1 The Office of the Australian Information Commissioner (OAIC) welcomes the opportunity to comment on the draft legislation that will establish the Commonwealth Integrity Commission (CIC). The draft legislation comprises two Bills:
Commonwealth Integrity Commission Bill 2020 (the CIC Bill), and
Integrity and Anti-Corruption Legislation Amendment (CIC Establishment and Other Measures) Bill 2020 (CIC Establishment and Other Measures Bill).
2 The OAIC supports the objectives of the CIC to prevent and investigate corruption in the Commonwealth public sector. The OAIC is part of the existing public sector integrity framework, exercising functions and powers in relation to Australian Government agencies under the Freedom of Information Act 1982 (FOI Act) and the Privacy Act 1988.
3 Accordingly, the OAIC welcomes the inclusion of the Australian Information Commissioner (the Commissioner) as a ‘Commonwealth integrity office holder’ under the CIC Bill, which will enable the Commissioner to refer allegations or information that raises a corruption issue to the Integrity Commissioner.
4 This submission makes observations and recommendations in the OAIC’s capacity as regulator of the FOI Act and the Privacy Act, and as a Commonwealth integrity agency under the draft legislation.
Interaction with the FOI Act and Privacy Act
5 The FOI Act is the legislative basis for accessing information held by government in Australia at the Commonwealth level. The FOI Act recognises that the information government holds is a national resource and is managed for public purposes. Comprehensive coverage of agencies under the FOI Act supports a key object of the Act, which is to increase scrutiny, discussion, comment, and review of government activities.
6 The OAIC notes that cl 89 of the CIC Establishment and Other Measures Bill would make a Minister and an agency exempt from the operation of the FOI Act in relation to documents created for the dominant purpose of the performance of a function, the exercise of a power, or the discharge of a duty:
in connection with the investigation of a corruption issue (within the meaning of the CIC Act), or
under or in relation to the CIC Act.
7 Further, cl 90 of the CIC Establishment and Other Measures Bill proposes to insert the ‘Commonwealth Integrity Commission’ into Division 1 of Part 1 of Schedule 2 of the FOI Act, which would have the effect of excluding the CIC entirely from the operation of the FOI Act.
8 Accordingly, the Bill will exempt the CIC, and any documents produced by a Minister or agency for the purposes described above, from the operation of the FOI Act.
9 Previous reviews of the FOI Act have considered that agencies should only be excluded from the FOI Act in exceptional circumstances. Most of the entirely exempt agencies in Part 1 of Schedule 2 of the FOI Act are intelligence agencies, which handle information subject to the highest security classification levels. While the proposed CIC will handle sensitive confidential information in the course of its corruption investigations, classification at the highest levels of all information may not be warranted in all instances.
10 Further, the OAIC understands that the CIC will subsume and replace the Australian Commission for Law Enforcement Integrity (ACLEI). ACLEI is currently responsible for providing independent assurance to Government about the integrity of prescribed law enforcement agencies and their staff members. Like the proposed CIC, the ACLEI has coercive investigative powers, including the power to conduct public and private hearings. The OAIC notes that ACLEI is subject to the FOI Act as an agency. Further analogous examples of agencies that are subject to the FOI Act include the Australian Federal Police (AFP), the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the Independent Parliamentary Expenses Authority.
11 The OAIC understands there may be concerns that sensitive information or documents could be disclosed in response to an FOI request, which may negatively impact the work of the CIC. The OAIC notes that the existing exemptions in the FOI Act can provide appropriate protection for sensitive information held by the CIC and created by ministers and other agencies for the CIC. If a document is exempt under the FOI Act, an agency or minister can refuse to disclose it. Exemptions may apply if disclosure of a document:
- would, or could reasonably be expected to, affect law enforcement and the protection of public safety (s 37)
- would involve a breach of confidence (s 45)
- would be contempt of Parliament or contempt of court (s 46).
12 Additionally, if a document meets the grounds for a conditional exemption, the agency or minister must also decide if disclosing the document would be contrary to the public interest. Conditional exemptions may apply to a document that has:
- information about the deliberative processes relating to an agency or minister’s functions (s 47C)
- information where disclosure could prejudice agency operations (s 47E)
- personal information that would be unreasonable to disclose (s 47F).
13 Noting the existing exemptions and conditional exemptions in the FOI Act to protect sensitive government information from disclosure, and the existing application of the FOI Act to ACLEI, the OAIC recommends that further consideration be given to exempting CIC from the FOI Act.
14 If it is considered that the exemptions in the FOI Act will not provide sufficient protection for sensitive information, consideration could be given to other mechanisms which exist in the FOI Act. Such mechanisms include prescribing the CIC in Part II of Schedule 2 of the FOI Act in relation to specific documents, for example, documents produced in the course of investigations and hearings.
15 These options would ensure protection of CIC investigative documents while leaving the remainder of agency information, such as information relating to personnel and administrative functions subject to the FOI Act.
16 A corresponding impact of the proposed exemption of the CIC from the FOI Act is that the CIC would also be excluded from the remit of the Privacy Act. Section 7 of the Privacy Act operates to preclude an act or practice of an agency specified in, amongst other things, Division 1 of Part 1 of Schedule 2 of the FOI Act, from the application of the Privacy Act.
17 The Privacy Act is a well-established framework for the protection of personal information and privacy. The Australian Privacy Principles (APPs) are central to this framework and are the cornerstone of the regulation of privacy in Australia. The APPs contain important standards, rights and obligations around the handling and security of personal information. The Privacy Act also includes a Notifiable Data Breaches (NDB) scheme, which requires entities with information security obligations under the Privacy Act to notify the Information Commissioner and affected individuals of significant data breaches. Agencies subject to the Privacy Act must also comply with the Australian Government Agencies Privacy Code.
18 The requirements of the Privacy Act generally apply to the agencies that would be covered by the CIC (with some exceptions) across both the law enforcement and public sector integrity divisions.
19 The OAIC considers it is important that the protections and safeguards contained in the Privacy Act apply to the CIC given the sensitive nature of the information that will be collected and handled in the course of its activities.
20 Importantly, the Privacy Act does not prevent Australian government agencies from pursuing their legitimate objectives. To this end, the OAIC notes that the Privacy Act applies to other agencies with investigatory and coercive powers that handle significant amounts of sensitive personal information in the course of their functions and activities including the AFP, AUSTRAC and the Australian Border Force within the Department of Home Affairs.
21 The OAIC considers that the key objectives of the CIC can be supported by the application of the FOI Act and the Privacy Act by ensuring appropriate access to government held information and the proper handling of personal information.
Streamlining notification of corruption issues by Commonwealth integrity office holders
22 The CIC will be divided into a law enforcement integrity division and a public sector integrity division. The OAIC understands that the CIC will not be able to receive referrals about those within the public sector integrity division’s jurisdiction from the public at large or parliamentarians. Where a member of the public or a parliamentarian wishes to bring an alleged public sector corruption issue to the attention of the CIC, they must approach one of the Commonwealth integrity agencies to seek to have the matter notified to the CIC.
23 Accordingly, the CIC Bill creates a positive obligation on the Commissioner to refer matters to the CIC in two instances:
- where, as agency head, the Commissioner becomes aware of an allegation or information that raises a corruption issue that relates to the OAIC, and the Commissioner reasonably suspects that the offence to which the corruption issue relates has been, or is being, committed (cl 37), and
- where, as a Commonwealth integrity office holder, the Commissioner becomes aware of an allegation, or information, that raises a corruption issue and the Commissioner reasonably suspects that the offence to which the corruption issue relates has been, or is being, committed (cl 46).
24 The OAIC considers that the referral mechanism for Commonwealth integrity office holders to notify the CIC of corruption issues that may be identified during the discharge of their usual functions is an important feature of the CIC Bill. For example, where the OAIC became aware of possible corruption or other behaviour falling within the CIC’s remit in the course of exercising its privacy or FOI functions.
25 However, the proposed process for notification of corruption issues by Commonwealth integrity holders to the CIC may give rise to several issues namely:
- the potential for individuals to refer a corruption issue to multiple integrity agencies at the same time or subsequently, leading to duplication of efforts and resources
- the inability of integrity agencies to refer matters to another integrity agency for assessment if the issue more appropriately falls within that agency’s jurisdiction.
26 The OAIC considers that these issues could be addressed, and the notification process could be further streamlined, by ensuring that the CIC Bill contains the appropriate mechanisms to:
- enable integrity agencies to share information with each other to facilitate notifications to the CIC
- make preliminary inquiries to gather further information on a reported corruption issue in order to inform a decision about whether a matter should be referred to the CIC, and
- transfer matters where necessary to ensure that allegations or other information can be carefully considered by the appropriate agency with the relevant expertise to make the assessment.
27 The OAIC notes that the CIC Bill expressly overrides secrecy provisions to enable, amongst other things, Commonwealth integrity office holders to refer matters to the CIC, and to enable the CIC to refer matters to other Commonwealth integrity agencies. However, the OAIC recommends that the CIC Bill ensure that Commonwealth integrity office holders and integrity agencies have the ability to share information with and transfer notifications to each other where necessary to mitigate the issues outlined above and to ensure an efficient and streamlined referral process to the CIC. This may necessarily require consideration of whether existing secrecy provisions in the integrity agency’s enabling legislation would prevent information sharing in the circumstances.
 See cl 20(1)(j) of the CIC Bill.
 Cl 20(2) of the CIC Bill provides that the ‘Commonwealth integrity agency’ of a Commonwealth integrity office holder consists of the Commonwealth integrity office holder and the staff members of the regulated entity of which the office holder is the head.
 OAIC (Office of the Australian Information Commissioner) (2016) FOI Guidelines [online document], OAIC, accessed 15 February 2021.
 Freedom of Information Act 1982 (Cth) s 3(2)(b).
 ALRC (Australian Law Reform Commission) (1995) Open Government: A Review of the Federal Freedom of Information Act 1982 (ALRC Report 77), ALRC, Australian Government, para 11.13; Dr Allan Hawke AC (2013), The Report of the Review of the Freedom of Information Act 1982 and Australian Information Commissioner Act 2010, Attorney-General’s Department, Australian Government, p 61.
 This public interest conditional exemption has four grounds, however, of most relevance is if disclosure of the document would have a substantial adverse impact on the agency’s operations if the information is disclosed.
 See also the transfer of requests mechanism in section 16 of the FOI Act.
 See https://www.oaic.gov.au/privacy/privacy-for-government-agencies/australian-government-agencies-privacy-code/
 See s 7 of the Privacy Act 1988 (Cth).
 Section 29 of the Australian Information Commission Act 2010 (Cth) would likely limit the ability of the OAIC to share information in these circumstances.