Submission to the Parliamentary Joint Committee on Law Enforcement — Inquiry into financial related crime

23 July 2014

Committee Secretary
Parliamentary Joint Committee on Law Enforcement
PO Box 6100
Parliament House
Canberra ACT 2600

Dear Committee Secretary

Parliamentary Joint Committee on Law Enforcement — Inquiry into financial related crime

The Office of the Australian Information Commissioner (OAIC) provides the following submission to the Parliamentary Joint Committee on Law Enforcement’s Inquiry into financial related crime. This submission responds to the Committee’s investigation into the interaction between Commonwealth, State and Territory legislation and law enforcement activity.

The OAIC appreciates the opportunity to provide a submission on this matter. The aim of the submission is to provide the Joint Committee with information on the application of the recently reformed Privacy Act 1988 (Cth) (Privacy Act), where law enforcement agencies seek information from entities that are regulated by that Act.

Balancing privacy and law enforcement

As the independent Australian Government regulator responsible for administering the Privacy Act, the OAIC seeks to ensure that the objectives and obligations of the Privacy Act, including the new Australian Privacy Principles (APPs), are understood and applied by the regulated community. The OAIC seeks to achieve this in a number of ways including by producing guidance on the application of the Privacy Act. The OAIC draws the Joint Committee’s attention to the range of resources available on the OAIC’s website, including detailed guidelines on the interpretation of the APPs.[1]

The Privacy Act does not prevent Australian Government agencies or private sector organisations from lawfully cooperating with Commonwealth, State or Territory bodies performing law enforcement functions. Rather, the Privacy Act seeks to balance the privacy of individuals with the public interest in effective law enforcement.

The Privacy Act requires most Australian Government agencies and many private sector organisations (known as an APP entities) to only use or disclosure personal information they collect for the primary purpose for which it was collected. However, the Privacy Act also provides for exceptions to this obligation. In particular, the Privacy Act sets out circumstances in which an APP entity can use or disclose the personal information that it collects for a secondary purpose, including for a law enforcement purpose.

The privacy law reforms

On 12 March 2014, the privacy law reforms introduced a number of changes to the Privacy Act. These changes included the replacement of the Information Privacy Principles (IPPs) (applying to agencies) and the National Privacy Principles (applying to private sector organisations) with the APPs. There are 13 APPs which cover the collection, use, disclosure and storage of personal information. The APPs also allow individuals to access their personal information and have it corrected if it is incorrect.

The Information Privacy Principles and the National Privacy Principles

Previously under the IPPs, an agency was permitted to use or disclose personal information where it was reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue (IPP 10(d) and IPP 11(e)). At the same time, the NPPs permitted organisations to use or disclose personal information where they reasonably believed that the use or disclosure was reasonably necessary for a range of functions or activities carried out by an enforcement body[2] (NPP 2.1(h)). The scope of a permitted use or disclosure under the IPPs and NPPs was based on an objective test.

The Australian Privacy Principles

Under the new APPs, APP entities can use or disclose personal information where they reasonably believe the use or disclosure is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body (APP 6.2(e)). Importantly, this clarifies that agencies can now rely on a reasonable belief that the use or disclosure is reasonably necessary for the use or disclosure. This wording was not contained within IPP 10(d) and IPP 11(e).

The exception under APP 6.2(e) is aimed at enabling APP entities to cooperate with an enforcement body where it may have personal information relevant to an enforcement related activity of that enforcement body.[3] Under this APP, an APP entity must have a reasonable basis for the belief, and not merely a genuine or subjective belief. It is the responsibility of the entity to be able to justify its reasonable belief[4].

Two other important elements are included in the new APP 6 in regards to the interaction between the Privacy Act and law enforcement. Firstly, the definition of an enforcement body includes State, Territory and Federal police (s 6(1)). Secondly, ‘enforcement related activity’ is now defined to include a broader range of activities than was permitted under the equivalent exceptions in the IPPs and the NPPs. The definition now includes the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of law imposing a penalty or sanction. This definition also specifically refers to the enforcement of laws relating to the proceeds of crime (see s 6(1)).

This definition recognises that enforcement related activities can include lawful surveillance, intelligence gathering or monitoring activities where there may not be an existing investigation[5]. These types of activities have been included to update and more accurately reflect the range of activities that law enforcement agencies currently undertake in performing their legitimate and lawful functions[6].

I hope this information is of assistance to the Joint Committee. If the Joint Committee requires anything further please contact Ben Gollan, Assistant Director of Privacy Law and Practice on [contact details removed] in the first instance.

Yours sincerely

Timothy Pilgrim
Australian Privacy Commissioner
23 July 2014

Footnotes

[1] Office of the Australian Information Commissioner, APP guidelines, viewed 22 July 2014, the Office of the Australian Information Commissioner website <http://www.oaic.gov.au/privacy/applying-privacy-law/app-guidelines/>

Resources on law enforcement, viewed 22 July 2014, the Office of the Australian Information Commissioner website <http://www.oaic.gov.au/privacy/privacy-topics/law-enforcement-and-national-security/resources-on-law-enforcement>

[2] Information Sheet 7 – 2001 Unlawful Activity and Law Enforcement, p 2

[3]Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Explanatory Memorandum, p80.

[4] APP guidelines, para 6.59

[5] APP guidelines, para B.66

[6]Privacy Amendment (Enhancing Privacy Protection) Bill 2012 Explanatory Memorandum, p 58.

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au