Key issues

2.1        This chapter outlines the provisions of the bill in more detail, discusses the issues raised by submitters about the proposed amendments and outlines the committee view.

2.2        The Department of Immigration and Border Protection (DIBP) provided the committee with a clear summary of the purpose of the amendments proposed in the bill:

...the amendments being considered by this committee make it clear that protection is not required unless the information is a specified category of information, the disclosure of which would, or foreseeably could, cause harm to a public interest of a kind that's reasonably apparent from the particular category of that information. Crucially, the bill provides assurance to the Australian public, business, government and our foreign partners that sensitive information provided to the department will be appropriately protected without unnecessarily hindering robust and informed public debate...it's important to note that the amendments do not alter the original intention of the provisions at all but rather clarify the original intent by recalibrating the information disclosure model to make it more efficient and better suited to address the needs of the department and its officers.

The proposed amendments will strengthen the delivery of the department's outcome on a number of fronts, streamlining the ability of the department to share data with our international counterparts, for example, and thus making a strong contribution to our international engagement and international security efforts. The department believes that it's wholly appropriate for the provisions of the bill to be revisited and amended in order to ensure that they are having the intended effect. The streamlining of the secrecy and disclosure provisions will allow more efficient management and disclosure of information for legitimate purposes without removing important oversight and accountability measures. This is something that government agencies should strive for in all legislation and that all agencies should be measuring in order to deliver stronger and better outcomes for the Australian people.[1]

2.3        Submitters to the inquiry were generally supportive of the bill's measures to meet its stated purpose to 'balance the need to protect certain information, where appropriate, against the Australian Government's commitment to open government'.[2]

2.4        However, specific concerns were raised in relation to the definition of 'Immigration and Border Protection information' (IBP information), including: the power of the departmental Secretary to prescribe new categories of information by legislative instrument; a perceived lack of clarity around security classifications; and the scope of the secrecy provisions in the Australian Border Force Act 2015 (the ABF Act).

New definitions of information protected from disclosure

2.5        Schedule 1, Item 1 of the bill seeks to update a number of definitions in subsection 4(1) of the ABF Act, by:

• repealing the definition of 'protected information' and substituting a definition of 'Immigration and Border Protection information';
• inserting a definition of 'duty of confidence', necessitated by paragraph (d) of the definition of 'Immigration and Border Protection information'; and
• inserting a definition of 'intelligence agency'.

2.6        In the current ABF Act, under subsection 42(1), it is an offence for any entrusted person to make a record of or disclose protected information. The current definition of protected information is 'information that was obtained by a person in the person's capacity as an entrusted person', which was criticised by many submitters as unreasonably broad in scope.[3]

2.7        The Explanatory Memorandum (EM) acknowledges the broad nature of the current definition and states that:

As not all information obtained by the Department requires protection, the definition of the information to be protected has been refined to include only certain kinds of information, such as that relating to: the security, defence and international relations of Australia; prevention, detection and investigation of offences; protection of public health and safety; or sensitive personal and commercial matters.[4]

2.8        The narrower definition of IBP information is intended to be applied retrospectively from 1 July 2015, the date of commencement of the ABF Act, to provide:

... the necessary certainty that only information which could harm the national or public interest if disclosed is to be protected, and will be regarded as ever having been protected, under the ABF Act.[5]

2.9        The retrospectivity of the provision is also intended to reassure any individuals who may believe that they have committed an offence under the current broad definition of protected information.[6]

General issues with the definition of IBP information

2.10      The submissions received by the committee were largely supportive of the provisions to narrow the categories of information protected and subject to the secrecy and disclosure provisions of the ABF Act. However, many submitters raised concerns with the wording and/or operability of specific sections of the IBP information definition and its relationship to section 42 of the ABF Act.

2.11      In its submission to the inquiry, the Office of the Australian Information Commissioner (OAIC) made a number of observations in relation to the privacy implications of the new IBP information definition.[7] The OAIC remarked that it was unclear what types of information or personal information that are currently included under the definition of protected information would not be included under IBP information. Moreover, it questioned whether potential privacy risks associated with this new definition had been considered or a privacy impact assessment had been undertaken.[8] DIBP provided evidence to the committee that such an assessment had not taken place, as the provisions of the bill did not make major changes to the way in which the ABF Act interacts with the Privacy Act 1988.[9]

2.12      The Australian Human Rights Commission (AHRC) raised a concern about the phrase 'would or could reasonably be expected to' in paragraphs (a) to (e) of the IBP information definition. It noted that this phrase, which has been judicially considered in relation to other federal legislation:

...potentially criminalises the unauthorised disclosure of information where there is the reasonable possibility, but not the reasonable likelihood, of prejudice.[10]

2.13      The AHRC recommended that the phrase be replaced with 'is reasonably likely to' in order to avoid criminal sanctions that may be disproportionate to the 'aim of preventing harm to relevant public interests'.[11]

2.14      There were also concerns from some submitters about some parts of the definition in light of the recommendations of the Australian Law Reform Commission's (ALRC) 2010 report, Secrecy Laws and Open Government in Australia, which have been noted in the discussion of the relevant paragraphs below.[12] In relation to the ALRC's recommendations, DIBP told the committee that, while the findings of that report were 'extremely valuable', the environment around secrecy provisions had evolved in the almost decade since its publication.[13]

Prejudice the security, defence or international relations of Australia

2.15      Paragraph (a) of the IBP information definition includes:

Information the disclosure of which would or could reasonably be expected to prejudice the security, defence or international relations of Australia

2.16      The Andrew and Renata Kaldor Centre for International Refugee Law (Kaldor Centre) commented that while the EM provided some discussion around the types of information that could be covered under this paragraph, it 'provides no guidance on the outer limits or scope of the definition'.[14] The terms 'security', 'defence', and 'international relations' are not defined in the bill or in the ABF Act in its current form.

2.17      Other submitters expressed concerns that information which would be in the public interest to disclose, such as reporting abuse or unlawful activity in a regional processing centre, could fall within what they considered to be a broad definition.[15] The Refugee Advice and Casework Service stated that the provision may continue to cause a 'chilling effect' in preventing such disclosures out of fear of prosecution.[16] Save the Children made the point that:

... the scope of this sub-clause would be subject to judicial determination and the onus would be on the government to prove that a particular disclosure meets the criteria of the definition.[17]

2.18      Several recommendations were made by submitters to change or define terminology used in this paragraph of the IBP information definition in order to clarify its operation, including:

• modifying paragraph (a) to specify that only information which 'directly concerns' the security, defence or international relations of Australia is covered;[18]
• changing the word 'prejudice' to 'damage', in order to bring this definition in line with a similar provision in Freedom of Information Act 1982. It was suggested that this would narrow any offence to disclosure of information which caused harm, not disadvantage;[19]
• adding a definition of 'security' to subsection 4(1) of the ABF Act, possibly modelled on the definition provided in the Australian Security Intelligence Organisation Act 1979;[20] and
• adding a definition of 'international relations' to subsection 4(1) of the ABF Act, possibly modelled on the definition provided in the National Security Information (Criminal and Civil Proceedings) Act 2004.[21]

Breach of a duty of confidence

2.19      Paragraph (d) of the IBP information definition includes:

Information the disclosure of which would or could reasonably be expected to found an action by a person (other than the Commonwealth) for breach of a duty of confidence

2.20      This paragraph and the associated definition of 'duty of confidence' proposed in the bill also drew criticism from submitters.

2.21      The EM describes the purpose of this paragraph as recognising that 'individuals who provide information to [DIBP] on the understanding that it will be kept confidential have a right to expect that it will be protected' and that any breakdown in that trust would have adverse outcomes for DIBP and the government more broadly, such as loss in public confidence.[22]

2.22      DIBP explained to the committee that the key purpose of this provision was in protecting trade and customs functions, and trust in those functions:

That's why some of the provisions that are in here, around duty of confidence and competitive detriment, are actually quite bespoke to the different types and extraordinary range of businesses that we have to deal with, particularly in the trade space. When one looks at the transfer of goods across the border and the sorts of information that comes to us, not by way of contract but by way of regulatory operation in the Customs space, there's incredibly sensitive information there that needs to be protected. It was protected under the Customs Administration Act and continues to need to be called out as a type of information that's really important to our business.[23]

2.23      However, some submitters were concerned about a perceived lack of clear connection between paragraph (d) and the national security and public interest protection purposes of the bill and the current ABF Act.[24] 

2.24      For example, the AHRC noted that while paragraphs (a), (b), (c) and (e) of the IBP information definition require that information have harmful or prejudicial effects upon disclosure to be included, paragraph (d) does not. It also questioned whether information received under a duty of confidence requires any further protection 'beyond the remedies available at general law', such as within the Freedom of Information Act 1982, where breach of confidence is not criminalised, or the Privacy Act 1988.[25]

2.25      Submitters also questioned whether it was appropriate to criminalise a disclosure without a specific requirement for harm, referring to the ALRC's Secrecy Laws and Open Government in Australia report recommendation that disclosure of information that would found a breach of confidence should not be criminalised.[26]

2.26      Suggested remedies for the lack of clarity in paragraph (d) included:

• adding 'and damage the regulatory function of the department' after 'breach of duty of confidence', which would make the definition consistent with the bill's intention to protect the work of DIBP;[27] and
• removing the paragraph entirely.[28]

Cause competitive detriment

2.27      Paragraph (e) of the IBP information definition includes:

Information the disclosure of which would or could reasonably be expected to cause competitive detriment to a person

2.28      The EM describes the purpose of this paragraph as protecting commercial information provided to DIBP, where disclosure of that information could cause 'significant damage' to a business's interests by providing commercial advantage to a current or potential competitor.[29]

2.29      As with paragraph (d), submitters held concerns about the lack of connection between paragraph (e) and the national security and public interest protection purposes of the bill.[30]

2.30      AHRC observed that the term 'competitive detriment', has potential to be interpreted very broadly, is not defined in the Bill and has not been subject to judicial consideration. Furthermore, it added:

The Commission is not convinced that protecting private entities from ‘competitive detriment’ is a public interest of the same essential character as national security, defence, law enforcement, public safety or the effective regulatory function of an agency such that the unauthorised disclosure of information relating to it should attract criminal sanctions. As previously noted, civil law is available to address the problem of improper disclosure of commercial information. The remedies available under civil law–such as contractual, common law and equitable remedies–also are more effective at assisting a person who has suffered detriment as a result of this form of improper disclosure.[31]

2.31      The Kaldor Centre also made observations in relation to existing legal protections for confidential or commercial information in relation to paragraph (e):

While it is legitimate to protect against competitive detriment that might flow from the disclosure of confidential information, this is typically achieved through a combination of the application of the general law, contractual obligations relating to confidentiality and requirements for persons entrusted with confidential information to sign a confidentiality undertaking. No clear case has been made for why the protection of national security and the public interest require that Immigration and Border Protection workers be held to a different, and far more onerous, standard than that which applies to other government workers. In particular, no justification has been made for why national security or the public interest demand that criminal penalties should attach to disclosure in this context, in contrast to the civil and contractual consequences that typically apply.

2.32      The Rural Australians for Refugees group expressed a view that special consideration of commercial interests may lead to perceptions that ABF and DIBP operations belong somehow outside of, or above, normal government commercial arrangements.[32]

2.33      The Law Council of Australia (Law Council) questions whether the intention of this paragraph of the definition is to protect or criminalise criticism of detention centre providers, as paragraph (e) may be an 'unjustifiable encroachment on freedom of speech'.[33] Other submitters shared similar concerns about paragraph (e) protecting providers of immigration services from criticism and therefore potentially restricting freedom of speech.[34] 

2.34      In response to these concerns about paragraph (e), as with paragraph (d), DIBP explained that the purpose of this provision was to protect trade and customs functions of the DIBP.[35] DIBP also rejected suggestions that this paragraph would prevent criticism of service providers:

...there's nothing that prevents you from criticising a detention service provider. You're not caught by the act. Were someone who fell within the scope of the act to criticise a detention service provider, that would not, of itself, create an offence, because criticism, of itself, is not an offence. It's only the disclosure of information that falls within one of these protections, where it doesn't otherwise fall within the permissions. If it had to do with maladministration of a detention service provider, and one of the people caught by the scope of the act through being a contracted worker wanted to make some form of statement or criticism of the way that provision was made, if it amounted to maladministration then they would also be covered by the Public Interest Disclosure Act.[36]

2.35      However, DIBP did note that that there may be a gap in whistleblower protections in relation to criticism of international parties:

Senator PRATT: ...Will service providers be able to raise concerns about the way the Department of Immigration and Border Protection or one of your partners were managing or responding to a particular issue, including in the detention centre network, under these laws?

Ms de Veau:  I'm of the view that they already can, and they can do it to someone other than the department if that is a concern, because they fall within the Public Interest Disclosure Act scope of people who can access that whistleblowing protection and, equally, can go directly to the Ombudsman. The only thing I would say is that in relation to what might happen in another country, where there might be regional processing, where the issue is not the suggestion of maladministration by the Australian government or their contractors, there may be a gap there. But that's the only place, and this won't change that.[37]

2.36      A number of submitters also raised the findings of the ALRC's Secrecy Laws and Open Government in Australia report and the recommendation that disclosure of information that could affect commercial interests should not be criminalised.[38]

2.37      Many submitters suggested that, particularly as civil law provides protection for commercial confidence and disclosure of contractual information, this paragraph should be deleted from the definition of IBP information[39] or otherwise revised in accordance with the guidance provided in the ALRC's Secrecy Laws and Open Government in Australia report.[40]

Security classifications

2.38      Schedule 1, Item 5 of the bill creates a new subsection 4(5) of the ABF Act. This subsection specifies that, without limiting the definition of IBP information in subsection 4(1), the following kinds of information are deemed to be information the disclosure of which would or could reasonably be expected to prejudice the security, defence or international relations of Australia:

1. information that has a security classification; and
2. information that has originated with, or been received from, an intelligence agency.

2.39      A number of submitters raised concerns around paragraph 4(5)(a) and the potential for misclassification or over-classification of information which would otherwise not be considered IBP information.

2.40      The EM provides some examples of information which has a security classification, and discusses the broader purpose of security classifications on documents.[41] However, neither the bill nor the Act in its current form provides a definition of security classification. Some submitters recommended that the bill should introduce an appropriate definition of information which has a security classification, perhaps as 'security classification' or 'security information', to reflect the intention as outlined in the EM.[42]

2.41      DIBP told the committee that the government Protective Security Policy Framework (PSPF) provided a clear explanation of what security classifications are used by DIBP and other agencies and what those classifications mean.[43]

2.42      The New South Wales Council for Civil Liberties indicated that the bill did not propose how or by whom a security classification would be applied to information, nor set out any framework for legal defence if a classification was inappropriately applied.[44] Likewise, the Law Council observed that although Schedule 1 Item 21 of the bill (proposing a new section 50A of the ABF Act) would only permit prosecution of an offence where information was certified to have been appropriately subject to a security classification at the time of the conduct, there did not appear to be 'be any way for a court to review the appropriateness or otherwise of a security classification' in general.[45]

2.43      Save the Children Australia raised a concern that security classifications could be assigned as a 'blanket solution' to broad categories of information where disclosure 'could lead to criticism of the DIBP policy or otherwise embarrass or discredit the DIBP'.[46] The AHRC shared these concerns, stating that:

...the deeming of information with a security classification as requiring protection, without any consideration of the content of the information, whether it has been correctly classified or whether it is, in fact, information the disclosure of which would, or is reasonably likely to, harm essential public interests remains a ‘blanket provision’ that unduly restricts freedom of expression, political communication and legitimate public scrutiny.[47]

2.44      Save the Children recommended that a qualification to this paragraph be considered, in order to 'provide safeguards which prevent security classifications being used inappropriately in order to bring certain information within the ambit of the ABF Act to discourage disclosures being made in the public interest'.[48]

2.45      Alternatively, the AHRC proposed that 4(5)(a) be deleted, recommending that while security classification should be a 'relevant consideration for a decision-maker' regarding potential harm, it should not be the determinative factor.[49]

2.46      In relation to 4(5)(b), the Law Council questioned how information will be determined to have originated with, or been received from, an intelligence agency, given that intelligence may also 'be known to persons through a variety of sources other than the intelligence agency'. They suggested that, should be provision be retained, it should be narrowed to clarify that:

... the information came to the knowledge or possession of the person from the intelligence agency or a third party where the person was aware that there was a substantial risk that the information was received by the third party from an intelligence agency.[50]

2.47      DIBP did not share the concerns of submitters that it might not be apparent that certain information is classified. The department explained that the offence provisions of the ABF Act require an element of intent, so accidental disclosure (except in the case of recklessness) would not be a criminal offence.[51]

Role of the Secretary to determine new categories in delegated legislation

2.48      Schedule 1, Item 5 of the bill also creates a new subsection 4(7) of the ABF Act, which provides that:

The Secretary may, by legislative instrument, prescribe a kind of information for the purposes of paragraph (f) of the definition of Immigration and Border Protection information in subsection (1) if the Secretary is satisfied that disclosure of the information would or could reasonably be expected to:

1. prejudice the effective working of the Department; or
2. otherwise harm the public interest.

2.49      According to the EM, the purpose of this subsection is to enable the Secretary of DIBP to protect any new types of information, not already covered by the definition of IBP information, by making a legislative instrument.[52] This would allow protection of new types of information more quickly than by amendment to the ABF Act. The EM also states that any legislative instrument made by the Secretary for the purpose of this subsection would be subject to parliamentary scrutiny and be disallowable under section 42 of the Legislation Act 2003.

2.50      This provision attracted criticism from some submitters, who expressed a range of concerns about the power of the Secretary and the types of information which could be covered by this provision.

2.51      Some submitters believed that it was inappropriate for the Secretary of DIBP to have the power to prescribe types of information where the disclosure of which amounts to a criminal offence.[53]

2.52      DIBP indicated that such provisions are not uncommon and that the decision to grant these powers to the Secretary had been made in consultation with the Office of Parliamentary Counsel. The department undertook to provide on notice evidence in relation to the prevalence of such instruments being the responsibility of a departmental secretary, particularly in relation to criminal offences.[54]

2.53      On notice, the department stated it was 'very common for Departmental Secretaries to be given the power to make legislative instruments'. It provided the committee with some general examples of where this power existed in the Migration Act 1958 (passports, and fall-back and primary reporting systems), as well as regarding the powers of the ABF Commissioner under the Customs Act 1901.[55]

2.54      The department also provided the committee with examples of a subordinate instrument that 'may affect the context of an offence provision' specifically, including by a departmental Secretary. This included powers under the aviation and maritime security legislation for 'additional security measures' to be taken or complied with, as well as proscribing 'certain harmful or dangerous substances or things that must not be carried by post'.[56]

2.55      Submitters also held concerns about the use of legislative instrument rather than primary legislation to define types of information, specifically in relation to the different scrutiny processes for each.[57]

2.56      For example, Refugee Legal was concerned that while any legislative instrument is disallowable and subject to parliamentary scrutiny, an instrument has legal effect until such time as it is disallowed. In the case of an instrument made under new subsection 4(7) and subsequently disallowed, a person could be exposed to criminal liability in the time before it was rescinded.[58]

2.57      The Law Council submitted that any types of information the disclosure of which amounts to a criminal offence should be provided in primary legislation. However, it supported the Senate Scrutiny of Bill's Committee's suggestion that if this matter were to remain in delegated legislation, parliamentary scrutiny could be increased by requiring the positive approval of both House of the Parliament before coming into effect.[59]

2.58      Many submitters expressed reservations about the scope of information that could be prescribed, as the EM does not provide any examples of the types of information that could be protected. Some believed that the broad nature of this provision could undermine the stated purpose of the bill to create clarity around protected information and instead contribute to a 'chilling effect' where entrusted persons are unsure if information could become protected.[60] However, DIBP assured the committee that accidental disclosure without intent would not be an offence in any such instance:

I can't blindly and through ignorance, particularly if the secretary has only pronounced something yesterday and it hasn't come to my [attention]—I can't commit that offence and be prosecuted.[61]

2.59      DIBP also addressed the issue of scope, noting that this provision is not intended to serve as a catch-all to criminalise broad categories of information, but as a way of 'future-proofing' unforeseen circumstances and allowing for quick action.[62] The department explained the importance of having such a reserve power and the difficulty in defining what could be included:

Because we have tried to readily identify in a way that is definable these categories of information that we feel are proportionate to lock down, the difficulty in not having some reserve provision is that you can't futureproof quickly. Were we to turn our mind to the conceivable types of information that might arise in the future that you would want to futureproof, we would start to get into definitions that are quite small but multiple. So it would be very difficult. I think even in the Scrutiny of Bills Committee response that we sent in, when we did provide two examples, it was 'maybe of a kind' because we were trying to foreshadow what we might need to protect in the future as opposed to what we can readily identify now that does not fall within one of the existing categories.[63]

2.60      Other submitters expressed a view that this provision could be used to protect information relating to misconduct within ABF or DIBP, or to prevent otherwise lawful disclosure in relation to controversial matters, which could be seen to prejudice the workings of DIBP under 4(7)(a).[64]

2.61      Due to the concerns listed above, some submitters recommended that proposed subsection 4(7) and the associated paragraph (f) of the proposed definition of IBP information be removed from bill.[65]

Amendments to secrecy and disclosure provisions

2.62      A key purpose of the bill is to clarify and streamline the secrecy and disclosure provisions at Part 6 of the ABF Act. Submitters made a number of comments in relation to the amendments to those provisions.

2.63      Several of the submissions received by the committee also expressed general ongoing concerns with the secrecy and disclosure provisions of the ABF Act, specifically in relation to section 42 and criminal offences for unauthorised disclosure; however these were outside of the scope of this bill inquiry.[66]

2.64      In evidence to the committee, DIBP stated that no prosecutions had occurred to date in relation to disclosure of protected information.[67]

2.65      DIBP also made clear that Part 6 of the ABF act only applies to:

...people who fall within the definition of 'Immigration and Border Protection worker'—that is, the department and its staff and anyone who falls within the secretary's determination. The secretary determined at the commencement of the legislation to extend that application to people who are providing services in house, on our premises, or accessing our systems—in short, contractors.[68]

2.66      Additionally, DIBP committed to develop plain English documentation for those affected by the provisions to clearly explain what is and isn't covered by ABF Act following introduction of amendments in this bill,[69] as recommended by some submitters.[70]

Fault element of recklessness

2.67      Schedule 1, Item 8 of the bill proposes a new subsection 42(1A) of the ABF Act in relation to subsections 4(5) and 4(6) proposed at Schedule 1 Item 5. This subsection would make it an offence to disclose information where a person was reckless as to whether or not:

1. the information has a security classification;
2. the information originated with, or was received from, an intelligence agency;
3. the information was provided to the Commonwealth pursuant to a statutory obligation or otherwise by compulsion of law.

2.68      Save the Children Australia made the point that a contractor may not be aware if a document held a security classification and questioned what steps an individual would be required to take to 'satisfy themselves that the information was not subject to a security classification'. It recommended that the bill should:

Clarify that if information held by a government contractor is not marked with a security classification, and the contractor has not been informed that the information has been classified, the discloser (being the contractor or its staff) should not be deemed to be reckless as to whether or not it is so classified.[71]

Not to exceed Commonwealth power

2.69      Schedule 1, Item 23 of the bill proposes a new section 57A in the ABF Act. The EM states that the purpose of this section is:

... where a provision of the ABF Act, or an instrument made under the ABF Act, has an application that exceeds the Commonwealth’s legislative power but also has at least one application that does not, the provision is not to have the invalid application but is to have every valid application.[72]

2.70      The Law Council suggested that 'the breadth and uncertainty of some of the Bill’s measures may arguably be a disproportionate burden on the freedom of speech and raise constitutional validity concerns' and that this proposed section appears to anticipate 'potential unconstitutional features'.[73]

Repealing requirements for prescription by Rule

2.71      Schedule 1, Items 28 and 30 of the bill repeal paragraphs 44(2)(d) and 45(2)(d) from the ABF Act, respectively, commencing on the day after Royal Assent. This would remove the requirements of the ABF Act relating to the prescription of classes of personal information through the Australian Border Force (Secrecy and Disclosure) Rule 2015 (ABF Rule). Effectively, this change would mean that disclosure of IBP information would no longer be governed by the framework of the ABF Rule which prescribes classes of information and the bodies/persons who can receive that information.[74]

2.72      The EM explained that since the commencement of the ABF Act in 2015, these paragraphs have been 'difficult and cumbersome to administer without necessarily providing any additional level of protection against the disclosure of protected information'.[75] Additionally, as the other requirements of subsections 44(2) and 45(2) must still be satisfied, the EM states that these requirements still provide adequate safeguards concerning the disclosure of personal information.

2.73      However, the OAIC made the point in its submission that it was not clear from the EM the extent to which the requirements of these paragraphs were impeding operational efficiency or if DIBP had considered any other measures to reduce administrative burden. The OAIC questioned whether the potential privacy impacts of this change are a 'reasonable, necessary and proportionate response' to the policy goal of efficiency.[76]

2.74      OAIC recommended to the committee that, if the changes proposed in the bill were considered to be a 'reasonable, necessary and proportionate response', that a new framework outlining the appropriate disclosure of personal information, such as binding guidelines on privacy for decision-makers or additional information about exercise of powers at 44(2) and 45(2), could be introduced to provide a 'similar level of assurance' to entrusted persons as is currently provided by the ABF Rule.[77]

New permitted purposes for disclosure

2.75      Schedule 1 Item 31 of the bill would insert three new permitted purposes for the disclosure of personal information, also commencing on the day after Royal Assent:

1. a purpose relating to the inter-country adoption of a child;
2. a purpose relating to the protection of national security or the defence of Australia; and
3. a purpose relating to locating a missing person.

2.76      In response to these new permitted purposes, the LCA expressed support for a privacy and personal information security impact assessment of these and other proposed provisions of the bill, and of the secrecy provisions of the ABF Act more generally.[78]

Interactions with other Acts

2.77      A number of submitters made comments on the interaction of the ABF Act with the secrecy provisions in section 70 of the Crimes Act 1914, which also criminalises disclosure of information by Commonwealth officials.[79] Save the Children Australia sought clarification of whether an immigration-related disclosure which may fall outside of the ABF Act following the various amendments proposed in the bill would remain an offence under the Crimes Act 1914.[80]

2.78      Submitters also queried whether public interest disclosures not covered by exemptions or permitted purposes in the ABF Act, including those proposed in the bill, would be adequately covered by the Public Interest Disclosure Act 2013.[81] In response, DIBP explained:

Firstly, the Public Interest Disclosure Act does not just apply to public servants in the department; it extends to individuals and organisations that provide goods and services under a Commonwealth contract and their officers or employees. So there's no-one who falls within the definition of an immigration or border worker for the purpose of this act that is not also provided with the security to whistle blow under the Public Interest Disclosure Act. That's the first point to highlight: there is a mechanism already, if they don't fall within the act, that they can't be held responsible if they have legitimate whistleblowing exercise and they do it in accordance with that act.

The second point is that when it comes to that, I think there was some concern that all you're doing is reporting to the department with whom you have difficulty—it's their maladministration that you want to blow the whistle on. The Public Interest Disclosure Act also provides for a pathway directly to the Ombudsman. So there are legitimate pathways that provide for whistleblowing, if that is required, currently and those will continue if these amendments come into place.[82]

Impact of the ABF Act on health professionals

2.79      Some health professional bodies expressed their concerns about the impact of disclosure provisions in the ABF Act more broadly on the health of patients in immigration facilities.[83] Although this bill does not provide any specific remedies to the concerns of health professionals, the committee has noted these concerns and raised several related matters with DIBP during the hearing. However, evidence provided to the committee relating to the perceived restrictions on health professionals in the ABF Act was limited due to a case that is currently before the High Court.[84]

2.80      DIBP made clear to the committee that 'health practitioners' are no longer bound by the secrecy and disclosure provisions of the ABF Act, following the Secretary's determination on 30 September 2016. They directed the committee to a public copy of this determination, which defines the category of health practitioner as including, but not limited to:

1. general practitioner;
2. nurse;
3. mental health nurse;
4. psychologist;
5. psychiatrist;
6. surgeon;
7. pharmacist;
8. dentist;
9. optometrist;
10. ophthalmologist;
11. paramedic;
12. counsellor;
13. podiatrist;
14. emergency physician;
15. radiographer;
16. obstetrician;
17. pathologist;
18. midwife;
19. nutritionist;
20. health advisor or consultant;
21. other medical specialist;
22. other specialist nurse.[85]

2.81      However, some health professional groups have expressed disappointment that other care-giving service providers, particularly teachers and child protection workers, had not been afforded the same exemptions.[86]

2.82      In response, DIBP made clear that the disclosure of medical information by any entrusted person would not in itself be an offence under the proposed definition of IBP information, unless the information also fell into one of the proposed categories and did not meet one of the many exemptions:

Even prima facie if the information falls within circumstances of requiring protection, then there are a series of permissions that say it's not an offence, even if's [sic] it's of a category to be shared, if you share it for these certain reasons.

...there are a raft of permitted purposes, one of which is 'a purpose relating to the protection of public health, or the prevention or elimination of risks to the life or safety of an individual or a group of individuals'. So even under the current legislation there are permissions that say it's not an offence if the reason that the information is being shared is one of these legitimate reasons. So quite apart from the medical and health professionals already being carved out, there's this permission that provides the appropriate sharing of information when it has to do with these health considerations. Even further to those, apart from the permitted purposes, there is section 48, which is currently in the act and will continue, which says:

An entrusted person...may disclose protected information if...the entrusted person reasonably believes that the disclosure is necessary to prevent or lessen a serious threat to the life or health of an individual...[87]

2.83      In response to concerns from medical groups about the sharing of patient information with colleagues for the purpose of seeking opinions, DIBP advised the committee that medical information could be legally shared with the consent of the person of the person it relates to, and that that consent would be valid for 12 months.[88]

Committee view

2.84      The committee understands that the bill's provisions would update the secrecy and disclosure provisions of the ABF Act regarding information collected and generated by the DIBP. This would facilitate the work of the department, to meet the challenges of an operational environment that is complex and continuously evolving.

2.85      The Explanatory Memorandum notes that:

Information obtained by the Department may be collected from individuals, industry, other sectors of government or foreign partners. The Department also generates substantial amounts of information internally. Information is a valuable asset and as its custodian, the Department must ensure that the information is only used and disclosed for legitimate purposes.[89]

2.86      The committee notes that submitters were generally positive about the intent of the bill, and the contribution it would make to improving the secrecy and disclosure provisions of the ABF Act.

2.87      The committee also notes that some submitters expressed concerns about the provisions which would allow the Secretary of DIBP to prescribe new categories of IBP information by legislative instrument.

2.88      The committee shares some of these concerns about the appropriateness of a senior public servant making legislative instruments, and so sought further information from the department.

2.89      The committee notes that the examples of similar powers provided on notice seem to have regard to the prohibition of specific substances or behaviours, rather than the very broad and subjective issue of certain types of information that can be protected by the secrecy and disclosure provisions of the ABF Act. Given this, it appears to the committee that this responsibility should rest not with the Departmental Secretary, but with the Minister.

2.90      Nevertheless, the committee does note that any such instrument would likely be made following advice to the Minister from the Secretary of DIBP, should the bill pass in its current form.

2.91      Despite these concerns, on balance, the committee considers that the bill would bring about an improvement in the secrecy and disclosure provisions of the ABF Act, and thereby assist the department carry out its functions more efficiently and effectively.

Recommendation 1

2.92      The committee recommends that Schedule 1, Item 5 of the bill, proposing a new subsection 4(7), be amended to replace the word 'Secretary' with 'Minister'.

Recommendation 2

2.93      The committee recommends that the bill be passed.

Senator the Hon Ian Macdonald
Chair

Navigation: Previous Page | Contents | Next Page