Chapter 3 - Key issues
3.1
The majority of submissions and witnesses expressed in-principle support
for the Bill and its objectives, insofar as the Bill establishes a centralised
and uniform regime for background checking for the ASIC and MSIC schemes.[1]
However, submissions and witnesses raised a number of concerns with respect to
the Bill, including:
- the breadth of the Bill's regulation-making power;
- privacy issues relating to personal information collected, used,
disclosed and stored by AusCheck;
- the Bill's lack of transparency, natural justice and independent
review mechanisms; and
- practical issues relating to implementation of the Bill.
3.2
This chapter examines the main issues and concerns raised in the course
of the committee's inquiry.
Breadth of regulation-making power
3.3
Many submissions and witnesses expressed concern about the broad
drafting of the Bill, particularly subclause 5(d) and paragraph 8(1)(c) which
allow for future expansion of the AusCheck scheme by regulation.[2]
Increasing tendency to expand primary
legislation by regulation
3.4
The Australian & International Pilots Association (AIPA) articulated
its concern about the 'increasingly apparent trend of utilising regulation
making powers to extend the scope and purpose of legislation'. In the context
of the Bill, the AIPA expressed the view that 'it is fundamentally
inappropriate for the scope of legislation to be expanded in this manner,
particularly in relation to an area as sensitive as background security
checking'.[3]
3.5
In its submission, the Australian Council of Trade Unions (ACTU) expressed
its general dissatisfaction at the 'apparent growth in the general use of
regulation making powers as a mechanism to extend the operation of Acts of
Parliament'[4]
and noted that the Bill 'continues th[is] growing trend'.[5]
The ACTU submitted further that:
The purpose of regulations should be to give effect to the
substantive legislation. To enable the scope of the legislation to be extended
through regulation is not, in our view, an appropriate use of the regulation
making powers.
Whilst it may be argued that regulations made pursuant to
legislation are subject to scrutiny, that process is a different process to the
level and detail of scrutiny of a Bill before the parliament. It is our view
that a Bill before the parliament provides greater opportunities for the public
to forensically examine, dissect and publicly debate the contents of a Bill.[6]
Setting parameters in regulations
3.6
Many submissions and witnesses commented on the Bill's lack of detail
with respect to the information which can be sought as part of a background
check (subclause 5(d)) and the purposes for which a background check may be
conducted (paragraph 8(1)(c) and clause 10).
3.7
For example, the NSW Council for Civil Liberties argued that, given the sensitive
nature of the information that is being handled by the AusCheck scheme, paragraph
8(1)(c) is too broad and that it is inappropriate that the purposes of the scheme
can be extended simply by regulation.[7]
3.8
The Law Council of Australia (Law Council) also argued that 'too much
important detail about the scheme has been deferred to the regulations'.[8]
At the public hearing, Ms Helen Donovan from the Law Council expanded on this
argument:
We appreciate that the bill is intended to be enabling
legislation which provides a framework only for the operation of AusCheck, but,
to the extent that the notion of a framework implies at least the setting of
some parameters, the Law Council believes the bill is less of a framework and
more of a jumping-off point. We expect that the bill would at least set some
limits on the purposes for which a background check may be required and
conducted and the type of information which may be gathered as part of such a
check. However, in both these respects, the bill sets no substantive limits.[9]
3.9
Ms Donovan continued in this vein:
The more general assurance that has been offered in response to
criticisms about the rudimentary nature of the bill, and the correspondingly
broad regulation-making power it provides for, is essentially that the relevant
details will be contained in other legislation—that is, in the legislation
which establishes the background-checking schemes which will simply be
administered by AusCheck. However, the bill does not limit AusCheck to
administering schemes provided for under other legislation. Clauses 5, 8 and 10
read together clearly envisage that a wide range of background-checking schemes
might be devised and implemented by way of AusCheck regulations alone—that is,
without the authorisation of any other primary legislation. Given the sensitive
nature and function of background checks, which can both be intrusive and
adversely impact on people's livelihoods, the Law Council believes this is
highly undesirable. Parliament should retain closer control over determining the
purposes for which background checks are necessary.[10]
3.10
The Office of the Privacy Commissioner (OPC) agreed, noting the
particularly broad scope of the phrase 'other purposes' (for which the AusCheck
scheme may be used) in paragraph 8(1)(c):
[OPC] acknowledges that the current Bill seeks to regulate the
purposes for which it will undertake background checks by requiring them to
either be enacted in other primary legislation or through regulations under
this Bill. However, [OPC] believes that in the interests of maximum public
confidence and legislative transparency potential future purposes of the
AusCheck scheme should be able to be undertaken only after primary legislation
has been enacted, either through amendments to the AusCheck legislation or
through other new or amended primary legislation.[11]
3.11
At the hearing, Mr Andrew Solomon from the OPC acknowledged that the
Bill puts in place some degree of legislative oversight; however, he noted that
'an ideal privacy outcome' would be for each of the purposes for which AusCheck
will undertake background checks to be enacted in primary legislation.[12]
3.12
The Law Council also pointed to the breadth of clause 10 of the Bill,
arguing that it goes further than paragraph 8(1)(c) by allowing for AusCheck
regulations to be promulgated which, in themselves, create new screening
regimes independent of any other legislation:
The Law Council believes that the Executive should not be given
such broad regulation making power, particular in this sensitive area. The Bill
should only enable AusCheck to administer background checking regimes already
authorised by Parliament in the context of other legislative schemes. This is
what has occurred with the ASIC and MSIC schemes.
The Bill should not allow for the creation of new background checking
regimes which, except for the broad, unfettered regulation making power granted
under the Bill, have not received parliamentary authorisation.[13]
3.13
With respect to clause 10, the Australian Privacy Foundation (APF)
expressed an analogous view:
...it is not appropriate to locate the requirement for a check in
legislation which should be about the establishment and operation of the
checking 'infrastructure'. The requirements for a check should be in other
specific legislation dealing with particular jobs or roles, such as those in
the maritime and aviation industries. It is appropriate for the AusCheck scheme
to keep a central register of the purposes for which checks are required, but
it should not itself be the source of the authority for checks.[14]
3.14
Some submissions and witnesses argued that subclause 5(d) and paragrapah
8(1)(c) should be removed from the Bill in their entirety.[15]
3.15
The Law Council suggested that paragraph 8(1)(c) of the Bill should, at
the very least, be amended to confine AusCheck to conducting and coordinating
background checking for the purposes of other Commonwealth Acts which directly
authorise the screening of persons for a specified reason.[16]
In the Law Council's view, such an amendment would ensure that:
- Parliament retains greater control over when and why Australians
might be subjected to background checks; and
- the AusCheck scheme, which is being established to facilitate the
centralised performance of an administrative function, is not used to implement
policies which are not otherwise supported by legislative authorisation.[17]
Department response
3.16
The Department advised the committee that it is intended that AusCheck
regulations will authorise AusCheck to provide services for each new class of
background check under any future screening programs. The Department explained
the reason why expansion of AusCheck's services by way of regulation was the
preferred approach:
The alternatives would be either a Bill giving AusCheck very
broad powers capable of catering to every possible future background checking
purpose or a Bill that restricts AusCheck to coordinating only the existing
ASIC and MSIC schemes. The present Bill offers flexibility to take on new
background checking services for government but will allow Parliamentary
scrutiny of regulations authorising new areas of AusCheck activity.[18]
3.17
At the public hearing, a representative from the Department provided the
following justification for the broad drafting of the Bill:
When government directed that AusCheck be established, it was in
the context of a direction that a scheme be established to centralise the
aviation and maritime schemes but also that the Commonwealth was conscious that
a significant amount of background checking occurred within the Commonwealth
and there might be opportunities to minimise duplication and improve
efficiencies by creating a framework within AusCheck that could subsequently,
after the aviation and maritime schemes had been settled, move on and look at
other opportunities for background checking that was occurring within the
Commonwealth. So the bill really reflects that direction from government to
create a vehicle for centralising background checking and the coordination of
background checking for aviation and maritime identification cards but also
with the ability to at a later point expand into increasing efficiencies and
minimising duplication in other areas of background checking in which the
Commonwealth is involved.[19]
3.18
The representative informed the committee that 'there are no specific
plans' in relation to the expanded use of AusCheck but that the Australian
Government is involved in a range of background checking schemes beyond those
established for the aviation and maritime sectors:
There is a scheme that was established in January in relation to
people working with persons in aged-care facilities. The Commonwealth is also
involved in background checking in the exercise of its executive power in
relation to security clearances of employees. Also its employees are actually
subject to a range of background checking regimes in that they interact with
state and territory functions, so its employees are involved in obtaining
checks for working with children in the range of background checking schemes
that are conducted by various states on that issue.
The Commonwealth was also involved in the establishment of the
ammonium nitrate background-checking regime. That was done under state and
territory legislation but the Commonwealth was involved in its establishment.
So there are a variety of areas in which the Commonwealth is involved, in
different ways, and, whilst AusCheck was directed initially to look at the
aviation and maritime schemes, it was very much with a view to providing a
vehicle to later look at other opportunities when those activities are settled.[20]
3.19
The representative acknowledged that the provisions of the Bill are so
broad that they would allow the Australian Government to expand the AusCheck
scheme, by way of regulation, to include any activities which are within a
Commonwealth head of constitutional power and which are listed in subclause
8(2). This could, at least theoretically, cover any background checking
programs relating to the provision of services, pensions or allowance through
Medicare or Centrelink, or indeed government initiatives such as the Access
Card proposal (to the extent that these initiatives might involve background
checking).[21]
3.20
While the representative stated that there were currently no plans to
expand the AusCheck scheme to background checks beyond the aviation and
maritime sectors, she explained that establishing background checking schemes
by way of regulation is the Australian Government's standard practice:
It is...important to understand that the background checking that
the Commonwealth is currently involved in is also established by way of
regulation and through a variety of other means...[T]his method of establishing
background-checking schemes is already the current precedent within the
Commonwealth.[22]
3.21
The representative explained that the context and the framework of the
ASIC and MSIC background checking schemes are established under current
regulations. Therefore, if the components or criteria of those schemes are
changed in the future, any involvement of AusCheck in those schemes would need
to be supported by amendment to the definition of 'background check' in clause 5.[23]
This would also apply to any subsequent background checking schemes:
We can amend the definition and that definition of course
relates to AusCheck's involvement in a scheme. If AusCheck were to be involved
in a background checking scheme, however that was constituted, then we would
want the definition to be amended of what a background check included in
[subclause 5(d)].[24]
3.22
However, the representative did not agree with the suggestion that
subclause 5(d) is a 'Henry VII clause' that would allow a definition in the
primary legislation to be amended through regulation:
I do not think that it is a Henry VIII clause. What it purports
to do is provide a menu of components of a background check for which AusCheck
can assist in providing a service. If, for example, DOTARS were to add an
additional element to their background checking scheme for ASICs and MSICs, we
would expect that to be fully reflected in either DOTARS legislation or
regulations. But this provision would merely allow AusCheck to be involved in
coordination of that scheme.
...
...this is actually intended to be something that would sanction
AusCheck's involvement in a scheme established elsewhere. So, to that extent,
it is not a Henry VIII clause.[25]
3.23
In an answer to a question on notice, the Department advised that '(i)t
is not possible to more precisely define [the types of information that may be
gathered and assessed as part of a background check under the AusCheck scheme]
without sacrificing AusCheck's flexibility and its ability to become involved
in other areas where the Australian Government is involved in background
checking'.[26]
3.24
The Department also pointed out that not all of the background checking
in which the Australian Government is involved is established under
Commonwealth legislation:
For example, the background checking conducted for the purposes
of security clearances is conducted under the executive power of the
Commonwealth and schemes in relation to ammonium nitrate are established under
state and territory legislation. The structure of AusCheck makes it appropriate
that any involvement in other background checking schemes is established by
regulation. As a result, clause 10 of the Bill provides that AusCheck may
establish a statutory scheme for background checking for the purposes of its
involvement in such a scheme.[27]
3.25
The Department also responded directly to the suggestion from the Law
Council that the Bill be narrowed to confine AusCheck to conducting and
coordinating background checking for the purposes of other Commonwealth Acts
which directly authorise the screening of persons for a specified reason:
Background checking schemes in which the Commonwealth is
involved are frequently established by regulation, legislative instrument or
non-legislative power rather than primary legislation. An amendment to confine
AusCheck to conducting and coordinating background checks for the purposes of
other Commonwealth Acts which directly authorise the screening of persons for a
specified reason, would prevent AusCheck from becoming involved in a number of
areas in which the Australian Government is involved in background checking.[28]
3.26
The departmental representative emphasised that any expansion of the
AusCheck scheme by regulation would be subject to scrutiny prior to
implementation, despite such scrutiny not being expressly allowed for in the Bill
itself:
We obviously would have to be satisfied that it was a process
that could be conducted under the AusCheck Bill. Certainly, in the way that the
AttorneyGeneral's Department scrutinises all processes involving rights, we
would obviously look at that process as well. We would also expect that any
significant changes to any regulatory scheme in which we were involved or any
new AusCheck scheme would be submitted to a privacy impact assessment process
where all of those issues would be fully considered. Certainly it is intended
that we have a privacy impact assessment to fully canvass all of those issues in
any new scheme in which AusCheck is involved.
...
That is the normal Attorney-General's Department practice and it
is what we are observing in relation to this bill and what we intend to observe
in relation to any future AusCheck scheme.[29]
3.27
In an answer to a question on notice, the Department stated that the
Bill would 'in fact increase the transparency and the opportunity for scrutiny
of Australian Government involvement in background checking' since 'all
AusCheck involvement in background checking will be traceable to regulations
under the AusCheck Act, rather than in a range of regulations, statutory
instruments and other non-legislative sources'.[30]
The Department also noted that regulations are subject to parliamentary
scrutiny as they are disallowable instruments in the Senate and are scrutinised
by the Senate Standing Committee on Regulations and Ordinances.[31]
3.28
The departmental representative also advised the committee that the
Department will consult with industry stakeholders on the content of the
AusCheck regulations:
We will certainly be consulting fully with our stakeholders on
the development of those regulations. The content of these schemes is already
fully set out under the DOTARS regulations, under the aviation and maritime
acts. Our regulations will merely set out the application information and also
how we relate to the individual applicant in our component of the process. So
the full details of the scheme will still remain under the maritime and
aviation transport security legislation regulations.[32]
Privacy issues
3.29
Several submissions and witnesses raised concerns that the Bill's
provisions dealing with: the collection of information; information to be
assessed; retention of information; and use and disclosure of personal
information, are too broad and likely to impact adversely on an individual's right
to privacy.
3.30
In a generic sense, the Australian Privacy Foundation (APF) expressed
the view that the Bill is 'fundamentally flawed' because:
...it authorises the establishment of a background checking
infrastructure with very few limits on what information can be held in the
database; the purposes for which it can be used or the range of bodies to be
covered by the scheme and given access to the database. It is a wholly
disproportionate general response to a series of specific needs, and offends
against a number of information privacy principles.[33]
Collection of information
3.31
The OPC expressed concern about clause 13 of the Bill which authorises
the collection, use and disclosure of information. The OPC stated that subclause
13(a) 'may result over time in a broadening of the scope of information that
AusCheck may collect' since it authorises the collection of information for
'the purposes of, or for purposes relating to [AusCheck's function]'.[34]
Mr Solomon from the OPC told the committee that:
...section 13 could be aligned more appropriately with the information
privacy principles in the Privacy Act if the collection of information was
directly related to AusCheck's purposes. If there is a specific reason for the
current wording which requires the information to be only related rather than
directly related perhaps the section could be modified to specify that reason.[35]
Information to be assessed
3.32
The OPC noted that the definition of 'background check' in subclause
5(d) allows, through regulations, an open-ended expansion of the information
that may be assessed without reference to any specific criteria. To overcome
this and to assist AusCheck in clearly identifying the relevant information
required to be collected and assessed during background checks, the OPC
suggested that:
The scope of the regulations that may expand the types of
information that can be assessed in a background check could benefit from being
referenced to the risk associated with particular employment situations or
other reasons the background check is being undertaken.[36]
3.33
This might be achieved by including more definitive parameters in
subclause 5(d), along the lines of 'such other matters as are relevant,
necessary and proportionate to a particular purpose of a background check as
prescribed by the regulations'.[37]
3.34
Ms Donovan from the Law Council concurred with this view:
[Clause 5] does not limit the definition of a background check
and therefore allows for other matters in addition to the first three listed to
be inquired into as part of a background check. The Law Council is concerned
that the type of information that would allow to be gathered is too broad. The
Law Council believes that the more information that is gathered about a person
the more likely the risk that that information will be improperly used for a
discriminatory purpose or a purpose which does not legitimately relate to the
scheme itself.[38]
3.35
The APF submitted that it is 'completely unacceptable' that there are no
limits on what personal information might be assessed pursuant to the AusCheck scheme.[39]
Retention of information
3.36
The APF argued that the Bill should specify retention periods or, at
least, specify criteria for disposal of personal information in the AusCheck
database.[40]
3.37
Similarly, Liberty Victoria argued that the Bill should provide for the deletion
of data from the AusCheck database after a fixed period (for example, five
years after the making of a background check).[41]
3.38
The OPC suggested that consideration be given to an additional clause to
require AusCheck to delete information that is not relevant to the background
check for which it is being collected, used or disclosed (noting that this
would be in addition to any requirements under spent convictions schemes and
the Privacy Act). However, Mr Solomon acknowledged that this may be difficult
in a practical sense:
Our understanding is that some of the criminal history checks
that are now undertaken...are unfettered—and that not all of that information may
be relevant to the particular background check that is being undertaken. So our
general position would be that that which is not relevant could be deleted; it
would not need to be kept. I am not suggesting that operationally that is going
to be an easy process.[42]
3.39
The OPC informed the committee that, while it is not aware of any
legislative schemes that provide guidance regarding the removal of information
that is not relevant to background checks, the OPC's Guidelines to the
Information Privacy Principles provide guidance regarding the handling of
personal information. The OPC expressed the view that AusCheck 'would benefit
from observing these Guidelines in the development of their operational
procedures to ensure that the personal information they collect is handled
appropriately and in line with their obligations' under the Privacy Act.[43]
3.40
Liberty Victoria and the Law Council submitted that the Bill should
allow a person the subject of a background check to have access to data
collected for that check, to have the ability to challenge its accuracy, and to
apply for deletion of data on the grounds that it is inaccurate.[44]
Department response
3.41
A departmental representative told the committee that AusCheck will be
required to comply with the Privacy Act at all times:
...in terms of access to personal information, a person in
relation to whom AusCheck has stored personal information will have all of the
rights under the Privacy Act to access and correct information held in that way...The
[Bill] actually seeks to clarify and expand and further explain the way the [Bill]
applies by specifying the uses for which we propose to collect and disclose
information. But certainly we are covered by the Privacy Act and the IPP
regime.[45]
3.42
The Department also advised that information on the AusCheck database
will be kept and disposed of in accordance with the Department's Records
Disposal Authority which has been approved by the National Archives of
Australia. Once AusCheck is operational, 'the Department will undertake an
assessment of its business process, areas of risk and the records required to
be created and kept by AusCheck to determine the retention requirements for all
AusCheck's records'.[46]
Use and disclosure of information
3.43
Many submissions and witnesses expressed concern that subparagraphs 14(2)(b)(ii)
and (iii) of the Bill allow increased opportunities for data matching and data
sharing of personal information. These clauses enable information collected and
stored by AusCheck to be used for a number of broad purposes, including the
collection, correlation, analysis or dissemination of criminal intelligence or security
intelligence.
3.44
In particular, submissions and witnesses pointed to the undefined terms
'criminal intelligence' and 'security intelligence' which may allow for the
provision of information to a wide range of both national and international
bodies for these broad purposes.[47]
3.45
The APF submitted that subparagraph 14(2)(b)(iii) will 'result in a much
broader exception than the 'law enforcement' exceptions' to Information Privacy
Principles 10 and 11 in the Privacy Act, 'which implement the fundamental privacy
principle that information should only be used or disclosed for the purpose for
which it is collected'.[48]
3.46
The APF also argued that 'it is completely unacceptable for the AusCheck
database to be available as a general intelligence resource for an unspecified
range of agencies for...undefined purposes'.[49]
3.47
The Law Council also expressed concern about the potential provision of
information to a wide range of agencies under clause 14.[50]
In this context, the committee also notes evidence received from Victoria Police
and South Australia Police suggesting that access to information held in the
AusCheck database would be beneficial for a wide range of their investigations,
including investigations extending beyond the aviation and maritime industries.[51]
3.48
At the hearing, Ms Donovan from the Law Council queried the necessity of
such a provision in the Bill:
...the submission from the Attorney-General's Department states
that Australian law enforcement and national security agencies have their own
information-gathering powers and could get more up-to-date information from
their own databases. I think this is supposed to act as an assurance, but it
raises the question of why this broad disclosure provision is even included in
the bill if the Attorney-General's Department thinks it is unnecessary. More to
the point, as the Office of the Privacy Commissioner has appropriately pointed
out, doesn’t this broad authorisation to store and use personal information for
criminal and security intelligence purposes go significantly beyond the stated
object of the bill?[52]
3.49
Mr Solomon from the OPC suggested that some additional information in
clause 14 about the agencies or organisations, or the types of agencies or
organisations to which information could be disclosed would be of assistance.[53]
3.50
The Law Council further observed that the Bill does not require AusCheck
to provide any advance notice to a person who applies for a background check
about the uses which may be made of the information obtained by AusCheck.[54]
3.51
The Law Council of Australia also noted that, while the Bill creates an
offence for AusCheck staff who disclose information for an unlawful purpose, once
information is lawfully disclosed to another agency, the Bill does not impose
any limitations on how that agency may then use or disclose the information.[55]
3.52
The Australian Rail, Tram and Bus Industry Union expressed concern that
the Bill allows the performance of background checks by contractors which
'increases the risk of a breakdown in the security arrangements and,
inadvertently or otherwise, the leak of private information into the public
domain'.[56]
Department response
3.53
A representative from the Department informed the committee that clause
14 of the Bill would allow AusCheck to disclose information contained in its
database to the AFP and the Australian Crime Commission:
I think the obvious persons that the bill was drafted around,
having their needs in mind and the direction from government in mind, would be
the AFP and the Australian Crime Commission.[57]
3.54
The representative explained that the AFP would have access to the
database in accordance with paragraph 14(2)(b) of the Bill, in addition to its
rights under Information Privacy Principles 10 and 11 which relate to its
functions as a law enforcement agency.[58]
3.55
According to the representative, ASIO would not need to rely on any
powers under the Bill; instead it would use its own powers under the Australian
Security Intelligence Organisation Act 1979.[59]
In its submission, the Department also pointed out that Australia's law
enforcement and national security agencies 'could more quickly acquire
up-to-date personal information about specific individuals by accessing their
own databases and databases specifically constructed for law enforcement
purposes'.[60]
3.56
The Department advised further that:
...individually listing every law enforcement and national
security organisation in Australia in the text of the Bill would cause
difficulties whenever a new organisation is created or an existing organisation
changes its name and administrative structure. With each occasion of this type,
the AusCheck Act would need to be amended to provide for the newly created
organisation.[61]
3.57
With respect to the undefined terms 'criminal intelligence' and
'security intelligence' in subparagraph 14(2)(b)(iii), the representative
stated that the meaning of these terms is the 'ordinary English meaning of the
words'.[62]
In an answer to a question on notice, the Department noted further that there
are 'many instances' where the terms 'criminal intelligence' and 'security
intelligence' are used but not defined in Australian legislation.[63]
3.58
The departmental representative also explained that AusCheck is still in
the process of establishing its procedures in relation to access to its
database:
We are still in the process of establishing the procedures in
relation to access to our database. One of the options would be to create
guidelines which would have the content of what was required before access
could be achieved. That is something that we are still considering, but
certainly the sorts of things that we would consider would be the sort of
detail that would be required. We will take expert advice on that from those
involved in criminal intelligence in order to assist us in that process.[64]
3.59
In response to the Law Council's concern that there are no limitations
on how third party agencies may use or disclose information from the AusCheck
database, the Department advised that law enforcement and national security
agencies 'either have their own legislative sanctions for inappropriate conduct
and the misuse of information or have strict internal guidelines for the secure
use and disclosure of information'.[65]
3.60
In relation to access to the database by ASIC and MSIC issuing bodies, the
representative advised that only issuing bodies who make applications to
AusCheck for background checks will have access to information provided on the relevant
application form:
Any issuing body that lodges an application to us will be able
to access that application information. So the individual issuing body that provides
the information will be able to access that information. All issuing bodies
will be able to use our card verification facility whereby they can determine
whether a card presented to them is a validly issued card from the AusCheck
database. That search will only reveal to them the information on the face of
the card. They will not be able to look behind and receive any of the
background information or proof of identity or identifying information in
relation to the individual; merely that the card is a valid card and the
details that are presented on the card that is before them.
...
...So for their own applications they will have access to that
information. They will not have access to that information for applications
made by other issuing bodies.[66]
3.61
The Department also responded to the concern that contractors would
perform background checks as follows:
It is not unusual for a Commonwealth agency to engage
contractors and consultants from time to time. The definition of AusCheck
staff member does not 'allow' this arrangement as such, but merely
ensures that where such persons are engaged, they will be bound by the same
confidentiality requirements as Australian Public Service employees. In
particular, the definition ensures that such contractors and consultants will
be covered by the offence provisions in clause 15 of the Bill. This clause
provides that it is an offence to disclose information relating to the AusCheck
scheme without proper authority.[67]
Privacy Impact Assessment
3.62
Several submissions informed the committee that a Privacy Impact
Assessment (PIA) is currently being prepared in relation to the AusCheck scheme.[68]
3.63
At the hearing, Mr Solomon from the OPC commended the Department on this
measure:
We believe that undertaking this privacy impact assessment will
assist the department to identify specific privacy impacts of personal
information flows that will occur within the proposed AusCheck process and will
enable the department to look at ways of reinforcing the positive privacy
impacts of the process and managing or minimising any negative impacts. From an
optimum privacy perspective, our office holds the view that the bill could be
further enhanced with a few adjustments.[69]
3.64
However, some submissions were critical of the timing of the PIA. For
example, the Law Council noted that:
[The PIA] remains a couple of months away from completion. The
purpose of doing a PIA is "to identify and recommend options for managing,
minimising or eradicating privacy impacts". The
Law Council believes that the Parliament should have the benefit of reviewing
the finalised PIA before approving this enabling legislation. Parliament may
decide that some of the recommendations contained in the finalised PIA are most
appropriately translated into legislative safeguards.[70]
3.65
The APF expressed a similar view:
We understand that a Privacy Impact Assessment (PIA) on the
AusCheck scheme is in progress (we were invited to provide input and have
submitted an early draft of this submission). The timing is not sensible – any
PIA should be made public to assist interested parties to assess the Bill. PIAs
should not be used as a confidential resource by agencies to anticipate and
head off criticism – their public interest value lies in the contribution they
make to informed public debate. We submit that the Committee should recommend
that the government publish any PIA report on the scheme as soon as possible,
but certainly before any further parliamentary debate.[71]
3.66
The Association of Australian Ports & Marine Authorities articulated
some concerns with respect to preparation of the PIA:
It was of some concern that only three or four people were being
consulted within the maritime industry by the consultant. We were also
concerned to learn that the consultant knew nothing of the AusCheck legislation
or its history. A considerable amount of time was therefore expended on
briefing the consultant. We trust that their report will be made available to
this Senate inquiry.[72]
Transparency, natural justice and independent review
3.67
The Law Council of Australia argued that the Bill does not establish
minimum standards of fairness with respect to transparency, natural justice,
appeal processes or periodic reporting.[73]
At the hearing, Ms Donovan noted that the Bill 'fails to properly take
advantage of the opportunities that a centralised agency might present'.[74]
3.68
She explained further:
Through the bill, the parliament has the opportunity to set
minimum standards for transparency, fairness and accountability in background
checking, but the Law Council believes that opportunity has not been seized. If
the bill is passed in its current form, parliament would essentially be saying
that its only pressing concern with respect to background checking and the only
impetus for a piece of subject-specific legislation on the topic of background
checking is to ensure that it is coordinated and conducted by a centralised
agency. The Law Council believes that the legislature should have more to say
about, for example, guaranteed review rights or reporting obligations. The
submission from the Attorney-General’s Department offers the assurance that it
is intended that the regulations will provide that, if AusCheck makes an
adverse finding about a person, that person will have the right to appeal to
the AAT. The Law Council believes this type of assurance should be reflected in
the primary legislation.[75]
3.69
However, Ms Donovan acknowledged that this may not be easy:
It would not be easy to set out the principles [in generic
legislation] which should apply in all cases to facilitate and allow for a
review. We have attempted to acknowledge that...by acknowledging that in each
case there might be a different type of decision which the affected person
wants to challenge and the background check might play a different role in
that. The background check might be definitive. The background check might give
rise to a recommendation that is non-binding to another agency. It might give
rise to a direction which another agency has no option but to follow. In each
case, the appeal which the affected person will seek will be different. We
acknowledge that, but nonetheless we think that there is room, if appropriate
attention is given to the matter, to at least state some basic principles about
the nature of the information that an affected person is entitled to about the
background check, about the exercise of any discretion on the basis of the
background check and how they might appeal that decision.[76]
3.70
The Law Council also suggested that the Bill should require AusCheck to
provide periodic reports to Parliament about matters such as:
- the number and type of background checks that it conducts;
- the average time taken to conduct background checks;
- the legislative scheme under which background checks have been
conducted;
- the number of individuals who have received adverse background
checks and the basis for that assessment; and
- the agencies to which information obtained by AusCheck has been
shared and for what purposes.[77]
Department response
3.71
The Department advised that it does not consider it necessary to
establish minimum standards with respect to transparency, natural justice,
appeal processes or periodic reporting in the Bill:
All legislation goes through a rigorous scrutiny process within
government to ensure that it appropriately conforms with relevant
administrative law and criminal law principles, including ensuring that there
are appropriate appeals and that natural justice is afforded.[78]
3.72
A departmental representative explained why the Bill does not include
specific review provisions:
The reason why the review provision or any review provision was
not included in the bill is that each scheme that AusCheck is involved in will
have different points at which review is required. So, in relation to the ASIC
and the MSIC schemes, they already have a significant number of points at which
a decision may be reviewed by the AAT. All those rights remain. There will be
additional points where we think that, in the AusCheck process for those two
schemes, AAT review rights need to be provided for. Every time we do a scheme,
we will look for the appropriate point. Review rights will be provided in all
schemes; that is certainly the intention. It is just that it is not able to be
predicted in advance exactly at what points those review rights should
appropriately be provided. So the detail of those will be provided in the
regulations as each scheme is set out there.[79]
3.73
In an answer to a question on notice, the Department noted that any
additional review rights provided under the AusCheck regulations will 'be
specifically tailored to complement the existing review rights' under the ASIC
and MSIC schemes.[80]
3.74
The representative provided the committee with an intimation of the additional
review points that might be included in the scheme:
unknown33unknown1There
are certainly additional review points when AusCheck makes an assessment of the
various components of the background check and then provides a response to the
issuing body; that will be a point of review. That decision is also reviewable
subsequently by the issuing body of their own motion, and there are also
reviews later in the process in relation to the DOTARS involvement in
reconsideration.[81]
3.75
Where AusCheck is involved in new background checks:
...it is intended that review rights will be similarly tailored to
complement the arrangements in the particular scheme that requires the
background check. In this context, the Department does not consider that a
general provision providing a right of review to the Administrative Appeals
Tribunal would be sufficiently flexible to allow review rights to be tailored
so that they are consistent with and appropriate for each scheme.[82]
3.76
With respect to reporting requirements, the representative pointed out
that AusCheck, as part of the Department, is subject to annual reporting and portfolio
budget statement processes. She noted that information relating to application
numbers, processing times, refusals, and AAT appeals would be routinely
included in the Department's annual report as part of its accountability
obligations.[83]
Implementation issues
3.77
Several submissions and witnesses commented on a number of practical
issues relating to implementation of the AusCheck scheme. Some of these issues
are discussed briefly below.
Cost recovery
3.78
Some submissions expressed the view that cost recovery from industry is
not appropriate in relation to AusCheck background checks on the basis
that government should bear the cost of anti-terrorism security measures.[84]
3.79
Melbourne Airport argued that, if full Commonwealth funding is not
available to cover fee increases for background checks under the AusCheck
scheme, a price freeze for five years on ASIC check prices would be in the best
interests of the industry.[85]
3.80
The Australian Rail, Tram and Bus Industry Union expressed concern that
the cost of the AusCheck scheme may be borne ultimately by employees since the Bill
does not provide expressly that employers (or the Australian Government) will
bear the cost.[86]
3.81
Qantas pointed out that the proposed increase in background checking
costs will amount to an additional $1 million per annum for the Qantas Group:
This is a significant cost which would need to be offset by a
commensurate improvement in the efficiency and effectiveness of the security
outcomes which the ASIC background checking regime seeks to deliver but which
is not evidenct from information currently available to the industry.[87]
Department response
3.82
A representative from the Department told the committee that cost
recovery will be 'from both AusCheck – the AttorneyGeneral’s Department's
costs – and our checking partner costs, so that includes costs from CrimTrac
and ASIO and potentially DIAC'.[88]
DOTARS also noted that cost recovery would be for checks carried out by the
AFP.[89]
3.83
DOTARS informed the committee that AusCheck's draft Cost Recovery Impact
Statement 'squarely complies with' the Australian Government's Cost Recovery
Policy and Cost Recovery Policy Guidelines.[90]
The committee understands that AusCheck is currently conducting consultations
with industry stakeholders in relation to its draft Cost Recovery Impact
Statement.[91]
3.84
The Department also noted that, in the absence of an established pattern
of demand (since AusCheck will be providing a new service), it is not possible
to provide a price freeze for five years: to do so would involve under or over recovery
of the cost of providing services that is inconsistent with the Department of
Finance and Administration's guidelines on cost recovery.[92]
3.85
In relation to the concern that employees may bear the cost of
background checking, the Department advised that AusCheck will play 'no role in
relation to how issuing bodies recover the costs of the background checking
application process'.[93]
Delays in processing background
checks
3.86
CrimTrac noted that any expansion of the AusCheck scheme could result in
duplication of services that CrimTrac already provides through its National Criminal
History Record Check process. CrimTrac cautioned that '(t)here is a need to be
mindful that we do not add additional layers of administration if this is not
necessary' which would in turn lead to slower turnaround times for background
checks. [94]
3.87
Qantas argued that the current ASIC background checking regime is
'fundamentally flawed', stressing that processing times are too long and that
there is no ability to conduct checks from a 'live' criminal history database.[95]
Department response
3.88
A representative from DOTARS informed the committee that the AusCheck
scheme 'will lead to a speedier turnaround on the majority of applications'.[96]
In an answer to a question on notice, DOTARS stated that 'the centralised
AusCheck service will be faster, more accessible and more consistent'.[97]
3.89
A representative from the Department also emphasised that processing
times for applications are expected to improve:
We do expect to speed up the process. We have re-engineered the
process of obtaining the background checking information to achieve that. We
have told our issuing body clients that, for background checks involving
Australian citizens with no actual or potential criminal history, we will do a
five-business-day turnaround. We hope to do much better than that, but we feel
very confident about a five-business-day turnaround. Seventy per cent to 80 per
cent of checks will be done in that time frame. That provides a great advantage
to our clients, who get that sort of time frame on some occasions but not on a
consistent basis.[98]
3.90
The Department responded to CrimTrac's concern that there could be a
duplication of services as follows:
AusCheck centralises coordination of the various elements of
background checking that are obtained from its background checking partners,
including CrimTrac. AusCheck does not duplicate CrimTrac services that are
available broadly to the Australian community and utilised for a range of
different purposes. AusCheck merely provides a way to quickly and directly
access the National Criminal History Database for the purposes of background
checking schemes in which AusCheck is involved.[99]
Committee view
3.91
The committee acknowledges the general in-principle support for the Bill
expressed by the majority of submissions and witnesses. However, the committee shares
concerns raised during the course of the inquiry, particularly with respect to
the breadth of the Bill's regulation-making power, privacy issues, and the lack
of accountability mechanisms. The committee therefore recommends several
changes to the Bill to clarify the scope of the AusCheck scheme, provide
safeguards against the possible misuse of information obtained pursuant to the
scheme, and improve transparency and accountability mechanisms.
3.92
In a general sense, the committee again takes the opportunity to express
its concern at the use of delegated legislation to extend the scope and operation
of primary legislation. This is particularly concerning in the current context,
given the sensitive nature and function of background checking. Consistent with
its views in previous inquiries, the committee believes that it is imperative
that Parliament be afforded the opportunity to consider fully the particulars
of any future screening regimes in order to ensure that the background checks
they introduce are appropriate and proportionate to the purpose that is sought
to be achieved. It is spurious to suggest that the scrutiny of delegated
legislation by Parliament is equivalent to, or an adequate substitute for, the
positive requirement for new powers to be approved by Parliament in primary
legislation.
3.93
The committee agrees that the ambit of the Bill's regulation-making
power is too broad, comprising only a minimalist framework and leaving
fundamental details about the future scope and operation of background checking
schemes to the regulations. The committee does not consider it appropriate that
subclause 5(d) is drafted so broadly as to allow unlimited types of information
to be assessed for the purposes of background checking; nor is it appropriate
that clause 8 allows the Australian Government to implement, by way of
regulations alone, a wide range of background checking schemes – related to any
activities within a constitutional head of power – without the authorisation of
any other primary legislation. The committee also considers clause 10 of the Bill
to be too broad in that it enables new screening regimes to be implemented
independently of any other legislation.
3.94
The committee is of the view that the particulars of any schemes beyond
the ASIC and MSIC schemes would ideally be set out in primary legislation. The
committee therefore recommends that subclause 5(d), paragraph 8(1)(c) and clause
10 should be removed from the Bill.
3.95
The committee also considers that several of the Bill's provisions
dealing with the collection of information, information to be assessed,
retention of information, and use and disclosure of personal information are
too broad and have the potential to impact adversely on an individual's right
to privacy. The committee accepts assurances from the Department that it is
obliged to act in accordance with the Privacy Act and notes evidence indicating
that a PIA is currently being prepared in relation to the AusCheck scheme.
Nevertheless, the committee considers that some refinements to the Bill could
assist in providing increased protection of personal information.
3.96
In particular, the committee recommends that the Bill be amended to:
- directly link the collection, use and disclosure of personal
information by AusCheck to its function and purposes;
- specify retention periods for storage of information in
AusCheck's database;
- require AusCheck to delete personal information from its database
that is not relevant to background checks;
- limit the agencies to which AusCheck can use or disclose information
for the purposes of criminal intelligence or security intelligence; and
- impose conditions and limitations on the use and disclosure of
personal information by third party agencies to which AusCheck has lawfully disclosed
that information.
3.97
In relation to review rights, the committee is satisfied with the
Department's explanation that individual screening regimes will have different
points at which review is required and that relevant review rights will be
included in each separate scheme. However, while noting advice from the
Department about its annual reporting and portfolio budget statement
obligations, the committee considers that the Bill would be an appropriate
place to set out clear and specific reporting requirements for AusCheck as part
of its basic framework.
3.98
Finally, the committee encourages the Department to continue to consult
comprehensively with relevant stakeholders in relation to AusCheck's cost
recovery proposal, the PIA, and practical implementation of the AusCheck
scheme.
Recommendation 1
3.99
The committee recommends that subclause 5(d) of the Bill be removed.
Recommendation 2
3.100
The committee recommends that paragraph 8(1)(c) of the Bill be removed.
Recommendation 3
3.101
The committee recommends that clause 10 of the Bill be removed.
Recommendation 4
3.102
The committee recommends that subclause 13(a) of the Bill be amended to
ensure that the collection, use and disclosure of personal information under
the AusCheck scheme will be 'directly' related to AusCheck's function and
purposes.
Recommendation 5
3.103
The committee recommends that the Bill be amended to specify retention
periods for personal information stored by AusCheck in its database.
Recommendation 6
3.104
The committee recommends that the Bill be amended to include a
requirement that AusCheck delete any information from its database that is not
relevant to the background check for which it has been collected, used or
disclosed.
Recommendation 7
3.105
The committee recommends that paragraph 14(2)(b) of the Bill be amended
to limit the agencies to which personal information about an individual may be used
or disclosed for the purposes of criminal intelligence or security intelligence
to:
- the Australian Federal Police;
- the Australian Crime Commission; and
- the Australian Security Intelligence Organisation.
Recommendation 8
3.106
The committee recommends that the Bill be amended to impose appropriate
conditions and limitations on the use and disclosure of personal information by
a third party agency to which AusCheck has lawfully disclosed that information.
Recommendation 9
3.107
The committee recommends that the Bill be amended to include a specific
requirement that AusCheck provide periodic reports to Parliament about matters
including:
- the number and type of background checks that it conducts;
- the average time taken to conduct background checks;
- the legislative scheme under which background checks have been
conducted;
- the number of individuals who have received adverse background
checks and the basis for that assessment; and
- the agencies to which information obtained by AusCheck has
been shared and for what purposes.
Recommendation 10
3.108
Subject to the preceding recommendations, the committee recommends that
the Senate pass the Bill.
Senator Marise
Payne
Chair
Navigation: Previous Page | Contents | Next Page