Human Services (Enhanced Service Delivery) Bill 2007

Date introduced:  7 February 2007

House:  House of Representatives

Portfolio:  Human Services

Commencement:  The Bill’s formal provisions commence on Royal Assent. The substantive provisions commence on a date to be fixed by proclamation or, at most, 18 months after the Act receives Royal Assent.⁽¹⁾

Purpose

The Bill proposes the first stage of the legislative framework for the Health and Social Services Access Card (‘the access card’). The stated purpose of the access card is to facilitate and streamline the provision of Commonwealth benefits to members of the public by participating Government agencies.

Background

Basis of policy commitment

On 26 April 2006, the Prime Minister announced the Government’s intention to proceed in principle with a new access card for health and welfare services.

The Prime Minister’s announcement indicated that the access card would replace 17 health and social services cards and vouchers across the Human Services portfolio. The card will need to be applied for and produced to access government social services such as Medicare benefits and Centrelink payments. The card is to be phased in over a two year registration period beginning in 2008. From early 2010, people will only be able to obtain government health and social service benefits if they have an access card.

In the same media release issued on 26 April 2006, the Prime Minister ruled out any intention of introducing a compulsory national ID card. This had been considered after the terrorist bombings in London in 2005. For further information on the debate surrounding the introduction of a national ID card, a history of the 1987 Australia Card debate, and overseas developments, the reader is referred to the Parliamentary Library’s electronic brief: Identity Cards and the Access Card.

The Prime Minister’s media release also indicated that the access card will have a mixture of compulsory and voluntary cardholder information on it. Compulsory information will include: the cardholder’s name, a digital photograph, their signature and card number. A microchip in the card⁽³⁾ will store a photo, address, date of birth and details of any children or other dependants. The card will also provide cardholders with the option to voluntarily store other information such as emergency contact details, allergies, health alerts, chronic illnesses, immunisation information and organ donor status.⁽⁴⁾

Australia Card

The Australia Card proposal of the 1980s was a Labor Government initiative, its main purpose being to prevent losses to revenue through the taxation system and through the payment of Commonwealth benefits. Under the scheme, all Australian citizens and foreign nationals in prescribed categories would have been required to register for and obtain a card. The card would need to have been produced only for taxation, social welfare and Medicare purposes, and would have been administered by the Health Insurance Commission using its network of Medicare offices. The card was to carry a unique number and the cardholder’s name, address, signature and photograph.

The legislation for the proposal had a rocky history and was the trigger for a double dissolution election in 1987. It was finally laid aside on 8 October 1987 because of a legal technicality. In both 1986 and 1987, it was the combined strength of the Democrats, Liberals and Nationals in the Senate which defeated the proposal. More detailed information about the Australia Card is available in the Parliamentary Library’s electronic brief: Identity Cards and the Access Card.

Outline of the Bill

The Bill is only the first part of the legislation required for introduction of the access card. The Bill:

Matters not dealt with in the Bill

In an unusual move, the Explanatory Memorandum sets out the matters not dealt with in the Bill.⁽⁵⁾

Significantly, the Bill does not address administrative review issues or privacy issues.  The Bill is generally silent on amending or correcting details entered on the Register and on the card.

Other important matters not dealt with include:

The Explanatory Memorandum states that these issues will be dealt with in subsequent legislation.

Consumer and Privacy Taskforce

On 24 May 2006, the Minister for Human Services announced the establishment of a Consumer and Privacy Taskforce which would provide consultation on consumer and privacy aspects of the access card. The Taskforce consists of Professor Allan Fels (Chair), Professor Chris Puplick (former NSW Privacy Commissioner and former NSW Liberal Senator),⁽⁶⁾ and Mr John Wood (former Deputy Commonwealth Ombudsman and Director of the Bureau of Consumer Affairs).

The Taskforce’s first report dealt with issues and made recommendations in relation to architecture questions of the access card. It recommended that a comprehensive legislative framework be developed to accompany the access card scheme.⁽⁷⁾ The Taskforce made 26 recommendations of which the Government accepted 22. Significantly, the Taskforce recommended against putting a digitised signature on the smartcard, and also against displaying the cardholder’s number on the card.⁽⁸⁾ The Government did not accept these two recommendations.⁽⁹⁾

The Taskforce is yet to report on important issues surrounding the access card— particularly the registration process, the appeals process and the voluntary health and medical information that may be included on the card. It has also been tasked by the Government to produce a further privacy impact statement.⁽¹⁰⁾

Consumer and Privacy Taskforce discussion paper no. 2—Voluntary information on the card owner’s area of the access card

The Bill provides that part of the chip of the access card will be available for individual cardholders to use at their own discretion. However, it is of some significance that the Bill does not include any detail on the card owner’s area of the chip— the rationale being that this will be dealt with in subsequent Bills. Arguably the Bill’s implications cannot be fully understood until the card owner’s part of the card is clarified.

On 21 February 2007, the Consumer and Privacy Taskforce issued a discussion paper on this issue, entitled Voluntary Medical and Emergency Information. The discussion paper states that the decision about what specific health and emergency data might be listed in the card is a considerably more complex matter than might have been anticipated and raises both medical and legal issues. The discussion paper states:

Because of this responsibility to third parties, the Taskforce recommends that no voluntary medical data should be entered onto any part of the card without proper verification or authorisation by a medical practitioner.⁽¹²⁾

The Taskforce also recommends that for privacy reasons there should not be an open ended approach to the content of the card and called on the Government to reiterate that the card was not an electronic health record.⁽¹³⁾

The discussion paper warns of problems with putting sensitive personal information effectively in the public domain.

The paper recommends that emergency health information be kept to a minimum and the extent of this information would be worked out by an expert body. The Taskforce suggested it be limited to conditions such as epilepsy, asthma, diabetes and haemophilia, potentially dangerous drug reactions and allergies such as to penicillin, and drugs being taken by the patient.⁽¹⁵⁾

Senate Finance and Public Administration Standing Committee Inquiry

The Bill has been referred to the Senate Finance and Public Administration Standing Committee for inquiry and report by 15 March 2007 (‘the Senate inquiry’). The Digest draws on submissions to the inquiry. Many of the submissions express significant concerns about the Bill.

Position of significant interest groups/press commentary

Australian Medical Association

The AMA, in its submission to the Senate inquiry, notes there are a number of key areas of concern in the Bill, two of which are the age eligibility (clause 22) and the potential for function creep.  The submission states:

In relation to function creep, the AMA submission states that this is always one of the major dangers around the development of e-health initiatives. The submission goes on:

The submission also points to the broad discretion powers given to the Minister and Secretary, but states that in the AMA’s view a clearly stated purpose for the Access Card Number would address many of the concerns around these discretionary powers.⁽¹⁸⁾

In response to the AMA's concerns the Government issued a press release which included guidelines which would allow the automatic issuing of cards to youths above 15 and, with parental or other support, to those under 15.  The Government made this commitment:  ‘[t]he guidelines setting out that policy for people under 18 are attached and will not change.’⁽¹⁹⁾  However the AMA has expressed scepticism as to the reasons for the modifications being included in the guidelines, which can be changed without parliamentary oversight, rather than enshrined in the legislation itself.⁽²⁰⁾

Federal Privacy Commissioner

The Office of the Federal Privacy Commissioner believes it is important that legislative measures for the access card do not pre-empt the finalisation of important design and policy considerations.  In the Office’s view, decisions on those considerations should be open to public scrutiny and settled, before enabling legislation is enacted. If not, there is a risk that privacy enhancing design and policy options could be prematurely excluded, to the overall detriment of the initiative and community support of the system.⁽²¹⁾

In particular, the Office notes the importance of ensuring that the Bill does not establish a legislative framework, whether intentionally or otherwise, that relies on or assumes the existence of a unique personal identifier (UPI) for each card holder, such as a number, that is then held and shared by various agencies or organisations. The Office argues that this risk is possible in relation to the requirement to include a participating agency ‘flag’ on the Register.⁽²²⁾ For further discussion the reader is referred to the Main Provisions section of the Digest.

Victorian Privacy Commissioner

The Office of the Victorian Privacy Commissioner, in its submission to the Senate inquiry, has stated that the proposed scheme raises significant privacy and security issues. It recommends that the legislation should not be passed until the Consumer and Privacy Taskforce has produced all its reports and all proposed legislation underpinning the scheme is introduced. The submission concludes:

Australian Privacy Foundation

The Australian Privacy Foundation, in its submission on the Exposure Draft of the Bill, stated that the process adopted by the Government is not an acceptable approach to the development of a proposal which has such extraordinarily grave implications for Australian society and democracy. The submission stated:

Cyberspace Law and Policy Centre

Professor Graham Greenleaf, of the Cyberspace Law and Policy Centre, in a recent paper, Quacking like a duck, provides a comparison of the proposed access card and the Australia Card proposal of 1987 and concludes that the privacy dangers are greater with the access card than with the Australia Card.⁽²⁶⁾ From his analysis and comparisons, Professor Greenleaf states:

Professor Greenleaf concludes that the Bill has the capacity for function creep built into all aspects of the system because too much is put beyond Parliamentary control. He believes the Bill lacks meaningful protections against such expansion and that it will lead to a national ID system.

Public Interest Advocacy Centre⁽²⁸⁾

The Public Interest Advocacy Centre’s stated position is that it is not at all clear that the introduction of the access card is in the public interest. PIAC is concerned by, amongst other things, that:

NSW Council for Civil Liberties (NSWCCL)

The NSWCCL does not oppose the introduction of a replacement to the Medicare card and other cards used to access government services.  However the NSWCCL opposes the Bill in its present form primarily because at the very least it puts in place the critical pieces of infrastructure for the introduction of an ID card. Once the access card is in place, it will be a small step for future government to turn it into an ID card.

NSWCCL states that the access card will be readily capable of use as an identity card because it will carry on its face 5 pieces of identity information. However NSWCCL argues that this objectionable aspect of the Card could be easily remedied. It states:

NSWCCL also recommends that the amount of data stored in the register should be reduced and there should be special sanctions for unlawful access to the register.

ALP/Australian Democrat/Greens/Family First policy position/commitments

ALP

In contrast to the Australia Card debate, neither the Government nor the Opposition has a fundamental objection to the proposed card. The ALP is concerned at cost inefficiencies and the perceived inadequacies of this particular proposal rather than objecting to the concept of the card.

Tanya Plibersek MP, Shadow Minister for Work and Family, has expressed concern that the process for development of the access card has been haphazard and irregular leaving taxpayers to foot any bill arising. After recent Estimates Hearings, Tanya Plibersek issued a press release stating:⁽³¹⁾

Ms Plibersek, in her press release, also stated that Senate Estimates earlier in that week had revealed that:

Ms Plebersik concluded:

Greens

Senator Kerry Nettle has indicated the Greens’ opposition to the card, taking an in principle objection to the very concept of such a card:

Australian Democrats

Similarly, the Australian Democrats have taken an in principle stand against the concept of the card. Privacy Spokesperson, Senator Natasha Stott Despoja has said the Democrats strongly oppose the access card and have long been concerned it will become a national ID card by stealth.

More recently, Senator Stott Despoja has also expressed concerns about the privacy implications of the storing of medical information on the cardholder’s space on the card.

Financial implications

The Explanatory Memorandum states the cost of establishing the access card system is estimated to be $1.09 billion over four years. A KPMG Report, commissioned by the Government found that fraud savings could range from at least $1.6 billion to $3 billion over a ten year period.⁽³⁶⁾  There has, however been criticism that the KPMG public release document gives no insight into how these savings could be made.⁽³⁷⁾

Main provisions

Part 1—Introduction

Objects and purposes of the Act

Clauses 6 and 7 set out the proposed objects and purposes of the Act.

Subclause 6(2) expressly states that it is an object of the Act that access cards are not to be used as, and do not become, national identity cards,

The objects of the Act are:

The Office of the Victorian Privacy Commissioner, in its submission to the Senate inquiry, questions whether, on the information available, some of these objects will be achieved. For example, it questions whether the scheme will in fact ‘reduce the complexity of accessing Commonwealth benefits’ or make it ‘more convenient and user-friendly’ for the majority of the population who only hold a Medicare card and receive health and pharmaceutical benefits. It argues that in fact the registration and application for the card processes are far more onerous than the present scheme. The submission goes on:

The submission calls for further explanation in the Explanatory Memorandum on how these objects are to be achieved.

Professor Greenleaf, in his submission to the Senate inquiry, argues against including the  object of permitting access card owners to use their cards for other lawful purposes of their choosing. He states that this object will allow function creep, resulting in the card becoming an identity card.⁽⁴⁰⁾

Clause 7 provides that the purposes of the Act are to facilitate the provision of benefits, services, programs or facilities to members of the public by participating agencies.  Participating agencies are the Department of Human Services, the Department of Veterans Affairs, the CEO of Medicare Australia, the CEO of Centrelink, Australian Hearing Services, and Health Services Australia Limited (clause 5).

Ministerial policy statements

Clause 8 allows the Minister (i.e. the Minister for Human Services), in consultation with the DVA Minister (i.e. the Minister for Veterans Affairs), to issue a written policy statement in relation to the administration of the Act. These statements must be taken into account by the Secretaries in both the Department and DVA and their authorised delegates when exercising powers and performing functions under the Act. Policy statements must be tabled in both Houses of Parliament (subclause 8(3)) but are not legislative instruments (subclause 8(6)). In other words, they will be public documents, but will not be subject to possible disallowance by the Parliament. There is an argument that such important Ministerial statements, which could allow a change in policy in the administration of the access card, should be subject to the full scrutiny of the Parliament.⁽⁴¹⁾ The question as to whether these provisions infringe the criteria used by the Senate Scrutiny of Bills Committee (i.e. whether they ‘make rights, liberties or obligations unduly dependent upon insufficiently defined administrative powers’ or whether they ‘inappropriately delegate legislative powers; or insufficiently subject the exercise of legislative power to parliamentary scrutiny’) was not fully explored by the Committee, who nevertheless raised concerns about:

Application of the Act

Clauses 9 proposes that, although the Act binds the Crown, the Crown is not liable to be prosecuted for an offence. It has been noted that if Crown immunity protects Commonwealth agencies from being prosecuted for misusing the information on the Register or the access card, or requiring the card to be used as an identity card for purposes other than permitted by the Act, then the offence provisions provide limited assurance.⁽⁴³⁾

The Act extends to every external Territory, other than Norfolk Island. However, the offence provisions do extend to Norfolk Island (clause 10).

Part 2—Registration

In order to obtain an access card, a person must first be registered on the Register. To be eligible for registration, a person must be eligible or qualified for a Commonwealth benefit. (clause 12).

To register, a person, or someone acting on their behalf⁽⁴⁴⁾, may apply to the Secretary to be registered by:

The written application must be in the form approved by the Secretary and be accompanied by other specified information or documents that the Secretary determines is needed to be satisfied of identity, or is needed to obtain information that is required to be included on the Register (subclause 13(2)). The Office of the Federal Privacy Commissioner argues that determinations about proof of identity documents and information should be disallowable instruments.⁽⁴⁵⁾

The Explanatory Memorandum states that paragraph 13(1)(b) is intended to give the Secretary some discretion in providing alternate methods of applying for registration to deal with special or exceptional circumstances—for example for individuals who for a variety of reasons are not able to provide the usual documents required to process their application.⁽⁴⁶⁾ These clauses give the Secretary considerable powers to demand whatever documentation he or she feels is required to be satisfied of a person’s identity.

In approving an application for registration, the Secretary must consult with the Privacy Commissioner, and must take into account any comments made by the Commissioner. (subclause 12(3)). However, significantly, a failure to comply with this requirement does not affect the validity of the approval of the form.

Subclause 13(4) provides that the Secretary may request specified additional information or a specified additional document that he or she determines is needed. Again, this is intended to provide the Secretary with flexibility in dealing with registration applications.

The Secretary must register an eligible person who has applied in accordance with clause 13, if satisfied of the identity of that person (clause 14). When making decisions regarding identity, the Secretary must take into account Ministerial identity guidelines in force under clause 66.⁽⁴⁷⁾ The Scrutiny of Bills Committee notes that this provision (along with others), is silent on any appeal mechanism in respect of a decision not to register an applicant. While the Explanatory Memorandum states that review mechanisms will be dealt with the second tranche of legislation, the Committee requests the Minister’s advice as to whether appeal rights could be included in this Bill.⁽⁴⁸⁾

Registration occurs when the Secretary enters on the Register, either the person’s legal or preferred name, and the date of effect of the registration (clause 15).

As stated above, registration may be done by an eligible person or someone acting on their behalf. It is of note that issues relating to dependants and carers are not dealt with in this Bill. The Explanatory Memorandum states that parents and other carers will be able to apply for an access card for their children and carers may apply on behalf of those they care for, provided dependants are otherwise eligible to apply.⁽⁴⁹⁾ It has been suggested that the Bill should not authorise applications to be made on another’s behalf without providing the necessary detail as to who is authorised, how that authority is established and verified and what protections are in place to prevent unauthorised registration or access cards from being issued.⁽⁵⁰⁾

The Register

Clause 16 proposes that the Secretary be responsible for establishing and maintaining the Register and keeping it in an appropriate form or manner. The responsibility of establishing the Register may not be delegated (subclause 70(2)).

Clause 17 sets out the information about registered persons that the Secretary must keep on the Register. It must include:

Many of these criteria may include additional information at the request of the person to be registered.

Other information is defined as either:

Arguably, this first dot point of ‘other information’ could give the Secretary considerable leeway in extending the information that could be stored on the Register. The question of what is reasonably necessary for the administration of the Register and the access card could easily be interpreted differently by different people. The Consumer and Privacy Taskforce has expressed serious concern about the potential for ‘function creep’ in this regard. It argues that determinations by the Secretary should be legislative instruments and disallowable by the Parliament. Alternatively, flexibility and accountability could be achieved by the use of the Regulation making power.⁽⁵¹⁾

Clause 18 provides exceptions, where the Secretary may not include information on the Register. Specifically, the Secretary must not include:

Clause 19 proposes that where a person owns an access card, certain information (such as medicare number or DVA file number) may be temporarily included on the Register until it is transferred to the Commonwealth’s area of the chip in the card.

Clause 20 clarifies that only the information set out in clauses 17 and 19 may be kept on the Register.

The Office of the Privacy Commissioner, in its submission to the Senate inquiry, notes that the guiding policy setting for the Register should be to collect the minimum amount of personal information. The Office therefore questions the need to include the following:

The Consumer and Privacy Taskforce is still to release a paper about the registration process.

Accessing the Register

The Bill does not include provisions dealing with accessing the Register. The Public Interest Advocacy Centre, in its submission to the Senate inquiry, states that one of the most important issues not addressed by the Bill is how the information collected will be used. It states:

Part 3—The access card

Name and form of the card

The access card, as defined in clause 5, is the card issued by the Secretary, and known as the Health and Social Services Access Card, or some other name as determined by the Minister. The Explanatory Memorandum states that it is expected that a final name of the card will be determined by the Minister for Human Services shortly.⁽⁵⁴⁾ Some submissions to the Senate inquiry have questioned this broad Ministerial power. Given the Government’s stated intention that there be no function creep, it has been asked why the Minister is given broad scope to change the name of the card at any time and without Parliamentary scrutiny.⁽⁵⁵⁾

Clause 27 provides further detail about the name and form of the card. The form is to be determined by the Minister. The Explanatory Memorandum states:

The Office of the Federal Privacy Commissioner recommends that the determination by the Minister on this issue could be strengthened by subjecting it to parliamentary scrutiny (for example as a disallowable instrument), independent review and/or public comment. Doing so could increase public confidence, transparency and accountability.⁽⁵⁷⁾

Under subclause 27(2) the Minister may also determine a symbol for the card. Ownership of the name and symbol will rest with the Commonwealth (clause 28).

Eligibility

A person is eligible for an access card if he or she:

The AMA has major concerns that the age at which a person automatically has a right to obtain an access card—as opposed to the option merely to apply for one and seek an exemption from the age criterion—has been set at 18 in the Bill. They see this as a change in existing policy related to independent access of young people to health care, and argue that the only way to ensure that young people continue to have right to obtain services that require the use of the card is to enshrine that right in the legislation itself.⁽⁵⁸⁾ Further information about the AMA’s view is provided at pp. 6–7 of the Digest.

Applying for an access card

It appears that this process essentially duplicates the process of applying for registration.

A person, or someone acting on their behalf,⁽⁵⁹⁾ may apply to the Secretary for an access card by:

The written application must be in the form approved by the Secretary and be accompanied by other specified information or documents⁽⁶⁰⁾ that the Secretary determines is needed to be satisfied of identity, or is needed to obtain information that is required to be included on the access card or the Register (subclause 23(2)).

In approving the form of an application for an access card, the Secretary must consult with the Privacy Commissioner, and must take into account any comments made by the Commissioner. (subclause 23(3)). However, significantly, the clause immediately goes on to stipulate that failure to comply with this requirement does not affect the validity of the approval of the form.

Subclause 23(4) provides that the Secretary may request specified additional information or specified additional documents that he or she determines is needed. The Explanatory Memorandum states this is to cover situations where the documents provided by an applicant are insufficient to reliably establish identity.

Again, when making decisions regarding identity in relation to access card applications, the Secretary must take into account identity guidelines in force under clause 66.⁽⁶¹⁾

If the Secretary is satisfied of an applicant’s identity, the Secretary must issue an access card to an eligible applicant where that person has applied in accordance with clause 23, attended an interview, provided a signature, and the applicant has satisfied any other requirements that are determined by Ministerial legislative instrument (clause 24). The Explanatory Memorandum states that although no additional requirements are contemplated, this provision is needed ‘to deal with unusual circumstances that may arise in the future’.⁽⁶²⁾ Whether it is preferable for Parliament to decide eligibility requirements or whether it should be done by the Minister through a legislative instrument is a question for the Parliament.⁽⁶³⁾ The Scrutiny of Bills Committee notes that this provision is silent on any appeal mechanism in respect of a decision not to issue an access card to an applicant and requests the Minister’s advice as to whether appeal rights could be included in this Bill.⁽⁶⁴⁾

An access card is in force from the date of issue for a period of up to 10 years or a shorter period specified by the Secretary (clause 26).

Information on the access card

The Bill proposes that there will be two parts to an access card, namely

Information on the surface of the card

Clause 30 sets out in table form the information that the Secretary must include on the surface of the access card. The following must be included unless certain exemptions apply:

Clause 32 clarifies that only the information set out in clause 30 may be kept on the surface of the access card.

It is of note that the Consumer and Privacy Taskforce recommended against putting a digitised signature on the card, and also against displaying the cardholder’s number on the card. In relation to the signature, the Taskforce argued that its inclusion seems to be of limited use and it increases the dangers of identity theft and fraud’. In relation to the number, the Taskforce stated:

There has also been an argument put by some that the photograph need not be included on the face of the card. If it were only on the chip, it could be read with the card reader that would be available to doctors, pharmacists, Centrelink officers and other people who actually need to use the card to verify someone’s identity.⁽⁶⁶⁾

Information on the chip of the card

Clause 33 proposes that the information on the chip of the card is to consist of two parts:

Information in the Commonwealth’s area of the chip

Subclause 34(1) provides that the Secretary must include only the following information in the Commonwealth’s area of the chip:

Other information is defined as either:

As discussed above under the Register provisions, there have been concerns that the Secretary’s power to include ‘other information’ is a very broad discretionary power.⁽⁶⁷⁾

Clause 35 proposes that the Secretary must not include particular information about a person who is part of the National Witness Protection Program, or where to do so would be inconsistent with a Commonwealth law.

Clause 36 clarifies that only the information set out in clause 34(1) may be kept on the Commonwealth’s area of the chip.

Information on the cardholder’s area of the chip

Part of the chip of the card will be available for individual cardholders to use at their own discretion. However, it is significant that the Bill does not include provisions dealing with this area of the chip. Arguably the Bill’s implications cannot be fully understood until this part of the card is dealt with.

The Consumer and Privacy Taskforce is currently considering this issue. In its recently released Discussion Paper the Taskforce states that decisions about what might be stored on this part of the chip are considerably more complex than might have been anticipated. Further discussion on the content of the cardholder’s part of the chip is provided at page 5 of the Digest.

Some submissions to the Senate inquiry suggest that if the purpose of the card is to facilitate access to health and social services, and not to become a national identity card, then there is no need to provide a cardholder area in the chip.⁽⁶⁸⁾

Ownership and use of the access card

Clause 35 proposes that each card holder owns his or her access card, however ownership is considerably restricted. It does not include the right to sell the card or transfer ownership (clause 39), nor the right of ownership of any intellectual property or information that is on the card that the card holder would not otherwise have. Ownership is further restricted by clauses 50–53 which criminalise any attempts by the cardholder to amend, destroy or sell his or her card.

The owner of an access card may use his or her card for any lawful purpose (clause 40). The Explanatory Memorandum states that individuals may use their card as a ‘convenient proof of identity document’, but that this does not convert the card into a national identity card.⁽⁶⁹⁾

Clause 42 provides that the owner of the card is not required to carry the access card at all times. The Explanatory Memorandum states that the purpose of this statement is to reinforce that the card is not a national ID card. The ALP proposed amendments to this clause are that the owner of the card is not required to carry the access card at any time, with the clarification that a person needs to present the card when accessing particular services.⁽⁷⁰⁾

Clause 41 provides that Commonwealth officers in participating agencies may only use another person’s access cards either for the purposes of the Act, or where the card holder gives consent for other purposes.

It has been suggested that if the purpose of the card is to facilitate access to health and social services, and not to become a national identity card, then there is no need to allow cardholders to ‘consent’ to organisations using the card as evidence of identity. The Victorian Privacy Commissioner recommends that the legislation should not permit and facilitate the card’s use as an identity card through the mechanism of consent and that these provisions should be removed from the Bill.⁽⁷¹⁾

Part 4—Offences

Clause 45 makes it an offence for a person to intentionally require a card holder to produce his or her card for identification purposes (other than in relation to the provision of Commonwealth benefits or to prove concession status). The maximum penalty for this offence is 5 years imprisonment and/or 500 penalty units (i.e. $55,000 for an individual or $275,000 for a corporation). Subclause 45(2) makes it an offence for a person to make a statement (whether orally, in writing or any other way) that a person could reasonably understand to mean that he or she is required to produce their access card for identification purposes. The maximum penalty for this offence is 2 years imprisonment and/or 120 penalty units.

Clause 46 is a similar offence provision, prohibiting a person from intentionally requiring a card holder to produce his or her access card for the supply of goods and services (subclause 46(3) defines the types of goods and services). The penalties are the same as those for clause 45.

The Office of the Victorian Privacy Commissioner states that the Bill is to be commended for providing deterrents to people requesting identity checks, but questions how effective these measures will be in practice. The submission to the Senate inquiry states:

Clauses 47–49 contain offences for:

Clauses 50–53 contain offences for:

Clause 54 empowers the Secretary to require persons to return access cards that:

It is an offence against this provision if the person has possession of the card and fails to return it as required by the Secretary. The maximum penalty is imprisonment for 2 years and/or 120 penalty units.

Clauses 55–56 provide that it is an offence for a person to:

The maximum penalty for these offences is 10 years imprisonment and/or 1,000 penalty units.

Clause 57 prohibits the copying and recording of the access card number, photograph or signature on the surface of an access card by anyone other than the owner of the card or delegates or authorised persons acting for the purposes of the Act. A maximum penalty of 2 years imprisonment and/or 120 penalty units applies.

Clauses 58–60 contain offences relating to applications for registration for an access card. It is an offence to make false or misleading statements, give false or misleading information, or produce false or misleading documents in relation to registration for an access card. The penalty for these offences is a maximum of 10 years imprisonment and/or 1,000 penalty units.

Clauses 61–62 deal with offences committed by Commonwealth officers or authorised persons under the Act. Clause 61 provides that it is an offence for a delegate to issue an access card knowing that the issue is contrary to the provisions of this Act. Clause 62 provides that it is an offence for a delegate or authorised officer to influence other delegates or authorised officers for some improper purpose. The penalty for these offences is a maximum of 10 years imprisonment and/or 1,000 penalty units.

Clause 63 provides that it is an offence for a person to use the access card name or symbol for any business use without the Minister’s approval. Prohibited business uses are set out in paragraphs 63(1)(a)–(e). The offence attracts a penalty of up to 30 penalty units.

Comments on the offence provisions

The Office of the Federal Privacy Commission has noted that Part 4 tends to focus on offences relating to access cards rather than the Register. For example, the offences do not appear to deal with unauthorised access to or interference with the register, either by Commonwealth officers or others. The Office believes such matters should be addressed in future legislation.

Another observation has been that the offences in relation to the access card are criminal and as such may be difficult to prosecute and prove.⁽⁷³⁾ Submissions to the Senate inquiry suggest that civil penalty provisions may provide individuals with an alternative means of redress, and minimise the unchecked misuse of access cards due to a lack of evidence or resources to pursue criminal charges.⁽⁷⁴⁾ 

Subclause 57(2) allows for the copying or recording the access card number, photograph or signature with the written consent of the owner of the access card. The Office of the Federal Privacy Commissioner notes that this provision is inconsistent with the terms and policy intent of National Privacy Principle 7.⁽⁷⁵⁾  While, generally, providing consumer control over their personal information is consistent with good privacy practice, the Office considers that a consent mechanism is unlikely to be appropriate for a government issued unique identifier that will be held by most of the adult population. An appropriate parallel may be the Tax File Number, for which no consent mechanism is available.

The Office’s concerns about providing this consent mechanism are due to the fact that the privacy risks of sharing unique identifiers are not always immediate. The risks accumulate as more organisations or agencies come to adopt the number, and as greater amounts of personal information become associated with that number. Accordingly, individuals may not always be aware of the potentially long term privacy risks when asked to consent to such handling, especially where they may be offered an immediate and tangible convenience.

The Office suggests that organisations should not be permitted to copy or record the Access Card number with the individual’s consent, unless it is in accordance with a requirement of other legislation.⁽⁷⁶⁾

Part  5—Miscellaneous

Exemptions and other determinations

Clause 65 proposes that the Minister, DVA Minister, Secretary or DVA Secretary may determine exemptions in relation to certain rules for obtaining an access card. Exemptions may be made in relation to rules about:

The Explanatory Memorandum explains that there may be occasions where these rules are unduly harsh or impractical— for example very frail or ill people should not be subject to having their photograph taken.

The Minister and the DVA Minister will be able to exempt individuals included in a class of individuals (subclauses 65(1) and 65(2)) while the Secretaries of each Department will only be able to exempt specific individuals (subclauses 65(3) and (4)). Exemptions need to be in writing and Ministerial exemptions in relation to classes will also need to be published. The Minister’s power to grant class exemptions may be delegated to the Secretary and the Secretary’s power to grant individual exemptions may be delegated to Commonwealth officers within participating agencies. 

Identity guidelines

Clause 66 requires the Minister to issue, by legislative instrument, identity guidelines for the purposes of specified provisions in the Bill. Any such guidelines in force will need to be taken into account by the Secretary and delegates when making decisions under those provisions.

DVA individuals

Clause 67 proposes that the DVA Minister may determine that specified individuals (or classes of individuals) be included in the definition of DVA individual. This is to cover situations where such individuals may be engaged in defence type activities but may not strictly be covered by the definition of DVA individual in clause 5.

Delegations and authorisations

Clauses 68–72 deal with delegations and authorisations. It is of note that the Senate Scrutiny of Bills Committee comments on the wide delegation powers given to the Minister and the Secretary in these provisions.⁽⁷⁷⁾

Clause 68 deals with the Minister’s powers to delegate. The Minister will be unable to delegate the power to issue policy directions in relation to the administration of the Bill (clause 8), the power to determine the name and symbol of the access card (clause 27) or the power to issue identity guidelines (clause 66).

Certain Ministerial powers may only be delegated to the Secretary, namely the powers to:

All other powers and functions of the Minister may be delegated to Commonwealth officers in participating agencies.

Clauses 69 and 71 relate to delegation by the DVA Minister and Secretary respectively. The DVA Minister will be able to delegate to the DVA Secretary the power to issue classes of exemptions under clause 65. The DVA Secretary will be able to delegate the power to issue individual exemptions under clause 65 to Commonwealth officers in participating agencies.

Under clause 70, all powers and functions of the Secretary under the Bill (apart from the power to establish the Register), may be delegated. Delegation may be to a Commonwealth officer in a participating agency or to the chief executive of an agency under the Financial Management and Accountability Act 1997 or a director or chief executive of a Commonwealth authority or company that is prescribed for the purposes of clause 70. The Explanatory Memorandum explains the reason for drafting in this manner is so that delegations to officers of other departments or agencies are done through their CEO or equivalent rather than directly by the Secretary of the Department.⁽⁷⁸⁾

Clause 72 allows the Secretary to authorise persons to exercise the powers of ‘authorised persons’ under the Bill. For example, clause 45 allows ‘authorised persons’ to require the access card for the purposes of the Bill. This clause will enable to the Secretary to delegate powers to persons outside of Commonwealth agencies, such as doctors and pharmacists who play a role in the provision of services which attract Commonwealth benefits.⁽⁷⁹⁾

Commonwealth acquisition of property

Clause 73 is a standard clause used to fulfil Constitutional obligations regarding Commonwealth acquisition of property. It provides for the payment by the Commonwealth of a ‘reasonable amount’ of compensation if the operation of the Bill would result in an acquisition of property otherwise than on just terms. If the Commonwealth and the person do not agree on the amount of the compensation, the person may institute proceedings in the Federal Court of Australia for the recovery from the Commonwealth of such reasonable amount of compensation as the court determines.

Regulations

Clause 74 is the standard regulation making provision enabling the Governor-General to make regulations to give effect to the Act..

Concluding comments

The development of the access card system is the first biometrics-enable database established for the majority of Australia’s adult population. It will contain a biometric photograph, digitised signature and a large amount of other personal information.

The Consumer and Privacy Taskforce and the Office of the Federal Privacy Commissioner have recommended that rigorous controls on unauthorised access and improper disclosure be put in place to safeguard these items wherever held, including on the Register, the chip and the card surface.

The Government has gone to great lengths to emphasise that the access card proposal is not a national ID card and indeed the Bill and its explanatory materials contain a number of statements and safeguards to this effect. The Minister has defended the Bill saying that any extended uses of the card would need to be achieved by further parliamentary amendment.

Despites these reassurances, the access card project so far has generated considerable debate amongst privacy, medical and civil liberties groups who have expressed strong concerns about the implications of the access card and its associated databases.

The overall project has been criticised for being haphazard, poorly planned and likely to result in cost blow out. Critics argue that the Bill as drafted has real potential for function creep with broad discretionary powers being given to the Secretary and the Minister, too much personal information being stored on the face of the card, and the voluntary part of the card raising complex medical, privacy and legal issues.

It is apparent that the tight timetable for the Bill has affected its actual content. Indeed, the Bill is as remarkable for what it omits as for what it contains and the Explanatory Memorandum, in unusual form, lists a number of significant issues including review mechanisms and privacy that are to be addressed in future legislation.

It could be argued that if the Government wishes this project to succeed it should be seeking to ensure that the debate does not develop into an Australia Card Mark II. Producing a staged legislative program which prevents scrutiny of the complete package might not help this process. An alternative view is that a staged approach may be a way of reducing debate on contentious issues and thus ensuring a smoother passage of the whole package.⁽⁸⁰⁾

Parliament may well ask whether it is feasible to make informed decisions about such a significant project that is going to affect the lives of most Australians when the Bill is silent on many of the key issues regarding privacy, security and card content.

Endnotes

1. The Scrutiny of Bills Committee raised concerns about the lengthy period that may elapse between assent and proclamation. See Alert Digest, 2/07, p. 26.
2. Prime Minister, ‘Government to proceed with access card’, Media Release, 26 April 2006.
3. Using microchips, smart cards allow more information to be stored on them than do current cards with magnetic strips. Smart cards have been developed over the past two decades and in 1995 the Commonwealth Privacy Commissioner issued an Information Paper on the privacy aspects of smart cards.
4. Prime Minister, ‘Government to proceed with access card’, Media Release, 26 April 2006.
5. Explanatory Memorandum, pp. 63–64.
6. It is notable that in 2005 Chris Puplick wrote a piece called ‘Trouble on the cards’—The Australian, July 18, 2005.  In this article he condemned the proposal for a smart card, saying: ‘Throughout [the] period [of the Australia Card debate], Howard and the Opposition were resolute in rejecting this measure. Every claim made for the benefits of the card was shown to be false, including those related to national security.
   Nothing in the past two decades has changed in that regard. The benefits of national ID cards are grossly overstated and their potential negative impacts on our freedom and way of life remain unacceptable.
   See further http://www.onlineopinion.com.au/view.asp?article=3686 (Accessed on 8 March 2007).
7. Recommendation 6.
8. The rationale for not including a signature was that it would be of limited use and would increase the dangers of identity theft and fraud. In relation to the number on the card, the Taskforce argued that by not displaying the number on the card, it would reduce the risks of fraud and of the card slowly developing into a ‘unique personal identifier’ number for the Australian population.
9. Government response:
   http://www.accesscard.gov.au/various/government_response_to_taskforce_report.pdf
   Accessed on 8 March 2007
10. An initial privacy impact statement was done in 2006. That statement was not released to the public– the stated reason being that it was based on a ‘previous model’ for a national identity card.
11. Consumer and Privacy Taskforce, Discussion paper no. 2: Voluntary medical and emergency information, February 2007, p. 4.
12. ibid., Recommendation 3.
13. ibid., Recommendation 5.
14. ibid., p. 14.
15. ibid., p. 5.
16. Office of the Federal Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, p. 3.
17. ibid., p. 8.
18. ibid.
19. Minister for Human Services, Senator Ian Campbell, ‘Business as Usual for Teens’ Access to Smartcard,’ 27 February 2007,
    http://www.humanservices.gov.au/media/releases/070227_b.htm accessed on 8 March 2007.
20. Australian Medical Association, Media Release, ‘Access Card Looking Like ‘Sneaky Card,’’ 1 March 2007, http://www.ama.com.au/web.nsf/doc/WEEN-6YV6RX accessed on 8 March 2007.
21. Office of the Federal Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, p. 2.
22. ibid.
23. Victorian Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, pp. 1–2.
24. Australian Privacy Foundation, Submission on the Exposure Draft of December 2006, 12 January 2007, p. 1.
25. ibid., p. 5.
26. G. Greenleaf, Quacking like a duck: the national ID Card proposal (2006) compared with the Australia Card (1986-87). 2006. At:
    http://www.cyberlawcentre.org/privacy/id_card/OzCard_comparison.pdf
    Accessed on 8 March 2007
27. Graham Greenleaf, ‘Australia’s Proposed ID Card: Still Quacking Like a Duck’. Located at:
    http://papers.ssrn.com/sol3/papers.cfm?abstract_id=951358
    Accessed on 8 March 2007
28. PIAC is an independent, non-profit law and policy organization that identifies public interest issues and works co-operatively with other organisations to advocate for individuals and groups affected.
29. Public Interest Advocacy Centre, Submission to the Senate Finance and Public Administration Committee Inquiry, p. 2.
30. NSW Council for Civil Liberties, Submission to the Senate Finance and Public Administration Committee Inquiry, p. 8.
31. Tanya Plibersek, ‘Taxpayers exposed by access card’, Media release, 16 February 2007.
32. ibid.
33. Kerry Nettle, ‘Greens reject ID card’, Media release, 7 February 2007.
34. Senator Natasha Stott Despoja, ‘Access card: Fears confirmed’, Media release, 16 June 2006.
35. Senator Natasha Stott Despoja, ‘Privacy invasion [access] card’, Media release, 22 February 2006.
36. KPMG, Department of Human Services Health and Social Services Smart card Initiative, February 2006, p. 12.
37. Kelvin Thomson MP, ‘KPMG Smartcard Business Case’, Media release, 6 June 2006.
38. A Commonwealth benefit is defined in clause 5 as a benefit or service that is provided to an individual (whether under a Commonwealth law or otherwise) and is administered or delivered, wholly or partly, by a participating agency.
39. Victorian Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, pp. 5–6.
40. G. Greenleaf, Submission to the Senate Finance and Public Administration Committee Inquiry, p. 2.
41. For example the Victorian Privacy Commissioner makes this argument in its submission to the Senate inquiry at p. 6.
42. Scrutiny of Bills Committee, Alert Digest, 2/07.
43. ibid., p. 7.
44. See the discussion on pp. 14–15 of the Digest.
45. Office of the Federal Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, p. 7.
46. Explanatory Memorandum, p. 18.
47. Under clause 66, the Minister must, by legislative instrument, determine identity guidelines that the Secretary is to take account of.
48. Senate Scrutiny of Bills Committee, Alert Digest, 2/07, p. 29.
49. Explanatory Memorandum, p. 18.
50. Victorian Privacy Commission, Submission to the Senate inquiry, p. 7.
51. Consumer and Privacy Taskforce, Submission to the Department of Human Services, Human Services (Enhanced Service Delivery) Bill 2007’, p. 5.
52. An inappropriate name could be a name that is obscene or offensive, a name that could not be practicably be established by repute or usage, or is contrary to the public interest for some other reason (clause 5).
53. Office of the Federal Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, pp. 4–5.
54. Explanatory Memorandum, p. 7.
55. G. Greenleaf, Submission to the Department of Human Services, Human Services (Enhanced Service Delivery) Bill 2007, paragraph 10.
56. Explanatory Memorandum, p. 29.
57. Office of the Federal Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, p. 8.
58. AMA, Submission to the Department of Human Services, Human Services (Enhanced Service Delivery) Bill 2007’, p. 3.
59. See endnote 40.
60. The Explanatory Memorandum states that these will include documents such as birth certificates, passports, drivers’ licences and similar documents. In most cases all these documents will be provided at the same time as the person applies for registration (page 27).
61. Under clause 66, the Minister must by legislative instrument determine identity guidelines that the Secretary is to take account of.
62. Explanatory Memorandum, p. 29.
63. Victorian Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, pp. 14.
64. Senate Scrutiny of Bills Committee, Alert Digest, 2/07, p. 29.
65. Consumer and Privacy Taskforce, Media Release, ‘Access Card Consumer and Privacy Taskforce Recommends Safeguards,’ 8 November 2006,
    http://www.accesscard.gov.au/media/CPTF_access_card_consumer.html accessed 8 March 2007.
66. Tanya Plibersek, ‘Human Services (Enhanced Service Delivery) Bill 2007, Consideration in Detail’, Hansard, 28 February 2007, p. 4: and New South Wales Council for Civil Liberties, Submission to the Senate Finance and Public Administration Committee Inquiry, p. 3.
67. See above at p. 16 of the Digest.
68. Victorian Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, pp. 17–18.
69. Explanatory Memorandum, pp. 40–41.
70. Tanya Plibersek, ‘Human Services (Enhanced Service Delivery) Bill 2007, Consideration in Detail’, Hansard, 28 February 2007, p. 6.
71. Victorian Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, pp. 17–18.
72. ibid., p. 18.
73. This is due to the need to show ‘intent’ to the criminal standard of ‘beyond reasonable doubt’.
74. Office of the Federal Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, p. 11.
75. The requirements and protections of National Privacy Principle 7 are aimed at preventing organisations from adopting or disclosing Commonwealth issued identifiers.
76. Office of the Federal Privacy Commissioner, Submission to the Senate Finance and Public Administration Committee Inquiry, p. 13.
77. Senate Scrutiny of Bills Committee, Alert Digest, p. 28.
78. Explanatory Memorandum, pp. 60–61.
79. ibid., p. 61.
80. In a recent article ‘Fix-it later legislation no way to govern’ (Australian Financial Review, 28 December 2007, p. 8) George Williams and Andrew Lynch document their concerns over a growing trend in the Government’s legislative approach.  They discuss two other Bills which were only passed with a commitment from the Government to hold future enquiries into the legislation that was being passed. They comment this is a ‘bizarre form of law-making – pass a flawed bill and fix it later.’