Draft National Rail Safety Law 2011

Submission to the National Transport Commission - August 2011

Submission by Prof. John McMillan, Australian Information Commissioner (by letter)

I welcome the opportunity to provide the following comments on the exposure draft National Rail Safety Law 2011.

The Office of the Australian Information Commissioner (the OAIC) was established by the Australian Information Commissioner Act 2010 (Cth) (the AIC Act) and commenced operation on 1 November 2010.

The OAIC is an independent statutory agency headed by the Australian Information Commissioner. The Information Commissioner is supported by two other statutory officers: the Freedom of Information Commissioner and the Privacy Commissioner. The former Office of the Privacy Commissioner was integrated into the OAIC on 1 November 2010.

The OAIC brings together in one agency the functions of information policy and independent oversight of privacy protection and freedom of information (FOI), to advance the development of consistent workable information management policy across all Australian government agencies.

The Commissioners of the OAIC share two broad functions:

• the FOI functions, set out in s 8 of the AIC Act – providing access to information held by the Australian Government in accordance with the Freedom of Information Act 1982 (Cth), and
• the privacy functions, set out in s 9 of the AIC Act – protecting the privacy of individuals in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and other legislation.

The Information Commissioner also has the information commissioner functions, set out in s 7 of the AIC Act. Those comprise strategic functions relating to information management by the Australian Government.

I acknowledge that there is strong government support and sponsorship in Australia of schemes such as the national system of rail safety regulation that aim to remove inconsistent regulation across Australia and develop a stronger regulatory culture. My interest lies only in the impact of these initiatives upon national privacy and FOI regulation and oversight.

Clause 266 of the proposed National Rail Safety Law applies the Privacy and FOI Acts as laws of a participating jurisdiction. I consider that this clause raises several complex issues that will need to be resolved in order for the provision to operate smoothly. Some aspects of these Acts may not be relevant for the purposes of the national rail safety scheme, or may need to be modified to ensure that oversight arrangements are efficient and effective. For example, the National Rail Safety Law does not make clear whether the Information Privacy Principles or the National Privacy Principles in the Privacy Act will apply to the National Rail Safety Regulator. Nor is it clear whether the Information Publication Scheme established in Part II of the FOI Act – a unique Commonwealth publication scheme – will apply to other jurisdictions.

While the model chosen for privacy and FOI oversight of the national rail safety scheme may be affected by constitutional and policy constraints, it is not clear from the face of the proposed National Rail Safety Law whether the OAIC and its Commissioners are intended to have a regulatory role or whether this responsibility will be performed by another body. Many provisions of the Privacy and FOI Acts confer a function or power on the Information Commissioner, which is an office established by the AIC Act. The National Rail Safety Law does not adopt the AIC Act, and yet it is difficult to see how the Privacy and FOI Acts can have any operation unless there is a person discharging the functions of Commissioner.

I note that other national law schemes - notably the Education and Care Services National Law Act 2010 and the Health Practitioner Regulation National Law 2009 - apply the Commonwealth Privacy and FOI Acts for the purposes of each of the laws, but also establish new national oversight agencies with responsibility for privacy and FOI regulation.

It is my view that the establishment of a new national oversight agency for this scheme would add to the existing multiple layers, fragmentation and lack of consistency in information law regulation. Multiple regulators can lead to confusion about to whom to complain, differing legislative interpretations and complaints outcomes, and unnecessary duplication of effort and expenditure. I see this as being particularly relevant in the context of the ongoing reforms to the Privacy Act and the Australian Government's stated aim of moving towards national consistency in privacy law.

In summary, it seems to me that the application of privacy and FOI laws to the proposed scheme for national rail safety regulation has not been properly thought through. I think this is unfortunate, as privacy and FOI laws are now a fundamental feature of democratic government in Australia. There is likely to be strong public criticism of any scheme of government regulation that does not make adequate or sensible provision for privacy and FOI laws to apply.

I understand that my concerns are shared by other information law regulators. Consultation with information law regulatory bodies, including further consideration of the impacts of this scheme on information laws may assist in improving outcomes for oversight of the national rail safety regulatory scheme. To that end, I would be very happy to make staff from my office available to discuss options for applying privacy and access to information legislation to the scheme.