Protecting information rights – advancing information policy

You are here: Home > Publications and resources > Submissions > Family Violence and Commonwealth Laws

Professor Rosalind Croucher
President
Australian Law Reform Commission
GPO Box 3708
SYDNEY NSW 2001

Dear Professor Croucher

Family Violence and Social Security Law

I welcome the opportunity to provide the following comments on the issues paper Family Violence and Commonwealth Laws - Social Security Law (IP 39) (the Issues Paper).

The Office of the Australian Information Commissioner (the OAIC) was established by the Australian Information Commissioner Act 2010 (Cth) (the AIC Act) and commenced operation on 1 November 2010. The OAIC is an independent statutory agency headed by the Australian Information Commissioner. The Information Commissioner is supported by two other statutory officers: the Freedom of Information Commissioner and the Privacy Commissioner.

The OAIC brings together the functions of information policy and independent oversight of privacy protection and freedom of information (FOI) in one agency, to advance the development of consistent workable information policy across all Australian government agencies.

The OAIC strongly supports initiatives to protect the safety of those experiencing family violence and to better support those adversely affected by this type of violence.

The OAIC recognises the sensitivity of personal information related to family violence matters and the potential for an individual to be stigmatised, embarrassed or discriminated against as a result of the disclosure or inappropriate sharing of this information. The challenge is to ensure that initiatives contain appropriate privacy safeguards regarding the handling of an individual’s personal information, while providing strong protection against harm from family violence.

The right to privacy is not absolute and in some circumstances, privacy rights will necessarily give way where there is a compelling public interest reason for this to occur. In these instances, the OAIC seeks to ensure that the solution implemented minimises privacy intrusion to the fullest extent possible in the circumstances.

I note that the Issues Paper raises similar issues to those considered in the earlier issues paper Family Violence and Commonwealth Laws - Child Support and Family Assistance (IP 38). Specifically, the establishment of a national register containing information about protection orders, the provision of access to this register and the sharing of information more broadly between relevant Australian Government agencies. The OAIC provided comment on these issues as part of its submission on Issues Paper 38 and I refer you to our comments in this submission.

In relation to the proposed national register, I wish to highlight the importance of underpinning such a register with a comprehensive privacy framework and to reiterate that undertaking a privacy impact assessment is a critical element of this.

Secondly, in the context of information sharing between agencies, the OAIC is of the view that individuals should be given the opportunity to decide whether or not their personal information will be shared between service agencies such as Centrelink and the Child Support Agency. It is important for individuals to be able to exercise choice and control over the way their information is handled. The OAIC would welcome an approach that places informed individual consent at the centre of any personal information sharing. This approach may minimise the risk of misunderstandings, which can lead to privacy complaints and also promote trust and confidence in the handling of information by Australian Government agencies.

If we can be of further assistance in relation to this matter please contact Ms Sarah Ghali of my Office on (02) 9284 9738 or email sarah.ghali@oaic.gov.au.

Yours sincerely

Timothy Pilgrim

Australian Privacy Commissioner

6 May 2011


Family Violence and Commonwealth Laws - Child Support and Family Assistance (IP 38)

Submission to the Australian Law Reform Commission

April 2011

Submission by Timothy Pilgrim, Australian Privacy Commissioner

Office of the Australian Information Commissioner

  1. The Office of the Australian Information Commissioner (the OAIC) was established by the Australian Information Commissioner Act 2010 (Cth) (the AIC Act) and commenced operation on 1 November 2010.
  2. The OAIC is an independent statutory agency headed by the Australian Information Commissioner. The Information Commissioner is supported by two other statutory officers: the Freedom of Information Commissioner and the Privacy Commissioner.
  3. The former Office of the Privacy Commissioner was integrated into the OAIC on 1 November 2010.
  4. The OAIC brings together the functions of information policy and independent oversight of privacy protection and freedom of information (FOI) in one agency, to advance the development of consistent workable information policy across all Australian government agencies.
  5. The Commissioners of the OAIC share two broad functions:
    • the FOI functions, set out in s 8 of the AIC Act – providing access to information held by the Australian Government in accordance with the Freedom of Information Act 1982 (Cth), and
    • the privacy functions, set out in s 9 of the AIC Act – protecting the privacy of individuals in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and other legislation.
  6. The Information Commissioner also has the information commissioner functions, set out in s 7 of the AIC Act. Those comprise strategic functions relating to information management by the Australian Government.

    Preliminary

  1. The OAIC appreciates the opportunity to make comments to the Australian Law Reform Commission (the ALRC) on the Issues Paper Family Violence and Commonwealth Laws - Child Support and Family Assistance (IP 38) (the Issues Paper) which concerns the treatment of family violence in child support and family assistance laws.[1]
  2. The OAIC strongly supports initiatives to protect the safety of those experiencing family violence and better support those adversely affected by this type of violence.
  3. The OAIC recognises the sensitivity of personal information related to family violence matters and the potential for an individual to be stigmatised, embarrassed or discriminated against as a result of the disclosure or inappropriate sharing of this information. The challenge is to ensure that initiatives contain appropriate privacy safeguards regarding the handling of an individual’s personal information, while providing strong protection against harm from family violence.
  4. The right to privacy is not absolute and in some circumstances, privacy rights will necessarily give way where there is a compelling public interest reason to do so. In these instances, the OAIC seeks to ensure that the solution implemented minimises the intrusion to the fullest extent possible in the circumstances.

Comments on Family Violence and Commonwealth Laws - Child Support and Family Assistance (IP 38)

Information sharing and national registers

  1. The Terms of Reference for the inquiry direct the ALRC to consider whether information sharing across Commonwealth, state and territory agencies is appropriate to protect the safety of those experiencing family violence.[2] In Family Violence — A National Legal Response (ALRC Report 114), the Commission recommended the establishment of a national register, which would include certain information about protection orders and family law orders and Family Law Act injunctions, to improve information sharing and the protection provided for victims of family violence.[3]
  2. The Issues Paper considers whether Centrelink social workers, Indigenous Service Officers and Child Support Agency staff experience difficulties in accessing information about persons who have experienced family violence and obtained a protection order or similar.[4] One option for reform is to provide Centrelink social workers, Indigenous Service Officers and Child Support Agency staff with access to a national register, as recommended in ALRC Report 114, which would ensure they have access to relevant information about court proceedings and orders. The Issues Paper cautions that while access to the register may aid in obtaining relevant documentation to assist those experiencing family violence, extending access in this way may raise privacy concerns.[5]
  3. The OAIC acknowledges the consideration given by the Commission in ALRC Report 114 to privacy and security concerns associated with a national register of this kind. The OAIC welcomes the Commission’s recommendation to underpin the national register with a comprehensive privacy framework and the undertaking of a privacy impact assessment.[6]
  4. As part of its submission to the Family Violence Inquiry, the former Office of the Privacy Commissioner submitted that any proposal to create a national register needs careful consideration from a privacy perspective and that a comprehensive privacy framework should be developed. [7] A comprehensive framework for privacy protection for new systems such as a national register, should be based on the following four key elements:
    5. Design + Technology + Legislation + Oversight
    • Fundamental system design, including system architecture and the parameters governing what information is collected, information flows and consent mechanisms. Ensuring clarity and certainty about how individuals’ personal information will be handled in relation to a national protection order database may lead to greater community trust in the use of the database and handling of personal information by the agencies concerned.
    • Technological measures, including, but not limited to, data security initiatives.
    • Legislative measures, defining the extent of the system, proscribing purposes that fall outside those functions, and introducing sanctions for misusing any aspect of the system. Enabling legislation for a national protection order database should clearly set out who can access the database and for what purpose.
    • Oversight mechanisms that promote confidence in the system by assuring the community that the operation of the system is subject to stringent accountability measures, including provision for audit and independent complaint handling.
  5. Privacy protections should be built into every aspect of a new system from the earliest stages of its conceptualisation. The OAIC considers that adopting this approach will assist in ensuring that the privacy framework is comprehensive, effective and part of the core functionality of the register.
  6. Further, the OAIC agrees with the Commission’s view in ALRC Report 114 that access to the register should occur on a ‘need to know’ basis. [8] It is the view of the OAIC that access to information in the register should only be granted where there is a clear public interest in doing so. Access beyond that which is reasonably necessary for the protection of family violence victims may increase the privacy risks associated with the register and may make it harder to protect personal information from misuse, loss and unauthorised access. In turn, this may ultimately compromise the safety of those who have experienced family violence.

Privacy Impact Assessment

  1. The OAIC strongly encourages the undertaking of a privacy impact assessment (PIA) as part of developing a national protection order register. A PIA is an assessment tool that describes in detail the personal information flows in a project. PIAs, updated at key stages of a project, can be an important tool in project risk management. The primary benefit of a PIA is that the identification and analysis of privacy impacts during the design phase can assist in determining the appropriate management of any potentially negative impacts. A project that underestimates privacy impacts can place its overall success at risk by not meeting the expectations of the community as to how personal information may be handled. PIAs are another aid to engendering community trust in new proposals.
  2. Ideally, a PIA should be conducted by an independent expert in privacy and with experience in managing PIAs. The OAIC has a Privacy Impact Assessment Guide, providing an introduction to the PIA process. The Guide describes the purpose and general features of a PIA.[9] The OAIC would welcome the opportunity to provide further advice and comment as part of the consultation process for a PIA.
  3. In the OAIC’s opinion, the conducting of PIAs, together with the adoption of a comprehensive privacy framework, would help to address the privacy risks associated with the proposed register.

Information sharing and Australian Government agencies

  1. The Issues Paper identifies that in some cases, victims may disclose family violence to one government agency, but not another. They may assume that once one agency is informed about family violence, there is no need to inform the other. To ensure that cases where family violence is feared or has been experienced are dealt with appropriately by relevant agencies, the Issues Paper considers that it may be desirable for Centrelink and the Child Support Agency to share information about cases involving family violence.[10]
  2. The OAIC considers that individuals should be given the opportunity to decide whether or not their personal information will be shared between service agencies such as Centrelink and the Child Support Agency. It is important for individuals to be able to exercise choice and control over the way their information is handled. The OAIC would welcome an approach that places informed individual consent at the centre of any personal information sharing. This approach may minimise the risk of misunderstandings, which can lead to privacy complaints and also promote trust and confidence in the handling of information by Australian Government agencies.

Footnote

[1] Issues Paper available at: http://www.alrc.gov.au/publications/family-violence-child-support-and-family-assistance

[2] Terms of reference available at: http://www.alrc.gov.au/inquiries/family-violence-and-commonwealth-laws/terms-reference

[3] ALRC Report 114, recommendation 30–18

[4] Issues Paper 38, paragraphs 62-65

[5] Ibid, paragraphs 65 and 165

[6] ALRC Report 114, recommendation 30–19

[7] Former Office of the Privacy Commissioner submission, paragraph 41, available at: http://www.privacy.gov.au/materials/types/submissions/view/7095

[8] ALRC Report 114, paragraph 30.237

[9] Available at http://www.privacy.gov.au/materials/types/download/9509/6590

[10] Issues Paper 38, paragraph 68