House debates
Tuesday, 28 November 2006
Privacy Legislation Amendment (Emergencies and Disasters) Bill 2006
Second Reading
4:42 pm
Malcolm Turnbull (Wentworth, Liberal Party, Parliamentary Secretary to the Prime Minister) Share this | Hansard source
I present the explanatory memorandum to the bill, and I move:
That this bill be now read a second time.
The tragic Boxing Day tsunami in 2004 provided many lessons in how to provide effective and timely assistance to Australians caught up in an emergency. To provide effective assistance, we have to identify those who need help and what help is appropriate. The tsunami, along with other subsequent emergencies and disasters, revealed practical problems for Commonwealth agencies, state and territory governments, private sector organisations and non-government organisations regarding the extent to which personal information can be shared.
The Privacy Act 1988 contains provisions which allow disclosure of personal information in terms of emergency and disaster. However, the act contemplates that these provisions will be applied on a case-by-case basis after careful analysis of the particular circumstances. Clearly, in an emergency or disaster, where there may be many thousands of victims requiring urgent assistance, agencies and organisations do not have the luxury of time, or the resources, to consider each case individually.
These existing provisions have proven difficult to apply with confidence in situations involving mass casualties and missing persons. This has resulted in some agencies and organisations taking an overly cautious interpretation and has contributed to unnecessary delays in delivering services and added to the trauma experienced by victims and their families.
Two recent reports, Getting in on the Act: the review of the private sector provisions of the Privacy Act 1988, produced by the Privacy Commissioner, and The real Big Brother: inquiry into the Privacy Act 1988, produced by the Senate References Legal and Constitutional Committee, have noted the need for clarification of the provisions of the act in times of an emergency. The government acknowledges the work of the Privacy Commissioner and the committee in preparing those reports.
We also acknowledge the inquiry and report on the bill by the Senate Standing Committee on Legal and Constitutional Affairs which followed the bill’s introduction in the Senate. The committee made two recommendations for amendments to the original bill, which the government has adopted in the current bill.
I turn now to the new part VIA. There needs to be a seamless whole-of-government approach to the exchange of personal information in a disaster. The Privacy Legislation Amendment (Emergencies and Disasters) Bill 2006 inserts a new part into the Privacy Act to establish a clear and certain legal basis for the collection, use and disclosure of personal information about deceased, injured and missing individuals caught up in an emergency or disaster occurring in Australia or overseas.
The effect of these amendments is to permit the Australian government, private sector organisations and non-government organisations to collect, use and disclose personal information in the event of an emergency or disaster, despite the possible application of the Privacy Act or of specific secrecy provisions in other Commonwealth legislation. The bill will not apply to state and territory governments and their agencies other than the ACT, but it will allow Australian government agencies and private sector organisations and non-government organisations to disclose personal information to state and territory governments and their agencies.
We are hopeful that, where state or territory legislation prevents their agencies from sharing personal information with the Australian government or with private sector or non-government organisations, states and territories might consider corresponding amendments to their legislation.
I turn now to the trigger provisions which will trigger the operation of the new part. These new provisions will be triggered when the Prime Minister or the Attorney-General makes a declaration for the purposes of the Privacy Act that an emergency or disaster has occurred in Australia or overseas. An emergency or disaster may only be declared where:
at least one Australian citizen has been affected; and
the emergency or disaster is such that it is appropriate that certain agencies, organisations and individuals be permitted to exchange personal information more freely than might otherwise be permitted by the Privacy Act.
Where the emergency or disaster has occurred outside Australia, the Attorney-General must consult the Minister for Foreign Affairs before making a declaration. The declaration will have effect for a limited time.
An emergency declaration does not operate indefinitely. A maximum period of 12 months applies to an emergency declaration. The 12-month cap was included as a result of a recommendation by the Senate Standing Committee on Legal and Constitutional Affairs in its report on the bill.
The bill does not attempt to define ‘emergency’ or ‘disaster’. The range of emergencies or disasters requiring urgent government response is too vast and too varied to be susceptible to any sensible and comprehensive definition. However, it is envisaged that the Prime Minister or the Attorney-General make the declaration as part of a coordinated, whole-of-government response to an emergency or disaster. The words, in other words, will have their natural and ordinary meaning.
The bill will not allow unfettered dealing with personal information outside the existing regulation of the Privacy Act. On the contrary, the bill serves to clarify and enhance what is largely already permissible under the Privacy Act. The bill will allow collection, use or disclosure of personal information only where it will:
provide people closely connected to an individual caught up in an emergency or disaster with information about their welfare;
help to identify individuals;
otherwise contribute to the response to the emergency or disaster; or
assist individuals and law enforcement.
Under the bill, information can only be collected, used or disclosed for a purpose that directly relates to the Commonwealth’s response to an emergency or disaster, in respect of which an emergency declaration is in force. In this regard, the bill implements a recommendation of the Senate Standing Committee on Legal and Constitutional Affairs that the word ‘directly’ be inserted in the bill.
Given the objects of the bill, these amendments, of necessity, modify the operation of the Information Privacy Principles and the National Privacy Principles and relevant secrecy provisions in other Commonwealth legislation. However, recognising the special status of the intelligence agencies and the Inspector-General of Intelligence and Security, secrecy provisions applying to those agencies are excluded from modification under the amendments and will continue to apply unchanged.
In addition, there is a regulation-making power to exclude other nominated secrecy provisions from modification under the amendments where a sound policy case is made out to preserve those provisions, even in an emergency situation. In this regard, the government gives an undertaking to include in the regulations made under the bill the secrecy provisions of the Australian Bureau of Statistics, which are in the Census and Statistics Act 1905.
The bill also modifies the operation of common law duties of confidence, such as that which applies to the banker and client relationship.
The amendments will not permit the disclosure of personal information to the media. If there is a need to involve the media to ensure a speedy and effective response to the emergency, then agencies and organisations must do so in accordance with the normal operation of the Privacy Act.
To ensure that personal information is not disclosed for unrelated purposes, the bill includes an offence prohibiting the further disclosure of any information received as a result of a declaration of emergency or disaster. This prohibition does not apply to persons closely related to an individual affected by an emergency or disaster, nor does it prohibit disclosure to the individual concerned or where that individual has consented to the disclosure. Naturally, the offence does not apply where the Privacy Act otherwise permits the disclosure.
I want to stress that the bill merely enables the collection, use and disclosure of personal information in an emergency or disaster situation. It does not require any agency or organisation to disclose personal information. Agencies and organisations will retain their existing discretion under the Privacy Act not to disclose personal information. The amendments do not displace internal management processes of agencies which regulate the collection, use and disclosure of such information.
The amendments follow from extensive consultation with stakeholders, both within government and in the private and charitable sectors. All have agreed that the amendments are necessary to enable an effective response to emergencies or disasters.
The bill will place beyond doubt the capacity of the Australian government and others to lawfully exchange personal information in an emergency or disaster situation. It reflects an expectation of the community that the government will respond to emergencies and disasters quickly and effectively. The bill complements the existing core policy of the Privacy Act. The Privacy Act continues to apply in the absence of an emergency declaration; even in its normal operation, the Privacy Act usually allows the disclosure of personal information for legitimate government purposes.
The government is confident that the amendments in this bill will assist search, rescue and recovery efforts and the distribution of services to victims and their families without derogating from the proper protection of personal information. I commend the bill to the House.
No comments