Submission to the ALRC Discussion Paper 81: Equality, capacity and disability in Commonwealth laws

11 July 2014

Our reference: D2014/018856

Professor Rosalind Croucher
President
Australian Law Reform Commission
by email: info@alrc.gov.au

Dear Professor Croucher

Equality, Capacity and disability in Commonwealth Laws – Discussion Paper 81

The Office of the Australian Information Commissioner (OAIC) welcomes the opportunity to comment on the Australian Law Reform Commission’s (ALRC) Equality, Capacity and Disability in Commonwealth Laws – Discussion Paper 81 (DP 81).[1]

The Office of the Australian Information Commissioner

The OAIC is an independent statutory agency headed by the Australian Information Commissioner, supported by the Freedom of Information (FOI) Commissioner and the Privacy Commissioner. The OAIC brings together the functions of information policy and independent oversight of privacy protection and FOI in one agency, to advise the development of consistent, workable information policy across all Australian Government agencies.

The OAIC has considered the proposals in the context of its role as the regulator for the Privacy Act 1988 (the Privacy Act), which regulates the handling of individuals’ personal information. Additionally, the OAIC is the independent privacy regulator for the Personally Controlled Electronic Health Records Act 2012 (PCEHR Act). The OAIC regulates the handling of personal information in the PCEHR system by individuals, Australian Government agencies, private sector organisations and some state and territory agencies (in particular circumstances).

General comments in response to DP81

The OAIC supports initiatives to ensure equal recognition before the law of people with disabilities, and their right to make choices. This should include ensuring that individuals have the ability to determine, to the greatest extent possible, who can have access to their personal information. The OAIC understands that the proposed Commonwealth decision-making model focuses on the independence and autonomy of the individual and is a shift from substitute to supported decision-making.[2]

The OAIC considers that the proposed Commonwealth decision-making model could operate alongside the current legislative framework and its operation would not be prevented by the Privacy or PCEHR Acts.

Generally, the OAIC does not support amendments to the Privacy Act unless there is evidence that the difficulty encountered is as a result of the current legislative framework. Instead, it is suggested that non-legislative measures, such as improved guidance, should be favoured. If this approach were found to be insufficient, careful consideration would need to be given to the regulatory impact of any amendments to ensure that they do not introduce additional complexities for individuals and APP entities, and meet the objectives of the Privacy Act set out in s 2A.

Comments in response to DP 81 proposals

Proposal 6–4 The Privacy Act 1988 (Cth)should be amended to include supporter and representative provisions consistent with the Commonwealth decision-making model.

The OAIC understands that proposal is intended to address problems faced by individuals and their representatives in gaining access to benefits and services due to perceived conflicts with the Privacy Act; that is, APP entities refusing to provide information or deal with supporters or representatives ‘because of the Privacy Act’.[3]

As noted in DP 81, the Privacy Act does not prevent supported decision-making where the individual has provided consent to the arrangement. Where the assistance requires the supporter to have access to the personal information of the individual, the individual can provide consent for the APP entity to disclose the information to the supporter.

In addition there are a number of other exceptions in the Australian Privacy Principles which permit the use and disclosure of an individual’s personal information to a representative. For example: where the use or disclosure is required or authorised by law; where a permitted health situation exists and information is disclosed to a responsible person for an individual; and in certain situations where there is a serious threat to the life, health or safety of any individual, or to public health or safety.[4]

Despite the absence of an express provision in the Privacy Act, there is an implicit recognition of the powers of representatives that have been established under a relevant state or territory scheme, or in the instrument or order of appointment.[5] Where a person requires full support in decision-making, an APP entity should consider who is authorised to act on the individual’s behalf as their representative. This could include a legal guardian (who stands in the shoes of the individual rather than as a representative) or a person who has been nominated in writing by the individual while they were capable of making the nomination.[6]

The OAIC considers that a consistent application of the proposed Commonwealth supported decision-making model can be achieved through the development of specific and targeted guidance for APP entities. Such an approach is likely to provide greater certainty for APP entities about the role of supporters and representatives under the Privacy Act and facilitate the flow of information necessary for supported decision-making.

A guidance based approach should also enable APP entities to develop supported decision-making schemes consistent with their broader operations. Dealings with individuals under the Privacy Act are often only a part of the overall relationship between the individual and the APP entity. APP entities need to retain the flexibility to develop practices and procedures that can accommodate other legal obligations they may be subject to that place limits on the use of supported decision-making.

Proposal 6–3 The Personally Controlled Electronic Health Records Act 2012 (Cth)should be amended to include supporter and representative provisions consistent with the Commonwealth decision-making model.

The PCEHR Act contains detailed schemes for ‘nominated representatives’ and ‘authorised representatives’. The OAIC is concerned that adopting ‘supporter’ and ‘representative’ terminology in place of the current terminology could create confusion and additional complexities within the PCEHR system. This is because authorised and nominated representatives perform functions under the PCEHR Act that are not necessarily equivalent to the roles of supporters and representatives under the proposed decision-making model.

While the OAIC agrees that there are benefits in using consistent terminology across Commonwealth legislation, there is a risk that an expectation will be created that this terminology reflects the same roles and functions across different areas of Commonwealth responsibility.

Nominated representatives and supporter roles

The role of nominated representative in the PCHER Act is not always analogous with the proposed ‘supporter’ role under the decision-making model. In many cases, an individual may appoint a nominated representative, not because they need support in decision-making but for the purposes of enabling efficient access to records. For example, a nominated representative might be appointed to enable information sharing with a family member such as a partner, or because the individual is having difficulty with the technology. Using ‘supporter’ terminology might create a perception that nominated representatives are only intended for people who require decision-making support, and may prevent people from appointing a nominated representative when it might be beneficial to do so.

Authorised representative and representative roles

The authorised representative role appears to be similar to the representative role when it relates to people over the age of 18. However, in the PCEHR system, the authorised representative role also applies to parents or guardians managing children’s records. Introducing the ‘representative’ role to the PCEHR Act might necessitate creating a separate role within the legislation for parents managing minors’ records, to ensure consistency of the ‘representative’ role across different legislative schemes.

Individuals and organisations

The OAIC understands that the proposed supporter and representative roles could be performed by either individuals or organisations. Under the PCEHR Act there is currently no option for an organisation to be appointed as a nominated representative or an authorised representative, these roles are required to be performed by an individual. If organisations were able to take on these roles, there would be a number of technical issues specific to the PCEHR system that would need to be addressed; for example, whether organisations would be required to record individual staff member accesses to the system and how access would be recorded for auditing purposes.

Should you require any further information please contact, Este Darin-Cooper, Director Privacy Law and Practice, on [phone number redacted].

Yours sincerely

[signed]

Timothy Pilgrim
Australian Privacy Commissioner

11 July 2014

Footnotes

[1] Australian Law Reform Commission, Inquiry into Equality, Capacity and Disability in Commonwealth Laws – Discussion Paper 81, available at <www.alrc.gov.au/publications/disability-dp81>.

[2] See DP81 at paragraph 3.3.

[3] See DP 81 at paragraph 6.99.

[4] See ss 16A and 16B(5) of the Privacy Act. ‘Responsible person’ is defined in s 6AA of the Privacy Act.

[5] The OAIC’s view on this issue is discussed further in the OAIC’s APP Guidelines at paragraphs B.46 to B.49.

[6] Further examples are included in the APP Guidelines at paragraph B.48.

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au