List of recommendations

Recommendation 1

3.36

The Committee recommends that the Department of Home Affairs, in consultation with the Department of Defence and the Department of the Environment and Energy, review and develop measures to ensure that Australia has a continuous supply of fuel to meet its national security priorities. As part of developed measures, the Department should consider whether critical fuel assets should be subject to the Security of Critical Infrastructure Bill 2017.

The Committee considers that the Department should conclude this review within 6 months. The Department should brief the Committee on the outcomes of the review following its conclusion.

Recommendation 2

4.34

The Committee recommends that the Department of Home Affairs examine the viability of developing a common data entry portal for use across Commonwealth, state and territory databases that require information from the same reporting entities.

Recommendation 3

4.36

The Committee recommends that the Department of Home Affairs develop guidelines for entities subject to the Security of Critical Infrastructure Bill 2017. The guidelines should:

enable an entity to determine whether it is a reporting entity, and

provide the entity with an understanding of the specific information it is required to report.

These guidelines should be made available prior to the end of the three-month transition period.

Recommendation 4

4.39

The Committee recommends that the Security of Critical Infrastructure Bill 2017 be amended to more appropriately define direct interest holder in order to capture the intended full range of ownership arrangements.

Further, the Explanatory Memorandum and the Bill should clarify that:

moneylenders are not direct interest holders, where they hold an interest in a critical infrastructure asset through a financing arrangement, and

intermediate and ultimate holding entities are not direct interest holders.

Recommendation 5

4.71

The Committee recommends that the Department of Home Affairs include in guidelines to be developed for entities subject to the Security of Critical Infrastructure Bill 2017, information regarding:

the high-level criteria by which the Department will assess risk, and

the process and the engagement that entities should reasonably expect from the Department as part of a risk assessment.

Recommendation 6

4.74

The Committee recommends that the Explanatory Memorandum to the Security of Critical Infrastructure Bill 2017 be amended to list the factors that the Secretary must have regard to, when deciding whether to disclose protected information under sections 42 and 43 of the Bill. Factors should include:

whether the disclosure is consistent with the objects of the Bill, and

whether the purpose of the disclosure is proportionate to the sensitivity of the information being disclosed.

Recommendation 7

4.77

The Committee recommends that the Explanatory Memorandum to the Security of Critical Infrastructure Bill 2017 be amended to clarify that the Bill does not affect the operation of existing privacy obligations.

In particular, the Explanatory Memorandum should clarify that section 39 does not affect the operation of Australian Privacy Principle 11.2 and the Department of Home Affairs, as the administering agency, would need to destroy personal information if it was no longer necessary.

Recommendation 8

5.39

The Committee recommends that the Security of Critical Infrastructure Bill 2017 be amended to require the relevant Minister to provide, to the subject entity, notice of an adverse security assessment given in connection to the Bill and merits review rights.

The Committee considers that the Bill should be amended to align with requirements under section 38A of the Australian Security Intelligence Organisation Act 1979.

Recommendation 9

5.47

The Committee recommends that the Security of Critical Infrastructure Bill 2017 be amended to require the Parliamentary Joint Committee on Intelligence and Security to review the operation, effectiveness and implications of the reforms, commencing within three years of the Bill receiving Royal Assent.

The review should consider the appropriateness of a unified scheme to cover all critical infrastructure assets, including telecommunications assets.

The review should also consider circumstances that the Minister has used the private declaration power under section 51.

Recommendation 10

5.52

The Committee recommends that, subject to the above recommendations being accepted, the Security of Critical Infrastructure Bill 2017 be passed.

| Contents |