Chapter 1Introduction and key issues

1.1On 7 September 2023, the Senate referred the provisions of the Statutory Declarations Amendment Bill 2023 (the bill) to the Legal and Constitutional Affairs Legislation Committee (the committee) for inquiry and report by 18October 2023.[1]

1.2The referral followed a recommendation of the Senate Standing Committee for the Selection of Bills. Appendix 3 to that committee's report suggested that the bill relates to a complex issue that requires 'wide ranging consultation' and that stakeholders should be provided 'an opportunity to speak to the measures in the Bill'.[2]

Conduct of the inquiry

1.3In accordance with its usual practice, the committee advertised the inquiry on its website and wrote to relevant organisations and individuals inviting submissions by 22 September 2023.

1.4The committee received seven submissions, which are listed at Appendix 1 and are available on the committee's website.

1.5The committee agreed to conduct the inquiry on the papers with reference to the bill, information contained in the Explanatory Memorandum (EM), and the submissions.

Note on terminology

1.6There is different legislation for Commonwealth, state, and territory statutory declarations.[3] In this report, the term 'statutory declaration' refers to Commonwealth statutory declarations.

Purpose of the bill

1.7The bill would amend the Statutory Declarations Act 1959 (SD Act) to modernise the execution of statutory declarations.

1.8The EM explained that the bill would:

…enable a statutory declaration to be validly made in one of three ways:

(a)traditional paper-based, requiring wet-ink signatures and in person witnessing

(b)electronically, through the application of an electronic signature and witnessing via an audio-visual communication link, and

(c)digitally verified, through the use of a prescribed online platform that verifies the identity of the declarant through a prescribed digital identity service provider.[4]

Background

1.9A statutory declaration is a written statement that 'provides a mechanism for the declarant to vouch for the veracity of its contents, where it would be difficult to prove in another way'.[5]

1.10To execute a statutory declaration, three elements are currently required to be satisfied: the use of the prescribed form, the signing of the declaration by the declarant, and the witnessing of the declarant's signature by a prescribed person.[6]

1.11It is a criminal offence to intentionally make a false statement in a statutory declaration.[7]

1.12In 2021, the Deregulation Taskforce in the Department of the Prime Minister and Cabinet (Deregulation Taskforce) consulted on the modernisation of document execution.[8]

1.13Through that consultation process, the Deregulation Taskforce:

…found that [small and medium enterprises] and consumers spend around 9 million hours per year printing and collecting statutory declarations, and more than 6 million hours per year printing, signing and witnessing deeds. It was estimated that saving time through enabling electronic execution of these documents could result in over $400 million of savings for people per year.[9]

1.14On 14 December 2021, the then Attorney-General, Senator the Hon Michaelia Cash, made a determination to modify the SD Act to temporarily allow for statutory declarations to be signed and witnessed electronically.[10]

1.15The provisions of that determination will cease to operate after 31December2023.[11]

1.16On 6 July 2023, the Attorney-General's Department (AGD) opened a public consultation process on proposed reforms to the execution of statutory declarations. That consultation process closed on 28 July 2023.[12]

1.17Stakeholders in the consultation process generally supported the retention of the paper‑based execution option and the electronic execution option that operated during the COVID-19 pandemic.[13]

1.18They indicated that the new digital verification process would have the following benefits:

convenience and efficiency savings

potential cost savings, particularly for individuals and small businesses

accessibility gains, particularly for those in the community with restricted mobility, sensory issues, or individuals in remote areas or with limited access to witnesses

increased access to justice through broader accessibility, and

reducing the risk of invalid declarations (e.g. failure to comply with the formalities).[14]

1.19The Attorney-General, the Hon Mark Dreyfus KC MP, noted that the bill would not disadvantage people who prefer to execute statutory declarations using the traditional, paper-based method. He stated that the bill would not disadvantage those with limited 'access to technological devices or internet connectivity, or those who simply prefer not to engage with the electronic or digital execution options'.[15]

1.20He also explained that while there is support for the retention of the paper-based execution method, there is also an expectation that the government will offer digital options for existing systems and processes:

Following the successful pivot to digital processes in response to the COVID-19 pandemic, the Australian community, and businesses in particular, expect government to offer innovative digital solutions and pathways that modernise old systems and established processes.[16]

1.21That expectation was similarly reflected in the EM, which pointed out that there is community support for more choice in the execution of statutory declarations:

The experiences over the pandemic and the feedback received from the community on the temporary measures has shown that there are particular advantages to modernising the execution requirements for statutory declarations, and in providing the community with choice in relation to their execution.[17]

1.22The Attorney-General stated that statutory declarations were successfully and reliably executed electronically during the COVID-19 pandemic. The success of that model demonstrated that neither 'the solemnity or the integrity of the Commonwealth statutory declarations framework' was compromised by electronic execution.[18]

1.23He further stated that the electronic execution methods outlined in the bill would result in productivity gains:

…for individuals, businesses and government service delivery. It is estimated there will be over $156 million per annum in time and cost savings across the economy as a result of these reforms.[19]

1.24He indicated that the modernisation of the execution of statutory declarations would make the process 'less cumbersome and reflects the way that Australians want to engage and communicate digitally'.[20]

1.25The Attorney-General explained that the introduction of a digital verification method for the execution of statutory declarations is a response to feedback from:

…business and community stakeholders [who] have consistently told government that they want use technology, such as digital identity frameworks, to engage with legal documents like statutory declarations in new ways.[21]

1.26The modernised execution methods contained in the bill would 'benefit those who face barriers engaging with paper based processes, such as those in rural, remote or regional parts of Australia, and those Australians experiencing low mobility or sensory concerns'.[22]

1.27In conclusion, the Attorney-General pointed out that the bill 'is an important milestone in driving the digitisation of government services. It will deliver a world-class, simple and secure public service for all Australians'.[23]

Key provisions of the bill

1.28The bill would allow a person to execute a statutory declaration by signing a physical copy of the statutory declaration or an electronic form of the declaration by electronic means.[24]

1.29The electronic means must identify the person and indicate their 'intention in respect of the information recorded in the declaration'.[25]

1.30To be valid, the declarant must sign the statutory declaration while being observed by a prescribed person.[26] The declaration is also required to be 'in the approved form'.[27] The minister may approve, in writing, one or more forms for the purposes of making a statutory declaration.[28]

1.31A prescribed person may observe the signing of a statutory declaration either in person or by video link.[29] In either case, the prescribed person must also sign the statutory declaration.[30] The prescribed person may sign a true copy of the statutory declaration if they have observed the declarant sign it via video link.[31]

1.32The EM explained that the witness must observe the declarant sign the statutory declaration contemporaneously.[32] The statutory declaration would not be valid if the declarant signed the declaration on one day and the prescribed person signed it on another day. It would also not be sufficient for the prescribed person 'to see the form and observe a signature appearing on the form' via the declarant sharing their computer screen. For the statutory declaration to be valid, the prescribed person:

…is required to directly observe the declarant sign the declaration. This may require the declarant to adjust the angel [sic] of their camera on the device from which the audio-visual link is being operated in order to allow the witness to see the declarant, their actions and the document. This is a key mitigation against fraud.[33]

1.33It is also intended that the declarant and the prescribed person 'include their telephone number or email address on the statutory declaration…as a fraud control measure'.[34] Contact details would also assist the entity receiving the statutory declaration to make any necessary enquiries into how it was signed.[35]

1.34In addition to the two methods outlined in paragraph 1.28, the bill would allow the execution of a statutory declaration through a 'digital verification' process.[36] That process requires the use of 'an approved online platform' to digitally verify a declarant's identity.[37] The EM explained that the digital verification method of execution would not need to be witnessed by a prescribed person:

Instead, the digital option would establish a number of requirements that would fulfil the underlying purposes of witnessing, including verification of identity, evidence of execution, and to confirm the declarant intends to be bound by their statement.[38]

1.35The statutory declaration must include information about the identity of the declarant obtained from an 'approved online platform'.[39]The declarant is also required to have their identity verified by 'an approved identity service…and in accordance with the conditions prescribed by the regulations'.[40] This verification is intended as a:

…safeguard against fraudulent execution. The regulations will prescribe that encrypted information be applied to the statutory declaration to allow someone to verify that the document was created on the platform. This information could be used to verify the authenticity of the statutory declaration should a dispute arise.[41]

1.36The AGD explained that the information provided by the approved online provider:

…would not be information of a personal nature, and would confirm that a declaration was made at a particular date and time and on which approved online platform. The information would be visible on the PDF that the declarant receives when they complete their declaration…and also visible on a print out of the PDF.[42]

1.37It further explained that the approved online provider may be required to:

…include encrypted information that would only be visible on the original PDF declaration. This would provide an additional level of verification of the information in the declaration, and would verify that the declaration was, in fact, made on the approved online platform.[43]

1.38The providers of online platforms and identity verification services would be prescribed through regulations.[44] Before those regulations are made, the minister must be satisfied that those providers will comply with the Privacy Act1988 and any relevant state or territory law.[45] The minister must also be satisfied that they have effective security and fraud control arrangements.[46]

1.39Providers of approved online platforms are not permitted to 'retain any copy of a statutory declaration that is made using the online platform'.[47] If the online platform is found to have retained a copy of a statutory declaration, its approval may be revoked.[48]

1.40At the end of each financial year, providers of approved online platforms are required to provide the minister with an annual report for presentation to the Parliament.[49] That report must include information about:

'the number of statutory declarations made using the platform during the financial year'; and

the provider's compliance with the requirement to not retain copies of statutory declarations made on the platform; and

'whether there has been any actual eligible data breach (within the meaning of the Privacy Act 1988) during the financial year';[50] and

'any matter prescribed by the regulations'.[51]

1.41The EM explained that further safeguards would be prescribed through regulations.[52] For example, the regulations would:

…include a requirement for the digital identity service to be an accredited entity under the Trusted Digital Identity Framework (TDIF) and that both the online platform and identity provider operate within the Australian Government Digital ID System (AGDIS).[53]

1.42The EM further explained that TDIF accreditation:

…will ensure that entities must meet strict requirements for privacy protection, security, risk management and fraud control. The AGDIS has been designed to protect privacy and security so that the individual is able to control their personal information. Regulations will also require an online platform to hold appropriate accreditation to provide specific services within the AGDIS.[54]

1.43A review of the amendments would be required two years after the Statutory Declarations Amendment Act 2023 comes into effect.[55] That review would consider whether the amendments are effective and whether further amendments are necessary.[56]

Key issues

1.44Most submitters broadly supported the proposed amendments, which would provide an ongoing legislative basis for the electronic execution of statutory declarations.[57]

1.45The Australian Lawyers Alliance (ALA) argued that the bill would 'facilitate access to justice and more equitable access to legal processes'.[58] It also reported that the option to electronically execute statutory declarations during the COVID-19 pandemic 'has been helpful for legal practitioners, especially for practitioners who work from home and/or are themselves located in rural, regional or remote places'.[59]

1.46The Business Council of Australia (BCA) argued that the modernisation of statutory declarations 'is consistent with bringing government frameworks into the digital age and allowing businesses and individuals to use the option that best suits them, in turn improving their productivity'.[60]

1.47The Australian Banking Association (ABA) similarly highlighted the reduction in time delays associated with the electronic execution of statutory declarations. It noted that the Commonwealth Bank of Australia has reported:

…that allowing acceptance of electronic signatures has allowed the bank to reduce processing times for business loans from 24 days to 6 days. Some transactions cannot be completed fully electronically where a deed (or in some cases a statutory declaration) is involved, and broadly similar time savings could result for these transactions if legislative reform makes expressly clear that these documents can be electronically created and executed.[61]

1.48Aware Super also welcomed the bill, as it would 'make statutory declarations simpler, faster to process and more accurate'.[62] It reported that, based on feedback and complaints from death benefit claimants, the requirement for statutory declarations to be physically signed 'create[s] additional stress and delays'.[63] Digital and electronic execution of statutory declarations would 'reduce the stress associated with the administration of a death benefit claim during a difficult time'.[64]

1.49The AGD noted that stakeholders involved in its consultation process indicated that the electronic execution of statutory declarations would 'save individuals and small businesses time and money'.[65] It also noted that those stakeholders reported that the temporary measures introduced during the COVID-19 pandemic had 'worked effectively…[and] should be retained'.[66]

1.50While they broadly endorsed the bill, some submitters suggested that there should be:

stakeholder consultation prior to the introduction of regulations;

safeguards in relation to the digital execution of statutory declarations, particularly regarding the role of the witness; and

measures to prevent fraud, protect privacy, and ensure data security.

Use of regulations

1.51The Law Council of Australia (Law Council) raised concerns about the bill's 'reliance on regulations'.[67] It noted that the following matters, for example, would be detailed in regulations:

who is a "prescribed person" in relation to witnesses;

[the] conditions for verifying identity;

what is an "approved online platform" and an "approved identity service"; and

matters that an approved online platform must include in an annual report.[68]

1.52The Law Council encouraged the government not to make these regulations until after it and other stakeholders have been consulted on their contents.[69]

1.53The ALA similarly suggested:

…that, given the importance of those regulations in defining who or what can be an approved online platform for this method of executing Commonwealth statutory declarations, direct stakeholder consultation on those regulations would be appropriate.[70]

1.54The AGD advised that with the provision of:

…a technology neutral framework in primary legislation with the technical detail prescribed by regulations, the Bill would provide a robust statutory declarations framework with sufficient flexibility to evolve with technological advancements.[71]

Stronger safeguards in relation to the digital execution of statutory declarations

1.55While it supported measures to modernise the execution of statutory declarations, the Law Council submitted that there must be 'appropriate safeguards, to forestall any unintended adverse consequences brought about by alternatives to in-person formalities'.[72]

1.56It suggested that 'witnessing is intended to protect against impersonation, duress and fraud'.[73] The digital execution of a statutory declaration 'arguably lacks the same (perceived) checks and balances associated with a statutory declaration that is witnessed by a person, either in person or via audio-visual link'.[74]

1.57The Law Council further explained that the role of a witness 'is to ensure the legal capacity of the party [signing the statutory declaration], and that they understand the solemnity of signing the document'.[75] The Law Council argued that the role of the digital identity service provider is not as extensive as it 'is concerned only with the verification of the declarant's identity'.[76]

1.58The Law Council suggested that the solemnity of the statutory declaration could be further retained by requiring 'some supplementary action…such as a short video recording of the declarant, stating their understanding of what they are signing, and why'.[77]

1.59The Law Council proposed that regulations could limit the categories of persons permitted to electronically witness a statutory declaration. Those witness would have 'the requisite training in electronic witnessing'.[78] It also suggested that there be some consideration of whether all statutory declarations should be allowed to be digitally executed or whether the process should be 'reserved for a select set of circumstances'.[79]

1.60The AGD argued that all methods of executing a statutory declaration are open to coercion, duress, and fraud.[80] It submitted that the provision of a witness 'does not necessarily guard against coercion — there is no legal requirement that a witness must be independent, and many forms of coercion are difficult to detect'.[81] It indicated that it would provide information about 'existing avenues for advice and redress about coercion'.[82]

1.61The AGD explained that the government may require approved online platforms to include information that demonstrates that statutory declarations have been executed in accordance with the act. It suggested that information could include 'the date and time of execution and confirmation that the declarant's identity has been verified as required'.[83]

Fraud prevention, privacy protection and data security measures

1.62The Law Council indicated that it is 'critical that measures are included to reduce opportunities for fraud and abuse in the utilisation of new methodologies' for executing statutory declarations.[84]

1.63It supported the requirement, set out in the EM, 'for the declarant and the witness to be required to include their telephone number or email address on the statutory declaration' to protect against fraud.[85]

1.64It also noted that it had received feedback from the Queensland Law Society that cautioned against that requirement as it 'may dissuade some prospective witnesses from witnessing a declaration, due to concerns that their personal information would subsequently be made available to third parties'.[86]

1.65The Law Council suggested that other identifying information, such as the 'witness's official Law Society number, or Justice of the Peace number' could be provided instead of other personal information as a fraud prevention measure.[87]

1.66The ALA raised concerns about the auditing of providers of approved online platforms and the data security of those platforms.[88]

1.67It argued that 'it is inadequate that the provider of an approved online platform is only required to self-audit once a year'.[89] The ALA further stated that if the provider has retained any information related to statutory declarations or if there has been a breach of the provider's data security:

…it could be months or even over a year before that is discovered and reported, and even longer for the situation to be remedied. That poses risks for declarants and the exposure of their private information.[90]

1.68The ALA recommended that providers of approved online platforms 'be required to audit their records and operations quarterly and to update the Federal Government accordingly'.[91]

1.69The ALA referred to recent security concerns raised through the AGDIS and online platforms such as myGov 'after highly-publicised cyber attacks and data breaches revealed systemic vulnerabilities in privacy protection and data security'.[92]

1.70It noted:

In February 2023, the Office of the Australian Information Commissioner made recommendations as to how Services Australia must improve its privacy policy, privacy management plan, and data breach response plan in relation to Services Australia's handling of personal information as part of the Identity Exchange for the AGDIS.[93]

1.71The ALA recommended 'that privacy protections and data security measures are improved within the AGDIS and through platforms like myGov'.[94]

1.72The AGD noted that '[t]he Bill contains safeguards for fraud detection and prevention'.[95] It stated that the minister could 'incorporate a further layer of protection' into the digital verification process.[96] It explained that the minister could use regulations to require:

…an approved online platform to be a Participating Relying Party in the [AGDIS]. Participating Relying Parties must meet obligations including reporting on identified dishonest activity and responding to disclosures as a result of Identity Providers identifying fraud in their space.[97]

1.73The AGD also explained that the minister may use regulations to require:

…an approved identity service to be accredited under the [TDIF] to provide identity services within the AGDIS. TDIF accreditation requires services to meet the strict rules and standards relating to, for example, usability, accessibility, privacy protection, security, risk management, and fraud control.[98]

1.74It indicated that:

Currently, only Commonwealth entities can operate within the AGDIS (providing identity services, or as a Relying Party providing services to the public). myGov is the sole TDIF accredited identity service provider within the AGDIS. myGov is a Relying Party within the AGDIS.[99]

1.75The AGD also advised that an individual may lodge a complaint with the Office of the Australian Information Commissioner if they believe their personal information has been 'mishandled' through the digital execution of a statutory declaration.[100]

1.76The AGD guaranteed that entities may refuse to accept remotely witnessed or digitally executed statutory declarations if they have reason to believe they are fraudulent or have been created under duress or coercion. It indicated that in instances where there is reason to believe that a statutory declaration is fraudulent, or may have been executed under duress or through coercion '[t]he Australian Federal Police will remain the appropriate responder'.[101]

Committee view

1.77The Statutory Declarations Amendment Bill 2023 would provide a permanent legislative basis for the continuation of electronic execution of Commonwealth statutory declarations introduced during the COVID-19 pandemic. The bill would also introduce a new digital verification process for the execution of Commonwealth statutory declarations.

1.78The committee recognises that the electronic execution of statutory declarations operated effectively throughout the pandemic. It also recognises that there is widespread support for it to become a permanent method of executing statutory declarations.

1.79The committee agrees that the proposed modernisation of the methods to execute statutory declarations would introduce productivity benefits for businesses and individuals. It is also of the view that the methods of executing statutory declarations retain the solemnity and integrity of the document.

1.80The committee understands the rationale behind setting out matters in regulations. The use of regulations would ensure greater flexibility to allow for technological evolution. It is also convinced that the bill contains appropriate measures to guard against fraud, protect privacy, and preserve data security. However, the committee notes the submissions from both the Law Council (paragraph 1.52) and ALA (paragraph 1.53) that stakeholder consultation should occur as part of the process of preparing the regulations. Given the importance of the regulations, the committee strongly encourages AGD to consult with stakeholders as part of the process of developing the regulations.

1.81The committee recommends that the Senate pass the bill.

Senator Nita Green

Chair

Footnotes

[1]Journals of the Senate, No. 68—7 September 2023, pp. 1953–1957.

[2]Senate Standing Committee for the Selection of Bills, Report No. 10 of 2023, pp. 9–10.

[3]Mary Anne Neilsen, Statutory Declarations Amendment Bill 2023, Bills Digest No. 20, 2023–24, Parliamentary Library, Canberra, 2023, p. 3.

[4]Explanatory Memorandum (EM) to the bill, p. 2.

[5]Attorney-General's Department (AGD), Modernising Document Execution Consultation on proposed reform to the execution of Commonwealth statutory declarations, p. 2.

[6]Statutory Declarations Act 1959 (SD Act), s. 8. Note: the prescribed form is set out in Schedule 1 of the Statutory Declarations Regulations 2018. Prescribed persons are established in Regulation 7 and Schedule2 of the Statutory Declarations Regulations 2018.

[7]SD Act, s. 11.

[8]AGD, Modernising Document Execution: Consultation on proposed reform to the execution of Commonwealth statutory declarations, p. 2.

[9]Deregulation Taskforce, Department of the Prime Minister and Cabinet, Modernising Document Execution Roundtable Consultations, 22 October 2021, p. i.

[10]Schedule 1 of the Coronavirus Economic Response Package (Modifications—Statutory Declarations and Notices of Intention to Marry) Determination 2021.

[11]Subsection 1(7) of Schedule 5 of the Coronavirus Economic Response Package Omnibus (Measures No.2) Act 2020.

[12]AGD, Submission 5, p. 3.

[13]AGD, Submission 5, p. 3. Note: The Law Council of Australia (Law Council) also supported retaining the paper-based execution method, see: Law Council, Submission 7, p. 3.

[14]AGD, Submission 5, p. 3.

[15]The Hon Mark Dreyfus KC MP, Attorney-General, House of Representatives Proof Hansard, 7September2023, p. 5.

[16]The Hon Mark Dreyfus KC MP, Attorney-General, House of Representatives Proof Hansard, 7September2023, p. 4.

[17]EM, p. 2.

[18]The Hon Mark Dreyfus KC MP, Attorney-General, House of Representatives Proof Hansard, 7September 2023, pp. 4–5.

[19]The Hon Mark Dreyfus KC MP, Attorney-General, House of Representatives Proof Hansard, 12September 2023, p. 98.

[20]The Hon Mark Dreyfus KC MP, Attorney-General, House of Representatives Proof Hansard, 7September2023, p. 4.

[21]The Hon Mark Dreyfus KC MP, Attorney-General, House of Representatives Proof Hansard, 7September2023, p. 5.

[22]The Hon Mark Dreyfus KC MP, Attorney-General, House of Representatives Proof Hansard, 7September2023, p. 4.

[23]The Hon Mark Dreyfus KC MP, Attorney-General, House of Representatives Proof Hansard, 12September 2023, p. 98.

[24]Proposed subsection 7A(1) of the bill.

[25]Proposed paragraph 7A(2)(a) of the bill.

[26]Proposed section 8 of the bill.

[27]Proposed section 9 and proposed subparagraph 9A(1)(a)(i) of the bill.

[28]Proposed section 15 of the bill.

[29]Proposed section 9 of the bill. Note: video link is defined as 'facilities that enable audio and visual communication between persons in different places', see: Item 1 in Part 1 of Schedule 1 of the bill.

[30]Proposed section 9 of the bill.

[31]The true copy does not have to include the declarant's signature, see: proposed section 9 of the bill.

[32]EM, p. 13.

[33]EM, p. 13.

[34]EM, p. 14.

[35]EM, p. 14.

[36]Proposed section 8 of the bill.

[37]Proposed subparagraph 9A(1)(a)(ii) of the bill. Note: the EM provided myGov as an example of an approved online platform, see: EM, p. 3.

[38]EM, p. 3.

[39]Proposed paragraph 9A(1)(c) of the bill.

[40]Proposed paragraph 9A(1)(b) of the bill. Note: the EM provided myGovID as an example of an approved identity service, see, EM: p. 3.

[41]EM, p. 16.

[42]AGD, Submission 5, p. 6.

[43]AGD, Submission 5, p. 6.

[44]Proposed subsections 9A(2) and 9A(3) of the bill.

[45]Proposed paragraph 14(3)(a) of the bill.

[46]Proposed paragraph 14(3)(b) of the bill. Note: effective security arrangements relate to security governance, information security, personnel security, and physical security.

[47]Proposed subsection 9B(1) of the bill. Note: the EM noted that '[t]his prohibition is not intended to cover temporary storage of statutory declarations by an online platform that is incidental to the technical process of making the declaration' see: EM, p. 16.

[48]Proposed subsection 14(5) of the bill.

[49]Proposed subsection 9B(2) of the bill.

[50]The term 'eligible data breach' is defined in the Privacy Act 1988, ss. 26WE(2).

[51]Proposed subsection 9B(3) of the bill.

[52]EM, p. 4.

[53]EM, p. 4.

[54]EM, p. 4.

[55]Proposed subsection 16(1) of the bill.

[56]Proposed subsection 16(2) of the bill.

[57]See, for example, Governance Institute of Australia, Submission 1, pp. 1–2; Australian Banking Association (ABA), Submission 2, p. 1; Australian Lawyers Alliance (ALA), Submission 3, p. 5; Business Council of Australia (BCA), Submission 4, p. 1; Aware Super, Submission 6, p. 1; Law Council, Submission 7, pp. 1–2.

[58]ALA, Submission 3, p. 6.

[59]ALA, Submission 3, p. 6.

[60]BCA, Submission 4, p. 1.

[61]ABA, Submission 2, p. 3.

[62]Aware Super, Submission 6, p. 1.

[63]Aware Super, Submission 6, p. 1.

[64]Aware Super, Submission 6, p. 1.

[65]AGD, Submission 5, p. 3.

[66]AGD, Submission 5, p. 3.

[67]Law Council, Submission 7, p. 2.

[68]Law Council, Submission 7, p. 2.

[69]Law Council, Submission 7, p. 2.

[70]ALA, Submission 3, p. 8.

[71]AGD, Submission 5, p. 3.

[72]Law Council, Submission 7, p. 3.

[73]Law Council, Submission 7, p. 4.

[74]Law Council, Submission 7, p. 4.

[75]Law Council, Submission 7, p. 4.

[76]Law Council, Submission 7, p. 4.

[77]Law Council, Submission 7, p. 4.

[78]Law Council, Submission 7, p. 3.

[79]Law Council, Submission 7, p. 4.

[80]AGD, Submission 5, p. 5.

[81]AGD, Submission 5, p. 5.

[82]AGD, Submission 5, p. 5.

[83]AGD, Submission 5, p. 4.

[84]Law Council, Submission 7, p. 2.

[85]Law Council, Submission 7, p. 3.

[86]Law Council, Submission 7, p. 3.

[87]Law Council, Submission 7, p. 4.

[88]ALA, Submission 3, pp. 8–10.

[89]ALA, Submission 3, p. 8.

[90]ALA, Submission 3, p. 9.

[91]ALA, Submission 3, p. 9.

[92]ALA, Submission 3, p. 10.

[93]ALA, Submission 3, p. 10. Also see: Office of the Australian Information Commissioner, Handling personal information: Services Australia's role as the Identity Exchange, 16February 2023, www.oaic.gov.au/privacy/privacy-assessments-and-decisions/privacy-assessments/handling-personal-information-services-australias-role-as-the-identity-exchange(accessed22September 2023).

[94]ALA, Submission 3, p. 10.

[95]AGD, Submission 5, p. 4.

[96]AGD, Submission 5, p. 4.

[97]AGD, Submission 5, p. 4.

[98]AGD, Submission 5, p. 4.

[99]AGD, Submission 5, p. 5.

[100]AGD, Submission 5, p. 5. The AGD listed unauthorised access or disclosure of personal information or the loss of that information as examples of mishandling.

[101]AGD, Submission 5, p. 5.