundamentally unchanged by the introduction of interval meters. In consequence, like billing, they are assumed not to be a subject for the discussion in the Report and not subject to its recommendations. In some ways this would be a preferable outcome to that which results from taking the explicit recommendations to their logical end. Arguably, a narrow definition of the primary purpose of metering data would require both extensive redrafting of energy laws to ensure that important uses outside this narrow group – for example, the use of metering data in those activities that support the safe operation of electricity networks – are safeguarded and, given the potential for customers to withhold consent from a range of existing uses of metering data, could impose significant costs on industry participants, for example, in segregating customer data bases by permitted use.

In Section 3.6 we assumed that restricting the set of uses to a narrower group than explicit or implied by energy regulatory arrangements was not the intention of Lockstep’s recommendations and that the discussion of privacy in the context of interval metering data were also common to metering data generally. In the analysis that follows, we have not distinguished between interval metering data and other metering data, even though the Lockstep Report considered only interval metering data. We do, however, explore the high level implications of relaxing the assumption of Section 3.6 for energy market participants, customers and other potential suppliers.

4.1.2 The purpose of metering dataAs Section 3 discusses, both the APPs and the Lockstep Report consider primary and secondary purposes for personal information. Both also provide additional protection in the use of personal information for direct marketing, the APPs by a general prohibition on direct marketing subject to customer consent and Lockstep by recommending an explicit Opt-In regime for customer consent to all secondary uses, including direct marketing.

36 Lockstep, p. 22.

48


For the discussion that follows, we have not found it helpful to classify the uses of metering data as either a primary or secondary purpose, but have preferred to use the term permitted uses to capture the uses which metering data currently supports, including those required by energy law and regulation, as well as those that are part of energy market participants’ normal operations37. We have distinguished the permitted uses from those functions where interval meter data introduces or increases customer concerns about the privacy implications of metering data and its use.

We recognise that if the recommendations of the Lockstep Report were to be adopted for all metering data, then it will be necessary, as discussed in Section 3.6.1.1, to consider by industry participant class and proposed data use whether: metering data available to the specific class of industry participant is personal

information38; what constitutes a primary purpose for metering data, considering that participant

class; and whether other uses of the data by that class of participant are covered by a

regulatory exemption – for example, a requirement to provide information to a regulator – or are secondary uses and to the extent that they are, whether public policy requires explicit consent (Opt-In) or whether consent can be achieved by describing the intended uses in standard customer contractual terms.

However, for the discussion that follows, by using the tern permitted uses, we have been able to focus on what we regard as the more important policy issues relating to metering data use.

4.1.3 Other data collected by advanced metersWe have not discussed other data that is collected by advanced meters. While energy consumption and production data is likely to be the most relevant and important data from a privacy perspective and is the data considered as part of the Lockstep analysis, we have identified other types of data that may be recorded or stored by the smart meter. As discussed in Section 2.2, we have not analysed the privacy implications of the other data that a smart meter may create or store.

Additional functionality may include remote connection and disconnection, which is enabled through the inclusion of a relay switch that is remotely switchable into the smart meter. The meters generally come with other functionality such as voltage monitoring and intrusion/tampering monitoring. The minimum functionality definition of smart meters includes these functions.

Using this minimum functionality definition, the extra data created and stored besides half hourly energy data would be: Tamper detection incidents; Clock time; Power factor for three-phase supply; and

37 Partly because this discussion can be circular, as secondary uses are uses of personal information that are not primary uses but are permitted by customers. As a result, catagorising a use as primary or secondary doesn’t advance the policy discussion materially.38 Not all metering data will be personal information, depending on the data held by the relevant class of industry participant. Where metering data is held by industry participants where the meter identifier is the only identifier for the customer by that industry participant, for example, then metering data may not be personal information for this class of industry participant.

49


Quality of supply excursions (voltage/frequency).

The meter also keeps records of when it was used for remote load control, connection and disconnection events and anything else that passes through the meter as a signal.

We have not analysed the privacy implications of this data as part of our analysis of the privacy implications of metering consumption and production data. However, on the face of it, we can see no reason to regard this data as different from metering data generally and our analysis and recommendations that follow apply to this data as well.

4.2 Uses of metering data The metering data discussed in this section is metering data at a customer’s premise39,40. There may be several streams of metering data at each premise. For example, data may be separately collected for the main premise and a range of other applications that could include at present controlled load circuits (hot water heating) or on-site generation (solar PV) and, looking forward, an electric vehicle or other large usage appliance, such as a pool pump or air conditioning.

Accumulation electricity meters are generally read every three months and the data held in these meters and used by electricity market participants consists of the accumulated consumption recorded at these intervals without the data indicating when in the period between consecutive reads the energy consumption occurred41.

The NEM settles half-hourly and half-hourly metering data from accumulation meters therefore has to be determined for settlement. This is accomplished through the application of load profiles rather than through the use of a customer’s specific half-hourly consumption data. The load profiled half-hourly data gives no real insight into energy use at a specific premise: the profile assumes the customer consumes electricity at the same times and in the same proportions as all other customers of the same customer class with basic meters.

Metering data is used for: Wholesale settlement; Settlement between the retailer and distributor for distribution use of system

charges; Customer billing: for settlement between the retailer and the customer; and For a range of operational purposes by various classes of industry participant,

including the market operator, retailers, distributors and some third party providers, such as meter data providers.

The parties that expect to have direct access to the metering data in the ordinary course of market operations are: the wholesale market operator; the retailer; the distributor; and metering data providers, as well as agents for these parties. Customers (and their agents) have in the past generally not had direct access to their own metering data unless they had made specific arrangements to obtain it. Customers were entitled to receive

39 There is nothing in this Section of the report that is unique to the NEM. It could equally apply in WA or NT.40 Metering data is actually collected by National Metering Identifier (“NMI”). Depending on how a premise is defined, there may be more than one NMI at a premise, but that is not material to the discussion here.41 Some indication of usage time was provided if, for example, peak and off-peak loads were metered separately, but there was the data was insufficiently granular to indicate on which days the energy flows being measured actually occurred.

50


metering data and a minimal set of information was generally available on customer bills. With basic metering, that minimal information that might be the only customer specific metering data that was collected.

Retailers and distributors use metering data in the course of their operations, for example, for planning, hedging, pricing and marketing. Generally, an individual customer’s metering data would be considered as part of a larger group – for example, by retailers to plan and manage their wholesale energy purchasing and hedging strategies for residential customers in a given region, or by distributors for forecasting and planning purposes for specific locations in a network. The use of aggregated data does not pose privacy questions: the use of individual data is of more concern.

Customers might provide their data to third parties, such as financial counsellors, energy efficiency advisers or energy brokers. The metering data is a component of the customer’s billing data; customers generally providing copies of their bills or information lifted from their bills for these purposes are providing (some limited) metering data to a third party.

Smart metering or AMI provides much more metering data: Interval data (generally half-hourly) specific to the customer’s premise, held in the

meter and downloaded at frequent intervals to the distributor, who then provides it to the retailer and, possibly, the customer. Where the data is provided by this path, the customer may see its consumption data with a short delay, say one day’s delay.

Where there is AMI, (near) real-time metering data, provided through, for example, an in-home display linked to the customer’s HAN. In some cases, the timeliness of the data adds to its value.

With the introduction of interval metering, the amount of metering data that is collected from each customer is far more than is shown on a customer’s bill where data is aggregated into tariff components. Arrangements have therefore been put in place to enable customers to access their data, generally on request. Some retailers already offer spreadsheets, in-home displays, web portals or smartphone applications, to assist customers to access their data in various formats and using a range of technologies.

Table 4.8 summarises our view of possible uses and potential benefits of metering data, grouped by the party that would initiate the use of the data: distributors, retailers, customers and, other third parties including ESCOs. Our grouping is broadly consistent with the approach taken in Chapter 3 of the National Smart Meter Consumer Protection and Safety Review Officials Report (November 2012) which identifies four interconnected markets within the energy market – energy supply, energy information, demand response/energy efficiency and embedded generation. We have grouped a variety of uses attributed to distributors or retailers where, in our view, there are not significant differences between the handling of an individual’s metering data between different uses. With customers’ use of their own data, there may be more variations and possibly in the future, a wider range of external parties involved.

The list of uses and users is not necessarily exhaustive and is based on the source material described above, supplemented by our views and experience. Our views of potential benefits are qualitative, based on the source material above and our views and experience and not based on quantitative modelling or detailed analysis.

51


Table 4.8 Users and benefits of smart metering data, by party initiating the data use.

Possible Uses Possible Users Potential Benefits

Use of data is initiated by distributors:

Operational and planning activities

A variety of uses by distributors can be envisaged for operational and planning purposes. Operational purposes include active network management, based on knowledge of customer usage. Planning includes using data to help plan maintenance and replacement of equipment and re-enforcement and augmentation of the network, based on loading of network components, determined using customer metering data.

Distributors may also use metering data to analyse the location of losses in the system.

For these uses, the distributor’s interest in a customer’s data would typically be as one of a class of, for example, customers in a specific location, within a given usage band or sharing a defined profile type.

In this case the primary user of the data is the distributor 42.

The benefits of these uses of data should be more efficient network utilisation in the short or long term. This may result in lower prices, improved reliability and quality of supply and reduction in unserved energy. The beneficiaries would be energy consumers as a class, rather than specific customers whose data was used.

Analysis of losses may also help detect energy theft.

Product/tariff development

The data may also be used for tariff design and implementation, in particular, time of use or more customised peak period pricing.

For these uses, the distributor’s interest in a customer’s data would typically be as one of a class.

In this case the primary user of the data is the distributor.

The benefits of this use of data would be improved and more cost reflective product design. This may result in lower overall prices for classes of customers as opposed to individual customers.

Load control/demand management – product delivery and customer service

Distributors may deliver and manage products, such as load control or demand management incentive programs. The customers for these products and programs may be end use customers, or the delivery may be via retailers.

In this case, the users of the data could include the customer’s retailer and the customer itself, in addition to the distributor.

As above the longer term benefits may be more efficient network utilisation to the benefit of customers as a class.

Individual customers may benefit if they can take advantage of the products or programs being offered. It is important to note, in the context of existing distributor tariffs and prices, that

42 In some instances distributors, and later on in this table, retailers may use agents or sub-contractors to undertake some activities. These parties have been acknowledged as possible users of the data for completeness but are not specifically mentioned in each instance.

52



For these uses, the distributor’s interest in a customer’s data would be the customer’s specific data as a member of an identified class, for example, customers with off-peak electric hot water heating.

distributors are not permitted to distinguish between customers falling into a specific class by, for example, discounting a customer’s price.

Load control/demand management – marketing

Distributors may use the data to market and sell products, such as load control or demand management incentive programs. The customers for these products and programs may be end use customers, or the marketing may be via retailers.

For these uses, the distributor’s interest in a customer’s data would typically be as one of a class.

In this case, the users of the data could include the customer’s retailer and the customer itself, in addition to the distributor.

As above, the longer term benefits may be more efficient network utilisation to the benefit of customers as a class.

Provision of information to customers

Distributors may provide data directly to customers. Several distributors in Victoria already provide web portals that customers can use to access their own metering data.

The data for this use is the customer’s specific data.

In this case, the users of the data could include the customer itself, in addition to the distributor.

Individual customers who use the service benefit from access to the data and the opportunities they may have to use that data as shown in the section “Uses by customers” below.

Billing and settlement

To prepare bills for retailers or customers.

The data for this use is the customer’s specific data. However, in the event of missing or invalid data, then depending on the extent of any substitution required, a previous customer’s data at the NMI may be used as a basis for the estimated consumption. Estimation and substitution procedures are governed by the Metrology Procedure in the NEM.

The primary user of this data would be the distributor, but also the retailer or customer.

The effective and efficient operation of the market, to ensure appropriate parties pay for energy used and settlement can occur. Interval metering data could be expected to reduce the requirement for meter data substitution (remote reading) and to support higher levels of accuracy in the substitution and validation regimes used to identify and fix missing or incorrect data.

Use of data is initiated by retailers:

Wholesale hedging and risk management

A variety of uses by retailers can be envisaged. These may include use in optimising the retailer’s wholesale purchase arrangements and hedging strategy.

In this case the primary user of this data would be the retailer. However, the retailer may have to provide the data to their hedge counterparty.

The benefits would accrue initially to the retailer in the efficiency of their operations and risk management. The means by which those benefits are shared with customers would depend on the state of competition or retail price regulation that

53



Some hedge products used by retailers are load following hedges based on actual consumption at (a group of) NMIs.

For these uses, the retailer’s interest in a customer’s data would typically be as one of a class of, for example, customers in a specific location, within a given usage band or sharing a defined profile type. Typically, the hedge counterparty’s interest is in verifying and predicting the behaviour of the group of NMIs covered by the contract.

prevails.

Product and tariff design

The data may also be used for energy product/tariff design and implementation; in particular, more customised peak demand pricing or time of use pricing.

For these uses, the retailer’s interest in a customer’s data would typically be as one of a class.

The primary user of this data would be the retailer.

New tariffs and tariff structures may also change the way retailers share risk with customers. More cost reflective tariffs effectively enable retailers to cover some of the risk of facing higher costs by passing those higher costs directly to the customer.

Improved customer service

Access to the metering data may enhance the retailer’s capability to handle call centre enquiries to be able to answer customer enquiries and give more appropriate advice tailored to the customer’s circumstances.


In this case, the use of the data may also include the customer themselves in addition to the retailer.

Call centre and other communications between retailer and customer may be enhanced through the retailer understanding the customer’s usage and being able to use metering data to explain more to the customer and provide more targeted advice.

Marketing

Retailers may use a customer’s own metering data to target particular services or products to that customer.


In this case, the use of the data may also include the customer themselves in addition to the retailer.

Customers may benefit from better designed products and improved services.

Individual customers may benefit from more tailored tariffs being marketed to them.


Retailers may provide interval metering data to customers. Some retailers already offer spreadsheets, in-home displays, web portals or smartphone applications. Retailers may provide added value to the data by helping customers to correlate it with their uses of electricity, showing customers at what times of day they use electricity and how

In this case, the users of the data could involve the customer itself and the retailer.

Individual customers who use the service benefit from access to the data and the opportunities they may have to use that data as shown in the table section “Uses by customers” below.

54



much their usage costs at various times and, through benchmarking, allow the customer’s usage to be compared with that typical of other customers. Retailers can also help customers visualise the data in various ways.

The data for this use is the customer’s specific data. To the extent that comparative information is provided, we anticipate that it would be based on typical customers in a given class – by household size, for example – and not actual data.

Meeting hardship obligations

Retailers have obligations under the NECF hardship provisions (Division 6) to put in place processes that would allow customers identified as experiencing payment difficulties as a result of hardship to review the appropriateness of a hardship customer's market retail contract to assist customers with strategies to improve their energy efficiency, where such processes or programs are required by a local instrument.

The data for this use is the customer’s specific data, possibly supplemented, in the case of recommendations relating to energy efficiency, by comparative information based on typical customers in a given class – by household size, for example – and not actual data.

In this case, the users of the data could involve the customer itself and the retailer.

Individual customers identified as suffering hardship that use the service benefit from access to the data and the opportunities to change their tariff or reduce their energy consumption, reducing their costs.

Load control / demand management

Retailers may use the data to market and sell products, such as load control or demand management incentive programs. Retailers may deliver facilitate the delivery of these services through distributors or third party providers such as ESCOs.

For these uses, the retailer’s interest in a customer’s data would typically be as one of a class. The end product would likely be offered to members of an identified class, for example, customers with a willingness and ability to respond to critical peak pricing plans. In addition to the information that metering data may provide in identifying potential customers, these customers may self identify, by responding to marketing material, or may be identifiable (with some

In this case, the users of the data could involve the retailer, customer and, where used, third party provider and distributors.

The longer term benefits may, as above, be more efficient network utilisation to the benefit of customers as a class.

Individual customers may benefit if they can take advantage of the products or programs being offered.

55



level of statistical accuracy) from other information, such as postcode.

Billing and settlement

To prepare bills for customers and facilitate settlement in the wholesale energy markets. This also includes the validation of settlement statements and network invoices.

The data for this use is the customer’s specific data. However, in the event of missing or invalid data, then depending on the extent of any substitution required, a previous customer’s data at the NMI may be used by the party responsible for reading the meter as a basis for the estimated consumption, which would be supplied to the retailer. Estimation and substitution procedures are governed by the Metrology Procedure in the NEM.

The primary user of this data would be the retailer and the customer in the case of billing; in the case of settlement, other market participants and market operators are also possible users.

The effective and efficient operation of the market, to ensure appropriate parties pay for energy used and settlement can occur.

Using half hourly actual consumption in place of profiled or accumulation meter consumption would improve the accuracy of settlement, providing benefits to the market as a whole.

Billing and settlement: bill estimation

To prepare bills for customers and facilitate settlement in the wholesale energy markets. This also includes the validation of settlement statements and network invoices.


The primary user of this data would be the retailer, but also the customer in the case of billing and other market participants or market operators in the case of settlement.


Using half hourly actual consumption in place of profiled or accumulation meter consumption would improve the accuracy of settlement, providing benefits to the market as a whole.

Use of data is initiated by customers:

Informed energy usage or energy efficiency advice

To inform each customer regarding their own use of electricity, to help them to use electricity more efficiently. The roles that metering data can play in achieving this include making customers aware of their electricity usage and the time variant costs. Metering data from advanced metering can also form the basis of new flexible tariffs that provide customers with incentives to change their electricity usage behaviour.

As well as energy efficiency, customers may also be interested in their energy use for the purpose of managing their greenhouse gas emissions.

Customers and others with whom customers may share their metering data for the purposes of obtaining targeted advice and information. These may include, among others, retailers and distributors, appliance manufacturers and vendors, electricians and electrical contractors, financial counsellors and energy efficiency advisers.

Customers use electricity more efficiently in various ways. One of the key ways is through conservation. Conservation is achieved either by making less use of existing appliances (such as waiting till there is a full load on a dishwasher rather than multiple uses of a less than full loaded appliances) or through changing appliances to more energy efficient versions. The electricity system may be more efficient if customers change the times when they use electricity (load deferral).

56



The data for this use is the customer’s specific data. To the extent that comparative information is required, we anticipate that it would be based on typical customers in a given class – by household size, for example – and not actual data.

A requirement for access to elements of the previous occupant’s electricity consumption data has been discussed in this context, although the likelihood that this data would be significant in the analysis of a new occupant’s energy efficiency would depend on the extent to which the appliances, usage pattern and household composition of the previous and current occupant are similar.

Greenhouse gas emissions are not always directly correlated with energy or market efficiency. Better customer information may/not reduce greenhouse gas emissions.

Bill validation

With the increased complexity of energy offers and tariffs, customers may use their data to validate their energy bills for accuracy.


Customers and third party service providers who customers share their data with that offer bill validation as (part of) their service.

The customer would benefit from ensuring the accuracy of their bill and avoiding over payment.

Obtain and optimise energy offers

To obtain different offers in the competitive retail market and to enable customers to make informed decisions on market offers.


Customers and others with whom customers may share their metering data for the purposes of obtaining targeted advice and information. These others may include retailers, advisers, marketers and brokers, among others.

Customers may save money by moving to different tariffs with their existing retailer or with a competing retailer.

Load management optimisation

To enable customers to evaluate and maximise the value of load control or management products and offers directly from distributors, retailers or third party providers.

The AEMC has discussed possible roles for ESCOs in its recent Power of Choice review and similar ideas have been discussed by the AEMC in its consideration of the potential uptake of plug in electric vehicles and possible roles for other service providers.


Customers and others with whom customers may share their metering data for the purposes of obtaining targeted advice and information.

Distributors, retailers or third party providers may offer products and services directly to customers, such as load control or other demand response programs. Individual customers may benefit through incentives to participate or through optimising the value of their participation.

Customers as a class may benefit if the programs help increase efficiency of the use of the electricity network, as discussed in the table section “Uses by distributors” above.

Qualitatively, increased competition and enhancement of demand side participation have

57



been discussed in the AEMC’s Power of Choice review.

Investment decision making

To assist customers in making investment decisions for areas such as energy efficiency or solar PV.


Customers and others with whom customers may share their metering data for the purposes of obtaining targeted advice and information.

Having better information on their energy usage could prompt customers to make investments to improve efficiency or lower costs in the longer term. Changing appliances has been discussed above. Other investment decisions could include improving insulation or investment in on-site generation. A customer may in the future use expert analysis of their metering data as evidence of a property’s energy efficiency, to enhance its potential value in a sale or rental transaction.

Smart appliance usage

Other functionality envisaged in smart homes or smart appliances.


Customers and others with whom customers may share their metering data for the purposes of obtaining targeted advice and information. These others may include retailers and appliance manufacturers and service agents, among others43.

Cost-benefit analyses have envisaged benefits accruing from smart appliances accessing metering adapt and smart meter functionality to improve their efficiency of operation. For example, pool pumps might be scheduled to run when prices are low.

It may be possible to combine real time price information with the scheduling of discretionary consumption, so that, for example, a customer with on-site generation such as solar PV on a feed-in tariff that pays a low value for export of surplus energy might operate a smart appliance in preference to exporting to use the surplus energy. Conversely, if the customer has a high value feed-in tariff a smart appliance might switch off when export is occurring.

Miscellaneous marketing and research Customers may receive incentives to provide Customers may receive benefits from allowing their

43 AMI functionality generally includes capability for communication to a customer’s in-premise display or home area network. If metering data is communicated by that route, it can be made available to whichever parties or appliances the customer allows to access their networks. Potentially the customer could allow remote access to their metering data via an Internet connection. As we discuss in Section 4.3.2, below, use of AMI functionality may not be a necessary condition in providing a range of these services. Other avenues, particularly use of an internet connection, may be used.

58



This includes providing metering data to third parties for marketing or research purposes.


their metering data to third parties to use for miscellaneous marketing and research purposes. In some cases, in order to obtain the benefits set out in the table above, customers may input their data into online tools, or allow their data to be imported into such applications. The terms and conditions of those online tools may vary. In lieu of providing free tools, some may require the customer to consent to their data being provided to other third parties for research or marketing purposes.

data to be used in these ways. These uses of data may help finance some tools that are then made available to customers free of charge. Research may benefit users generally if its findings are put to appropriate use.

Use of data is initiated by market operators:

Load Forecasting and planning activities

Forecasting future load, assessing the adequacy of the generation and transmission sectors to meet the projected load and identifying circumstances in which the projected load will not be met. Given instability previous forecasting methodologies are displaying, the Market Operator could be expected to explore the value of the higher level of granularity offered by interval metering data.

For these uses, the Market Operator’s interest in a customer’s data would typically be as one of a class of, for example, customers in a specific location, within a given usage band or sharing a defined profile type.

In this case the primary user of the data is the Market Operator.

The benefits of these uses of data should be better projections of future load for the information of all interested parties. This may result in lower prices and improved reliability and quality of supply. The beneficiaries would be energy consumers as a class, rather than specific customers whose data was used.

Settlement

To enable settlement in the wholesale energy market.


The primary user of this data would be the Market Operator but also other market participants – retailers and market customers.


Using half hourly actual consumption as opposed to profiled or accumulation meter consumption would improve the accuracy and cost reflectivity of settlement which provides benefits to the market as a whole.

59



Use of data is initiated by meter data provider:

Validation, substitution and data processing

To validate and process data for usage by other parties in the energy markets. Where data is missing and/or cannot be retrieved in the required timeframe, then subject to the requirements of the Metrology Procedure, a data substitution rule is used to replace the missing data.

The data for this use is the customer’s specific data, but, depending on the extent of any substitution required, the data used could extend to a previous customer’s data at the NMI being used as a basis for the estimated consumption.

The primary user of this data would be the meter data provider, but also their customer who may be a distributor, retailer, market operator or customer.

The benefits accrue to the market as a whole through improved processing efficiency (especially given the complexity and scale of smart metering data) as well as a reduced requirement for meter data substitution (remote reading) and higher levels of accuracy in the substitution and validation regimes used to identify and fix missing or incorrect data.

Use of data is initiated by third party providers (ESCOs):

Load management services

To deliver load control or load management services. This includes any billing as required.


The ESCO and their customer – which may be a retailer, distributor or end energy customer.

The benefits of load management have already been discussed above.

Energy information services

Analysis of customer metering data to provide services such as energy efficiency advice, bill analysis or other advice.


The ESCO and their customer – which may be a retailer, distributor or end energy customer.

The benefits of providing energy information services have already been discussed above.

60


4.2.1 What uses for metering data should be permitted uses? At the level of the description in Table 4.8, the majority of existing and potential uses of all metering data – both interval data and accumulation data – are similar, regardless of the meter type. Of these uses, what considerations mean a use should be either a permitted use or, alternatively, subject to some higher level of privacy related control or regulation? Two key factors are considered in our analysis: whether the data used is customer specific or aggregated; and, whether the use customer initiated or initiated by the service provider.

4.2.1.1 Customer specific data vs. aggregate customer dataIn Table 4.8, we distinguish between uses that require the customer’s specific data, such as customer service, elements of energy efficiency advice and billing and uses where the customer’s data is part of a wider class of data used for analysis, planning, pricing and other similar functions.

In the first group, not all of the uses of customer specific data give rise to an outcome that is customised to the individual customer in a way that is likely to give rise to privacy concerns. Market settlements, for example, are large, automated batch processes that use a customer’s NMI, metering data or load profile and the relevant regional wholesale market price associated with the customer’s consumption pattern. The more individualised the service – for example, the provision of energy efficiency information by a customer’s retailer or distributor – the higher the likelihood that personal information is a part of the service offering. The case for the introduction of interval metering assumed that the more individualised the service, the higher the potential benefit of the additional information to the customer and the economy as a whole. For some elements of this group of activities, then, recognising customers’ specific concerns about the use of interval metering data and the treatment of direct marketing by the APPs, some level of privacy related control may be appropriate.

In the second group, where the customer’s data is part of a wider class of data, then in practice our observation is that, although the data used for these purposes may include the NMI, typically the customer’s address and other details are not included. Identifying an individual customer as part of the class of customers would, therefore, be difficult. Further, the results of these types of activities typically apply to classes of customers – customers consuming more than some level of electricity annually, for example – rather than applying to customers individually. For this group of activities, our view is that no additional level of privacy control over and above those controls required by the APPs and the equivalent State laws and the existing requirements of the NER are required.

4.2.1.2 Customer initiated usesAs we stated in Section 4.1, we believe there is no case for restricting choices that customers initiate on their own behalf. In Table 4.8, this would mean that any use initiated by a customer should not, in our view, be subject to privacy related controls other than those (existing) controls or procedures required to ensure that, for example, a retailer or distributor is talking to the relevant customer or the customer’s authorised representative.

Two issues are raised by this conclusion. The first relates to the Lockstep recommendation that some process be developed to provide a new resident at a premise

61


with (elements of) the previous resident’s electricity usage (Recommendation 13). In relation to this issue, our starting point is that benefit of providing this data is limited by the extent to which the appliances, usage pattern and household composition of the previous and current occupant are similar. Our expectation is that representative customer data, standardised for household composition, appliance mix and usage patterns may be more useful to customers and that the proposed exemption to privacy requirements is questionable as a result.

The second issue relates to the asymmetric treatment of services that a customer may value. If the customer initiates the request, the service can be provided. If, on the other hand, a retailer or distributor identifies that the customer is the member of a class that could benefit from a service or offering, then depending on where the boundary is drawn around permitted uses, the customer may only be aware in the most general way that service is available. Given customers’ concerns, this may be the appropriate outcome and it would not be inconsistent with the position faced by a competitor, approaching a customer with no customer specific information to inform its offer. However, relative to the assumptions taken in the estimates of the benefits from the introduction of interval meters, it is likely to reduce those benefits, by reducing or slowing the extent of customer uptake of products that have the potential to reduce customers’ and all electricity consumers’ costs.

4.2.1.3 What uses should be subject to specific privacy controls?In Table 4.9, we look at the uses of data and the initiators of those uses from Table 4.8 and consider what uses of data should be permitted uses and what uses may be considered for some level of privacy related control.

In this assessment, we have: assumed that, consistent with the APPs and relevant State privacy requirements,

entities covered by the APPs cannot contract out of the requirements by using agents or sub-contractors. Given this, we have not covered agents and sub-contractors separately from the major classes of market participant.

not addressed privacy related concerns that all companies and other entities subject to the APPs or similar State based requirements will be required to address.

― For example, we have not recommended additional regulation to address customer concerns relating to interval metering data revealing the presence/absence of residents at a premise. In our assessment, an energy market participant or third party supplier subject to the APPs whose databases have the potential for unauthorised access to this type of information will be required to develop and apply policies that prevent this access in order to comply with the APPs.

addressed only those privacy issues relating to metering data that could be regarded as reasonably within the control of market participants or third parties.

― For example, the Lockstep Report concluded that the specification of the HAN provided a high level of data security. Relying on this finding, we have not proposed measures that would address unauthorised access to a customer’s data through some breach of a customer’s HAN unrelated to the activities of the customer’s distributor or retailer.

62


― Similarly, we have not addressed concerns unrelated to the treatment of metering data, for example, the information content, if any, of the flashing light that may be visible on a meter, depending on the meter installation design.

not evaluated the extent to which existing industry-specific marketing codes or other regulation generally applicable to consumer marketing apply, reducing the requirement for some further privacy related control in relation to direct marketing; and

not quantified, but only illustrated where we believe that a requirement for some further privacy related control has the potential to reduce the benefits anticipated from the introduction of interval meters.

Table 4.9 Permitted Use by data uses and party initiating the data use

Possible Uses Permitted Use?

Use of data is initiated by distributors:

Operational and planning activities

Yes: uses aggregated customer data, not specific (individual) customer data.

SCER envisaged as a key benefit from the roll out of smart meters.

Customers’ privacy concerns unlikely: uses aggregated customer data, not specific (individual) customer data.

Product/tariff development Yes: uses aggregated customer data not specific (individual) customer data.



Load control/demand management – product delivery

Yes: provided the customer has consented to a load control/ demand management product, including by taking up a tariff requiring consent to load control. However, see Section 4.2.1.


Customers’ privacy concerns unlikely: the use of customer specific data would only be in instances where the customer is on a load control/demand management product.

Load control/demand management – marketing

May present privacy concerns: the need for further requirements in this regard should be investigated as part of the broader consideration of the marketing activities of DBs.― APPs 7.2 (b) and 7.3 (c) require organisations to allow

customers to unconditionally opt out of direct marketing using personal information: if metering data is considered to be personal information, then this would be sufficient to address direct marketing related privacy concerns.

― To provide this certainty, metering data could be deemed personal information for the purposes of APPs 7.2(b) and 7.3 (c).

― This direct marketing requirement may be analogous with the marketing requirements on electricity retailers/consistent with general marketing and unsolicited marketing regulations more broadly. See

63



discussion in Section 4.2.1. In considering the benefit of defining metering information

as personal information for direct marketing, factors including the costs of compliance (system related changes, for example) and the implications for the anticipated demand management benefit from rolling out interval meters if a material number of customers opt out, need to be taken into account.


Yes: consistent with energy market requirements. Should not raise privacy concerns for customers.

Billing and settlement Yes: consistent with energy market requirements. Should not raise privacy concerns for customers.

Use of data is initiated by retailers:Wholesale hedging and risk management

Yes: uses aggregated customer data, not specific (individual) customer data.

Analogous to the operational and planning use for distributors.

Provides benefits to customers through (potentially) lower energy prices.


Product and tariff design Yes: uses aggregated customer data, not specific (individual) customer data.



Improved customer service Yes: customers would likely value and benefit from customer service that used their specific metering data.

Likely to present practical issues if retailers unable to use customer specific metering data to provide customer service.

Marketing

(including marketing of Load control products)

Direct marketing may present privacy concerns: the need for further requirements in this regard should be investigated.― APPs 7.2 (b) and 7.3 (c) require organisations to allow

customers to unconditionally opt out of direct marketing using personal information if metering data is considered to be personal information, then this would be sufficient to address direct marketing related privacy concerns.

― To provide this certainty, metering data could be deemed personal information for the purposes of APPs 7.2(b) and 7.3 (c).

― This direct marketing restriction may be analogous with the marketing requirements on electricity retailers/consistent with general marketing and unsolicited marketing regulations more broadly.

― See discussion in Section 4.2.1. In considering the benefit of defining metering information

as personal information for direct marketing, factors including the costs of compliance (system related changes,

64



for example) and the implications for the anticipated benefits from rolling out interval meters if a material number of customers opt out, need to be taken into account.


Yes: consistent with energy market regulatory requirements Should not raise privacy concerns for customers.

Meeting hardship obligations Yes: consistent with energy market regulatory requirements.

Should not raise privacy concerns for customers.Load control/demand management – product delivery

Yes: provided the customer has consented to a load control/ demand management product. However, see Section 4.2.1.


Customers’ privacy concerns unlikely: the use of customer specific data would only be in instances where the customer is on a load control/demand management product.

Billing and settlement Yes: consistent with energy market regulatory requirements.

Should not raise privacy concerns for customersUse of data is initiated by customers:Informed energy usage or energy efficiency advice

Yes: no privacy case for restriction of customer initiated use of customer data for all/any services customer requires, provided that customer consents, where required, consistent with APPs.

Maximises flexibility, promotes innovation and assists in the development of products and services for the benefit of consumers. Assists in realising benefits of smart meter roll out.

Bill validation

Obtain and optimise energy offers

Load management optimisation

Investment decision making

Smart appliance usage

Miscellaneous marketing and research

Use of data is initiated by market operators:Settlement Yes: consistent with energy market regulatory

requirements. Customers’ privacy concerns unlikely: only in some rare

circumstances is customer specific data required.Use of data is initiated by meter data provider:Validation and processing data Yes: consistent with energy market regulatory

requirements. Customers’ privacy concerns unlikely: uses aggregated

customer data. Only in some rare circumstances is customer specific data required.

Use of data is initiated by third party providers (ESCOs):Load management services Yes: subject to issues raised in discussion on:

― Customer initiated data uses, marketing issues and data use consents, above

― Competition and innovation issues associated with differentiating between service providers based on

Energy information services

65



regulatory coverage, below. SCER envisaged these services as a key benefit from the roll

out of smart meters. AEMC has more recently proposed a wider role for these

service providers in providing customer services.

66


4.2.1.4 How might we do this?Table 4.9 suggests some further evaluation of the appropriateness of further privacy related measures in a small number of areas – direct marketing and the marketing of load control and demand management services by distributors and retailers. In these areas, we have suggested that the use of metering data for direct marketing and certain product offerings could be part of the Opt-Out clause required by the APPs to be offered to customers. This possibility should be evaluated and the additional benefits to customer privacy and customer comfort with the introduction of interval metering more generally should be compared with any additional direct and indirect costs.In our view, other metering data uses should be regarded as permitted uses. Entities covered by the APPs, whether directly or as the result of the incorporation of the APPs44 into the requirements covering state entities, will be required to form a view on the uses of metering data in circumstances where it meets the definition of personal information. These entities will be required to develop and implement policies and procedures and customer contracts that address their compliance with the requirements of the APPs relating to both primary and secondary uses (together, the permitted uses) of metering data in this context on the timeline required by the national legislation, by March 2014. If, in preference to relying on the actions of individual entities, consistency across the electricity sector is considered desirable in the definition of permitted uses and the requirement for customer consents, then it could be achieved by, for example: amending the regulatory instruments to cover the types of activities categorised as

permitted uses in Table 4.9. ― However, as Section 3.6 discusses, while the existing regulatory instruments

require a high level of protection of customers’ data by market participants, the existing requirements are not directed at privacy concerns. The required amendments, in consequence, may not be trivial.

similar to the suggestion by Lockstep, adopting an industry specific Privacy Code identifying a range of permitted uses to be governed by the Code, which would be designed to address customers’ privacy concerns. Direct marketing and the marketing of load control and demand management services by distributors and retailers could be required to be the subject of agreement between the customer and the service provider, either on an Opt-Out (APPs) or an Opt-In (Lockstep) basis, depending on the outcome of the further analysis recommended.

― The discussion in Section 3.3, however, suggests that there may be limits to the degree of consistency achieved by an industry specific Privacy Code, where a state owned entity is not subject to the APPs, may be subject to privacy requirements that differ from the APPs or, alternatively, may not be subject to either the APPs or the requirements of the relevant state legislation and does not choose to opt-in to the industry code.

including in customer contracts a standard range of consents to cover the permitted uses of activities included in Table 4.9. Depending on the further analysis recommended in relation to some marketing activities and product offerings, consent to direct marketing and the marketing of load control and demand management services by distributors and retailers could be implemented either on an Opt-Out or an Opt-In basis as part of standard customer contracts.

44 Or similar requirements

67


Further work would be required to define a workable range of uses either to be included in regulatory instruments or in an industry specific Privacy Code and to scope the extent of the regulatory changes and the coverage of market participants if either the first or second of these approaches was to be considered.

Including the permitted uses for metering data uses in retailer and distribution customer contracts has the benefit of consistency with Lockstep’s view that the customer’s sense of control is an important component of the exercise and, further, is consistent with the requirements of the APPs on the treatment of secondary uses generally. A common, core group of purposes could be expected to be included in all similar customer contracts – all distributors declaring, for example, a broadly similar set of permitted uses – and this core group could also be included in the regulatory framework, possibly in the National Energy Customer Framework in the future. Whether those marketing activities and product offerings where we have recommended further analysis are treated differently from other permitted uses would depend on the results of that analysis, considering: the benefits of the incremental privacy protection, relative to that that would be

provided by the APPs; the potential costs, both direct (systems and other costs of implementation) and

indirect (the effects on the estimated benefits of the introduction of interval meters) of the recommendations;

― Core benefits expected from the introduction of interval meters would be reduced to the extent that customers, required to provide explicit consent, refuse.

― The cost of the refusal may not be limited to the customer’s self-exclusion from better services or lower cost offers. Widespread exclusions would affect the robustness of product design and pricing, reducing the potential benefits to all customers.

the costs to competition and innovation from a more onerous industry specific regime.

― The competitive impact of this approach would fall most heavily on new service offerings and service offerings by new classes of market participants, with a potential cost to customer service and innovation.

These issues are explored in greater detail in the following section.

4.3 Differentiating between possible suppliers: competitive effectsIn this Section, we discuss the commercial implications of adopting industry specific requirements when the range of services customers seek could potentially be provided by a range of participants, including participants not covered by energy market regulations.

The Lockstep Report, while considering services provided by third parties, did so explicitly within the context of the existing market participants. Metering data was supplied by the customer’s distributor or retailer data from the customer’s HAN was only expected to be used by the customer’s retailer or distributor45. Given these relationships, Lockstep

45 The Lockstep Report took the view that even if some “advanced services” were provided by third parties who were not themselves registered market participants, meter data would be required and would be supplied either with a short lag from a customer’s existing retailer or distributor or direct from the meter. In

68


recommended RBs’ and DBs’ Privacy Policies would need to anticipate the sharing of data and circumscribe access to that data (Recommendation 3), the extension of the Electricity Marketing Code to third parties (Recommendation 9) and the development of an Opt-In Policy requiring explicit customer consent and individual customer contracts for secondary uses (Recommendation 4).

However, the range of likely service providers is expanding beyond retailers and distributors. The EMWRG has considered the existence of a new class of energy market participant operating in the energy information or energy management markets and the requirements that might apply to these participants. EMWRG is considering a form of authorisation or registration, which would include customer consent and privacy obligations, but has not discussed whether these obligations would be identical to those to which current market participants are subject. EMRWG’s current views are that obligations under, for example, the NECF would extend to the agents of a retailer or distributor, but would not be extended to other parties not acting as agents46.

In addition, as a range of industry participants already give the customer (close to) real time access to metering data in a range of applications, it is relatively easy to envisage third party applications that request a customer’s metering data directly from the customer and not from the customer’s retailer or distributor. Metering data may not even be required: this issue is discussed below.

The following discussion looks at the potential commercial issues which arise in applying these recommendations where: industry specific requirements have the potential to either disadvantage or privilege

market participants at the expense of other potential service providers; the service provider is not (linked to) the customer’s retailer or distributor, but is

linked to the energy market, for example through the proposed energy market data system; or

the service provider is not (linked to) the customer’s retailer or distributor and:― the customer’s metering data is not required for the delivery of the service; or― the customer’s metering data is required for the delivery of the service, but is

not supplied through the customer’s HAN.

4.3.1 Should energy market participants be treated differently?What are the implications of including a broad range of permitted uses in standard customer contracts and including in the direct marketing Opt-Out clause certain relatively narrow uses of metering data? This approach could reinforce existing industry participants’ role in providing these

services to customers. All customers are effectively compelled to enter into a contractual relationship with an electricity retailer, whether implied (deemed) or explicit and, may (be required to) have a contractual relationship with a distributor. If a retailer or distributor is entitled to include a wide range of purposes for the use of metering data in that contractual relationship, then the retailer or distributor is

addition, reflecting stakeholder feedback, the Report took the position that “there is very little prospect of an explosion of third party services”, shifting any need to consider the privacy implications of these services to some later date. (Lockstep, p. 18). We think this assessment that there was little prospect of an explosion of third party service providers may be incorrect, considering current developments.46 Standing Council on Energy and Resources Senior Committee of Officials’ Energy Market Reform Working Group, National Smart Meter Consumer Protection and Safety Review, Officials’ Report, November 2012

69


competitively advantaged relative to a third party without a similar (compulsory) relationship. On the other hand, this differential treatment is consistent with the requirements of the APPs. Further, abuse of the relationship, for example, through third line forcing, is subject to the requirements of legislated consumer protections more generally.

The case for differentiating between the electricity industry and other industries in relation to the allowable purposes for customer metering data might be made in relation to either the essential nature of the service and the absence of real customer choice or, alternatively, the effects on innovation of not restricting the use of data by existing industry participants.

― The absence of effective customer choice not to purchase the service could justify a higher degree of privacy control on the marketing and product offerings of electricity industry participants than participants in other sectors. This argument is used in the treatment of some other elements of the retailer/customer relationship, such as in the treatment of arrears and non-payment. However, in potentially restricting industry participants’ ability to use metering data to its maximum benefit, the case for the benefits of interval meters more generally is undermined.

However, allowing industry participants to include a broad range of permitted uses in standard customer contracts and including in the direct marketing Opt-Out clause certain relatively narrow uses of metering data, could represent a barrier to market entry.

― This barrier is similar to that in other industries where the supplier has, by virtue of a relationship with the customer, better information on the customer than its competitors.

― As we argue below, as it is possible to consider unrelated third party suppliers providing a range of customer initiated services, possibly without requiring access to metering data, this barrier may be significant only where real time metering data is essential to the delivery of the service.

Perhaps more importantly in the context of competition, innovation and customer choice, what are the implications of considering only energy market participants when the range of potential service providers is wider than this group?

4.3.2 Other service providersAs Section 3.6 discusses, energy market laws are limited in their scope and potential service providers who are not market participants are not covered by existing energy laws. In the following sections we discuss the possibility that potential service providers can offer services to customers without access to near real-time metering data or access to the HAN, so even if regulation of the supply of real time meter data from the HAN by a customer to a service provider was desirable and practical, not all services or service providers are likely to be captured by this form of regulation. If, then, consistency of the treatment of metering data is important across all possible users of that data, some form of voluntary Code may be the most effective way of achieving this.

However, the higher the industry specific privacy restrictions applied to the use of metering data, the less attractive voluntary compliance with an industry specific policy is likely to be. If third party suppliers outside the scope of energy market specific legislation, but covered by national privacy legislation, face a less onerous negotiation

70


with a customer about the permitted uses of the customer’s data – for example, not being required to negotiate separate contracts for each use – while still meeting national standards, the incentive to adopt a higher voluntary standard is low in the absence of some driver from customer preferences. This trade-off between consistency and the level of incremental privacy control is important in an area where not all service providers can be directly covered by a single regulatory framework.

4.3.2.1 Potential suppliers inside the scope of energy market specific legislationThe EMWRG has considered the existence of a new class of energy market participant operating in the energy information or energy management markets and the requirements that might apply to these participants. EMWRG is considering a form of authorisation or registration, which would include customer consent and privacy obligations, but has not discussed whether these obligations would be identical to or lower or higher than those to which current market participants are subject.

This class of service provider is likely to be subject to the general requirements of the NER for data security and may be subject to specific data requirements for customer consent and privacy relating directly to the services provided. However, the EMRWG’s current views that obligations under the NECF would not be extended to other parties not acting as agents suggests that data use by these parties would not be covered by permitted uses included in standard customer contracts47. However, subject to the threshold requirement for annual turnover in the APPs48, this class of provider would be covered by the APPs, which require secondary data uses to receive customer consent.

4.3.2.2 Potential suppliers outside the scope of energy market specific legislationA range of industry participants already give the customer (close to) real time access to metering data in a range of applications. That data can facilitate third party applications accessing a customer’s metering data directly from the customer and not from the customer’s retailer or distributor. If customer initiated uses can be supplied by a third party without a relationship to the customer’s existing retailer or distributor49, than an Opt-In Policy (Recommendation 4) or voluntary industry code would be effective only to the extent that the supplier voluntarily adopts the policy, perhaps in response to customers’ preferences. However, subject to the threshold revenue test, the APPs would apply to the third party’s handling of the customer’s data. For this category of suppliers in particular, relying on the APPs may provide a more extensive coverage of potential service providers than relying on voluntary compliance with an Opt-In policy that is more onerous than the APPs.

Small third party suppliers outside the scope of energy market specific legislation fall below the coverage of the national privacy legislation, consistent with the intention of that legislation – these suppliers assume obligations only to the extent that customers’ requirements and commercial conditions require. Again, the higher the level of industry specific privacy protection required for data use, the less likely a small third party supplier will be to voluntarily adopt industry specific requirements.

47 Standing Council on Energy and Resources Senior Committee of Officials’ Energy Market Reform Working Group, National Smart Meter Consumer Protection and Safety Review, Officials’ Report, November 201248 Assuming that the entity in question is a company.49 Or, in the future, as envisaged by the Power of Choice Review, other service providers such as ESCOs that choose to participate in the NEM.

71


4.3.2.3 Services where metering data is not requiredTo supply a range of the services that customers may use to reduce their electricity costs or their electricity usage, connection to a customer’s HAN and/or access to real-time metering data may not even be required. Some available services already provide customers with (elements of) the functionality that it was anticipated would be supported by a smart meter – for example, remote appliance controls for heating and cooling are available in internet and smart phone supported applications for businesses and residences50 – and other services envisaged as being supported by a smart meter linked HAN, such as smart appliance monitoring and operation, could also be supported through the internet without first requiring a smart meter linked HAN. In these cases, only where the supplier voluntarily adopts the proposed Opt-In Policy (Recommendation 4) or a voluntary industry code, will the requirements of the Policy or code be likely to apply.

Similarly, customer initiated services that don’t require real-time (or close to real-time) metering data – for example, energy efficiency advice, bill validation and investment support – don’t require connection to a customer’s HAN. As an example, a customer could provide a file of its own (backwards looking) consumption data, supplemented by any other information required by the service provider to procure the service. If the service provider is not covered by energy market specific legislation, then it is likely to apply only where the supplier voluntarily adopts the proposed Opt-In Policy (Recommendation 4) or a voluntary industry code51. However, depending on the services energy market participants are able to offer customers without explicit consent, the same services provided by a supplier covered by energy market specific legislation could be subject to requirements for separate contracting and explicit consent, whether or not the required data is delivered by accessing the metering data directly.

Finally, customers may choose to consent to (or may be indifferent to) the use of their data for secondary purposes where, in exchange, the customer receives a service which is of value to the customer. Should a customer be entitled to allow the secondary use of its metering data in this way without express consent and separate contracts being required? For example, a customer could choose to supply its metering data – either from the meter directly through its HAN or indirectly, by downloading its data from the HAN or some other access point and then uploading the data to a third party – in exchange for analysis of its usage and energy efficiency advice, while simultaneously supporting the development of a data base to support appliance inference algorithms that will subsequently be used for predictive purposes in a range of commercial applications52. Requiring explicit consent and separate contracts even where the

50 For a controls based application, see http://www.nest.com/ and for applications available in the Australian market see http://www.smarthome.com.au/all-z-wave-products/318-remote-thermostat-for-zwave.html and recent coverage in Ecolibrium magazine. 51 One of the consequences of applying regulations that affect different service providers differently can be seen in considering the outcomes from the perspective of a customer seeking a service. Depending on the services energy market participants are able to offer customers without explicit consent, a third party might require only the customer’s acceptance of a contract for services, while the same services provided by a supplier covered by energy market specific legislation could be subject to requirements for separate contracting and explicit consent, whether or not the required data is delivered by accessing the metering data directly.52 Even with only half-hourly data, if that data is coupled with information on the appliances installed and maybe a diary of usage, some level of disaggregation can be undertaken. Given sufficient information on households’ typical appliance sets and a sufficiently large number of households, analysis could drill down

72

http://www.smarthome.com.au/all-z-wave-products/318-remote-thermostat-for-zwave.html

http://www.nest.com/


customer initiates the data use for a service valued by the customer limits customer sovereignty and risks deterring innovation by restricting the ways in which new services can be initially funded. In addition, depending on the way in which the customer makes its data available, the requirement may also give rise to an outcome that is not competitively neutral, discriminating against parties within the scope of energy market specific legislation who may be subject to higher privacy related metering data exclusions than those outside.

4.4 Summary and recommendationsThe typical uses of metering data include a wide range of functions (Table 4.8) that, when the risk of a breach of customer privacy is assessed, present no basis for customer concern. Aggregated uses of customer metering data and automated batch processing tasks, such as market settlement, do not typically include data that would allow individual customer’s characteristics to be identified, suggesting that the use of interval metering data should raise no new or additional privacy concerns about the functioning of these processes. Where we believe that a process or use of metering data should give rise to no new privacy concern, we have classified that data use as a permitted use, by which we mean consistent with the definition of either primary or secondary use under the APPs. Table 4.9 lists metering data uses by the party that initiates the use and summarises our view of the permitted uses, as well as identifying a small group of functions – direct marketing and the marketing of load control and demand management services by distributors and retailers – that we believe should be subject to further analysis, before deciding whether these uses should be: permitted uses, based on a comparison of the incremental privacy benefits from

excluding these uses from the permitted use category with the direct and indirect costs of their exclusion;

subject to an Opt-Out clause, limited to these activities, consistent with the requirements of the APPs relating to direct marketing ; or

subject to an explicit Opt-In clause and separate contracts, consistent with the more onerous requirements of the Lockstep recommendations.

If consistency across the electricity sector is considered desirable in the definition of permitted uses and the requirement for customer consents, then our view is that the preferred approach would be to: include a standard range of consents in customer contracts to cover the permitted

uses of activities included in Table 4.9; and depending on the further analysis recommended, consent to direct marketing and

the marketing of load control and demand management services by distributors and retailers to be implemented either on an Opt-Out or an Opt-In basis as part of standard customer contracts.

below aggregate interval data to infer what appliances are being used when. For example, one company seeking to commercialise this type of application is Onzo Limited, which claims at http://www.onzo.com/presentations: “Onzo’s appliance inference algorithms have been designed to bring a new level of insight to consumers and service providers. Using a single energy feed, either from a clip-on sensor or a smart meter, they are able to determine which appliances are being used, as well as when and how much energy each appliance is using. The resulting log of appliance usage has numerous applications, ranging from utility insight, customer behaviour change, appliance monitoring, assisted living and innovative new service offerings.”

73

http://www.onzo.com/presentations


However, in considering this approach, the difficulties that industry specific regulation has in capturing a rapidly changing competitive environment need to be borne in mind. Since the publication of the Report, the AEMC has raised the potential for the introduction of a new class of energy market participant, while the EMRWG has looked at the possibility of facilitating the wider use of customer metering data by the introduction of a consumer energy data access system. There is a strong prospect that, for a wide range of those customer services that interval metering data was seen to be important in facilitating, these services may be provided by a range of entities outside the coverage of energy regulatory coverage. This is particularly the case where neither (near) real time data nor access to the customer’s HAN is required. A voluntary industry code dealing with the potential privacy issues raised by the use of metering data, similar to the Lockstep proposal, is the best prospect for achieving the coverage of all potential service providers, but the higher the controls over and above those required by the APPs for managing privacy implications of metering data where they arise, the lower the likelihood of voluntary participation.Considering all these issues, we recommend: applying a limited industry specific privacy regime to energy market participants,

preferably through the development of common standard contract terms to cover permitted uses of metering data;

subject to the outcome of the further analysis recommended, an Opt-Out regime for the use of interval metering data in direct marketing and the marketing of load control and demand management services by distributors and retailers; and;


Broadly, our recommendations are consistent with the EMWRG’s approach to third party offerings, particularly those not requiring meter access.53 Our recommendations are summarised in Table 4.10 below.


74


Table 4.10: Summary of recommended regulatory coverage by source of the data and company turnover


Turnover



























75



Turnover








However, regardless of If data sourced from energy market data system, user should be required to adhere to relevant energy market regulatory requirements (e.g. those requirements to be applied to this class of participants for data confidentiality, security etc.).55


However, regardless of If data sourced from energy market data system, user should be required to adhere to relevant energy market regulatory requirements (e.g. those requirements to be applied to this class of participants for data confidentiality, security etc.).56














76



Turnover




4.5 Implications for implementing Lockstep’s recommendationsIn considering the relationship between our recommendations and the implications for implementing each of Lockstep’s recommendations, we have used the materiality definitions outlined in Section 2.3.3.2. Those definitions are repeated in Table 4.11 below.

Table 4.11: Definition of materiality – commercial analysis


Red Intent of the recommendations should be implemented: Major issues or potential conflicts/inconsistencies identified in the recommended approach that need to be addressed prior to considering implementation.


Green Intent of the recommendations should be implemented. Minimal or no issues only minor points of clarification and implementation level detail identified in the approach to be addressed prior to implementation


In Table 4.12, we have synthesised the earlier legal analysis and the commercial issues discussed in this section. We have grouped the Lockstep recommendations to better reflect the sequence of our view about the materiality of the issues to be considered, rather than, as in the previous Section, dealing with the recommendations sequentially.

We strongly support the four Lockstep recommendations relating to increased public awareness, listed below and not included in Table 4.12. While elements of the original recommendations require adjustment to reflect a national focus and responsibility, and the content of any campaign should reflect current concerns about customer privacy, there recommendations should proceed, but only after once the major issues for the other recommendations to be implemented are resolved. This will provide certainty and completeness in the messages of the proposed awareness campaigns. Recommendation 5: A fresh awareness campaign should be mounted to improve

consumers’ understanding of smart metering and privacy. The campaign should be centered on a commitment by all organisations involved in AMI to (a) complying with the NPPs in the handling of metering data and, (b) not putting metering data to any secondary use without the consumer expressly opting in.

Recommendation 10: The recommended awareness campaign could be coordinated by a reenergised AMI Communications Working Group. The campaign might include

77


fresh letters to householders, new FAQs and other materials that would best be defined in detail by communications professionals.

Recommendation 11: New messaging about smart metering privacy should probably come from government, to lend it authority and credibility and because there is not a widespread understanding in the community of the role of electricity distributors and retailers, or even awareness of all the players. Further, the new government’s past undertakings to review the AMI program makes it logical for an appropriate Minister to lead the new messaging.

Recommendation 12: The awareness campaign should consider promoting the following privacy positive features of AMI:

― existing regulations and sanctions under the NER, ESC and so on that protect consumers against abuse of metering data;

― the purpose of interval data collection;― how TOU pricing works;― the meaning of the flashing lights;― the policy of Recommendation 4 (to be confirmed) that all secondary uses of

metering data shall be subject to express consent;― how direct load control works;― security measures taken to protect meters, detect tampering etc;― security measures taken to protect access to consumption data;― the absence of name and address details in transmitted metering data, which is

identified only by NMI;― the governance measures that control HANs and restrict access;― the extent to which any party can tell if a home alarm system is present; and― the fact that all meter-to-DB communications and all HAN traffic is encrypted.

Table 4.12: Lockstep recommendations – commercial analysis by materiality


Implement intent of recommendation: major issues need to be resolved

1 Red Entities covered by the APPs will be required to address these issues in response to the legislative timeline to comply with the Privacy Act.

However, if a consistent industry specific response is desirable, then the proposed adoption of a narrow primary purpose for interval metering data uses only and the intention to restrict the potential for third party use needs to be carefully examined. In assessing this recommendation, both the commercial and practical implications of treating interval metering data differently from other metering data and the policy implications for innovation should be considered.

While we support the intent of this recommendation, we recommend an alternative approach, allowing for a wide range of permitted uses and a narrow set of uses related to direct marketing subject to further consideration. See Section 4.4.

2 Red Entities covered by the APPs will be required to address these issues in response to the legislative timeline to comply with the Privacy Act.

We support the intent of this recommendation. However, if a consistent industry specific response is desirable, the case for requiring an interval

78



meter specific Privacy Policy and restricting the scope of the recommendation to Distribution and Retail Businesses only needs to be considered. Further, whether the intention of this recommendation was for an independent third party review or that the businesses would need to satisfy themselves that their policies are consistent with their legislative requirements, requires clarification.

See discussion in Section 4.4

4 Red The wider application of this recommendation to uses that seem reasonably related to the primary purpose for collection has been addressed in the discussion relating to Recommendation 1, above.

The implementation of this recommendation with respect to direct marketing activities and the marketing of load control and demand management services using metering data also requires further thought in relation to the coverage of third parties and the extent to which, in introducing a regime that relies on suppliers’ voluntary co-operation, it can be enforced.

Our preference (see Section 4.4) is for a narrow application of this proposal and an Opt-Out regime, consistent with the APPs and maximising the potential for voluntary adoption of this treatment by entities not captured by energy market regulations.

9 Red We support the intent of this recommendation. However, even if this recommendation was operational in the form made, (see Table 3.7), other mechanisms exist to control the marketing conduct of companies57. We have recommended assessing an alternative to this approach, deeming metering data to be personal information for the purposes of the direct marketing opt out provisions in the APPs.

Consideration is also being given to the regulatory treatment of marketing activities by distribution businesses and, in this consideration, the privacy issues relating to direct marketing should be taken into account.

22 Red While we agree that HAN procedures, yet to be developed, should take into account customers’ privacy concerns, in particular relating to the closure of accounts and the (involuntary) disclosure of previous residents’ consumption, we do not support the recommendation for a wide Opt-In policy and express consent for all secondary uses of metering data. In particular, our view is that customer initiated uses should not be subject to oversight in this way.

Implement intent of recommendation: minor issues or potential conflicts to be resolved

15 Yellow We agree that the intention of this recommendation could assist in improving consumer awareness and reinforcing a common understanding of privacy in relation to smart metering data.

While this recommendation suggests voluntary take-up, then how coverage of “all organisations involved in AMI” and whether this recommendation is required in circumstances where the customer initiates the use of the

57 DBs may be looking to develop marketing relationships with customers through, for example, an in-home display. While this is relevant, considering whether this would bring DBs within the scope of the Marketing Code is outside our scope.

79



interval metering data, need to be considered.

The implementation of this recommendation could be part of the activities associated with the development of a voluntary industry code. However, our view is that the more onerous the obligations of any such code relative to the requirements of the APPs, the less likely suppliers will voluntarily adopt its provisions.

19 Yellow Implementing the intent of this recommendation could provide value to customers and the market more broadly.

However, the responsibility for this recommendation and the coverage of the organisations involved are unclear, when considered in the context of the national electricity market.

This recommendation also goes beyond the requirements of APP 12 which deals with access to personal information but does not require a specific format to be agreed. It also goes beyond the NER and other energy market regulatory instruments which also do not mandate a specific form of data provision and which may need to be amended should this recommendation be implemented.

To some extent, this requirement may be overtaken by the requirements of an energy market data system. We are also unclear about the overall costs and benefits of implementing this recommendation.

21 Yellow We agree that HAN procedures, yet to be developed, should take into account customers’ privacy concerns, in particular relating to the closure of accounts and the (involuntary) disclosure of previous residents’ consumption.

The technical requirement for this recommendation in this form will need to be considered, i.e. whether the NECF or NER are the appropriate instruments to amend to address this recommendation.

Practical issues also need to be considered. For example, if the HAN is likely to be supported by an occupant’s own internet, then, assuming the new occupant replaces the previous occupant’s network and the previous occupant’s network is unable to link to the meter in the previous premise, the recommendation may be redundant. Similarly, prior to developing detailed protocols, consideration should be given to who owns an in-home display: will it stay with the premise or follow the occupant? If the former, then on the change of account, the in-home display’s settings should be required to revert to the default specification as part of a close account procedure. If the latter, then, assuming the in-home display is unable to link to the meter in the previous premise, the recommendation may be redundant.

Implement intent of recommendation: minimal or no issues to be resolved

14 Green Entities covered by the APPs will be required to address this issue to the extent that the APPs place this obligation on the entity.

If a consistent industry specific response is desirable, then a response to this recommendation requires prior issues relating to the permitted uses of metering data to be decided.

80



24 Green This recommendation will have value in Victoria, subject to the choice of an appropriate term that is consistent with the definitions used in the privacy legislation.

The recommendation, however, may not be valuable in a national context.

Value of implementing recommendation requires clarification

3 White Entities covered by the APPs will be required to address these issues, to the extent that their view of the APPs requires, in response to the legislative timeline for compliance.

Further, the APPs do not allow Retailers and Distributors to contract out of their Privacy Obligations, so the requirement for this recommendation in relation to related parties and agents is unclear. If, on the other hand, this recommendation is intended to apply to unrelated third parties, then the implications for customers’ use of the customer’s data, both in relation to the restriction of customer’s rights and in the context of competition policy, need to be considered.

6 White The case for mandating this recommendation as an explicit addition to existing privacy requirements is questionable.

Entities covered by the APPs are required to address these issues and will do so in the manner most appropriate to their circumstances. In consequence, this recommendation is consistent with good business practice in complying with the requirements of the APPs.

If industry participants are thought to require specific additional focus in this area, is an industry specific policy appropriate as opposed to, for example, some additional focus on sector compliance by the national Privacy Commissioner?

7 White There may be a business case for reducing the number of duplicate copies of detailed data that is held for long periods. That business case should be assessed on its merits. Mandating this through the NER is of questionable value.

8 White There may be a business case for individual businesses considering the time of retention and level of granularity in the data held after 7 years and, if there are regulatory obligations that may prevent this happening, those regulations could be reviewed. Our work has not exhaustively surveyed energy or other regulations for the existence of specific obligations relating to data retention. However, an informal survey suggests that there are no specific regulatory requirements driving the 7 year retention rule58. Debt collections, for example, are a matter for commercial judgement as to the benefit/cost relationship for aged collections and are also subject to ASIC/ACCC guidelines which require information to be retained on the basis for the calculation of the amount owing. There may be legitimate reasons why a business may wish to retain metering data for longer periods of time.

We would expect individual businesses would assess the business case for

58 A recent overview of policies in this area by the Public Record Office Victoria, Use of Back-up Technology to Archive: Issues Paper, 2012, suggests the 7 year period often thought to be binding on Victorian public agencies is based on a “misunderstanding [that] may have arisen because a seven-year retention period is common for financial records.”, p. 14

81



retention to be assessed on its merits. There may be uses of data where more than 7 years is relevant, although the required level of granularity may not include personal information.

13 White Incoming residents do not presently have the right to access past previous residents’ metering data under the existing regulatory regime and the case for extending this right is not explored in detail in the Lockstep Report59.

We do not support this recommendation and, from a commercial perspective, it is unclear in what circumstances the previous occupant’s data would be valuable to the incoming resident. If, for example, the intention was to provide a new occupant with a guide to their potential energy efficiency savings, then, as household energy consumption patterns can differ widely depending on the composition of the household, the use of a “representative occupant” with similar lifestyle patterns and appliances may be of more value to the occupant, even where the “representative occupant” is a statistical construct not based directly on the previous occupant’s usage.

16 White This recommendation is intended to provide more onerous treatment of small, possibly unrelated third party suppliers than that required by the APPs. The recommendation raises questions as to whether a separate industry regime is required and, when considering the range of potential suppliers, whether it can be enforced.

Our preference is to rely on the APPs for all entities outside the energy markets. While we appreciate the privacy concerns raised by consumers, we see no case for more onerous treatment of small entities in this area compared with other industries where similar privacy related concerns may be evident but firms falling below the threshold annual revenue are not required to opt In to the APPs.

17 White A case needs to be made for industry wide standards in addition to the requirements of the APPs. Changes to the NER and energy market regulatory instruments which do not cover industry wide minimum security settings would be required.

18 White In line with the discussion of Recommendation 3, this recommendation needs to be considered in the light of the potential restriction of customer’s rights and in the context of competition policy.

We understand the implementation of the Power of Choice recommendations is already considering changes to Chapter 7 of the NER and including clarifying issues such as third party access to data.

20 White While this could be done, the case for government intervention needs to be made. International evidence suggests that material privacy breaches have commercial implications.

23 White We doubt the practicality and enforceability of this recommendation. Under energy market laws the customer is the energy account holder and

59 We understand this recommendation is not related to the use, for example, of the previous occupant’s data in estimation and substitution regimes, but relates to circumstances where, for example, a new occupant might want to draw on the previous occupant’s data as a basis for estimating its expected consumption or to understand elements of a proposed retail tariff, such as a critical peak price offering.

82



whose authorisation would be required to access the metering data.

Further, in our view, other routes to the same end, for example using the internet to monitor the performance of individual appliances, may be preferred by both the customer and supplier and would be unaffected by this recommendation. See the discussion in Section 4.3.2.

83


5 RecommendationsIn adopting the precautionary approach, the Lockstep Report anticipated the changes to the Privacy Act passed in late 2012, in particular the new definition of personal information and the possible application of the APPs to metering data. However, Lockstep’s approach recommending that individuals should provide express consent to any use for secondary purposes of their personal information goes further than the requirements of the APPs. While consistent with the APPs and State privacy legislation, which provide that consent constitutes an exception to the general prohibition against use and disclosure of personal information for secondary purposes, the APPs do not require express consent.

We have compared the NPPs on which the Lockstep recommendations are based with the APPs and the relevant privacy instrument in each jurisdiction. We have not identified any inconsistency between the APPs or State and Territory privacy legislation and the NPPs that would render the recommendations of the Lockstep Report, adopted on the basis of the NPPs, incompatible with the APPs or State and Territory privacy legislation. Some aspect of the recommendations will need some fine-tuning in order to ensure compliance with the APPs.

Considered more specifically in the context of their interaction with energy laws, in a small number of important areas, the Lockstep recommendations may have adverse impacts or unintended consequences. In particular: the proposed definition of the primary purpose for interval metering data is

inconsistent with some identified national and State energy laws and regulations and may be inconsistent with other instruments not reviewed; and

the Opt-In model is inconsistent with some jurisdictional energy regulations.

These inconsistencies would be required to be identified, assessed and addressed, potentially by widespread changes to energy laws. In addition, we have identified some issues where the issue is not one of strict legal compliance but whether the associated recommendation is in all circumstances practicable; that is, what the appropriate instrument for achieving the recommended outcome should be and, in some cases, whether the coverage of energy laws and regulations can be extended to achieve the desired objective.

In building on the legal analysis to consider the commercial implications of the recommendations, we have considered: Customers’ concerns and customer protection issues relating to the potential uses of



84




A national cost-benefit analysis undertaken for the MCE; and Reviews undertaken in Victoria after rollout had commenced by Futura

Consulting with additional commentary from Oakley Greenwood and by Deloitte.


― In thinking about the issues raised by the party initiating the data use, our position starts from the perspective that there is no case for restricting choices that customers initiate on their own behalf. Following on from this principle, the implications for competition and innovation from industry specific regulation need to be considered: to what extent are existing providers disadvantaged relative to potential providers and what is the additional cost, considered in benefits foregone, of this disadvantage?

― Possible service providers could include: existing classes of energy industry participants; potential and existing energy market service providers who may access data from the energy market system which has been the subject of a scoping study by the Commonwealth, for example; and, other potential suppliers dealing directly with customers. In considering how this last group in particular in relation to industry specific regulation, issues arise relating to the ability of energy law to include this group in industry specific regulation. There are also implications for competition and the achievable benefits of interval meters.

Considering all these issues, we recommend: applying a limited industry specific privacy regime to energy market participants,

preferably through the development of common standard contract terms to cover permitted uses of metering data;

subject to the outcome of the further analysis recommended, adopting an Opt-Out regime for the use of interval metering data in direct marketing and the marketing of load control and demand management services by distributors and retailers;

relying on the APPs for businesses falling below the threshold annual revenues required for the Privacy Act to apply; and


Broadly, our recommendations are consistent with the EMWRG’s approach to third party offerings, particularly those not requiring meter access60. Our recommendations relating to classes of service provider are summarised in Table 4.10 and repeated below for convenience.


85


Table 5.13 Summary of recommended regulatory coverage by source of the data and company turnover


Turnover



























86



Turnover
























87



Turnover




5.1 Key recommendationsA decision on the most efficient and effective manner to protect consumers’ privacy first requires: A decision on the permitted uses of metering data and, where industry consistency is

considered desirable, the preferred implementation approach. We propose that, with the exception of direct marketing and the marketing of load control and demand management products using metering data, all other uses of metering data should be regarded as permitted uses. Our recommendations relating to the principle uses of metering data are detailed in Table 4.9.

We have also identified three potential ways in which these uses could be standardised across the industry and recommend the inclusion of permitted uses in standard customer contract terms for retailers and distributors. In the case of direct marketing and the marketing of load control and demand management products using metering data, we acknowledge that both customer concerns and the approach to direct marketing in the APPs suggest a higher level of privacy related controls.

― We propose that, subject to further analysis of the benefits and costs of this recommendation, metering data used in this way could be deemed to be personal information and, consistent to the treatment in the APPs, subject to a customer opt-out of its uses for these purposes.

The recommended analysis should consider: ― the benefits of the incremental privacy protection, relative to that that would

be provided by the APPs; ― the potential costs, both direct (systems and other costs of implementation)

and indirect (the effects on the estimated benefits of the introduction of interval meters) of the recommendations; Core benefits expected from the introduction of interval meters would be

reduced to the extent that customers, required to provide explicit consent, refuse.

The cost of the refusal may not be limited to the customer’s self-exclusion from better services or lower cost offers. Widespread exclusions would affect the robustness of product design and pricing, reducing the potential benefits to all customers.

― the costs to competition and innovation from a more onerous industry specific regime. The competitive impact of this approach would fall most heavily on new

service offerings and service offerings by new classes of market participants, with a potential cost to customer service and innovation.

88


Recognising that these are material issues that should precede any other action on the Lockstep recommendations, we have grouped the Lockstep recommendations to reflect a staged roll-out, with these prior questions answered before a number of other recommendations are considered (Table 4.11). In effect, this grouping represents a first cut implementation plan (Section Error: Reference source not found).

We strongly support the four Lockstep recommendations (5, 10, 11 and 12) relating to increased public awareness, not included in Table 4.12. While elements of the original recommendations require adjustment to reflect a national focus and responsibility and the content of any campaign should reflect current concerns about customer privacy, these recommendations should proceed, but only after once the major issues for the other recommendations to be implemented are resolved. This will provide certainty and completeness in the messages of the proposed awareness campaigns.

Table 5.14 Summary of implications for implementing Lockstep recommendations by materiality – commercial perspective

Category Definition or basis Recommendation numbers

Red Intent of the recommendations should be implemented: Major issues or potential conflicts/inconsistencies identified in the approach that need to be addressed prior to considering implementing.

Recommendations 1, 2, 4, 9 and 22.


Recommendations 15, 19 and 21.

Green Intent of the recommendations should be implemented. Minimal or no issues - only minor points of clarification and implementation level detail identified in the approach to be addressed prior to implementing the recommendations.

Recommendations 14 and 24.


Recommendations 3, 6, 7, 8, 13, 16, 17, 18, 20 and 23.

5.1.1 Other recommendationsOur analysis has also identified other recommendations including: addressing minor inconsistencies between regulatory instruments and the Lockstep

recommendations as outlined in Section 3.6.1.3; addressing other recommendations as detailed in Section 4.5; investigating the implications of potential duplication between the requirements of

the NER and some of the State specific metering codes; and deferring the implementation of a number of the Lockstep recommendations until

the major issues are resolved, in particular the awareness campaigns.

5.2 Next steps/implementation

89


Recognising that the resolution of material issues should precede any other action on the Lockstep recommendations, we have grouped the Lockstep recommendations to reflect a staged roll-out, with these prior questions answered before the other recommendations are considered (Table 4.12). In effect, this grouping represents a first cut implementation plan.

In brief we would recommend the following approach to implementing the Lockstep recommendations: Address major issues – in particular permitted use and coverage. This would also

include consideration of all data stored and / or created by a smart meter beyond just metering data;

Address less material issues – in particular Sections 4.5 and 5.1.1; Develop timing for implementation of remaining recommendations – once key issues

are addressed the timing for implementation can be more readily developed; and Implement relevant recommendations.

90


A. References

Privacy legislation and regulationNational

The Information Privacy Principles (IPPs) from Schedule 3 of the Privacy Act 1988 (Cth)

The Australian Privacy Principles (APPs) from Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)

Jurisdictional

Australian Capital Territory

Schedule 3 of the Australian Capital Territory Government Service (Consequential Provisions) Act 1994 (ACT)

New South Wales

The Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act)

Northern Territory

The Information Act 2002 (NT)

Queensland

The Information Privacy Act 2009 (Qld) (QIP Act)

South Australia

The Cabinet administrative instruction 1/89, also known as the Information Privacy Principles Instruction, and Premier and Cabinet Circular 12 (as amended by Cabinet 18 May 2009)

Tasmania

The Personal Information Protection Act 2004 (Tas) (PIP Act)

Victoria

―64

Western Australia

The Information Privacy Bill 2007

The Freedom of Information Act 1992

Energy industry rules and regulatory instrumentsNational

National Electricity Law (NEL)

National Electricity Rules (NER)

National Energy Retail Law (NERL)

National Energy Retail Rules (NERR) 2012

64 We did not review any Victorian specific privacy legislation as this was already considered as part of the Lockstep report.

91

http://www.comlaw.gov.au/Details/C2012A00197/Html/Text#_Toc343175853



Electricity Retail Authorisation (under the National Energy Retail Law)

Jurisdictional

Australian Capital Territory

ActewAGL Distribution Licence

Electricity Feed-In Code 2012, Schedule 4, Applicability of Consumer Protection Code

Independent Competition and Regulatory Commission Act 1997 (ACT)

Utilities Act 2000 (ACT)

New South Wales

Appendix F of the Compliance Reporting Manual for Electricity Retail Suppliers (Electricity retail supplier licence conditions and obligations under licence conditions)

Electricity Supply Act 1995 (NSW)

Electricity Supply (General) Regulations 2001 (NSW)

Energy Marketing Code of Conduct

Independent Pricing and Regulatory Tribunal Act 1992 (NSW)

Market Operation Rules (NSW Rules for Electricity Metering) 2001

Market Operations (NSW Transfer Rules for Retail Electricity Supply) Rule No. 4 of 2009

National Electricity (New South Wales) Act 1997

Schedule listing ministerially imposed Licence Conditions for Distribution Network Service Providers

Schedule listing ministerially imposed Licence Conditions for Electricity Retail Service Providers

Northern Territory

―65

Queensland

Electricity Act 1994 (Qld)

Electricity Industry Code (Qld)

Annexure B to the Electricity Industry Code (Standard Retail Contract) (for a small customer who has not signed a Negotiated Retail Contract)

Electricity Regulation 2006 (Qld)

Pro forma Distribution Authority

Pro forma Retail Authority with a retail area or without a retail area

Queensland Competition Authority Act 1997

South Australia

Electricity Act 1996 (SA)

65 Consistent with our scope of work we did not review any NT energy market regulations.

92


Electricity Distribution Code 2012 (SA)

Electricity (General) Regulations 2012 (SA)

Electricity Metering Code (SA)

Essential Services Commission Act 2002 (SA)

ETSA Utilities Electricity Distribution licence

National Electricity (South Australia) Act 1996

Prepayment Meter System Code (SA)

Tasmania

Electricity Supply Industry Act 1995

Electricity Supply Industry (Customer) Regulations 2012

Electricity Supply Industry Distribution Licence – Aurora Energy Pty Ltd

Electricity Supply Industry (Network Performance Requirements) Regulations 2007 (TAS)

Electricity Supply Industry (Price Control and Related Matters) Regulations 2012 (TAS)

Electricity Supply Industry Regulations 2008 (TAS)

Victoria

Electricity Customer Metering Code 2012 (Vic)

Electricity Distribution Code 2012 (Vic)

Energy Retail Code 2012 (Vic)

ACTEW Retail Limited, AGH ACT Retail Investments Pty Ltd Trading as ACTEWAGL Retail Electricity Retail Licence as varied on 31 July 2002

SPI Electricity Pty Ltd Electricity Distribution Licence as varied 14 January 2005

By way of example, Appendix D includes a review of specific licences. In jurisdictions where there is more than one relevant licensee, an assumption is made that the identified provisions are uniform across all licences. This seems reasonable given the nature of the obligations which are general rather than specific to the particular licensee.

Western Australia

Code of Conduct for the Supply of Electricity to Small Use Customers (Electricity) – Part 10

Electricity Industry (Metering) Code 2012 – Clause 5.17A and Part 7

Electricity Industry Customer Transfer Code 2004 (contestable customers only) – Part 3

Electricity Industry (Customer Contracts) Regulations 2005 – Regulation 19

Electricity Industry (Wholesale Electricity Market) Regulations (the WEM Rules)

Energy Coordination Act 1994 – Part 4

Government and regulatory reports and papersEssential Services Commission Victoria, Smart Meter Privacy Impact Assessment, Draft Report, May 2012

93


Ministerial Council on Energy Standing Committee of Officials, Smart Meter Customer Protection and Safety Review – Draft Policy Paper One, August 2009

Standing Council on Energy and Resources, Statement on smart meters for small customers: future directions, 8 June 2012

Standing Council on Energy and Resources Senior Committee of Officials’ Energy Market Reform Working Group, National Smart Meter Consumer Protection and Safety Review, Officials’ Report, November 2012

Public Record Office Victoria, Use of Back-up Technology to Archive: Issues Paper, 2012

Consultant reportsDeloitte, Advanced metering infrastructure cost benefit analysis, prepared for Victorian Department of Treasury and Finance, Final report, 2 August 2011

Futura Consulting, Advanced Metering Infrastructure Program – Benefits Realisation Roadmap, prepared for Victorian Department of Primary Industries, Final Report, 10 December 2009

Lockstep Consulting, Privacy Impact Assessment Report – Advanced Metering Infrastructure, prepared for Victorian Department of Primary Industries, version 1.2, August 2011

Oakley Greenwood, Review of AMI Benefits, prepared for Victorian Department of Primary Industries, Final Report, July 2010

94


B. Australian Privacy PrinciplesThe list below details the 13 APPs from Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amends the Privacy Act 1988.

Part 1—Consideration of personal information privacy

Australian Privacy Principle 1—open and transparent management of personal information1.1 The object of this principle is to ensure that APP entities manage personal

information in an open and transparent way.

Compliance with the Australian Privacy Principles etc.

1.2 An APP entity must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity’s functions or activities that:

(a) will ensure that the entity complies with the Australian Privacy Principles and a registered APP code (if any) that binds the entity; and

(b) will enable the entity to deal with inquiries or complaints from individuals about the entity’s compliance with the Australian Privacy Principles or such a code.

APP Privacy policy

1.3 An APP entity must have a clearly expressed and up to date policy (the APP privacy policy) about the management of personal information by the entity.

1.4 Without limiting sub clause 1.3, the APP privacy policy of the APP entity must contain the following information:

(a) the kinds of personal information that the entity collects and holds;

(b) how the entity collects and holds personal information;

(c) the purposes for which the entity collects, holds, uses and discloses personal information;

(d) how an individual may access personal information about the individual that is held by the entity and seek the correction of such information;

(e) how an individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint;

(f) whether the entity is likely to disclose personal information to overseas recipients;

(g) if the entity is likely to disclose personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.

Availability of APP privacy policy etc.

1.5 An APP entity must take such steps as are reasonable in the circumstances to make its APP privacy policy available:

95




(a) free of charge; and

(b) in such form as is appropriate.

Note: An APP entity will usually make its APP privacy policy available on the entity’s website.

1.6 If a person or body requests a copy of the APP privacy policy of an APP entity in a particular form, the entity must take such steps as are reasonable in the circumstances to give the person or body a copy in that form.

Australian Privacy Principle 2—anonymity and pseudonymity2.1 Individuals must have the option of not identifying themselves, or of using a

pseudonym, when dealing with an APP entity in relation to a particular matter.2.2 Sub clause 2.1 does not apply if, in relation to that matter:

(a) the APP entity is required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or

(b) it is impracticable for the APP entity to deal with individuals who have not identified themselves or who have used a pseudonym.

Part 2—Collection of personal information

Australian Privacy Principle 3—collection of solicited personal informationPersonal information other than sensitive information

3.1 If an APP entity is an agency, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities.

3.2 If an APP entity is an organisation, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the entity’s functions or activities.

Sensitive information

3.3 An APP entity must not collect sensitive information about an individual unless:

(a) the individual consents to the collection of the information and:

(i) if the entity is an agency—the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or

(ii) if the entity is an organisation—the information is reasonably necessary for one or more of the entity’s functions or activities; or

(b) sub clause 3.4 applies in relation to the information.

3.4 This sub clause applies in relation to sensitive information about an individual if:

(a) the collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or

(b) a permitted general situation exists in relation to the collection of the information by the APP entity; or

96


(c) the APP entity is an organisation and a permitted health situation exists in relation to the collection of the information by the entity; or

(d) the APP entity is an enforcement body and the entity reasonably believes that:

(i) if the entity is the Immigration Department—the collection of the information is reasonably necessary for, or directly related to, one or more enforcement related activities conducted by, or on behalf of, the entity; or

(ii) otherwise—the collection of the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or

(e) the APP entity is a non-profit organisation and both of the following apply:

(i) the information relates to the activities of the organisation;

(ii) the information relates solely to the members of the organisation, or to individuals who have regular contact with the organisation in connection with its activities.

Note: For permitted general situation, see section 16A. For permitted health situation, see section 16B.

Means of collection

3.5 An APP entity must collect personal information only by lawful and fair means.3.6 An APP entity must collect personal information about an individual only from the

individual unless:

(a) if the entity is an agency:

(i) the individual consents to the collection of the information from someone other than the individual; or

(ii) the entity is required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual; or

(b) it is unreasonable or impracticable to do so.

Solicited personal information

3.7 This principle applies to the collection of personal information that is solicited by an APP entity.

Australian Privacy Principle 4—dealing with unsolicited personal information4.1 If:

(a) an APP entity receives personal information; and

(b) the entity did not solicit the information;

the entity must, within a reasonable period after receiving the information, determine whether or not the entity could have collected the information under Australian Privacy Principle 3 if the entity had solicited the information.

4.2 The APP entity may use or disclose the personal information for the purposes of making the determination under sub clause 4.1.

97


4.3 If:

(a) the APP entity determines that the entity could not have collected the personal information; and

(b) the information is not contained in a Commonwealth record;

the entity must, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.

4.4 If sub clause 4.3 does not apply in relation to the personal information, Australian Privacy Principles 5 to 13 apply in relation to the information as if the entity had collected the information under Australian Privacy Principle 3.

Australian Privacy Principle 5—notification of the collection of personal information5.1 At or before the time or, if that is not practicable, as soon as practicable after, an APP

entity collects personal information about an individual, the entity must take such steps (if any) as are reasonable in the circumstances:

(a) to notify the individual of such matters referred to in sub clause 5.2 as are reasonable in the circumstances; or

(b) to otherwise ensure that the individual is aware of any such matters.

5.2 The matters for the purposes of sub clause 5.1 are as follows:

(a) the identity and contact details of the APP entity;

(b) if:

(i) the APP entity collects the personal information from someone other than the individual; or

(ii) the individual may not be aware that the APP entity has collected the personal information;

the fact that the entity so collects, or has collected, the information and the circumstances of that collection;

(c) if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order—the fact that the collection is so required or authorised (including the name of the Australian law, or details of the court/tribunal order, that requires or authorises the collection);

(d) the purposes for which the APP entity collects the personal information;

(e) the main consequences (if any) for the individual if all or some of the personal information is not collected by the APP entity;

(f) any other APP entity, body or person, or the types of any other APP entities, bodies or persons, to which the APP entity usually discloses personal information of the kind collected by the entity;

(g) that the APP privacy policy of the APP entity contains information about how the individual may access the personal information about the individual that is held by the entity and seek the correction of such information;

98


(h) that the APP privacy policy of the APP entity contains information about how the individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint;

(i) whether the APP entity is likely to disclose the personal information to overseas recipients;

(j) if the APP entity is likely to disclose the personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make the individual aware of them.

Part 3—Dealing with personal information

Australian Privacy Principle 6—use or disclosure of personal informationUse or disclosure

6.1 If an APP entity holds personal information about an individual that was collected for a particular purpose (the primary purpose), the entity must not use or disclose the information for another purpose (the secondary purpose) unless:

(a) the individual has consented to the use or disclosure of the information; or

(b) subclause 6.2 or 6.3 applies in relation to the use or disclosure of the information.

Note: Australian Privacy Principle 8 sets out requirements for the disclosure of personal information to a person who is not in Australia or an external Territory.

6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if:

(a) the individual would reasonably expect the APP entity to use or disclose the information for the secondary purpose and the secondary purpose is:

(i) if the information is sensitive information—directly related to the primary purpose; or

(ii) if the information is not sensitive information—related to the primary purpose; or

(b) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or

(c) a permitted general situation exists in relation to the use or disclosure of the information by the APP entity; or

(d) the APP entity is an organisation and a permitted health situation exists in relation to the use or disclosure of the information by the entity; or

(e) the APP entity reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Note: For permitted general situation, see section 16A. For permitted health situation, see section 16B.

99


6.3 This subclause applies in relation to the disclosure of personal information about an individual by an APP entity that is an agency if:

(a) the agency is not an enforcement body; and

(b) the information is biometric information or biometric templates; and

(c) the recipient of the information is an enforcement body; and

(d) the disclosure is conducted in accordance with the guidelines made by the Commissioner for the purposes of this paragraph.

6.4 If:

(a) the APP entity is an organisation; and

(b) subsection 16B(2) applied in relation to the collection of the personal information by the entity;

the entity must take such steps as are reasonable in the circumstances to ensure that the information is de-identified before the entity discloses it in accordance with subclause 6.1 or 6.2.

Written note of use or disclosure

6.5 If an APP entity uses or discloses personal information in accordance with paragraph 6.2(e), the entity must make a written note of the use or disclosure.

Related bodies corporate

6.6 If:

(a) an APP entity is a body corporate; and

(b) the entity collects personal information from a related body corporate;

this principle applies as if the entity’s primary purpose for the collection of the information were the primary purpose for which the related body corporate collected the information.

Exceptions

6.7 This principle does not apply to the use or disclosure by an organisation of:

(a) personal information for the purpose of direct marketing; or

(b) government related identifiers.

Australian Privacy Principle 7—direct marketingDirect marketing

7.1 If an organisation holds personal information about an individual, the organisation must not use or disclose the information for the purpose of direct marketing.

Note: An act or practice of an agency may be treated as an act or practice of an organisation, see section 7A.

Exceptions—personal information other than sensitive information

100


7.2 Despite subclause 7.1, an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:

(a the organisation collected the information from the individual; and

(b) the individual would reasonably expect the organisation to use or disclose the information for that purpose; and

(c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and

(d) the individual has not made such a request to the organisation.

7.3 Despite subclause 7.1, an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:

(a) the organisation collected the information from:

(i) the individual and the individual would not reasonably expect the organisation to use or disclose the information for that purpose; or

(ii) someone other than the individual; and

(b) either:

(i) the individual has consented to the use or disclosure of the information for that purpose; or

(ii) it is impracticable to obtain that consent; and

(c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and

(d) in each direct marketing communication with the individual:

(i) the organisation includes a prominent statement that the individual may make such a request; or

(ii) the organisation otherwise draws the individual’s attention to the fact that the individual may make such a request; and

(e) the individual has not made such a request to the organisation.

Exception—sensitive information

7.4 Despite subclause 7.1, an organisation may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.

Exception—contracted service providers

7.5 Despite subclause 7.1, an organisation may use or disclose personal information for the purpose of direct marketing if:

(a) the organisation is a contracted service provider for a Commonwealth contract; and

101


(b) the organisation collected the information for the purpose of meeting (directly or indirectly) an obligation under the contract; and

(c) the use or disclosure is necessary to meet (directly or indirectly) such an obligation.

Individual may request not to receive direct marketing communications etc.

7.6 If an organisation (the first organisation) uses or discloses personal information about an individual:

(a) for the purpose of direct marketing by the first organisation;

or

(b) for the purpose of facilitating direct marketing by other organisations;

the individual may:

(c) if paragraph (a) applies—request not to receive direct marketing communications from the first organisation; and

(d) if paragraph (b) applies—request the organisation not to use or disclose the information for the purpose referred to in that paragraph; and

(e) request the first organisation to provide its source of the information.

7.7 If an individual makes a request under subclause 7.6, the first organisation must not charge the individual for the making of, or to give effect to, the request and:

(a) if the request is of a kind referred to in paragraph 7.6(c) or (d)—the first organisation must give effect to the request within a reasonable period after the request is made; and

(b) if the request is of a kind referred to in paragraph 7.6(e)—the organisation must, within a reasonable period after the request is made, notify the individual of its source unless it is impracticable or unreasonable to do so.

Interaction with other legislation

7.8 This principle does not apply to the extent that any of the following apply:

(a) the Do Not Call Register Act 2006;

(b) the Spam Act 2003;

(c) any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the regulations.

Australian Privacy Principle 8—cross-border disclosure of personal information8.1 Before an APP entity discloses personal information about an individual to a person

(the overseas recipient):

(a) who is not in Australia or an external Territory; and

(b) who is not the entity or the individual;

the entity must take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy

102


Principles (other than Australian Privacy Principle 1) in relation to the information.

Note: In certain circumstances, an act done, or a practice engaged in, by the overseas recipient is taken, under section 16C, to have been done, or engaged in, by the APP entity and to be a breach of the Australian Privacy Principles.

8.2 Subclause 8.1 does not apply to the disclosure of personal information about an individual by an APP entity to the overseas recipient if:

(a) the entity reasonably believes that:

(i) the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information; and

(ii) there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme; or

(b) both of the following apply:

(i) the entity expressly informs the individual that if he or she consents to the disclosure of the information, subclause 8.1 will not apply to the disclosure;

(ii) after being so informed, the individual consents to the disclosure; or

(c) the disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or

(d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1)) exists in relation to the disclosure of the information by the APP entity; or

(e) the entity is an agency and the disclosure of the information is required or authorised by or under an international agreement relating to information sharing to which Australia is a party; or

(f) the entity is an agency and both of the following apply:

(i) the entity reasonably believes that the disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body;

(ii) the recipient is a body that performs functions, or exercises powers, that are similar to those performed or exercised by an enforcement body.

Note: For permitted general situation, see section 16A.

Australian Privacy Principle 9—adoption, use or disclosure of government related identifiersAdoption of government related identifiers

9.1 An organisation must not adopt a government related identifier of an individual as its own identifier of the individual unless:

(a) the adoption of the government related identifier is required or authorised by or under an Australian law or a court/tribunal order; or

103


(b) subclause 9.3 applies in relation to the adoption.


Use or disclosure of government related identifiers

9.2 An organisation must not use or disclose a government related identifier of an individual unless:

(a) the use or disclosure of the identifier is reasonably necessary for the organisation to verify the identity of the individual for the purposes of the organisation’s activities or functions; or

(b) the use or disclosure of the identifier is reasonably necessary for the organisation to fulfil its obligations to an agency or a State or Territory authority; or

(c) the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or

(d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1)) exists in relation to the use or disclosure of the identifier; or

(e) the organisation reasonably believes that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

(f) subclause 9.3 applies in relation to the use or disclosure.

Note 1: An act or practice of an agency may be treated as an act or practice of an organisation, see section 7A.

Note 2: For permitted general situation, see section 16A.

Regulations about adoption, use or disclosure

9.3 This subclause applies in relation to the adoption, use or disclosure by an organisation of a government related identifier of an individual if:

(a) the identifier is prescribed by the regulations; and

(b) the organisation is prescribed by the regulations, or is included in a class of organisations prescribed by the regulations; and

(c) the adoption, use or disclosure occurs in the circumstances prescribed by the regulations.

Note: There are prerequisites that must be satisfied before the matters mentioned in this subclause are prescribed, see subsections 100(2) and (3).

Part 4—Integrity of personal information

Australian Privacy Principle 10—quality of personal information10.1 An APP entity must take such steps (if any) as are reasonable in the circumstances to

ensure that the personal information that the entity collects is accurate, up-to-date and complete.

104


10.2 An APP entity must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the entity uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.

Australian Privacy Principle 11—security of personal information11.1 If an APP entity holds personal information, the entity must take such steps as are

reasonable in the circumstances to protect the information:

(a) from misuse, interference and loss; and

(b) from unauthorised access, modification or disclosure.

11.2 If:

(a) an APP entity holds personal information about an individual; and

(b) the entity no longer needs the information for any purpose for which the information may be used or disclosed by the entity under this Schedule; and

(c) the information is not contained in a Commonwealth record; and

(d) the entity is not required by or under an Australian law, or a court/tribunal order, to retain the information;

the entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.

Part 5—Access to, and correction of, personal information

Australian Privacy Principle 12—access to personal informationAccess

12.1 If an APP entity holds personal information about an individual, the entity must, on request by the individual, give the individual access to the information.

Exception to access—agency

12.2 If:

(a) the APP entity is an agency; and

(b) the entity is required or authorised to refuse to give the individual access to the personal information by or under:

(i) the Freedom of Information Act; or

(ii) any other Act of the Commonwealth, or a Norfolk Island enactment, that provides for access by persons to documents;

then, despite subclause 12.1, the entity is not required to give access to the extent that the entity is required or authorised to refuse to give access.

Exception to access—organisation

12.3 If the APP entity is an organisation then, despite subclause 12.1, the entity is not required to give the individual access to the personal information to the extent that:

105


(a) the entity reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or

(b) giving access would have an unreasonable impact on the privacy of other individuals; or

(c) the request for access is frivolous or vexatious; or

(d) the information relates to existing or anticipated legal proceedings between the entity and the individual, and would not be accessible by the process of discovery in those proceedings; or

(e) giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations; or

(f) giving access would be unlawful; or

(g) denying access is required or authorised by or under an Australian law or a court/tribunal order; or

(h) both of the following apply:

(i) the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in;

(ii) giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or

(i) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

(j) giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.

Dealing with requests for access

12.4 The APP entity must:

(a) respond to the request for access to the personal information:

(i) if the entity is an agency—within 30 days after the request is made; or

(ii) if the entity is an organisation—within a reasonable period after the request is made; and

(b) give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.

Other means of access

12.5 If the APP entity refuses:

(a) to give access to the personal information because of subclause 12.2 or 12.3; or

(b) to give access in the manner requested by the individual; the entity must take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of the entity and the individual.

106


12.6 Without limiting subclause 12.5, access may be given through the use of a mutually agreed intermediary.

Access charges

12.7 If the APP entity is an agency, the entity must not charge the individual for the making of the request or for giving access to the personal information.

12.8 If:

(a) the APP entity is an organisation; and

(b) the entity charges the individual for giving access to the personal information;

the charge must not be excessive and must not apply to the making of the request.

Refusal to give access

12.9 If the APP entity refuses to give access to the personal information because of subclause 12.2 or 12.3, or to give access in the manner requested by the individual, the entity must give the individual a written notice that sets out:

(a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and

(b) the mechanisms available to complain about the refusal; and

(c) any other matter prescribed by the regulations.

12.10 If the APP entity refuses to give access to the personal information because of paragraph 12.3(j), the reasons for the refusal may include an explanation for the commercially sensitive decision.

Australian Privacy Principle 13—correction of personal informationCorrection

13.1 If:

(a) an APP entity holds personal information about an individual; and

(b) either:

(i) the entity is satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out of date, incomplete, irrelevant or misleading; or

(ii) the individual requests the entity to correct the information;

the entity must take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.

Notification of correction to third parties

13.2 If:

(a) the APP entity corrects personal information about an individual that the entity previously disclosed to another APP entity; and

107


(b) the individual requests the entity to notify the other APP entity of the correction;

the entity must take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.

Refusal to correct information

13.3 If the APP entity refuses to correct the personal information as requested by the individual, the entity must give the individual a written notice that sets out:

(a) the reasons for the refusal except to the extent that it would be unreasonable to do so; and

(b) the mechanisms available to complain about the refusal; and

(c) any other matter prescribed by the regulations.

Request to associate a statement

13.4 If:

(a) the APP entity refuses to correct the personal information as requested by the individual; and

(b) the individual requests the entity to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading;

the entity must take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.

Dealing with requests

13.5 If a request is made under subclause 13.1 or 13.4, the APP entity:

(a) must respond to the request:

(i) if the entity is an agency—within 30 days after the request is made; or

(ii) if the entity is an organisation—within a reasonable period after the request is made; and

(b) must not charge the individual for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be).

108


C. Comparison of APPs to NPPsThe tables on the following pages compare the existing NPPs in column 1 with the new APPs in column 2. The third column contains relevant definitions in the Amending Act or in the APPs themselves.

Whenever possible, we have matched the new principles with the existing ones in a row. Where necessary, we have split sub-principles or exceptions and inserted them into new rows for ease of reference. Where this occurs, there is a bold and italicised reference to the sub-principle or exception in brackets, and the full text is cited later in the table. A blank in either the NPPs or the APPs column indicate that there is no equivalent provision in the relevant principles.

In completing this project we reviewed the recommendations in the Lockstep Report, based on the NPPs in the first column, against the APPs in the second column to identify any change in the principles that would impact on the recommendations. As the table is an overview of all principles, many of them were not relevant for the analysis of the recommendations in the Lockstep Report and the advice on whether the amended legislation would change the practical effect of those recommendations. The body of our report only considers the relevant amendments for our analysis and recommendations.

109


Table C.1: High level comparison of APPs to NPPs

Current - Privacy Act 1988 (Cth)(Privacy Act)

Law reform - Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) - (Amending

Act)

Definitions under the Amending Act

Information Privacy Principles (IPPs): Public sector; base line privacy standards that the Australian and ACT government agencies need to comply with in relation to personal information kept in their records.

National Privacy Principles (NPPs): Private sector; base line privacy standards that some private sector organisations need to comply with in relation to personal information they hold. All health service providers in the private sector need to comply with these principles.

Small business operator exempted (see definition below),

Australian Privacy Principles (APPs): privacy principles applying to both Cth agencies and private sector organisations (APP entities).

The APPs do not apply to small business operators (see definition of entity and APP entity below)

Definition of Privacy Act s 6(1) agency means:(a) a Minister; or(b) a Department; or(c) a body (whether incorporated or not), or a tribunal, established or appointed for a public purpose by or under a Commonwealth enactment, not being:

(i) an incorporated company, society or association; or(ii) an organisation that is registered under the Fair Work (Registered Organisations) Act 2009 or a branch of such an organisation; or

(d) a body established or appointed by the Governor-General, or by a Minister, otherwise than by or under a Commonwealth enactment; or(e) a person holding or performing the duties of an office established by or under, or an appointment made under, a Commonwealth enactment, other than a person who, by virtue of holding that office, is the Secretary of a Department; or(f) a person holding or performing the duties of an appointment, being an appointment made by the Governor-General, or by a Minister, otherwise than under a Commonwealth enactment; or(g) a federal court; or(h) the Australian Federal Police; or

S 6 Privacy Act: definitions of agency and organisation unchanged

entity means:a) an agency; or(b) an organisation; or(c) a small business operator

APP entity means an agency or organisation

110




Act)


(ha) a Norfolk Island agency; or(i) an eligible case manager; or(j) the nominated AGHS company; or(k) an eligible hearing service provider; or(l) the service operator under the Healthcare Identifiers Act 2010.

Definition of organisations to which NPPs applyPrivacy Act s 6C(1) In this Act: organisation means:(a) an individual; or(b) a body corporate; or(c) a partnership; or(d) any other unincorporated association; or(e) a trust;that is not a small business operator, a registered political party, an agency, a State or Territory authority or a prescribed instrumentality of a State or Territory.

S 6D Small business and small business operator: Annual turnover of $3 Million or under.

Note: Regulations may prescribe an instrumentality by reference to one or more classes of instrumentality. See subsection 13(3) of the Legislative Instruments Act 2003.Example: Regulations may prescribe an instrumentality of a State or Territory that is an incorporated company, society or association and therefore not a State or Territory authority.

Definition of personal informationS 6(1) personal information means information or an opinion (including information or an opinion forming part of a database), whether true or

S 36 Amending Act. New definition of personal information:personal information means

111




Act)


not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion

information or an opinion about an identified individual, or an individual who is reasonably identifiable:(a) whether the information or opinion is true or not; and(b) whether the information or opinion is recorded in a material form or not.

112


Table C.2: Detailed comparison of NPPs and APPs

Current – National Privacy Principles under the Privacy Act

(Numbers refer to NPPs)

Law reform – Australian Privacy Principles under the Amending Act

(Numbers refer to APPs)


1. Collection 3 - collection of solicited personal information

Solicited personal information3.7 This principle [APP 3] applies to the collection of personal information that is solicited by an APP entity.

1.1 An organisation must not collect personal information unless the information is necessary for one or more of its functions or activities.

Personal information other than sensitive information

3.1 If an APP entity is an agency, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities.

3.2 If an APP entity is an organisation, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the entity’s functions or activities.

sensitive information means:

(a) information or an opinion about an individual’s:

(i) racial or ethnic origin; or

(ii) political opinions; or

(iii) membership of a political association; or

(iv) religious beliefs or affiliations; or

(v) philosophical beliefs; or

(vi) membership of a professional or trade association; or

(vii) membership of a trade union; or

(viii) sexual orientation or practices; or

(ix) criminal record;

that is also personal information; or

(b) health information about an individual; or

(c) genetic information about an individual that is not otherwise health information or;

113







(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or

(e) biometric templates.

1.2 An organisation must collect personal information only by lawful and fair means and not in an unreasonably intrusive way.

Means of collection

3.5 An APP entity must collect personal information only by lawful and fair means

5 – notification of the collection of personal information

1.3 At or before the time (or, if that is not practicable, as soon as practicable after) an organisation collects personal information about an individual from the individual, the organisation must take reasonable steps to ensure that the individual is aware of:

(a) the identity of the organisation and how to contact it; and

(b) the fact that he or she is able to gain access to the information; and

(c) the purposes for which the information is collected; and

(d) the organisations (or the types of organisations) to which the organisation usually discloses information of that kind; and

(e) any law that requires the particular information to be collected; and

5.1 At or before the time or, if that is not practicable, as soon as practicable after, an APP entity collects personal information about an individual, the entity must take such steps (if any) as are reasonable in the circumstances:(a) to notify the individual of such matters referred to in subclause 5.2 as are reasonable in the circumstances; or(b) to otherwise ensure that the individual is aware of any such matters.

5.2 The matters for the purposes of subclause 5.1 are as follows:(a) the identity and contact details of the APP entity;(b) if:

(i) the APP entity collects the personal information from someone other than the individual; or(ii) the individual may not be aware that the APP entity

114







(f) the main consequences (if any) for the individual if all or part of the information is not provided.

has collected the personal information;the fact that the entity so collects, or has collected, the information and the circumstances of that collection;(c) if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order—the fact that the collection is so required or authorised (including the name of the Australian law, or details of the court/tribunal order, that requires or authorises the collection);(d) the purposes for which the APP entity collects the personal information;(e) the main consequences (if any) for the individual if all or some of the personal information is not collected by the APP entity;(f) any other APP entity, body or person, or the types of any other APP entities, bodies or persons, to which the APP entity usually discloses personal information of the kind collected by the entity;(g) that the APP privacy policy of the APP entity contains information about how the individual may access the personal information about the individual that is held by the entity and seek the correction of such information;(h) that the APP privacy policy of the APP entity contains information about how the individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint;(i) whether the APP entity is likely to disclose the personal information to overseas recipients;

115







(j) if the APP entity is likely to disclose the personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make the individual aware of them.

1.4 If it is reasonable and practicable to do so, an organisation must collect personal information about an individual only from that individual.

Means of collection

3.6 An APP entity must collect personal information about an individual only from the individual unless:(a) if the entity is an agency:

(i) the individual consents to the collection of the information from someone other than the individual; or(ii) the entity is required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual; or

(b) it is unreasonable or impracticable to do so [Applies to all APP entities].

1.5 If an organisation collects personal information about an individual from someone else, it must take reasonable steps to ensure that the individual is or has been made aware of the matters listed in subclause 1.3 except to the extent that making the individual aware of the matters would pose a serious threat to the life or health of any individual.

See APP 3.6 and APP 5.2 above

2 Use and disclosure 6 – use or disclosure of personal information

2.1 An organisation must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection [general prohibition on secondary disclosure] unless:

Use or disclosure

6.1 If an APP entity holds personal information about an individual that was collected for a particular purpose (the

permitted general situation, see section Privacy Act s 16A.

116







(a) both of the following apply:

(i) the secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection;

(ii) the individual would reasonably expect the organisation to use or disclose the information for the secondary purpose; or

(b) [consent]; or

(c) [secondary purpose of direct marketing] or

(d) [health information]

(e) [threat to health or safety] or

(ea) [genetic information]

(f) [unlawful activity]; or

(g) [use or disclosure authorised or required by law]; or

(h) [enforcement related activity]

primary purpose), the entity must not use or disclose the information for another purpose (the secondary purpose) [general prohibition on secondary disclosure] unless:(a) the individual has consented to the use or disclosure of the information; or(b) subclause 6.2 or 6.3 applies in relation to the use or disclosure of the information.

6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if:(a) the individual would reasonably expect the APP entity to use or disclose the information for the secondary purpose and the secondary purpose is:

(i) if the information is sensitive information—directly related to the primary purpose; or(ii) if the information is not sensitive information—related to the primary purpose; or

(b) [use or disclosure permitted by law]; or(c) [permitted general situation]; or(d) [permitted health situation] or(e) [enforcement related activity].

6.3 This subclause applies in relation to the disclosure of personal information about an individual by an APP entity that is an agency if:(a) the agency is not an enforcement body; and(b) the information is biometric information or biometric templates; and(c) the recipient of the information is an enforcement body;

permitted health situation, see Privacy Act s 16B.

117







and(d) the disclosure is conducted in accordance with the guidelines made by the Commissioner for the purposes of this paragraph

[2.1.(b) Use and disclosure / Consent]

2.1 An organisation must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless:

(b) the individual has consented to the use or disclosure;

6.1 If an APP entity holds personal information about an individual that was collected for a particular purpose (the primary purpose), the entity must not use or disclose the information for another purpose (the secondary purpose) unless:(a) the individual has consented to the use or disclosure of the information;

See also APP 7.4 [exception to general prohibition of direct marketing]Exception –sensitive information

Despite subclause 7.1, an organisation may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.7 – direct marketing

[2.1.(c) Use and disclosure/ Direct marketing]


(c) if the information is not sensitive information and the use of the information is for the secondary purpose of direct

Prohibition on direct marketing

7.1 If an organisation holds personal information about an individual, the organisation must not use or disclose the information for the purpose of direct marketing.

Note: The prohibition against direct marketing will also

118







marketing:

(i) it is impracticable for the organisation to seek the individual's consent before that particular use; and

(ii) the organisation will not charge the individual for giving effect to a request by the individual to the organisation not to receive direct marketing communications; and

(iii) the individual has not made a request to the organisation not to receive direct marketing communications; and

(iv) in each direct marketing communication with the individual, the organisation draws to the individual's attention, or prominently displays a notice, that he or she may express a wish not to receive any further direct marketing communications; and

(v) each written direct marketing communication by the organisation with the individual (up to and including the communication that involves the use) sets out the organisation's business address and telephone number and, if the communication with the individual is made by fax, telex or other electronic means, a number or address at which the organisation can be directly contacted electronically

apply to agencies engaging in commercial activities (see s 7A Privacy Act)

Exceptions – personal information other than sensitive information

APP 7.2 Despite subclause 7.1, an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:(a) the organisation collected the information from the individual; and(b) the individual would reasonably expect the organisation to use or disclose the information for that purpose; and(c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and(d) the individual has not made such a request to the organisation.

APP 7.3 Despite subclause 7.1, an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:(a) the organisation collected the information from:

(i) the individual and the individual would not reasonably expect the organisation to use or disclose the information for that purpose; or

119







(ii) someone other than the individual; and

(b) either:(i) the individual has consented to the use or disclosure of 1 the information for that purpose; or

(ii) it is impracticable to obtain that consent; and

(c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and (d) in each direct marketing communication with the individual:

(i) the organisation includes a prominent statement that the individual may make such a request; or

(ii) the organisation otherwise draws the individual’s attention to the fact that the individual may make such a request; and

(e) the individual has not made such a request to the organisation.Exceptions – contracted service providers

7.5 Despite subclause 7.1, an organisation may use or disclose personal information for the purpose of direct marketing if:(a) the organisation is a contracted service provider for a Commonwealth contract; and(b) the organisation collected the information for the purpose of meeting (directly or indirectly) an obligation under the contract; and 27

120







(c) the use or disclosure is necessary to meet (directly or indirectly) such an obligation.Individual may request not to receive direct marketing communications etc.

7.6 If an organisation (the first organisation) uses or discloses personal information about an individual:(a) [direct marketing by the first organisation; see above];(b) for the purpose of facilitating direct marketing by other organisations;the individual may:(c) if paragraph (a) applies— [see above]; and(d) if paragraph (b) applies— request the organisation not to use or disclose the information for the purpose referred to in that paragraph; and(e) request the first organisation to provide its source of the information.

7.7 If an individual makes a request under subclause 7.6, the first organisation must not charge the individual for the making of, or to give effect to, the request and:(a) if the request is of a kind referred to in paragraph 7.6(c) or (d)—the first organisation must give effect to the request within a reasonable period after the request is made; and(b) if the request is of a kind referred to in paragraph 7.6(e)—the organisation must, within a reasonable period after the request is made, notify the individual of its source unless it is impracticable or unreasonable to do so.

121







Interaction with other legislation

7.8 This principle does not apply to the extent that any of the following apply:(a) the Do Not Call Register Act 2006;(b) the Spam Act 2003;(c) any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the regulations.6 – use or disclosure of personal information

[2.1(d) Use and disclosure/ Health information]


(d) if the information is health information and the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety:

(i) it is impracticable for the organisation to seek the individual's consent before the use or disclosure; and

(ii) the use or disclosure is conducted in accordance with guidelines approved by the Commissioner under section 95A for the purposes of this subparagraph; and

(iii) in the case of disclosure the organisation reasonably believes that the recipient of the health information will not disclose the health information, or personal information derived from the health information;

(Use or disclosure)

APP 6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if:(d) the APP entity is an organisation and a permitted health situation exists in relation to the use or disclosure of the information by the entity;

permitted health situation has the meaning given by section 16B.

Privacy Act s 16B Permitted health situations in relation to the collection, use or disclosure of health information

Collection—provision of a health service(1) A permitted health situation exists in relation to the collection by an organisation of health information about an individual if:(a) the information is necessary to provide a health service to the individual; and(b) either:

(i) the collection is required or authorised by or under an Australian law (other than this Act); or(ii) the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the

122







organisation.

Collection—research etc.(2) A permitted health situation exists in relation to the collection by an organisation of health information about an individual if:(a) the collection is necessary for any of the following purposes:

(i) research relevant to public health or public safety;(ii) the compilation or analysis of statistics relevant to public health or public safety;(iii) the management, funding or monitoring of a health service; and

(b) that purpose cannot be served by the collection of information about the individual that is de-identified information; and(c) it is impracticable for the organisation to obtain the individual’s consent to the collection; and(d) any of the following apply:

(i) the collection is required by or under an Australian law (other than this Act);(ii) the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation;(iii) the information is collected in accordance

123







with guidelines approved under section 95A for the purposes of this subparagraph.

Use or disclosure—research etc.(3) A permitted health situation exists in relation to the use or disclosure by an organisation of health information about an individual if:(a) the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety; and(b) it is impracticable for the organisation to obtain the individual’s consent to the use or disclosure; and(c) the use or disclosure is conducted in accordance with guidelines approved under section 95A for the purposes of this paragraph; and(d) in the case of disclosure—the organisation reasonably believes that the recipient of the information will not disclose the information, or personal information derived from that information.

Disclosure—responsible person for an individual(5) A permitted health situation exists in relation to the disclosure by an organisation of health information about an individual if:(a) the organisation provides a health service to the individual; and

124







(b) the recipient of the information is a responsible person for the individual; and(c) the individual:

(i) is physically or legally incapable of giving consent to the disclosure; or(ii) physically cannot communicate consent to the disclosure; and

(d) another individual (the carer) providing the health service for the organisation is satisfied that either:

(i) the disclosure is necessary to provide appropriate care or treatment of the individual; or(ii) the disclosure is made for compassionate reasons; and

(e) the disclosure is not contrary to any wish:(i) expressed by the individual before the individual became unable to give or communicate consent; and(ii) of which the carer is aware, or of which the carer could reasonably be expected to be aware; and

(f) the disclosure is limited to the extent reasonable and necessary for a purpose mentioned in paragraph (d).

[2.1(e) Use and disclosure / Threat to health or safety]

2.1 An organisation must not use or disclose personal information about an individual for a purpose (the secondary

6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if:(c) a permitted general situation exists in relation to the use or disclosure of the information by the APP entity.

permitted general situation has the meaning given by section 16A.

16A Permitted general situations in relation to

125







purpose) other than the primary purpose of collection unless:

(e) the organisation reasonably believes that the use or disclosure is necessary to lessen or prevent:

(i) a serious and imminent threat to an individual's life, health or safety; or

(ii) a serious threat to public health or public safety;

See Conditions re Item 1 Table:(a) it is unreasonable or impracticable to obtain the individual’s consent to the collection, use or disclosure; and(b) the entity reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

the collection, use or disclosure of personal information(1) A permitted general situation exists in relation to the collection, use or disclosure by an APP entity of personal information about an individual, or of a government related identifier of an individual, if:(a) the entity is an entity of a kind specified in an item in column 1 of the table; and(b) the item in column 2 of the table applies to the information or identifier; and(c) such conditions as are specified in the item in column 3 of the table are satisfied.s 16A(1) Column 3 items:

Item 1:

(a) it is unreasonable or impracticable to obtain the individual’s consent to the collection, use or disclosure; and(b) the entity reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

Item 2:

(a) the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has

126







been, is being or may be engaged in; and

(b) the entity reasonably believes that the collection, use or disclosure is necessary in order for the entity to take appropriate action in relation to the matter.

Item 3:

(a) the entity reasonably believes that the collection, use or disclosure is reasonably necessary to assist any APP entity, body or person to locate a person who has been reported as missing; and

(b) the collection, use or disclosure complies with the rules made under subsection (2).

Item 4

The collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim.

Item 5

The collection, use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution process.

Item 6 (agency only):

The entity reasonably believes that the collection, use or disclosure is necessary for the entity’s

127







diplomatic or consular functions or activities.

Item 7 (defence force):

The entity reasonably believes that the collection, use or disclosure is necessary for any of the following occurring outside Australia and the external Territories:

(a) war or warlike operations;

(b) peacekeeping or peace enforcement;

(c) civil aid, humanitarian assistance, medical or civil emergency or disaster relief.

[2.1 (ea) Use and disclosure of genetic information]

An organisation must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless:

(ea) if the information is genetic information and the organisation has obtained the genetic information in the course of providing a health service to the individual:

(i) the organisation reasonably believes that the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety (whether or not the threat is imminent) of an individual who is a genetic relative of the individual to whom the genetic information relates; and

(ii) the use or disclosure is conducted in accordance with guidelines approved by the Commissioner under section

6.2(d) APP 6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if:(d) the APP entity is an organisation and a permitted health situation exists in relation to the use or disclosure of the information by the entity;



Use or disclosure—genetic information

(4) A permitted health situation exists in relation to the use or disclosure by an organisation of genetic information about an individual (the first individual) if:(a) the organisation has obtained the information in the course of providing a health service to the first individual; and

128







95AA for the purposes of this subparagraph; and

(iii) in the case of disclosure the recipient of the genetic information is a genetic relative of the individual;

(b) the organisation reasonably believes that the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of another individual who is a genetic relative of the first individual; and(c) the use or disclosure is conducted in accordance with guidelines approved under section 95AA; and(d) in the case of disclosure—the recipient of the information is a genetic relative of the first individual.

[2.1(f) Use and disclosure / Unlawful activity]


(f) the organisation has reason to suspect that unlawful activity has been, is being or may be engaged in, and uses or discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities;

6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if:(c) a permitted general situation exists in relation to the use or disclosure of the information by the APP entity.

See Conditions re Item 2 Table:(a) the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in; and(b) the entity reasonably believes that the collection, use or disclosure is necessary in order for the entity to take appropriate action in relation to the matter.


16A Permitted general situations in relation to the collection, use or disclosure of personal information(1) A permitted general situation exists in relation to the collection, use or disclosure by an APP entity of personal information about an individual, or of a government related identifier of an individual, if:(a) the entity is an entity of a kind specified in an item in column 1 of the table; and(b) the item in column 2 of the table applies to the information or identifier; and(c) such conditions as are specified in the item in column 3 of the table are satisfied.

129







[2.1(g) Use and disclosure / Use or disclosure authorised or required by law]


(g) the use or disclosure is required or authorised by or under law

[6.2(b) Use or disclosure permitted by law]

6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if:

(b) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order;

[2.1(h) Use and disclosure / Enforcement related activity]


(h) the organisation reasonably believes that the use or disclosure is reasonably necessary for one or more of the following by or on behalf of an enforcement body:

(i) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;

(ii) the enforcement of laws relating to the confiscation of the proceeds of crime;

(iii) the protection of the public revenue;

(iv) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;

(v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court

[6.2(e) enforcement related activity]

6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if:(e) the APP entity reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

See APP6.2.(c) and Privacy Act s 16A,Item 4:The collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim.

130







or tribunal.

2.2 If an organisation uses or discloses personal information under paragraph 2.1(h) [Enforcement related activity], it must make a written note of the use or disclosure.

Written note of use or disclosure

6.5 If an APP entity uses or discloses personal information in accordance with paragraph 6.2(e), the entity must make a written note of the use or disclosure.

2.3 Subclause 2.1 operates in relation to personal information that an organisation that is a body corporate has collected from a related body corporate as if the organisations primary purpose of collection of the information were the primary purpose for which the related body corporate collected the information.

Related bodies corporate6.6 If:(a) an APP entity is a body corporate; and(b) the entity collects personal information from a related body corporate;this principle [APP 6] applies as if the entity’s primary purpose for the collection of the information were the primary purpose for which the related body corporate collected the information

Exceptions6.7 This principle [i.e. APP 6; see EM p. 81]does not apply to the use or disclosure by an organisation of:(a) personal information for the purpose of direct marketing [see APP 7]; or(b) government related identifiers. [see APP 9]

2.4 Despite subclause 2.1, an organisation that provides a health service to an individual may disclose health information about the individual to a person who is responsible for the individual if:

(a) the individual:

(i) is physically or legally incapable of giving consent to the

6.2(d) APP 6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if:(d) the APP entity is an organisation and a permitted health situation exists in relation to the use or disclosure of the information by the entity;



131







disclosure; or

(ii) physically cannot communicate consent to the disclosure; and

(b) a natural person (the carer) providing the health service for the organisation is satisfied that either:

(i) the disclosure is necessary to provide appropriate care or treatment of the individual; or

(ii) the disclosure is made for compassionate reasons; and

(c) the disclosure is not contrary to any wish:

(i) expressed by the individual before the individual became unable to give or communicate consent; and

(ii) of which the carer is aware, or of which the carer could reasonably be expected to be aware; and

(d) the disclosure is limited to the extent reasonable and necessary for a purpose mentioned in paragraph (b).

Disclosure—responsible person for an individual

(5) A permitted health situation exists in relation to the disclosure by an organisation of health information about an individual if:(a) the organisation provides a health service to the individual; and(b) the recipient of the information is a responsible person for the individual; and(c) the individual:

(i) is physically or legally incapable of giving consent to the disclosure; or(ii) physically cannot communicate consent to the disclosure; and

(d) another individual (the carer) providing the health service for the organisation is satisfied that either:

(i) the disclosure is necessary to provide appropriate care or treatment of the individual; or(ii) the disclosure is made for compassionate reasons; and

(e) the disclosure is not contrary to any wish:(i) expressed by the individual before the individual became unable to give or communicate consent; and(ii) of which the carer is aware, or of which the carer could reasonably be expected to be

132







aware; and(f) the disclosure is limited to the extent reasonable and necessary for a purpose mentioned in paragraph (d).

2.5 For the purposes of subclause 2.4, a person is responsible for an individual if the person is:

(a) a parent of the individual; or

(b) a child or sibling of the individual and at least 18 years old; or

(c) a spouse or de facto spouse of the individual; or

(d) a relative of the individual, at least 18 years old and a member of the individual's household; or

(e) a guardian of the individual; or

(f) exercising an enduring power of attorney granted by the individual that is exercisable in relation to decisions about the individual's health; or

(g) a person who has an intimate personal relationship with the individual; or

(h) a person nominated by the individual to be contacted in case of emergency.

Sch 1 Item 40 (s 6(1)) responsible person has the meaning given by section 6AA.

s 6AA Meaning of responsible person(1) A responsible person for an individual is:(a) a parent of the individual; or(b) a child or sibling of the individual if the child or sibling is at least 18 years old; or(c) a spouse or de facto partner of the individual; or(d) a relative of the individual if the relative is:

(i) at least 18 years old; and(ii) a member of the individual’s household; or

(e) a guardian of the individual; or(f) a person exercising an enduring power of attorney granted by the individual that is exercisable in relation to decisions about the individual’s health; or(g) a person who has an intimate personal relationship with the individual; or(h) a person nominated by the individual to be contacted in case of emergency.

2.6 In subclause 2.5:

child of an individual includes an adopted child, a step-child

s 6AA Meaning of responsible person(2) In this section:

133







and a foster-child, of the individual.

parent of an individual includes a step-parent, adoptive parent and a foster-parent, of the individual.

relative of an individual means a grandparent, grandchild, uncle, aunt, nephew or niece, of the individual.

sibling of an individual includes a half-brother, half-sister, adoptive brother, adoptive sister, step-brother, step-sister, foster-brother and foster-sister, of the individual.

child: without limiting who is a child of an individual for the purposes of subsection (1), each of the following is a child of an individual:(a) an adopted child, stepchild, ex nuptial child or foster child of the individual;(b) someone who is a child of the individual within the meaning of the Family Law Act 1975.parent: without limiting who is a parent of an individual for the purposes of subsection (1), someone is a parent of an individual if the individual is his or her child because of the definition of child in this subsection.relative of an individual (the first individual) means a grandparent, grandchild, uncle, aunt, nephew or niece of the first individual and for this purpose, relationships to the first individual may also be traced to or through another individual who is:(a) a de facto partner of the first individual; or(b) the child of the first individual because of the definition of child in this subsection.sibling of an individual includes:(a) a half-brother, half-sister, adoptive brother, adoptive sister, step-brother, step-sister, foster-brother and foster-sister of the individual; and(b) another individual if a relationship referred to in paragraph (a) can be traced through a parent of either or both of the individuals.

134







stepchild: without limiting who is a stepchild of an individual, someone is a stepchild of an individual if he or she would be the individual’s stepchild except that the individual is not legally married to the individual’s de facto partner.

3. Data quality 10 – Quality of personal information

3. An organisation must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date.

10.1 An APP entity must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the entity collects is accurate, up-to-date and complete.

10.2 An APP entity must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the entity uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.

4 Data security 11 Security of personal information

4.1 An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

11.1 If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information:(a) from misuse, interference and loss; and(b) from unauthorised access, modification or disclosure

4.2 An organisation must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under National Privacy Principle 2.

11.2 If:(a) an APP entity holds personal information about an individual; and(b) the entity no longer needs the information for any

135







purpose for which the information may be used or disclosed by the entity under this Schedule; and(c) the information is not contained in a Commonwealth record; and(d) the entity is not required by or under an Australian law, or a court/tribunal order, to retain the information;the entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.

5. Openness 1. Open and transparent management of personal information

1.1 The object of this principle is to ensure that APP entities manage personal information in an open and transparent way.

Compliance with the Australian Privacy Principles etc.

1.2 An APP entity must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity’s functions or activities that:

(a) will ensure that the entity complies with the Australian Privacy Principles and a registered APP code (if any) that binds the entity; and

(b) will enable the entity to deal with inquiries or complaints from individuals about the entity’s compliance with the Australian Privacy Principles or such a code.

5.1 An organisation must set out in a document clearly expressed policies on its management of personal information.

1.3 An APP entity must have a clearly expressed and up-to-date policy (the APP privacy policy) about the management

136







The organisation must make the document available to anyone who asks for it.

of personal information by the entity.

5.2 On request by a person, an organisation must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.

1.4 Without limiting sub clause 1.3, the APP privacy policy of the APP entity must contain the following information:

(a) the kinds of personal information that the entity collects and holds;

(b) how the entity collects and holds personal information;

(c) the purposes for which the entity collects, holds, uses and discloses personal information;

(d) how an individual may access personal information about the individual that is held by the entity and seek the correction of such information;

(e) how an individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint;

(f) whether the entity is likely to disclose personal information to overseas recipients;

(g) if the entity is likely to disclose personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.

137







Availability of APP privacy policy etc.

1.5 An APP entity must take such steps as are reasonable in the circumstances to make its APP privacy policy available:

(a) free of charge; and

(b) in such form as is appropriate.

Note: An APP entity will usually make its APP privacy policy available on the entity’s website.

1.6 If a person or body requests a copy of the APP privacy policy of an

APP entity in a particular form, the entity must take such steps as

are reasonable in the circumstances to give the person or body a copy in that form.

6. Access and correction 12. Access to personal information

6.1 If an organisation holds personal information about an individual, it must provide the individual with access to the information on request by the individual, except to the extent that [see exceptions below]:

(a) [serious and imminent threat to health or health; or

(b) [health information - serious threat to the life or health]; or

(c) [ unreasonable impact upon the privacy of others]; or

Access

12.1 If an APP entity holds personal information about an individual, the entity must, on request by the individual, give the individual access to the information.

Exception to access—agency

12.2 If:(a) the APP entity is an agency; and

138







(d) [frivolous or vexatious request]; or

(e) [legal proceedings between the organisation and the individual]; or

(f) [negotiations with the individual]; or

(g) [unlawfulness]; or

(h) [denying access is required or authorised by or under law]; or

(i) [prejudice to investigation of possible unlawful activity]; or

(j) [prejudice to law enforcement activities]: or

(k) [security of Australia].

(b) the entity is required or authorised to refuse to give the individual access to the personal information by or under: (i) the Freedom of Information Act; or(ii) any other Act of the Commonwealth, or a Norfolk Island enactment, that provides for access by persons to documents;then, despite sub clause 12.1, the entity is not required to give access to the extent that the entity is required or authorised to refuse to give access.

[Exception to obligation to provide access / Serious and imminent threat to health or health]

6.1 If an organisation holds personal information about an individual, it must provide the individual with access to the information on request by the individual, except to the extent that:

(a) in the case of personal information other than health information - providing access would pose a serious and imminent threat to the life or health of any individual;

Exceptions to access – organisation


(a) the entity reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;

[Exception to obligation to provide access / Health information -Serious and threat to health or health]

139








(b) in the case of health information' -providing access would pose a serious threat to the life or health of any individual;

Exception to obligation to provide access / Unreasonable impact upon the privacy of others


(c) providing access would have an unreasonable impact upon the privacy of other individuals;



(b) giving access would have an unreasonable impact on the privacy of other individuals;

[Exception to obligation to provide access / Frivolous or vexatious request]


(d) the request for access is frivolous or vexatious;


12.3 If the APP entity is an organisation then, despite subclause 12.1, the entity is not required to give the individual access to the personal information to the extent that:(c) the request for access is frivolous or vexatious;

[Exception to obligation to provide access / legal proceedings between the organisation and the individual]


12.3 If the APP entity is an organisation then, despite

140








(e) the information relates to existing or anticipated legal proceedings between the organisation and the individual, and the information would not be accessible by the process of discovery in those proceedings;

subclause 12.1, the entity is not required to give the individual access to the personal information to the extent that:(d) the information relates to existing or anticipated legal proceedings between the entity and the individual, and would not be accessible by the process of discovery in those proceedings;

[Exception to obligation to provide access / Negotiations with the individual]


(f) providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations;


12.3 If the APP entity is an organisation then, despite subclause 12.1, the entity is not required to give the individual access to the personal information to the extent that:(e) giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations;

[Exception to obligation to provide access / Unlawfulness]


(g) providing access would be unlawful; or


12.3 If the APP entity is an organisation then, despite subclause 12.1, the entity is not required to give the individual access to the personal information to the extent that:(f) giving access would be unlawful;

141







[Exception to obligation to provide access / Denying access is required or authorised by or under law]


(h) denying access is required or authorised by or under law;



(g) denying access is required or authorised by or under an Australian law or a court/tribunal order

[Exception to obligation to provide access / Prejudice to investigation of possible unlawful activity]


(i) providing access would be likely to prejudice an investigation of possible unlawful activity;


12.3 If the APP entity is an organisation then, despite subclause 12.1, the entity is not required to give the individual access to the personal information to the extent that:(h) both of the following apply:

(i) the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in;(ii) giving access would be likely to prejudice the taking of appropriate action in relation to the matter;

[Exception to obligation to provide access / Prejudice to law enforcement activities]



12.3 If the APP entity is an organisation then, despite subclause 12.1, the entity is not required to give the individual access to the personal information to the extent that:(i) giving access would be likely to prejudice one or more

142







(j) providing access would be likely to prejudice:

(i) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; or

(ii) the enforcement of laws relating to the confiscation of the proceeds of crime; or

(iii) the protection of the public revenue; or

(iv) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or

(v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its orders;

by or on behalf of an enforcement body;

enforcement related activities conducted by, or on behalf of, an enforcement body;

[Exception to obligation to provide access / Security of Australia]


(k) an enforcement body performing a lawful security function asks the organisation not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.

6.2 However, where providing access would reveal evaluative information generated within the organisation in connection


143







with a commercially sensitive decision-making process, the organisation may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.

Note: An organisation breaches subclause 6.1 if it relies on subclause 6.2 to give an individual an explanation for a commercially sensitive decision in circumstances where subclause 6.2 does not apply.

12.3 If the APP entity is an organisation then, despite subclause 12.1, the entity is not required to give the individual access to the personal information to the extent that:(j) giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision making process

Dealing with requests for access

12.4 The APP entity must:(a) respond to the request for access to the personal information:

(i) if the entity is an agency—within 30 days after the request is made; or(ii) if the entity is an organisation—within a reasonable period after the request is made; and

(b) give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.

Other means of access

12.5 If the APP entity refuses:(a) to give access to the personal information because of subclause 12.2 or 12.3; or(b) to give access in the manner requested by the individual;the entity must take such steps (if any) as are reasonable in

144







6.3 If the organisation is not required to provide the individual with access to the information because of one or more of paragraphs 6.1(a) to (k) (inclusive), the organisation must, if reasonable, consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.

the circumstances to give access in a way that meets the needs of the entity and the individual.

12.6 Without limiting subclause 12.5, access may be given through the use of a mutually agreed intermediary.

6.4 If an organisation charges for providing access to personal information, those charges:

(a) must not be excessive; and

(b) must not apply to lodging a request for access.

Access charges

12.7 If the APP entity is an agency, the entity must not charge the individual for the making of the request or for giving access to the personal information.

12.8 If:(a) the APP entity is an organisation; and(b) the entity charges the individual for giving access to the personal information; the charge must not be excessive and must not apply to the making of the request.13 – correction of personal information

6.5 If an organisation holds personal information about an individual and the individual is able to establish that the information is not accurate, complete and up-to-date, the organisation must take reasonable steps to correct the

Correction

13.1 If:(a) an APP entity holds personal information about an

145







information so that it is accurate, complete and up-to-date. individual; and(b) either:

(i) the entity is satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or(ii) the individual requests the entity to correct the information;

the entity must take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.Notification of correction to third parties

13.2 If:(a) the APP entity corrects personal information about an individual that the entity previously disclosed to another APP entity; and(b) the individual requests the entity to notify the other APP entity of the correction;the entity must take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.

6.6 If the individual and the organisation disagree about whether the information is accurate, complete and up-to-date, and the individual asks the organisation to associate with the information a statement claiming that the information is not

Request to associate a statement

13.4 If:(a) the APP entity refuses to correct the personal

146







accurate, complete or up-to-date, the organisation must take reasonable steps to do so.

information as requested by the individual; and(b) the individual requests the entity to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading;the entity must take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.12 – access to personal information

6.7 An organisation must provide reasons for denial of access or a refusal to correct personal information.

Refusal to give access

12.9 If the APP entity refuses to give access to the personal information because of subclause 12.2 or 12.3, or to give access in the manner requested by the individual, the entity must give the individual a written notice that sets out:(a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and(b) the mechanisms available to complain about the refusal; and(c) any other matter prescribed by the regulations.

12.10 If the APP entity refuses to give access to the personal information because of paragraph 12.3(j), the reasons for the refusal may include an explanation for the commercially sensitive decision.

Refusal to correct information

147







See also 6.2

However, where providing access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision-making process, the organisation may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.

13.3 If the APP entity refuses to correct the personal information as requested by the individual, the entity must give the individual a written notice that sets out:(a) the reasons for the refusal except to the extent that it would be unreasonable to do so; and(b) the mechanisms available to complain about the refusal; and(c) any other matter prescribed by the regulations.

Dealing with requests13.5 If a request is made under subclause 13.1 or 13.4, the APP entity:(a) must respond to the request:

(i) if the entity is an agency—within 30 days after the request is made; or(ii) if the entity is an organisation—within a reasonable period after the request is made; and

(b) must not charge the individual for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be).

7. Identifiers 9 – adoption, use or disclosure of government related identifiers

7.1 An organisation must not adopt as its own identifier of an individual an identifier of the individual that has been assigned by:

Adoption of government related identifiers

9.1 An organisation must not adopt a government related identifier of an individual as its own identifier of the

148







(a) an agency; or

(b) an agent of an agency acting in its capacity as agent; or

(c) a contracted service provider for a Commonwealth contract acting in its capacity as contracted service provider for that contract.

individual unless:(a) the adoption of the government related identifier is required or authorised by or under an Australian law or a court/tribunal order; or(b) subclause 9.3 applies in relation to the adoption.


7.1A However, subclause 7.1 does not apply to the adoption by a prescribed organisation of a prescribed identifier in prescribed circumstances.

Note: There are prerequisites that must be satisfied before those matters are prescribed: see subsection 100(2).

Regulations about adoption, use or disclosure

9.3 This subclause applies in relation to the adoption, use or disclosure by an organisation of a government related identifier of an individual if:(a) the identifier is prescribed by the regulations; and(b) the organisation is prescribed by the regulations, or is included in a class of organisations prescribed by the regulations; and(c) the adoption, use or disclosure occurs in the circumstances prescribed by the regulations.

7.2 An organisation must not use or disclose an identifier assigned to an individual by an agency, or by an agent or contracted service provider mentioned in subclause 7.1, unless:

(a) the use or disclosure is necessary for the organisation to fulfil its obligations to the agency; or

(b) [any of the exceptions in par 2.1(e) to 2.1(h) re secondary use apply]; or

(c) [prescribed organisation in prescribed circumstances]


9.2 An organisation must not use or disclose a government related identifier of an individual unless:(a) the use or disclosure of the identifier is reasonably necessary for the organisation to verify the identity of the individual for the purposes of the organisation’s activities or functions; or(b) the use or disclosure of the identifier is reasonably necessary for the organisation to fulfil its obligations to an

149







Note: There are prerequisites that must be satisfied before the matters mentioned in paragraph (c) are prescribed: see subsection 100(2) and (3).

agency or a State or Territory authority;(c) [permitted by law or order]; or(d) [general permitted situation];(e) [enforcement related activities](f) [9.3 Regulations]

[Any of the exceptions in par 2.1(e) to 2.1(h) re secondary use apply]


(b) one or more of paragraphs 2.1(e) to 2.1(h) (inclusive) apply to the use or disclosure; or

2.1(e) [2.1(e) Use and disclosure / Threat to health or safety]

2.1.(ea) [2.1 (ea) Use and disclosure of genetic information]

2.1(f) [2.1(f) Use and disclosure / Unlawful activity]

2.1(g) [2.1(g) Use and disclosure / Use or disclosure authorised or required by law]

2.1(h) [2.1(h) Use and disclosure / Enforcement related activity]


9.2 An organisation must not use or disclose a government related identifier of an individual unless:(c) the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or(d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1)) exists in relation to the use or disclosure of the identifier;(e) the organisation reasonably believes that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

s 16A (1) Item 4

The collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim.

s 16A(1) Item 5

The collection, use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution process.

[prescribed organisation in prescribed circumstances] Use or disclosure of government related identifiers

150








(c) the use or disclosure is by a prescribed organisation of a prescribed identifier in prescribed circumstances.

9.2 An organisation must not use or disclose a government related identifier of an individual unless:

(f) sub clause 9.3 applies in relation to the use or disclosure

7.3 In this clause:

identifier includes a number assigned by an organisation to an individual to identify uniquely the individual for the purposes of the organisation's operations. However, an individual's name or ABN (as defined in the A New Tax System (Australian Business Number) Act 1999) is not an identifier.

Sch 1 Item 23 (s 6(1))

government related identifier of an individual means an identifier of the individual that has been assigned by(a) an agency; or(b) a State or Territory authority; or(c) an agent of an agency, or a State or Territory authority, acting in its capacity as agent; or(d) a contracted service provider for a Commonwealth contract, or a State contract, acting in its capacity as contracted service provider for that contract.

8. Anonymity 2 – Anonymity and pseudonymity

8. Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with an organisation.

2.1 Individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with an APP entity in relation to a particular matter.

2.2 Subclause 2.1 does not apply if, in relation to that matter:

(a) the APP entity is required or authorised by or under an Australian law, or a court/tribunal order, to deal with

151







individuals who have identified themselves; or

(b) it is impracticable for the APP entity to deal with individuals who have not identified themselves or who have used a pseudonym.

9. Transborder data flows 8 - Cross-border disclosure of personal information

9. An organisation in Australia or an external Territory may transfer personal information about an individual to someone (other than the organisation or the individual) who is in a foreign country only if:

(a) the organisation reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles; or

(b) [consent]; or

(c) the transfer is necessary for the performance of a contract between the individual and the organisation, or for the implementation of pre-contractual measures taken in response to the individual's request; or

(d) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the organisation and a third party; or

(e) all of the following apply:

(i) the transfer is for the benefit of the individual;

8.1 Before an APP entity discloses personal information about an individual to a person (the overseas recipient):(a) who is not in Australia or an external Territory; and(b) who is not the entity or the individual;the entity must take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information.

Note In certain circumstances, an act done, or a practice engaged in, by the overseas recipient is taken, under section 16C, to have been done, or engaged in, by the APP entity and to be a breach of the Australian Privacy Principles.

8.2 Subclause 8.1 does not apply to the disclosure of personal information about an individual by an APP entity to the overseas recipient if:(a) the entity reasonably believes that:

(i) the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy

S 16C Acts and practices of overseas recipients of personal information

(1) This section applies if:

(a) an APP entity discloses personal information about an individual to an overseas recipient; and

(b) Australian Privacy Principle 8.1 applies to the disclosure of the information; and

(c) the Australian Privacy Principles do not apply, under this Act, to an act done, or a practice engaged in, by the overseas recipient in relation to the information; and

(d) the overseas recipient does an act, or engages in a practice, in relation to the information that would be a breach of the Australian Privacy Principles (other than Australian Privacy Principle 1) if those Australian Privacy Principles so applied to that act or practice.

(2) The act done, or the practice engaged in, by the overseas recipient is taken, for the purposes of this Act:

152







(ii) it is impracticable to obtain the consent of the individual to that transfer;

(iii) if it were practicable to obtain such consent, the individual would be likely to give it; or

(f) the organisation has taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the National Privacy Principles.

Principles protect the information; and(ii) there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme; oror

(b) [consent]; or(c) the disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or(d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1)) exists in relation to the disclosure of the information by the APP entity; or(e) the entity is an agency and the disclosure of the information is required or authorised by or under an international agreement relating to information sharing to which Australia is a party; or(f) the entity is an agency and both of the following apply:

(i) the entity reasonably believes that the disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body;(ii) the recipient is a body that performs functions, or exercises powers, that are similar to those performed or exercised by an enforcement body.

(a) to have been done, or engaged in, by the APP entity; and

(b) to be a breach of those Australian Privacy Principles by the APP entity.

[transborder data flow – consent]

9. An organisation in Australia or an external Territory may transfer personal information about an individual to someone (other than the organisation or the individual) who is in a

8.2 Subclause 8.1 does not apply to the disclosure of personal information about an individual by an APP entity to the overseas recipient if:(b) both of the following apply:

153







foreign country only if:

(b) the individual consents to the transfer

(i) the entity expressly informs the individual that if he or she consents to the disclosure of the information, subclause 8.1 will not apply to the disclosure;(ii) after being so informed, the individual consents to the disclosure;

10 Sensitive information 3 – Collection of solicited personal information

10.1 An organisation must not collect sensitive information about an individual unless:

(a) the individual has consented; or

(b) [required by law]; or

(c) [serious threat to life or health]

(d) [activities of a non-profit organisation]; or

(e) [claim]

Sensitive information

3.3 An APP entity must not collect sensitive information about an individual unless:(a) the individual consents to the collection of the information and:

(i) if the entity is an agency—the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or(ii) if the entity is an organisation—the information is reasonably necessary for one or more of the entity’s functions or activities; or

(b) subclause 3.4 applies in relation to the information.

3.4 This subclause applies in relation to sensitive information about an individual if:(a) [law or court order];(b) [permitted general situation; Privacy Act s 16A];(c) the APP entity is an organisation and a permitted health situation [Privacy Act s 16B] exists in relation to the collection of the information by the entity; or

154







(d) the APP entity is an enforcement body and the entity reasonably believes that:

(i) if the entity is the Immigration Department—the collection of the information is reasonably necessary for, or directly related to, one or more enforcement related activities conducted by, or on behalf of, the entity; or(ii) otherwise—the collection of the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or

(e) [activities of non-profit organisations]

[Exception to prohibition to collect sensitive information / Required by law]


(b) the collection is required by law;

3.4 This subclause applies in relation to sensitive information about an individual if:(a) the collection of the information is required or authorised by or under an Australian law or a court/tribunal order;

[Exception to prohibition to collect sensitive information / Serious threat to life or health]


(c) the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:

(i) is physically or legally incapable of giving consent to the collection; or

3.4 This subclause applies in relation to sensitive information about an individual if:(b) a permitted general situation exists in relation to the collection of the information by the APP entity.

See Conditions re Item 1 Table:(a) it is unreasonable or impracticable to obtain the individual’s consent to the collection, use or disclosure; and(b) the entity reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.


16A Permitted general situations in relation to the collection, use or disclosure of personal information(1) A permitted general situation exists in relation to the collection, use or disclosure by an APP entity of personal information about an individual, or of a government related identifier of an individual, if:(a) the entity is an entity of a kind specified in an

155







(ii) physically cannot communicate consent to the collection; item in column 1 of the table; and(b) the item in column 2 of the table applies to the information or identifier; and(c) such conditions as are specified in the item in column 3 of the table are satisfied.

[Exception to prohibition to collect sensitive information / Activities of non-profit organisation]


(d) if the information is collected in the course of the activities of a non-profit organisation - the following conditions are satisfied:

(i) the information relates solely to the members of the organisation or to individuals who have regular contact with it in connection with its activities;

(ii) at or before the time of collecting the information, the organisation undertakes to the individual whom the information concerns that the organisation will not disclose the information without the individual's consent; or

3.4 This subclause applies in relation to sensitive information about an individual if:(e) the APP entity is a non-profit organisation and both of the following apply:

(i) the information relates to the activities of the organisation;(ii) the information relates solely to the members of the organisation, or to individuals who have regular contact with the organisation in connection with its activities.

[Exception to prohibition to collect sensitive information / Claim]


(e) the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.

3.4 This subclause applies in relation to sensitive information about an individual if:(b) a permitted general situation exists in relation to the collection of the information by the APP entity.

See Conditions re Item 4 Table:The collection, use or disclosure is reasonably necessary for the establishment, exercise or


16A Permitted general situations in relation to the collection, use or disclosure of personal information(1) A permitted general situation exists in relation to the collection, use or disclosure by an APP

156







defence of a legal or equitable claim. entity of personal information about an individual, or of a government related identifier of an individual, if:(a) the entity is an entity of a kind specified in an item in column 1 of the table; and(b) the item in column 2 of the table applies to the information or identifier; and(c) such conditions as are specified in the item in column 3 of the table are satisfied.

10.2 Despite subclause 10.1, an organisation may collect health information about an individual if:

(a) the information is necessary to provide a health service to the individual; and

(b) the information is collected:

(i) as required or authorised by or under law (other than this Act); or

(ii) in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation.

3.4 This subclause applies in relation to sensitive information about an individual if:(c) the APP entity is an organisation and a permitted health situation exists in relation to the collection of the information by the entity;



Collection—provision of a health service(1) A permitted health situation exists in relation to the collection by an organisation of health information about an individual if:(a) the information is necessary to provide a health service to the individual; and(b) either:

(i) the collection is required or authorised by or under an Australian law (other than this Act); or(ii) the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of

157







professional confidentiality which bind the organisation.

10.3 Despite subclause 10.1, an organisation may collect health information about an individual if:

(a) the collection is necessary for any of the following purposes:

(i) research relevant to public health or public safety;

(ii) the compilation or analysis of statistics relevant to public health or public safety;

(iii) the management, funding or monitoring of a health service; and

(b) that purpose cannot be served by the collection of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained; and

(c) it is impracticable for the organisation to seek the individual's consent to the collection; and

(d) the information is collected:

(i) as required by law (other than this Act); or

(ii) in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation; or

(iii) in accordance with guidelines approved by the Commissioner under section 95A for the purposes of this subparagraph.

3.4 This subclause applies in relation to sensitive information about an individual if:(c) the APP entity is an organisation and a permitted health situation exists in relation to the collection of the information by the entity;



Collection—research etc.16B(2) A permitted health situation exists in relation to the collection by 20 an organisation of health information about an individual if:(a) the collection is necessary for any of the following purposes:

(i) research relevant to public health or public safety;(ii) the compilation or analysis of statistics relevant to public health or public safety;(iii) the management, funding or monitoring of a health service; and

(b) that purpose cannot be served by the collection of information about the individual that is de-identified information; and(c) it is impracticable for organisation to obtain the individual’s consent to the collection; and(d) any of the following apply:

(i) the collection is required by or under an

158







Australian law (other than this Act);(ii) the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation;(iii) the information is collected in accordance with guidelines approved under section 95A for the purposes of this subparagraph.

10.4 If an organisation collects health information about an individual in accordance with subclause 10.3, the organisation must take reasonable steps to permanently de-identify the information before the organisation discloses it.

6.4 If:(a) the APP entity is an organisation; and(b) subsection 16B(2) applied in relation to the collection of the personal information by the entity;the entity must take such steps as are reasonable in the circumstances to ensure that the information is de-identified before the entity discloses it in accordance with subclause 6.1 or 6.2.

10.5 In this clause:

non-profit organisation means a non-profit organisation that has only racial, ethnic, political, religious, philosophical, professional, trade, or trade union aims.

Amending Act Sch 1 Item 31non-profit organisation means an organisation:(a) that is a non-profit organisation; and(b) that engages in activities for cultural, recreational, political, religious, philosophical, professional, trade or trade union purposes.

4. Dealing with unsolicited information

4.1 If:(a) an APP entity receives personal information; and(b) the entity did not solicit the information;the entity must, within a reasonable period after receiving

159







the information, determine whether or not the entity could have collected the information under Australian Privacy Principle 3 if the entity had solicited the information.

4.2 The APP entity may use or disclose the personal information for the purposes of making the determination under subclause 4.1.

4.3 If:(a) the APP entity determines that the entity could not have collected the personal information; and(b) the information is not contained in a Commonwealth record;the entity must, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.

4.4 If sub clause 4.3 does not apply in relation to the personal information, Australian Privacy Principles 5 to 13 apply in relation to the information as if the entity had collected the information under Australian Privacy Principle 3.

160


D. Detailed analysis of energy market regulationsAs outlined in Section 2.2 we identified those regulatory instruments of Queensland, New South Wales, the ACT, Tasmania, South Australia and Western Australia (as identified by the Commonwealth) and the national electricity instruments which relate to electricity metering data to assess whether any of the obligations under, or rights granted by, those regulatory instruments were inconsistent with the Lockstep recommendations.

The table on the following pages outline the detailed findings by jurisdiction and national (NEM) regulatory instruments. The table is further divided into four columns – ‘collection of data’, ‘use and disclosure of data’, ‘data security’ and ‘access to data’ – to reflect the different NPPs considered by the Lockstep report.

161


Table D.1: Analysis of energy market regulatory instruments - National

NATIONAL (NEM JURISDICTIONS ONLY)Instrument Collection of data Use and disclosure of data Data security (storage and

protection)Access to data

National Electricity Law The NEL contains provisions for information to be gathered by, or provided to authorities (AEMO, AER, AEMC). This information may include metering data.

Generally these authorities are authorised to use information for statutory purposes and to disclose it, including confidential information, in certain circumstances as set out.

These circumstances include with consent, if there is no person identified, where the public benefit outweighs the private detriment, if required by law or, in AEMO’s case, for the safety, reliability and security of the system.

Generally these authorities take all reasonable measures to protect information from unauthorised use or unauthorised disclosure of information.

* Nothing relevant

National Electricity Rules

The principal provisions are extracted here. Other provisions cross refer to these.

For example, the responsibilities of the Responsible Person include compliance with clauses 7.8.2 and

* Nothing relevant 8.6.1 Confidentiality

(a) Each Registered Participant must use all reasonable endeavours to keep confidential any confidential information that comes into the possession or control of the Registered Participant or of which the Registered Participant becomes aware.

(b) A Registered Participant:

(1) must not disclose

7.8 Security of Metering Installations and Data

7.8.2 Security controls

(a) The responsible person must ensure that energy data held in the metering installation is protected from direct local or remote electronic access by suitable password and security controls in accordance with paragraph (c).

(b) The Metering Provider must

7.7 Entitlement to metering data and access to metering installation

(a) The only persons entitled to access energy data or to receive metering data, NMI Standing Data, settlements ready data or data from the metering register for a metering installation are:

(1) Registered Participants with a financial interest in the metering installation or

162


Instrument Collection of data Use and disclosure of data Data security (storage and protection)

Access to data

7.7(a). confidential information to any person except as permitted by the Rules;

(2) must only use or reproduce confidential information for the purpose for which it was disclosed or another purpose contemplated by the Rules; and

(c) Each Registered Participant must use all reasonable endeavours:

(1) to prevent unauthorised access to confidential information which is in the possession or control of that Registered Participant; and

(2) to ensure that any person to whom it discloses confidential information observes the provisions of this rule 8.6 in relation to that information.

8.6.2 Exceptions

keep records of electronic access passwords secure.

(c) The Metering Provider must allocate 'read-only' passwords to Market Participants, Local Network Service Providers and AEMO, except where separate 'read-only' and 'write' passwords are not available, in which case the Metering Provider must allocate a password to AEMO only. For the avoidance of doubt, a financially responsible Market Participant may allocate that 'read-only' password to a customer who has sought access to its energy data or metering data in accordance with rule 7.7(a)(7).

(d) The Metering Provider must hold 'read-only' and 'write' passwords.

(e) The Metering Provider must forward a copy of the passwords held under paragraph (d) to AEMO on request by AEMO for metering installations types 1, 2,3 and 4.

(f) AEMO must hold a copy of the passwords referred to in paragraph (e) for the sole purpose of revealing them to a Metering Provider in the event that the passwords cannot be

the energy measured by that metering installation;

(2) Metering Providers who have an agreement to service the metering installation, in which case the entitlement to access is restricted to allow authorised work only;

(3) financially responsible Market Participants in accordance with the meter churn procedures developed under clause 7.3.4(j);

(4) the Network Service Provider or providers associated with the connection point;

(5) AEMO and its authorised agents;

(6) an Ombudsman in accordance with paragraphs (d), (e) and (f);

(7) a financially responsible Market Participant’s customer upon request by that customer to the

163



Access to data

This rule 8.6 does not prevent:

(a) (public domain): the disclosure, use or reproduction of information if the relevant information is at the time generally and publicly available other than as a result of breach of confidence by the Registered Participant who wishes to disclose, use or reproduce the information or any person to whom the Registered Participant has disclosed the information;

(b) (employees and advisers): the disclosure of information by a Registered Participant or the Registered Participant's Disclosees to:

(1) an employee or officer of the Registered Participant or a related body corporate of the Registered Participant; or

(2) a legal or other professional adviser, auditor or other consultant (in this clause 8.6.2(b) called Consultants) of the Registered Participant, which require the

obtained by the Metering Provider by any other means.

(g) Subject to the authorisation of the responsible person which is for the purpose of managing congestion in accordance with rule 7.7(c1), if a retail customer of a financially responsible Market Participant requests a ‘read-only’ password, the financially responsible Market Participant must:

(1) obtain a ‘read-only’ password from the Metering Provider in accordance with paragraph (c); and

(2) provide a ‘read-only’ password to the customer within 10 business days.

(h) The responsible person referred to in paragraph (g) must not unreasonably withhold the authorisation required by the financially responsible Market Participant.

(i) The Metering Provider must allocate suitable passwords to the

financially responsible Market Participant for information relating to that customer’s metering installation;

(8) the AER or Jurisdictional Regulators upon request to AEMO; and

(9) Metering Data Providers who have been engaged to provide metering data services for that metering installation or in accordance with clause 7.14.1A(c)(6).

7.9 Processing of Metering Data for Settlements Purposes

7.9.1 Metering databases

(a) AEMO must create, maintain and administer a metering database (either directly or under a contract for provision of the database) containing information for each metering installation registered with AEMO.

(c) The metering database must

164



Access to data

information for the purposes of the Rules, or for the purpose of advising the Registered Participant or the Registered Participant's Disclosee in relation thereto;

(c) (consent): the disclosure, use or reproduction of information with the consent of the person or persons who provided the relevant information under the Rules;

(d) (law): the disclosure, use or reproduction of information to the extent required by law or by a lawful requirement of:

(1) any government or governmental body, authority or agency having jurisdiction over a Registered Participant or its related bodies corporate; or

(2) any stock exchange having jurisdiction over a Registered Participant or its related bodies corporate;

Metering Data Provider that enables the Metering Data Provider to collect the metering data and to maintain the clock of the metering installation in accordance with rule 7.12.

(j) The Metering Data Provider must keep all metering installation passwords secure and not make the passwords available to any other person.

7.10 Confidentiality

Energy data, metering data, NMI Standing Data, information in the metering register and passwords are confidential and are to be treated as confidential information in accordance with the Rules.

7.11.3 Data management and storage

(a) Metering Data Providers must:

(1) retain metering data for all relevant metering installations in the metering data services

have the capacity for electronic access by relevant Market Participants and Network Service Providers.

(d) The metering database must include metering data, settlements ready data, and information for each metering installation registered with AEMO in accordance with rule 7.5.

(e) Rights of access to data held within the metering database are set out in rule 7.7.

165



Access to data

(e) (disputes): the disclosure, use or reproduction of information if required in connection with legal proceedings, arbitration, expert determination or other dispute resolution mechanism relating to the Rules, or for the purpose of advising a person in relation thereto;

(f) (trivial): the disclosure, use or reproduction of information which is trivial in nature;

(g) (safety): the disclosure of information if required to protect the safety of personnel or equipment;

(h) (potential investment): the disclosure, use or reproduction of information by or on behalf of a Registered Participant to the extent reasonably required in connection with the Registered Participant's financing arrangements, investment in that Registered Participant or a disposal of that Registered Participant's assets;

(i) (regulator): the disclosure of information to the AER, the AEMC or the ACCC or any other regulatory

database:

(i) online in an accessible format for at least 13 months;

(ii) following the retention under subparagraph (1)(i), in an accessible format for an overall period of not less than 7 years; and

(2) archive in an accessible format for a period of 7 years:

(i) metering data in its original form collected from the metering installation;

(ii) records of each substitution to metering data in respect of a metering installation.

8.6.6 AEMO information

AEMO must develop and, to the extent practicable, implement a policy:

166



Access to data

authority having jurisdiction over a Registered Participant, pursuant to the Rules or otherwise;

(j) (reports): the disclosure, use or reproduction of information of an historical nature in connection with the preparation and giving of reports under the Rules;

(k) (aggregate sum): the disclosure, use or reproduction of information as an unidentifiable component of an aggregate sum;

(l) (profile): the publication of a profile.

8.6.3 Conditions

In the case of a disclosure under clauses 8.6.2(b), or 8.6.2(h), prior to making the disclosure the Registered Participant that wishes to make the disclosure must inform the proposed recipient of the confidentiality of the information and must take appropriate precautions to ensure that the proposed recipient keeps the information confidential in accordance with the provisions of

(a) to protect information which it acquires pursuant to its various functions from use or access which is contrary to the provisions of the Rules;

(b) to disseminate such information in accordance with its rights, powers and obligations in a manner which promotes the orderly operation of any market; and

(c) to ensure that AEMO, in undertaking any trading activity except the procurement of ancillary services, does not make use of such information unless the information is also available to other Registered Participants.

167



Access to data

this rule 8.6 and does not use the information for any purpose other than that permitted under clause 8.6.1.

National Energy Retail Law

The NERL contains provisions for information to be collected by or given to the AER. This information may include metering data.

The AER is authorised to disclose information, including confidential information, in certain circumstances as set out including with consent or where the public benefit outweighs the private detriment.

174—Authorised disclosure of information

To the extent that the information is personal information within the meaning of the Privacy Act 1988 of the Commonwealth or of any Act of a participating jurisdiction relating to privacy—

(a) disclosure of that information to the AER, AEMO, a distributor or a designated RoLR for or in connection with the RoLR scheme is authorised by this Law; and

* Nothing relevant * Nothing relevant

168



Access to data

(b) use of that information for or in connection with the RoLR scheme is authorised by this Law.

National Energy Retail Rules 2012

* Nothing relevant 102 Enquiries or complaints relating to the distributor (1) If a person makes an enquiry or complaint to a retailer about an issue relating to a distribution system or customer connection services (other than a fault, an emergency, a planned interruption or an unplanned interruption), the retailer must— (a) if the enquiry or complaint is made by telephone—refer the person to the relevant distributor’s enquiry or complaints telephone number where practicable; or (b) otherwise, as soon as practicable, but no later than the next business day after receiving the enquiry or complaint, provide the relevant distributor with the details of the enquiry or the complaint, including contact details of both the person making the enquiry or complaint and the person who received the enquiry or complaint. (2) If a retailer requests a distributor

* Nothing relevant 28 Historical billing information (SRC and MRC) (1) A retailer must promptly provide a small customer with historical billing data for that customer for the previous 2 years on request.

86 Provision of information A distributor must, on request by a customer or a customer’s retailer, provide information about the customer’s energy consumption or the distributor’s charges...

132 Consumption information to be provided (1) On request, a retailer must promptly provide a small customer with the following information relating to the customer’s premises— (a) total energy consumption; (b) average daily consumption;

129 System requirements

169



Access to data

to provide information about a shared customer’s energy consumption, the distributor must use its best endeavours to provide the information to the retailer at no cost and in a timely manner to allow the retailer to carry out its obligations to provide information to its customer.

171 Distributor obligations—electricity consumption information Distributors must, for the purpose of the electricity consumption benchmarks [for residential customers under a customer retail contract provided by the AER to retailers and published on its website], provide information to the AER in such manner and form as may be requested by the AER.

Schedule 1 – Model Terms and Conditions for Standard Retail Contracts

Clause 18 Privacy Notice

We will comply with all relevant

(2) System display The prepayment meter system must display— (a) the financial balance of the prepayment meter system, accurate to within $1.00 of the actual balance; and (b) whether the prepayment meter system is operating in normal credit or emergency credit mode; and (c) current consumption information (in both KWh or MJ and $AUD).

Schedule 1 – Model Terms and Conditions for Standard Retail Contracts

Clause 9.4 Your historical billing information

Upon request, we must give you information about your billing history for the previous 2 years free of charge. However, we may charge you if we have already given you this information in the previous 12 months, or if you require information going back more than 2 years.

170



Access to data

privacy legislation in relation to your personal information. You can find a summary of our privacy policy on our website. If you have any questions, you can contact out privacy officer.

Clause 22 Retailer of Last Resort Event

If we are no longer entitled by law to sell energy to you due to a Retailer of Last Resort (RoLR) event occurring in relation to us, we are required under the National Energy Retail Law and the Rules to provide relevant information (including your name, billing address and metering identifier) to the entity appointed as the relevant designated retailer for the RoLR event and this contract will come to an end.

171


SOUTH AUSTRALIATable D.2: Analysis of energy market regulatory instruments – South Australia


Access to data

Essential Services Commission Act 2002 (SA)

29—Commission's power to require information

(1) The Commission may, by written notice, require a person to give the Commission, within a time and in a manner stated in the notice (which must be reasonable), information in the person's possession that the Commission reasonably requires for the performance of the Commission's functions.

(1a) The power of the Commission to require information includes (without limitation) power to require a NERL retailer required to comply with Part 6A of the Electricity Act 1996 or Part 5A of the Gas Act 1997—

(a) to conduct an audit, in a manner approved by the Commission, of the NERL retailer's compliance with the relevant Part; and

(b) to report the results of the audit to the

30—Obligation to preserve confidentiality

(1) Information gained under this Part that—

(a) could affect the competitive position of a regulated entity or other person; or

(b) is commercially sensitive for some other reason, is, for the purposes of this Act, confidential information and a person performing a function under this Act or a relevant industry regulation Act is guilty of an offence if the person discloses such information otherwise than as authorised under this section.

(2) Confidential information may be disclosed if—

(a) the disclosure is made


172



Access to data

Commission.

(2) A person must comply with a requirement under this section.

(3) A person cannot be compelled to give information under this section if the information might tend to incriminate the person of an offence.

(4) In this section—

NERL retailer has the same meaning as in the Electricity Act 1996 or the Gas Act 1997 (as the context requires).

to another who is also performing a function under this Act or a relevant industry regulation Act; or

(b) the disclosure is made with the consent of the person who gave the information or to whom the information relates; or

(c) the disclosure is authorised or required under any other Act or law; or

(d) the disclosure is authorised or required by a court or tribunal constituted by law; or

(e) the disclosure is authorised by regulation.

(3) The Commission may disclose confidential information if the Commission is of the opinion that the public benefit in making the disclosure outweighs any detriment that might be suffered by a person in consequence of the disclosure.

(4) If a person, when giving information to the Commission in

173



Access to data

response to a requirement of the Commission under this Part, claims that the information is confidential information, the Commission must, before disclosing the information otherwise than as referred to in subsection (2), give the person written notice of the proposed disclosure and the reasons for the disclosure.

(5) A person performing a function under this Act or a relevant industry regulation Act must not use confidential information for the purpose of securing a private benefit for himself or herself or for some other person.

(6) Information classified by the Commission as being confidential under subsection (1) is not liable to disclosure under the Freedom of Information Act 1991.

Electricity Act 1996 (SA) 10—Technical Regulator's power to require information

(1) The Technical Regulator may, by written notice, require a person to give the Technical Regulator, within a time stated in the notice (which must be reasonable), information in

11—Obligation to preserve confidentiality

(1) The Technical Regulator must preserve the confidentiality of information gained by the Technical Regulator under this Act (including information gained by an

55I—Confidentiality of information

(1) A person who gives the Technical Regulator information, or produces documents, may ask the Technical Regulator to keep the information or the contents of the documents confidential.

* Nothing relevant

174



Access to data

the person's possession that the Technical Regulator reasonably requires for the performance of the Technical Regulator's functions (whether under this Act or any other Act).

authorized officer under Part 7) that—

(a) could affect the competitive position of an electricity entity or other person;

or

(b) is commercially sensitive for some other reason.

(1a) Despite subsection (1), the Technical Regulator may disclose confidential information in the following circumstances:

(a) as reasonably required in connection with the administration or enforcement of this Act (including to the Minister, the Commission and persons assisting the Commission) or as otherwise related to the performance of the Technical Regulator's functions (whether under this Act or any other Act);

(b) to a person concerned

(2) The Technical Regulator may, after considering representations from the parties (or the other party), impose conditions limiting access to, or disclosure of, the information or documentary material in order—

(a) to consider in confidence information that has commercial value to a person

or relates to the commercial or financial affairs of a person (the Technical

Regulator being satisfied that it is reasonably foreseeable that public

disclosure of the information could cause significant damage to a person or the interests of a person or confer an unfair commercial or financial advantage on a person); or

(b) to ensure that the

175



Access to data

in the administration or enforcement of another law of the State, or a law of the Commonwealth or another State or a Territory of the Commonwealth, for purposes related to the administration or operation of that other law;

(c) to a government agency or instrumentality of this State, the Commonwealth or another State or Territory of the Commonwealth for purposes related to the performance of its functions (or to a person acting on behalf of such a government agency or instrumentality);

(d) with the consent of the person who gave the information or to whom the

information relates;

(e) as required by a court or tribunal constituted by

Technical Regulator does not—

(i) breach any law, order or direction of a court or tribunal constituted by law, or other legal obligation or duty; or

(ii) unreasonably expose himself or herself to any legal process or liability.

(3) A person must not contravene a condition imposed under subsection (2).

176



Access to data

law;

(f) as authorised by the Minister.

(2) Information classified by the Technical Regulator as confidential is not liable to disclosure under the Freedom of Information Act 1991.

National Electricity (South Australia) Act 1996

17—Provision of information and assistance by ESCoSA

(1) Despite any other Act or law, ESCoSA is authorised, on its own initiative or at the request of the AER:

(a) to provide the AER with such information (including information given in confidence) in the possession or control of ESCoSA that is reasonably required by the AER for the purposes of this Part or the National Electricity Law; and

(b) to provide the AER with such other assistance as is reasonably required by the AER to perform or exercise a function or power under

*Nothing relevant * Nothing relevant * Nothing relevant

177



Access to data

this Part or the National Electricity Law.

(2) Despite any other Act or law, ESCoSA may authorise the AER to disclose information provided under subsection (1) even if the information was given to ESCoSA in confidence.

(3) Nothing done, or authorised to be done, by ESCoSA in acting under subsection (1) or (2)—

(a) constitutes a breach of, or default under, an Act or other law; or

(b) constitutes a breach of, or default under, a contract, agreement, understanding or undertaking; or

(c) constitutes a breach of a duty of confidence (whether arising by contract, in equity or by custom) or in any other way; or

(d) constitutes a civil or criminal wrong; or

178



Access to data

(e) terminates an agreement or obligation or fulfills any condition that allows a person to terminate an agreement or obligation, or gives rise to any other right or remedy; or

(f) releases a surety or any other obligee wholly or in part from an obligation.

ETSA Utilities Electricity Distribution Licence

* Nothing relevant 23. Confidentiality

23.1 The Licensee must, unless otherwise required by law, this licence an industry code or the National Electricity Rules:

(a) comply with any rules made by the Commission from time to time relating to the use of information acquired by the Licensee in the course of operating the business authorised by this licence; and

(b) ensure that information concerning a customer or any other person connected to the


179



Access to data

Licensee’s distribution network is not disclosed without the explicit informed consent of the customer or the other person connected to the Licensee’s distribution network.

23.2 The Licensee must not disclose confidential information to an intelligence or law enforcement agency unless requested to do so by an intelligence or law enforcement agency on the basis that:

(a) disclosure is necessary under the terms of a warrant issued under Division 2 of the Australian Security Intelligence Organisation Act 1979 or under the terms of any other court order; or

(b) disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty or for the protection of the public

180



Access to data

revenue; or

(c) disclosure is necessary to safeguard the national security of Australia.

23.3 The Licensee may accept an assertion of an intelligence or law enforcement agency, without making further enquiry, for the purposes of clause 23.2(b) and clause 23.2(c).

Electricity Retail Authorisation (under the National Energy Retail Law).

The AER website only lists the authorised retailers without including details of their authorisations.

The only publicly available information is the AER guidelines on assessing authorisation applications. A review of the guidelines for anything regarding data or information indicates that they don't say how an applicant should address issues regarding privacy and confidentiality.

Electricity (General) Regulations 2012 (SA)

* Nothing relevant * Nothing relevant * Nothing relevant 20—Prescribed information in small customer accounts for purposes of section 24(2)(da) of Act

For the purposes of section 24(2)(da) of the Act, the following provisions apply:

(a) the electricity entity must include in each account for electricity charges sent to a small customer for electricity supply through a particular metered connection point the following information:

181



Access to data

(i) the customer's average daily consumption level, expressed in kWh, of electricity supplied through the connection point for the period to which the account relates;

(ii) the customer's average daily consumption level, expressed in kWh, of electricity supplied through the connection point for each period during the preceding 12 months in respect of which the customer was sent by the entity an account for electricity supply through the connection point;

Electricity Metering Code (SA)

4.3. Collection of Metering Data

4.3.1. The person responsible for the metering installation must collect data stored in a metering installation by reading the meter at

5.4. Confidentiality

5.4.2. The distributor, the person responsible for the metering installation and retailers:

(a) must not disclose a

5.4. Confidentiality

5.4.1. The distributor, a person responsible for the metering installation and retailers must keep metering data confidential and use

4.6 Access to Metering Installation

4.6.1 The person responsible for the metering installation must give a customer access to data stored in a metering installation used to

182



Access to data

the customer’s supply address in accordance with this Chapter 4.

4.3.2. A customer may arrange with the person responsible for the metering installation or its retailer that the data stored in the metering installation be collected by the person responsible for the metering installation:

(a) by inspecting the metering installation;

(b) where the metering installation is capable of providing data by electronic means, by electronic means; or

(c) where the metering installation is capable of providing data by any other means, by any other means.

4.3.3. The person responsible for the metering installation may charge a customer for the collection of metering data under clause 4.3.2 to the extent that its costs of collection are higher than they would otherwise be.

customer’s metering data to any person except as permitted by this industry code, the National Electricity Rules or the Metrology Procedure;

(b) must only use or reproduce a customer’s metering data for the purpose for which it was collected under this industry code or another purpose contemplated by any other code, the National Electricity Rules or the Metrology Procedure;

(c) must not permit unauthorised persons to have access to a customer’s metering data;

(d) must not disclose a customer’s metering data to any person without the explicit informed consent of the customer; and

(e) must ensure that the metering data and other information obtained from a customer is treated in

reasonable endeavours to protect and preserve the confidential nature of the metering data and must comply with any applicable regulatory instrument.

4.7. Storage of Metering Data

4.7.1. The person responsible for the metering installation must store metering data in respect of each metering installation and metering data in respect of each unmetered connection point, for a period of 7 years, in the form in which it was collected under clause 4.3 or calculated under clause 4.5.

measure and record the amount of electricity stored to its connection point, either by inspecting the metering installation or, where available, by electronic access to the metering installation.

4.6.2 The person responsible for the metering installation must, on request from a customer or a customer’s retailer provide the customer with access to the energy data and the metering data in respect of the metering installation which measures and records the amount of electricity supplied to the connection point of the customer.

4.8. Access to Metering Data

4.8.1. The person responsible for the metering installation must ensure that access is provided to metering data (whether actual or substituted under clause 4.4 at the frequency agreed under clause 4.3.4(a)).

4.8.2. The format of metering data provided under clause 4.8.1 must be in accordance with Schedule 4 reference 1.8 of Part A of the

183



Access to data

4.3.4. The person responsible for the metering installation must use its best endeavours to ensure that interval energy data or accumulated energy data is:

(a) collected from all metering installations at least quarterly or, where a greater frequency has been agreed with a customer or a customer’s retailer, at that greater frequency; and

(b) collected from each manually read metering installation by means of an actual meter reading at least once in each 12 month period.

4.3.5. Where the person responsible:

(a) is required under clause 4.3.4 (a) to use its best endeavours to collect interval energy data or accumulated energy data from a metering installation at least quarterly; and

accordance with the explicit informed consent of the customer and in accordance with any applicable regulatory instrument.

5.4.3. This clause 5.4 does not prevent:

(a) the disclosure, use or reproduction of metering data if the metering data is at the time generally and publicly available otherwise then as a result of breach of confidence by the distributor, a person responsible for the metering installation or a retailer or its disclosees;

(b) the disclosure of metering data by the distributor, a person responsible for the metering installation or a retailer or its disclosees to:

(i) its employees or the employees of its related bodies corporate subject to any

Metrology Procedure, 4.8.3. For the purposes of this clause 4.8, all references in the Metrology Procedure to:

(a) a Financially Responsible Market Participant are references to a retailer;

(b) “each metering installation for which the financially responsible Market Participant has registered with AEMO” in Metrology Procedure clause 3.8.1 are references to each metering installation associated with a customer’s supply address; and

(c) type 7 metering installations are references to unmetered connection points.

5.3. Access to data

5.3.1. Where a sample meter has been installed at a connection point by the distributor, the person

184



Access to data

(b) has not obtained an actual meter reading in respect of that metering installation for three successive quarters by reason of the denial of access to the metering installation by the customer, then the person responsible must use its best endeavours to obtain an actual meter reading in respect of that metering installation for the subsequent quarter.

4.3.6. When interval energy data or accumulated energy data is not collected by a person responsible for the metering installation from a metering installation by way of an actual meter reading at the applicable meter reading frequency under clause 4.3.4(a), an estimated read must be obtained by the person responsible for the metering installation.

4.3.7. An estimated read obtained for the purposes of clause 4.3.5 must be provided to the retailer within 10 business days of the

applicable regulatory instrument;

(ii) or its legal or other professional advisor, auditor or other consultant, requiring the metering data for the purposes of this industry code or any other code or for the purpose of advising the distributor, the person responsible for the metering installation or the retailer or disclosee in relation to those purposes;

(c) the disclosure, use or reproduction of metering data with the explicit informed consent of the relevant customer;

(d) the disclosure, use or reproduction of metering data to the extent required by law or by lawful requirement of:

(i) any government or governmental body,

responsible for the metering installation must give a customer access to the data stored in that sample meter as accumulated energy data and not as interval energy data.

5.3.2. The person responsible for the metering installation must, on written request from a customer, provide facilities to enable the customer to access data stored in a metering installation by remote electronic means.

5.3.3. Where the person responsible for the metering installation has provided facilities to enable the customer to access data stored in a metering installation by remote electronic means, if remote electronic access to the metering installation is unavailable for a period of 5 consecutive business days due to the actions within the control of the person responsible for the metering installation, the person responsible for the metering installation must, if requested by the customer, obtain data locally from the metering installation and provide that data to the customer at

185



Access to data

scheduled meter reading date under clause 4.3.4(a).

4.3.8. The person responsible for the metering installation must perform a special meter read at the request of a customer or a customer’s retailer.

4.3.9. The person responsible for the metering installation must perform a final read at the request of a customer or a customer’s retailer.

4.3.10. Where the metering data held in the metering installation is protected from direct or remote access by suitable password and security controls, such passwords and security controls must be used.

4.3.11 Passwords must be treated as confidential information in accordance with clause 5.4.

authority or agency having jurisdiction over the distributor, a person responsible for the metering installation or a retailer or its related

bodies corporate;

(ii) any stock exchange having jurisdiction over the distributor, a person responsible for the metering installation or a retailer or its related bodies corporate; or

(iii) the Commission;

(e) the disclosure, use or reproduction of metering data required in connection with legal proceedings, arbitration, expert determination or other dispute resolution mechanism under this industry code or any other code, the National Electricity Rules or the Metrology Procedure;

the person responsible for the metering installation’s cost.

5.3.4. For connection points at which the annual electricity consumption level is less than 160MWh per annum, the energy data or metering data provided to the customer or the customer’s retailer must be provided within the timeframes to enable a retailer to discharge its minimum obligations under the Energy Retail Code.

186



Access to data

(f) the disclosure, use or reproduction of metering data which is trivial in nature;

(g) the disclosure use or reproduction of metering data required to protect the safety of personnel or equipment; or

(h) the disclosure use or reproduction of metering data by or on behalf of the distributor, the person responsible for the metering installation or a retailer to the extent it is reasonably required in connection with the distributor’s, the person responsible for the metering installation’s or the retailer’s financing arrangements, investment in the distributor, the person responsible for the metering installation or the retailer or disposal of the distributor, the person responsible for the metering installation or the

187



Access to data

retailer.

5.4.4. In the case of a disclosure under clause 5.4.3(b) and clause 5.4.3(h), the distributor, a person responsible for the metering installation or the retailer making the disclosure must inform the relevant disclosee of the confidentiality of the metering data and use reasonable endeavours to ensure that the disclosee keeps the metering data confidential.

Electricity Distribution Code 2013 (SA)

* Nothing relevant * Nothing relevant * Nothing relevant * Nothing relevant

Prepayment Meter System Code (SA)

* Nothing relevant * Nothing relevant * Nothing relevant 2.4. Provision of Information

Consumption Information

2.4.3. On request, a retailer must, at no charge, give a small customer the following information relating to the small customer’s supply address:

(a) total energy consumption;

(b) average daily consumption; and

(c) average daily cost of consumption for the

188



Access to data

previous two years or since the commencement of the prepayment meter market contract (which ever is the shorter) divided into quarterly segments.

4.3. System Requirements

4.3.1. A retailer offering a prepayment meter market contract must ensure that:

Access to Metering Data

(f) access is provided to metering data as required by all applicable regulatory instruments

NEW SOUTH WALESTable D.3: Analysis of energy market regulatory instruments – New South Wales


Access to data

Appendix F of the * Nothing relevant Appendix sets out brief description Appendix sets out brief description * Nothing relevant

189



Access to data

Compliance Reporting Manual for Electricity Retail Suppliers (Electricity retail supplier licence conditions and obligations under licence conditions)

of obligation:

Item Number 77: Section 63D of the ESA and Clause 9.2.2(b) of the MOR

A retailer must not disclose a customer’s metering data, must only use or reproduce a customer’s metering data for the purpose for which it was collected, must not disclose or provide access to data to any person without the written consent of the customer and must ensure that the data and other information obtained from a customer is treated in accordance with the consent of the customer.

of obligation:

Item Number 76: Section 63D of the ESA and Clause 9.2.2(a) of the MOR

A retailer must keep metering data confidential and use reasonable endeavours to protect and preserve confidentiality

Item Number 78: Section 63D of the ESA and Clause 9.2.2(d) of the MOR

In the case of disclosure under clauses 9.2.2(c)(2) and 9.2.2(c)(8), the retailer making the disclosure must inform the disclosee of the confidentiality of the metering data and use reasonable endeavours to ensure that the disclose keeps the metering data confidential.

Schedule Listing Ministerially imposed Licence Conditions for Distribution Network Service Providers


Independent Pricing and Regulatory Tribunal Act 1992 (NSW)

*Nothing relevant * Nothing relevant * Nothing relevant * Nothing relevant

190



Access to data

National Electricity (New South Wales) Act 1997

*Nothing relevant *Nothing relevant *Nothing relevant *Nothing relevant

Electricity Supply Act 1995 (NSW)


Electricity Supply (General) Regulations 2001 (NSW)

* Nothing relevant * Nothing relevant * Nothing relevant 4 Contents of bill(1) This clause applies to the following customer contracts:

(a) standard form customer contracts,(b) negotiated customer contracts between licence holders and small retail customers.

(2) The information to be included in a bill issued by the licence holder under a customer contract must include the following: (f3) if the bill was issued as a result of a meter reading, the values of the meter readings at the start and end of the billing period if:

(i) the meter concerned measures and records consumption of energy on an accumulation basis only, or(ii) the meter concerned

191



Access to data

measures and records consumption of electricity derived from interval metering data (within the meaning of the National Electricity (NSW) Regulations) and the required metering data is reasonably available,

(f4) if the bill was issued as a result of an estimation, the values of the estimates at the start and end of the billing period,

28 Provision of information about bills and related matters

(1) This clause applies to the following customer contracts:

(a) standard form customer supply contracts,

(b) negotiated customer supply contracts between suppliers and small retail customers.

(2) The supplier must, if requested to do so by the customer, supply the following information to the customer within a reasonable time

192



Access to data

of receiving the request:

(b) information about meter readings and meter registrations connected with a bill.

31 Matters related to electricity consumption to be included in bill

(1) The information to be included in a bill issued by the supplier under a standard form customer supply contract must include the following:

(a) the particulars of meter readings for the period,(b) the estimated or measured quantity of electricity supplied in kilowatt hours,(d) particulars of the quantity of electricity of each category supplied during the billing period or estimated to have been supplied during the period,(e) particulars of the average daily consumption of all electricity supplied during the billing period in

193



Access to data

respect of that bill (expressed in kilowatt hours),(f) if a bill was rendered by the same supplier for the corresponding billing period during the previous year, particulars of the average daily consumption during that previous billing period.

33 Provision of historical billing information(1) A supplier must, if requested to do so by a small retail customer or former small retail customer, give to the customer copies of, or information about, previous bills issued by the supplier to the customer within a reasonable time of receiving the request. (3) The supplier may provide copies of bills, or billing information, to a person other than the small retail customer, only if the customer consents in writing to the provision of the bills or billing information to the other person.(4) For the avoidance of doubt, this

194



Access to data

clause does not prevent a supplier from providing consumption information for the purposes of customer registration, customer transfer and wholesale settlement of payments in the national electricity market or for any other purpose that the supplier is legally required to do so.

Market Operation Rules (NSW Rules for Electricity Metering) 2001

10.1.7 Collection of metering data

(a) Subject to clause 10.1.7(b), a first tier customer, or a Retailer on behalf of a first tier customer, may arrange with an LNSP or a Retailer the manner in which data stored in metering equipment provided to the first tier customer is to be collected.

(b) A first tier customer, or a Retailer on behalf of a first tier customer may request that the data stored in metering equipment provided to it be collected by:

(1) an LNSP, by inspecting the metering equipment;

(2) an LNSP, by electronic means; or

9.2.2 Confidentiality

(b) An LNSP, a Responsible Person and a Retailer:

(1) must not disclose a customer’s metering data to any person except as permitted by this Market Operations Rule, the Electricity Supply (General) Regulation 2001, the NEC or the Metrology Procedure;

(2) must only use or reproduce a customer’s metering data for the purpose for which it was collected under this Market Operations Rule or


(a) An LNSP, a Responsible Person and a Retailer must keep metering data confidential and use reasonable endeavours to protect and preserve the confidential nature of the metering data;

10.1.8 Data security

(a) Where the energy data held in the metering equipment is protected from direct or remote access by suitable password and security controls, such passwords and security controls must be used.

(b) An LNSP must treat passwords as confidential information in

9.2 Information

9.2.1 Access to data

(a) A customer is entitled to access data stored in metering equipment used to measure and record the amount of electricity supplied to its electrical installation, either by inspecting the metering equipment or, where available, by electronic access to the metering equipment.

(b) Subject to clause 9.2.1(c), an LNSP or a Responsible Person (as the case may be) must, on written request from a customer or a Retailer on behalf of a customer, provide facilities to enable the customer to electronically access data stored in metering equipment,

195



Access to data

(3) an LNSP, by any other means.

(c) An LNSP may charge a first tier customer for the collection of metering data under this clause 10.1.7 to the extent that its costs of collection are higher than they would otherwise be.

another purpose contemplated by any other code under The Act, Electricity Supply (General) Regulation 2001, the NEC or the Metrology Procedure;

(3) must not disclose or provide access to a customer’s metering data to any person without the written consent of the customer; and

(4) must ensure that the metering data and other information obtained from a customer is treated in accordance with the consent of the customer.

(c) This clause 9.2.2 does not prevent:

(1) the disclosure, use or reproduction of metering data if the metering data is at the time generally and publicly available otherwise then as a result of breach of confidence by an LNSP, a Responsible

accordance with clause 9.2.2.

(c) The customer may only hold ‘read only’ passwords.

(d) The LNSP will hold ‘read only’ and ‘write’ passwords.

10.5 Storage of energy data

An LNSP must store energy data in respect of separate metering equipment and unmetered loads separately, for a period of 7 years, in the form in which it was collected under clause 10.1.

where electronic data is available, provided by the LNSP or the Responsible Person.

(c) A customer who accesses data stored in metering equipment by remote electronic means must compensate the LNSP or the Responsible Person (as the case may be), for any cost incurred by the latter as a result of that access.

(d) Where an LNSP or a Responsible Person has provided facilities to enable the customer to electronically access data stored in metering equipment, if remote electronic access to metering equipment is unavailable for a period of five consecutive business days due to the actions within the control of the LNSP or the Responsible Person (as the case may be), the LNSP or the Responsible Person must, if requested by the customer or a Retailer on behalf of a customer, obtain data locally from the metering equipment and provide that data to the customer at the LNSP’s or the Responsible Person’s cost.

196



Access to data

Person or a Retailer or its disclosees ;

(2) the disclosure of metering data by an LNSP, a Responsible Person or a Retailer or its disclosees to: its employees or the employees of its related bodies corporate; or its legal or other professional advisor, auditor or other consultant, requiring the metering data for the purposes of this Market Operations Rule or any other code under The Act or for the purpose of advising the LNSP, the Responsible Person or the Retailer or disclosee (as the case may be) in relation to those purposes;

(3) the disclosure, use or reproduction of metering data with the written consent of the relevant customer;

(4) the disclosure, use or reproduction of metering

(e) Subject to clause 9.2.1(f), an LNSP or a Responsible Person (as the case may be) must, on request from a customer or a customer’s Retailer, provide the customer with access to the energy data and the metering data in respect of the metering equipment which measures and records the amount of electricity supplied to the electrical installation of the customer.

10.6 Access to energy data

An LNSP must ensure that access is provided to energy data in accordance with clauses 3.7.1 and 3.7.4 of the Metrology Procedure. For the purposes of this clause, all references in the Metrology Procedure to:

(a) a Responsible Person are references to an LNSP;

(b) a Financially Responsible Market Participant are references to a Retailer;

(c) “each metering

197



Access to data

data to the extent required by law or by lawful requirement of: any government or governmental body, authority or agency having jurisdiction over an LNSP, a Responsible Person or a Retailer or its related bodies corporate; any stock exchange having jurisdiction over an LNSP, a Responsible Person or a Retailer or its related bodies corporate; or IPART.

(5) the disclosure, use or reproduction of metering data required in connection with legal proceedings, arbitration, expert determination or other dispute resolution mechanism under this Market Operations Rule or any other code under The Act, the NEC or the Metrology Procedure;

(6) the disclosure, use or reproduction of aggregated metering data by whole

installation for which the Financially Responsible Market Participant was registered with NEMMCO” in clause 3.7.1 are reference to each metering installation associated with a customer’s connection point;

(d) type 5 or type 6 metering installation are references to interval metering equipment and accumulation metering equipment respectively; and

(e) a reference to a type 7 metering installation are references to an unmetered load.

198



Access to data

customer classes only;

(7) the disclosure use or reproduction of metering data required to protect the safety of personnel or equipment or to prevent a serious and imminent threat to any person’s life or health; or

(8) the disclosure use or reproduction of metering data by or on behalf of an LNSP, the Responsible Person or a Retailer to the extent it is reasonably required in connection with the LNSP’s, the Responsible Person’s or the Retailer’s financing arrangements, investment in the LNSP, the Responsible Person or the Retailer or disposal of the LNSP, the Responsible Person or the Retailer.

(d) In the case of a disclosure under clauses 9.2.2(c)(2) and 9.2.2(c)(8), the LNSP, a Responsible Person or the Retailer making the disclosure

199



Access to data

must inform the relevant disclosee of the confidentiality of the metering data and use reasonable endeavours to ensure that the disclosee keeps the metering data confidential.

Energy Marketing Code of Conduct


Market Operations (NSW Transfer Rules for Retail Electricity Supply) Rule No. 4 of 2009


Schedule Listing Ministerially imposed Licence Conditions for Electricity Retail Service Providers


QUEENSLANDTable D.4: Analysis of energy market regulatory instruments - Queensland


Access to data

Electricity Act 1994 (Qld)

135G Regulator’s power to require * Nothing relevant 135GA Regulator may require * Nothing relevant

200



Access to data

documents or information

(1) The regulator may, by notice, require a party to the dispute to give the regulator a stated document or information the regulator reasonably requires to decide who is the liable person.

(2) The notice must be accompanied by, or include, an information notice about the decision to make the requirement.

(3) The document or information must be given within a reasonable period after giving the notice, unless the party has a reasonable excuse.

(4) It is not a reasonable excuse not to give the document or information because it is confidential or because the party has agreed with another party or someone else not to give it to anyone else.

confidentiality to be observed

(1) A person who gives the regulator information, or produces a document, may ask the regulator to keep the information or the contents of the document confidential.

(2) After considering representations from the parties to the dispute, the regulator may impose conditions limiting access to, or disclosure of, the information or document. Example of a condition that may be imposed— a condition that the parties, or a stated party, may use the information or document only for the mediation

(3) A person to whom a condition under subsection (2) applies must comply with the condition.

Queensland Competition Authority Act 1997


Pro forma Retail * Nothing relevant * Nothing relevant * Nothing relevant * Nothing relevant

201



Access to data

Authority with a retail area or without a retail area

Note: conditions contained in legislation and regulations – individual licences can only be viewed with permission of holder and may contain additional terms to that contained in the pro forma licences.

Pro forma Distribution Authority

* Nothing relevant

Note: conditions contained in legislation and regulations – individual licences can only be viewed with permission of holder and may contain additional terms to that contained in the pro forma licences.

* Nothing relevant * Nothing relevant * Nothing relevant

Electricity Regulation 2006 (Qld)


Annexure B to the Electricity Industry Code (Standard Retail Contract) (for a small customer who has not signed a Negotiated Retail Contract)

* Nothing relevant 19 Privacy and Confidentiality

19.1 Privacy of Information

Subject to clauses 19.2 and 23 of this contract, we must keep your information about you confidential in accordance with the Privacy Act 1988 (Cth)

19.2Disclosure

We may, however, disclose


202



Access to data

information about you:

(a) if required or permitted by law to do so;

(b) if we are required or permitted by our retail authority to do so, such as to a law enforcement agency;

(c) where you give us written consent;

(d) to your distribution entity or a metering provider to the extent that the information is for the purposes of arranging customer connection services or reading a meter; or

(e) where it is necessary in order to obtain a credit check of your credit history

Clause 23 concerns the provision of the customer’s name, billing address and NMI to an electricity entity appointed as the retail entity of last resort.

Electricity Industry Chapter 9, Metering, applies to type 1 to 7 metering installations that are not covered by the National Electricity 3.2 Customer Information

203



Access to data

Code (Qld) Rules, being connection points where the customer for the relevant premises is, or is taken to be, an excluded customer under the Electricity Act. An excluded customer is a small customer whose premises are connected, or to be connected, to a distribution entity’s supply network that is not connected to the national grid.

This table does not explore Chapter 9 on the basis that smart meters will not be installed for excluded customers.

3.2.1 Provision of information

A distribution entity must, on request by a customer or a customer’s retail entity, provide information about the customer’s energy consumption or the distribution entity’s charges, but information requested more than once in any 12 month period may be provided subject to a reasonable charge.

204


AUSTRALIAN CAPITAL TERRITORYTable D.5: Analysis of energy market regulatory instruments – Australian Capital Territory


Access to data

Utilities Act 2000 (ACT) * Nothing relevant * Nothing relevant 51 Protection of personal information

(1) In this section:

Information Privacy Principles means the Information Privacy Principles under the Privacy Act 1988 (Cwlth, s 6), other than Principle 5, clause 4 (b).

(2) This section applies to personal information gained by a utility in relation to the provision of a utility service.

(3) A utility must deal with personal information in accordance with the Information Privacy Principles as if it were a prescribed authority, within the meaning of the Freedom of Information Act 1989, to which the Privacy Act 1988 (Cwlth) applies.

* Nothing relevant

Independent Competition and Regulatory Commission Act 1997 (ACT)

41 Provision of information to commission

(1) If the commission has reason to believe that a person has information or a document that

44 Confidential information—disclosure by commissioners and staff

(1) A person must not disclose any confidential information obtained in

45 Confidential information—notice of proposed disclosure

(1) If the commission proposes to disclose confidential information under section 46, it must first give

* Nothing relevant

205



Access to data

may assist it in exercising its functions, it may, by written notice, require the person to give it the information or a copy of the document.

(2) A requirement must—

(a) identify the information or document; and

(b) specify the period within which the requirement is to be complied with; and

(c) specify the form in which the information or the copy of the document is to be given to the commission; and

(d) state that it is made under this section; and

(e) be accompanied by a copy of this part.

(3) The commission may also require a NERL retailer required to comply with the Utilities Act 2000—

(a) to conduct an audit, in a way approved by the commission, of the NERL

carrying out the person’s functions in relation to this Act, except in accordance with subsection (3).

(2) A person must not use any confidential information obtained in carrying out the person’s functions in relation to this Act to obtain, directly or indirectly, a pecuniary or other advantage for himself or herself or any other person, except in accordance with subsection (3).

(3) A person may disclose or use confidential information if—

(a) the disclosure or use is made in the exercise of a function in relation to this Act or any other law of the Territory permitting the disclosure or use; or

(b) the disclosure or use is made with the consent of the person who supplied the information; or

(c) the disclosure or use is made in a legal proceeding at the direction of a court; or

(d) the information is in the

any affected person written notice inviting the person to show cause within 28 days after the date the notice is given why the confidential information should not be disclosed.

(2) A notice under subsection (1) must contain—

(a) particulars of the proposed disclosure, including details of the person or people to whom the confidential information is to be disclosed; and

(b) particulars of the facts and circumstances relied on by the commission to justify the disclosure; and

(c) a copy of the disclosure guidelines under section 46; and

(d) a statement to the effect that the affected person may, within 28 days after the day the notice is given, give the commission particulars of the facts and

206



Access to data

retailer’s compliance with that Act; and

(b) to report the results of the audit to the commission.

(4) A person must not, without reasonable excuse, fail to comply with a requirement under this section.

public domain at the time that it is disclosed.

circumstances relied on to show cause why the proposed disclosure ought not to be carried out.

(3) In this section:

affected person means—

(a) the supplier of the confidential information to the commission; or

(b) anyone who provided the confidential information to the supplier, if the commission is aware of the identity and address of that person.

46 Confidential information—general disclosure

(1) Subject to section 47, the commission must only disclose confidential information if—

(a) it considers that, taking into account the disclosure guidelines under subsection (4)—

(i) the disclosure would

207



Access to data

not cause detriment to any person; or

(ii) although the disclosure would cause detriment to a person, the public benefit in disclosure outweighs the detriment; and

(c) it gives a notice to show cause in relation to the information or document under section 45; and

(d) 28 days have elapsed since the notice was given.

(2) In making a decision under subsection (1), the commission must take into account any representation made in accordance with the invitation in the notice under section 45.

(3) For this section, the disclosure of anything that is in the public domain at the time the commission proposes to disclose it is not taken to cause detriment to any person mentioned in subsection (1) (a) or (b).

208



Access to data

23 Confidential material in reports

(1) If a final report or a special report includes protected confidential information, the commission must divide the report into 2 documents, as follows:

(a) a document (the sealed section) containing the confidential information, or part of that information;

(b) a document (the unsealed section) containing the rest of the report.

(2) If the commission divides a report, the commission must include in the unsealed section—

(a) a statement to the effect that there is a sealed section of the report including protected confidential information; and

(b) a general description of the contents of the sealed section.

(3) In this section: protected

209



Access to data

confidential information means confidential information the commission does not have the power to disclose under section 46 or under any law of the Territory other than this Act.

ActewAGL Distribution Licence


Electricity Retail Authorisation (under the National Energy Retail Law)



Electricity Feed-In Code 2012, Schedule 4, Applicability of Consumer Protection Code

* Nothing relevant 7.3 Disclosure of Occupier information by an Electricity Distributor or NERL retailer to a third party

An Electricity distributor or NERL retailer must not disclose personal information about an Occupier to a third party except in accordance with the Privacy Act 1988 (Cth) and the Utilities Act 2000 (ACT). “Personal information” is defined in the Privacy Act 1988 (Cth), section 6(1).

* Nothing relevant 7 Provision of information

7.1 Utility to provide information

(1) An Electricity distributor or NERL retailer must, on request, provide an Occupier with information about the services provided by the Electricity distributor or NERL retailer to the Occupier Premises;

(2) An Electricity distributor or NERL retailer must, on request, provide an Occupier with information about:

(b) meter readings for Utility Services provided to the Occupier’s Premises by

210



Access to data

the Electricity distributor or NERL retailer;

211


TASMANIATable D.6: Analysis of energy market regulatory instruments – Tasmania


Access to data

Electricity Supply Industry Act 1995

15. Regulator's power to require information (1) The Regulator may, by written notice, require a person to give the Regulator, within a time stated in the notice (which must be reasonable), information in the person's possession that the Regulator reasonably requires for the administration of this Act, the regulations, the Code and the National Electricity Rules. (2) A person required to give information under this section must provide the information within the time stated in the notice. (3) A person may not be compelled to give information under this section if the information might tend to incriminate the person of an offence. (4) A requirement to provide information under this section is not reviewable.

* Nothing relevant 16. Obligation to preserve confidentiality (1) The Regulator must preserve the confidentiality of information that – (a) could affect the competitive position of an electricity entity or other person; or(b) is commercially sensitive for some other reason.(2) Information classified by the Regulator as confidential is not liable to disclosure under the Right to Information Act 2009. (3) A classification of information by the Regulator as confidential (or not confidential) is not reviewable.

* Nothing relevant

Electricity Supply Industry Distribution Licence


212



Access to data

Aurora Energy Pty Ltd

Electricity Retail Authorisation (under the National Energy Retail Law).



Electricity Supply Industry (Customer) Regulations 2012


Electricity Supply Industry (Network Performance Requirements) Regulations 2007 (TAS)


Electricity Supply Industry (Price Control and Related Matters) Regulations 2012 (TAS)


Electricity Supply Industry Regulations 2008 (TAS)


213


VICTORIATable D.7: Analysis of energy market regulatory instruments – Victoria


Access to data

Energy Retail Code 2012 (Vic)

* Nothing relevant * Nothing relevant 27. Historical billing and metering information

27.1 Records

A retailer must retain a customer’s historical billing and metering data for at least two years, even though in the meantime the customer’s energy contract with the retailer may have terminated.

27.2 Historical billing and metering data

(a) On request, a customer’s current retailer must provide to the customer any of the customer’s historical billing and metering data then retained by the retailer for any period nominated by the customer. The retailer may impose an additional retail charge on the customer but only if the request is not the first request made by the customer within the preceding year or the data requested relates to a period prior to the preceding two years.

(b) If a customer has transferred to another retailer and requests from its previous retailer historical billing and metering data relating to a period within two years prior to the date of the request then, even though the customer’s energy contract with the previous retailer may otherwise have terminated, the previous retailer must provide

214



Access to data

the customer with any of the data then retained by the retailer and requested by the customer. The previous retailer may impose an additional retail charge on the customer for the provision of this information.

(c) A retailer must use its best endeavours to provide historical billing and metering data to a customer within 10 business days of the customer’s request or such other period they agree.

(d) If historical billing and metering data is required for the purposes of handling a genuine complaint made by a customer, in no circumstances may a retailer charge the customer for providing the data.

(e) If requested by a customer with a smart meter, a retailer must provide interval data electronically, or by some other form, in a way which makes the information understandable and accessible to the customer.

4.2 Information

215



Access to data

A retailer must include at least the following information in a customer’s bill:

(e) whether the bill is based on a meter reading or:

- in the case of a meter other than a smart meter, is wholly an estimated bill; or

- subject to clause 5.2(c), in the case of a smart meter, an accumulated total of at least 48 hours of trading intervals are not billed on the basis of smart meter interval data

(g) the total amount of electricity (in kWh) or of gas (in MJ) or of both consumed in each period or class of period in respect of which a relevant tariff applies to the customer and, if a customer’s meter measures and records consumption data only on an accumulation basis, the dates and total amounts of

216



Access to data

the immediately previous and current meter readings or estimates;

(h) if a customer’s bill is derived from smart meter interval data :

- the index read at the end of the billing period; and

- from 1 July 2012, the index read at the start of the billing period; and

- the actual tariffs; and

- the total amount of electricity (in kWh) or of gas (in MJ) or of both consumed in each period or class of period in respect of which a relevant tariff applies to the customer.

Electricity Distribution Code 2012 (Vic)

* Nothing relevant 9.4 Confidentiality

9.4.1 A distributor to whom confidential information is provided:

(a) must not disclose or give access to that confidential information to any person except as permitted by this Code;

*Nothing relevant *Nothing relevant

217



Access to data

and

(b) must only use or reproduce the confidential information for the purpose for which it was provided under this Code or a purpose permitted under this Code, or a purpose consented to by the discloser.

9.4.2 This clause 9.4 does not prevent:

(a) (public domain): the disclosure, use or reproduction of information if the relevant information is at the time generally and publicly available other than as a result of breach of confidence by the distributor or a related body corporate (as defined by the Corporations Act 2001 (Cth)) who wishes to disclose, use or reproduce the information or any person to whom the distributor has disclosed

218



Access to data

the information;

(b) (employees and advisers): the disclosure of information to:

- an employee or officer of the distributor or a related body corporate (as defined in the Corporations Act 2001 (Cth)) of the distributor subject to any relevant guideline; or

- a legal or other professional adviser, auditor or other consultant of the distributor, which require the information for the purposes of the Code, or for the purpose of advising the distributor, or for the purpose of planning or augmenting the distribution system;

(c) (consent): disclosure, use or reproduction of information with the informed written consent of the person or persons who provided the relevant information under the

219



Access to data

Code;


- any government or governmental body, authority or agency having jurisdiction over a distributor or its related bodies corporate; or

- any stock exchange having jurisdiction over a distributor or its related bodies corporate;

(e) (disputes): the disclosure, use or reproduction of information if required in connection with legal proceedings, arbitration, expert determination or other dispute resolution mechanism, or for the purpose of advising a person in relation thereto;

(f) (trivial): the disclosure,

220



Access to data

use or reproduction of information which is trivial in nature;


(h) (potential investment): the disclosure, use or reproduction of information by or on behalf of a distributor to the extent reasonably required in connection with the distributor’s financing arrangements, investment in that distributor or a disposal of that distributor’s assets;

(i) (regulator): the disclosure of information to the ACCC or any other regulatory authority having jurisdiction over a distributor, pursuant to this Code or otherwise; or

(j) (aggregate sum): the disclosure, use or reproduction of

221



Access to data

information as an unidentifiable component of an aggregate sum.

9.4.3 In the case of a disclosure under clause 9.4.2(b) or 9.4.2(h), prior to making the disclosure the distributor who wishes to make the disclosure must inform the proposed recipient of the confidentiality of the information and must take appropriate precautions to ensure that the recipient keeps information confidential in accordance with the provisions of this clause and does not use the information for any purpose other than that permitted under clause 9.3.

Electricity Customer Metering Code 2011 (Vic)

COLLECTION OF METERING DATA

(aa) This clause 8 does not apply to customers with smart meters.

(a) Subject to clause 8(b), a customer may arrange with a distributor or a retailer the manner in which data stored in metering equipment provided to the customer is to be collected.

7.2 Confidentiality

(b) A distributor, a responsible

7.2 Confidentiality

(a) A distributor, a responsible person and a retailer must keep metering data confidential and use reasonable endeavours to protect and preserve the confidential nature of the metering data and must comply with any relevant guideline.

2.6 Information for Customers

A distributor, retailer or responsible person must provide sufficient written information to the customer so that the customer can access, at a minimum, the cumulative total energy measured by an interval meter that is a type 5 metering installation or smart meter at the customer’s premises:

when the meter is installed at a

222



Access to data

(b) A customer may request that the data stored in metering equipment provided to it be collected by:

(1) inspecting the metering equipment;

(2) electronic means; or

(3) any other means.

(c) A distributor or a retailer may charge a customer for the collection of metering data under this clause 8 to the extent that its costs of collection are higher than

they would otherwise be.

person and a retailer:

(1) must not disclose a customer’s metering data to any person except as

permitted by this Code, the NER or the Metrology Procedure;

(2) must only use or reproduce a customer’s metering data for the purpose for which it was collected under this Code or another purpose contemplated by any other code, the NER or the Metrology Procedure;

(3) must not permit unauthorised persons to have access to a customer’s metering data;

(4) must not disclose a customer’s metering data to any person, except as provided for under clause 7.2(b)(1), without the explicit informed consent of the customer; and

(5) must ensure that the metering data and other information obtained from a customer is treated in

customer’s premises; and anytime the information is

requested by the customer.

7.1 Access to data

(a) A distributor, a retailer or a responsible person (as the case may be) must, on written request from a customer, other than a customer with a smart meter, provide facilities to enable the customer direct physical access to the metering equipment to electronically access data stored in metering equipment provided by the distributor, the retailer or the responsible person.

(b) A customer who accesses data stored in metering equipment by direct physical access in accordance with paragraph (a) must compensate the distributor, the retailer or the responsible person (as the case may be), for any cost incurred by the latter as a

223



Access to data

accordance with the explicit informed consent of the customer and in accordance with any relevant guideline.

(c) This clause 7.2 does not prevent:

(1) the disclosure, use or reproduction of metering data if the metering data is at the time generally and publicly available otherwise than as a result of breach of confidence by a distributor, a responsible person or a retailer or its disclosees;

(2) the disclosure of metering data by a distributor, a responsible person or a retailer or its disclosees to:

its employees or the employees of its related bodies corporate subject to any relevant guideline; or

its legal or other professional advisor, auditor or other consultant, requiring the metering data for the purposes of this Code or any other code or for the purpose of advising the distributor,

result of that access.

(c) Where a distributor, a retailer or a responsible person has provided facilities to enable the customer to electronically access data stored in metering equipment, if remote electronic access to metering equipment is unavailable for a period of five consecutive business days due to actions within the control of the distributor, the retailer or the responsible person (as the case may be), the distributor, the retailer or the responsible person must, if requested by the customer, obtain data locally from the metering equipment and provide that data to the customer at the distributor’s, the retailer’s or the responsible person’s cost.

(d) Subject to clause 7.1(e), a distributor, a retailer or a responsible person (as the case may be) must, on request from a customer or a customer’s representative, provide the customer with access to the energy data and the metering data in respect of the metering

224



Access to data

the responsible person or the retailer or disclosee (as the case may be) in relation to those purposes;

(3) the disclosure, use or reproduction of metering data with the explicit informed consent of the relevant customer;

(4) the disclosure, use or reproduction of metering data to the extent required

by law or by lawful requirement of:

any government or governmental body, authority or agency having jurisdiction over a distributor, a responsible person or a retailer or its related bodies corporate;

any stock exchange having jurisdiction over a distributor, a responsible person or a retailer or its related bodies corporate; or

the Commission;(5) the disclosure, use or reproduction of metering data required in connection with

equipment which measures and records the amount of electricity supplied to the electrical installation of the customer.

(e) A distributor, a retailer or a responsible person (as the case may be) may charge a customer for the provision of energy data and metering data under clause7.1(d)

which relates to a period which is more than 2 years old at the date of the request.

(f) A customer must not modify or alter metering data.

225



Access to data

legal proceedings, arbitration, expert determination or other dispute resolution mechanism under this Code or any other code, the NER or the Metrology Procedure;

(6) the disclosure, use or reproduction of metering data which is trivial in nature;

(7) the disclosure use or reproduction of metering data required to protect the safety of personnel or equipment; or

(8) the disclosure use or reproduction of metering data by or on behalf of a distributor, the responsible person or a retailer to the extent it is reasonably required in connection with the distributor’s, the responsible person’s or the retailer’s financing arrangements, investment in the distributor, the responsible person or the retailer or disposal of the distributor, the responsible person or the retailer.

(d) In the case of a disclosure

226



Access to data

under clauses 7.2(c)(2) and 7.2(c)(8), the distributor, a responsible person or the retailer making the disclosure must inform the relevant disclosee of the confidentiality of the metering data and use reasonable endeavours to ensure that the disclosee keeps the metering data confidential.

SPI Electricity Pty Ltd Electricity Distribution Licence as varied 14 January 2005


18.1 The Licensee must not:

(a) use customer information acquired for one purpose for another purpose; or

(b) disclose customer information to any person,

unless the customer has given consent in writing to the use or disclosure or the Licensee is authorised by or under this licence or by law.


ACTEW Retail Limited, AGH ACT Retail Investments Pty Ltd Trading as ACTEWAGL Retail Electricity Retail


9.2 The Licensee must comply with any guidelines concerning (amongst other things) the use or disclosure


227



Access to data

Licence as varied on 31 July 2002

of personal information about a customer.

9.3 For the avoidance of doubt, personal information comprises information or opinions which either constitute personal information for the purposes of the Commonwealth Privacy Act 1988 (Cth) or would constitute such personal information if the term “individual” (where used in that Act) extended beyond a natural person and applied to any type of customer, including a body corporate

*Note, such guidelines do not appear to currently exist

228


WESTERN AUSTRALIA66

Table D.8: Analysis of energy market regulatory instruments – Western Australia


Access to data

Energy Coordination Act 1994 (WA)

Part 4

21. Coordinator may require information to be given

(1) The Coordinator may request a person, or the occupier of any premises, to give prescribed information to the Coordinator, including information by way of periodical returns at specified times, if —

(a) the information is required to enable the Coordinator to perform his or her functions; and

(b) the Coordinator has reasonable grounds for believing that the person is able to give the information.

24. Confidentiality

(1) The Coordinator, the Director or any person performing functions under this Act (a relevant official) must not, directly or indirectly, record, disclose or make use of any information obtained in the course of duty except:

(a) for the purpose of performing functions under this Act; or

(b) as required or allowed by this Act or under a written law; or

(c) with the written consent of the person to whom the information relates.

(2) Subsection (1) and section 24AA(1) do not


66 Note the instruments, and the relevant parts or provisions, were as per our scope of work as outlined in Section 2.2.1. There may be other instruments, or other provisions, which are relevant.

229



Access to data

apply to the disclosure of any summary or statistical information that could not reasonably be expected to enable particulars relating to any person or business to be ascertained.

Electricity Industry (Customer Contracts) Regulations 2005 (WA)

Regulation 19

* Nothing relevant * Nothing relevant 19. Confidentiality

A customer contract must specify the steps that are to be taken by the retailer to ensure that information held by the retailer about the customer is dealt with in a confidential manner.

* Nothing relevant

Electricity Industry (Metering) Code 2012 (WA)

Clause 5.17A and Part 7

* Nothing relevant 7.5 Confidentiality ObligationsA Code participant must, subject to clauses 5.17A and 7.6:(a) not disclose, or permit the disclosure of, confidential information provided to it under or in connection with this Code; and (b) only use or reproduce confidential information for the purpose for which it was disclosed or another purpose contemplated by this Code.

* Nothing relevant 5.17A Customer may direct that energy data and standing data be provided(1) A network operator must provide data for a metering point from its metering database to a person if (and to the extent that) the customer associated with the metering point gives the network operator a direction to do so.(2) A direction under clause 5.17A(1):(a) must include the customer’s

230



Access to data

7.6 Permitted Disclosure(1) A Code participant must disclose or permit the disclosure of confidential information that is required to be disclosed by this Code.(2) A Code participant may disclose or permit the disclosure of confidential information:(a) to any of the following persons who has in place appropriate confidentiality arrangements in respect of the confidential information:(i) its officers; or (ii) its employees; or (iii) a related body corporate and its officers or employees or both; or (iv) its legal advisers; or (v) its auditors; or (vi) a consultant engaged by the Code participant, provided such a person has a reasonable need for the confidential information, including for the purposes of providing professional advice to it; or (b) which is required to be disclosed by: (i) an enactment; or (ii) the rules of a stock exchange

verifiable consent, and identify the person (which may be the customer or a third party) (“nominated recipient”) to whom the data must be provided; and (b) may only be given in respect of data that relates to the period or periods for which the customer is or was associated with the metering point; and (c) may direct the provision to occur on more than one occasion including at regular intervals; and (d) may require the network operator to allow the nominated recipient to have access to the data by means of a website (or otherwise by remote access to a “data storage device” as that expression is defined in the Electronic Transactions Act 2003) using a password provided by the network operator which provides ‘read only’ access, but only if: (i) the nominated recipient has a legitimate commercial interest or other legitimate interest in accessing the data; and (ii) the network operator (acting reasonably and in accordance with good electricity industry practice)

231



Access to data

which has jurisdiction over the Code participant or any of its related bodies corporate, and in such cases only disclose that part of the confidential information which is required to be disclosed; (c) if required for the purpose of determining, prosecuting or defending a legal proceeding, arbitration or dispute and, in such cases only disclose that part of the confidential information which the relevant Code participant is required to disclose for the purpose; or (d) with the verifiable consent of each affected person (which must not be unreasonably withheld) and subject to the conditions of the verifiable consent (which conditions must not be unreasonable); or (e) that is aggregated energy data for multiple connection points, which is disclosed in a way that does not enable a recipient to determine the identity of any customer or to determine, or accurately estimate, the energy data for any customer. (3) The IMO may disclose, use or reproduce confidential information

determines that it is practicable for the nominated recipient to access the data by that means. (3) A network operator must comply with a direction under clause 5.17A(1): (a) if the provision is to occur on only one occasion, as soon as practicable but no later than 10 business days after it receives the direction; and (b) if the provision is to occur at regular intervals, within a reasonable time period agreed between the network operator and the nominated recipient, and failing agreement at reasonable intervals consistent (to the extent practicable in accordance with good electricity industry practice) with the direction.

(4) Despite clause 4.8(1), a person to whom data is provided under clause 4.8(3) or 5.17A may use, reproduce and disclose the data, subject to: (a) any agreement between the person and the customer; and (b) clause 7.5, if the person is a Code participant.

232



Access to data

to the extent necessary for the purpose of facilitating the operation of the market rules.

Code of Conduct for the Supply of Electricity to Small Use Customers (WA)

Part 10

* Nothing relevant * Nothing relevant 10.7 Historical consumption data

(4) A distributor must keep a customer’s consumption data for 7 years.

10.2 Historical billing data

(1) A retailer must give a non-contestable customer on request the non-contestable customer’s billing data.

(2) If a non-contestable customer requests billing data under sub clause (1)—

(a) for a period less than the previous two years and no more than once a year; or

(b) in relation to a dispute with the retailer, the retailer must give the billing data at no charge.

(3) A retailer must give a non-contestable customer the billing data requested under sub clause (1) within 10 business days of the date of receipt of—

(a) the request; or

(b) payment for the

233



Access to data

retailer’s reasonable charge for providing the billing data (if requested by the retailer).

(4) A retailer must keep a non-contestable customer’s billing data for 7 years.

10.5 Distribution matters

If a customer asks a retailer for information relating to the distribution of electricity, the retailer must—

(a) give the information to the customer; or

(b) refer the customer to the relevant distributor for a response.

10.6 General information

A distributor must give a customer on request, at no charge, the following information—

(f) advice on the customer’s electricity usage so that it does not interfere with the

234



Access to data

operation of a distribution system or with supply to any other electrical installation.

10.7 Historical consumption data

(1) A distributor must give a customer on request the customer’s consumption data.

(2) If a customer requests consumption data under sub clause (1)—

(a) for a period less than the previous two years and no more than twice a year provided the customer has not been given consumption data pursuant to a request under sub clause (1) more than twice within the 12 months immediately preceding the request; or

(b) in relation to a dispute with the distributor, the distributor must give the consumption data at no charge.

235



Access to data

(3) A distributor must give a customer the consumption data requested under sub clause (1) within 10 business days of the date of receipt of—

(a) the request; or

(b) if payment is required (and is requested by the distributor within 2 business days of the request) payment for the distributor’s reasonable charge for providing the data.

Electricity Industry (Wholesale Electricity Market) Regulations 2004 (WA)

Chapter 10

* Nothing relevant * Nothing relevant 10.1. Record Retention

10.1.1. The IMO must develop and publish a list of all information and documents that relate to the Wholesale Electricity Market activities that Rule Participants must retain. Effective from the date that the IMO publishes a list containing the relevant information or document, Rule Participants

10.4. Information to be Released on Application

10.4.1. The IMO must make information and documents available on application by any person subject to that person being a member of the class of persons able to receive information or documents in accordance with the relevant confidentiality status.

236



Access to data

must retain any information or documents of that kind for a period of seven years from the date it is created, or such longer period as may be required by law.

10.2. Information Confidentiality Status

10.2.1. The IMO must, in accordance with the Market Rules and Market Procedures, set and publish the confidentiality status for each type of market related information and document produced or exchanged in accordance with the Market Rules or Market Procedures.

Electricity Industry Customer Transfer Code 2004 (WA)

Part 3

3.1 Forms for data requests

(1) A network operator must publish—

(a) a request for standing data form, which must comply with Annex 1; and

(b) a request for historical consumption data form, which must comply with Annex 2.

3.9 Retailer’s obligations following receipt of data

(1) A retailer may use data relating to a contestable customer only for either or both of the following purposes—

(a) providing the contestable customer with a quotation for the supply of electricity by the retailer to the contestable


237



Access to data

(2) A network operator may from time to time publish an amended data request form, provided that the amended data request form complies with Annex 1 or Annex 2, as applicable.

3.2 Retailer may submit data request

(1) A retailer may request data in relation to a contestable customer from a network operator by completing a data request form and submitting it to the network operator under clause 3.4.

(2) Unless otherwise agreed between the network operator and the retailer, a separate data request must be submitted for each exit point.

3.5 Verifiable consent required for historical consumption data

(1) By submitting a request for historical consumption data, a retailer represents and warrants that it has the contestable

customer; and

(b) initiating a transfer in relation to the contestable customer.

(2) Despite clause 3.9(1), unless otherwise requested by the contestable customer a retailer may aggregate a contestable customer’s historical consumption data with other contestable customers’ historical consumption data, and may use the aggregated data for internal business development purposes.

(3) A retailer must not disclose a contestable customer’s data to any other person without the verifiable

consent of the contestable customer except if—

(a) the disclosure is made—

(i) to a employee, officer, agent, contractor, consultant or technical advisor of the retailer who agrees to be bound by the

238



Access to data

customer’s verifiable consent to obtain the historical consumption data.

(2) The retailer makes the representation and warranty in clause 3.5(1) on each day until the network operator provides the historical consumption data.

(3) If the contestable customer’s verifiable consent ceases to apply before the network operator provides the historical consumption data, the retailer must withdraw the request for historical consumption data under clause 3.6.

(4) A breach of the representation and warranty in clause 3.5(1) is a breach of this Code.

3.8 Network operator’s obligations following receipt of a valid data request

(1) Following receipt of a valid data request, the network operator must (subject to clause 3.8(3)) use all reasonable endeavours to provide the requested data to the retailer.

undertakings under this clause 3.8(3)*; and

(ii) for a purpose permitted by this clause 3.8(3)*; or

(b) the disclosure is required or allowed under an enactment, or a court or tribunal constituted under an enactment which has jurisdiction over the retailer; or

(c) the data has entered the public domain other than by breach of this clause 3.8(3)*.

(4) A retailer must keep a copy of a verifiable consent given to it by a contestable customer in relation to:

(a) a request for historical consumption data made by it in relation to the contestable customer; and

239



Access to data

(2) The network operator must (subject to clause 3.8(3)) provide the requested data under clause 3.8(1)—

(a) electronically, in a format:

(i) if communication rules have been approved by the Authority—in accordance with the communication rules; or

(ii) if no communication rules have been approved by the Authority—in accordance with the metering code; and

(b) unless otherwise agreed with the retailer, within the time specified in the following table—

(3) If—

(a) a retailer submits a data request under clause 3.4; and

(b) the network operator

(b) a disclosure made by it to another party under clause 3.9(3) in relation to the contestable customer, for 2 years after the date the verifiable consent was given.

*Please note: the enumeration of clauses referred to within this provision of the Electricity Industry Transfer Code appears to be in error.

240



Access to data

has not allocated a UMI for the contestable customer’s exit point; and

(c) the network operator is unable to determine a single exit point to which the data request relates, then—

(d) the network operator must within 1 business day after receiving the data request electronically notify the retailer of the exit points to which it is most likely that the data request relates, up to a maximum of the 10 most likely exit points; and

(e) the network operator is not required to comply with clauses 3.8(1) and 3.8(2) in respect of the data request.

241


E. Comparison of NER (7.7(a) and 8.6) to WA EquivalentsThe table below contains the comparison of the specific WA instruments as per our scope of work and Clauses 7.7(a) and 8.6 of the NER.

Table E. 1 Comparison of NER (7.7(a) and 8.6) to WA equivalent legislation

NER clauses 7.7(a) and 8.6 WA equivalents

7.7 Entitlement to metering data and access to metering installation

(a) The only persons entitled to access energy data or to receive metering data, NMI Standing Data, settlements ready data or data from the metering register for a metering installation are:

(1) Registered Participants with a financial interest in the metering installation or the energy measured by that metering installation;

(2) Metering Providers who have an agreement to service the metering installation, in which case the entitlement to access is restricted to allow authorised work only;

(3) financially responsible Market Participants in accordance with the meter churn procedures developed under clause 7.3.4(j);

(4) the Network Service Provider or providers associated with the connection point;

(5) AEMO and its authorised agents;

(6) an Ombudsman in accordance with paragraphs (d), (e) and (f);

(7) a financially responsible Market Participant’s customer upon request by that customer to the financially responsible Market Participant for information relating to that customer’s metering installation;

(8) the AER or Jurisdictional Regulators upon request to AEMO; and

(9) Metering Data Providers who have been engaged to provide metering


5.17A Customer may direct that energy data and standing data be provided

(1) A network operator must provide data for a metering point from its metering database to a person if (and to the extent that) the customer associated with the metering point gives the network operator a direction to do so.

(2) A direction under clause 5.17A(1):

(a) must include the customer’s verifiable consent, and identify the person (which may be the customer or a third party) (“nominated recipient”) to whom the data must be provided; and

(b) may only be given in respect of data that relates to the period or periods for which the customer is or was associated with the metering point; and

(c) may direct the provision to occur on more than one occasion including at regular intervals; and

(d) may require the network operator to allow the nominated recipient to have access to the data by means of a website (or otherwise by remote access to a “data storage device” as that expression is defined in the

242



data services for that metering installation or in accordance with clause 7.14.1A(c)(6).

Electronic Transactions Act 2003) using a password provided by the network operator which provides ‘read only’ access, but only if:

(i) the nominated recipient has a legitimate commercial interest or other legitimate interest in accessing the data; and

(ii) the network operator (acting reasonably and in accordance with good electricity industry practice) determines that it is practicable for the nominated recipient to access the data by that means.

(3) A network operator must comply with a direction under clause 5.17A(1):

(a) if the provision is to occur on only one occasion, as soon as practicable but no later than 10 business days after it receives the direction; and

(b) if the provision is to occur at regular intervals, within a reasonable time period agreed between the network operator and the nominated recipient, and failing agreement at reasonable intervals consistent (to the extent practicable in accordance with good electricity industry practice) with the direction.

(4) Despite clause 4.8(1), a person to whom data is provided under clause 4.8(3) or 5.17A may use, reproduce and disclose the data, subject to:

(a) any agreement between the person and the customer; and

(b) clause 7.5, if the person is a Code participant.


(a) Each Registered Participant must use all reasonable endeavours to keep confidential any confidential information that comes into the possession or control of the Registered Participant or of which the

Electricity Industry (Wholesale Electricity Market) Regulations 2004 (WA)

10.1. Record Retention

243



Registered Participant becomes aware.

(b) A Registered Participant:

(1) must not disclose confidential information to any person except as permitted by the Rules;

(2) must only use or reproduce confidential information for the purpose for which it was disclosed or another purpose contemplated by the Rules; and

(c) Each Registered Participant must use all reasonable endeavours:

(1) to prevent unauthorised access to confidential information which is in the possession or control of that Registered Participant; and

(2) to ensure that any person to whom it discloses confidential information observes the provisions of this rule 8.6 in relation to that information.

(d) The officers of a Transmission Network Service Provider participating in transmission service pricing must not be involved in or associated with competitive electricity trading activities of any other Registered Participant.

(e) A Transmission Network Service Provider participating in transmission service pricing must provide to any Transmission Network Service Provider or Registered Participant which supplies information for transmission service pricing an undertaking that the Transmission Network Service Provider to which that information was supplied will comply with the confidentiality requirements set out in clause 6.9.2.

8.6.2 Exceptions

10.1.1. The IMO must develop and publish a list of all information and documents that relate to the Wholesale Electricity Market activities that Rule Participants must retain. Effective from the date that the IMO publishes a list containing the relevant information or document, Rule Participants must retain any information or documents of that kind for a period of seven years from the date it is created, or such longer period as may be required by law.

10.2. Information Confidentiality Status

10.2.1. The IMO must, in accordance with the Market Rules and Market Procedures, set and publish the confidentiality status for each type of market related information and document produced or exchanged in accordance with the Market Rules or Market Procedures.

10.4. Information to be Released on Application Information

10.4.1. The IMO must make information and documents available on application by any person subject to that person being a member of the class of persons able to receive information or documents in accordance with the relevant confidentiality status.


7.5 Confidentiality Obligations

244



This rule 8.6 does not prevent:

(a) (public domain): the disclosure, use or reproduction of information if the relevant information is at the time generally and publicly available other than as a result of breach of confidence by the Registered Participant who wishes to disclose, use or reproduce the information or any person to whom the Registered Participant has disclosed the information;

(b) (employees and advisers): the disclosure of information by a Registered Participant or the Registered Participant's Disclosees to:

(1) an employee or officer of the Registered Participant or a related body corporate of the Registered Participant; or

(2) a legal or other professional adviser, auditor or other consultant (in this clause 8.6.2(b) called Consultants) of the Registered Participant,

which require the information for the purposes of the Rules, or for the purpose of advising the Registered Participant or the Registered Participant's Disclosee in relation thereto;

(c) (consent): the disclosure, use or reproduction of information with the consent of the person or persons who provided the relevant information under the Rules;


(1) any government or governmental body, authority or agency having jurisdiction over a Registered Participant or its related bodies corporate; or

(2) any stock exchange having jurisdiction over a Registered Participant or its related bodies corporate;

A Code participant must, subject to clauses 5.17A and 7.6:

(a) not disclose, or permit the disclosure of, confidential information provided to it under or in connection with this Code; and

(b) only use or reproduce confidential information for the purpose for which it was disclosed or another purpose contemplated by this Code.

7.6 Permitted Disclosure

(1) A Code participant must disclose or permit the disclosure of confidential information that is required to be disclosed by this Code.

(2) A Code participant may disclose or permit the disclosure of confidential information:

(a) to any of the following persons who has in place appropriate confidentiality arrangements in respect of the confidential information:

(i) its officers; or

(ii) its employees; or

(iii) a related body corporate and its officers or employees or both; or

(iv) its legal advisers; or

(v) its auditors; or

(vi) a consultant engaged by the Code participant, provided such a person has a reasonable need for the confidential information, including for the purposes of providing professional advice to it; or

(b) which is required to be disclosed by:

245



(e) (disputes): the disclosure, use or reproduction of information if required in connection with legal proceedings, arbitration, expert determination or other dispute resolution mechanism relating to the Rules, or for the purpose of advising a person in relation thereto;

(f) (trivial): the disclosure, use or reproduction of information which is trivial in nature;


(h) (potential investment): the disclosure, use or reproduction of information by or on behalf of a Registered Participant to the extent reasonably required in connection with the Registered Participant's financing arrangements, investment in that Registered Participant or a disposal of that Registered Participant's assets;

(i) (regulator): the disclosure of information to the AER, the AEMC or the ACCC or any other regulatory authority having jurisdiction over a Registered Participant, pursuant to the Rules or otherwise;

(j) (reports): the disclosure, use or reproduction of information of an historical nature in connection with the preparation and giving of reports under the Rules;

(k) (aggregate sum): the disclosure, use or reproduction of information as an unidentifiable component of an aggregate sum;

(l) (profile): the publication of a profile.

8.6.3 Conditions

(i) an enactment; or

(ii) the rules of a stock exchange which has jurisdiction over the Code participant or any of its related bodies corporate, and in such cases only disclose that part of the confidential information which is required to be disclosed;

(c) if required for the purpose of determining, prosecuting or defending a legal proceeding, arbitration or dispute and, in such cases only disclose that part of the confidential information which the relevant Code participant is required to disclose for the purpose; or

(d) with the verifiable consent of each affected person (which must not be unreasonably withheld) and subject to the conditions of the verifiable consent. (which conditions must not be unreasonable); or

(e) that is aggregated energy data for multiple connection points, which is disclosed in a way that does not enable a recipient to determine the identity of any customer or to determine, or accurately estimate, the energy data for any customer.

(3) The IMO may disclose, use or reproduce confidential information to the extent necessary for the purpose of facilitating the operation of the market rules.

246



In the case of a disclosure under clauses 8.6.2(b), or 8.6.2(h), prior to making the disclosure the Registered Participant that wishes to make the disclosure must inform the proposed recipient of the confidentiality of the information and must take appropriate precautions to ensure that the proposed recipient keeps the information confidential in accordance with the provisions of this rule 8.6 and does not use the information for any purpose other than that permitted under clause 8.6.1

247

Documents

Energy Council | - Advice on Privacy for the National … · Web viewFor the purpose of this report, Smart meters are meters that are consistent with the approved minimum smart meter