- Parliamentary Business
- Senators and Members
- News & Events
- About Parliament
- Visit Parliament
National Disability Insurance Scheme Bill 2013
- Parl No.
- Question No.
Mason, Sen Brett
National Disability Insurance Scheme Bill 2013
- System Id
Table Of ContentsDownload Current Hansard View/Save XML
Previous Fragment Next Fragment
- Start of Business
- Royal Commissions Amendment Bill 2013
- National Disability Insurance Scheme Bill 2013
- QUESTIONS WITHOUT NOTICE
- DISTINGUISHED VISITORS
QUESTIONS WITHOUT NOTICE
(Crossin, Sen Trish, Lundy, Sen Kate)
(McKenzie, Sen Bridget, Conroy, Sen Stephen)
(Hanson-Young, Sen Sarah, Carr, Sen Kim)
(Smith, Sen Dean, Conroy, Sen Stephen)
Freedom of Speech
(Moore, Sen Claire, Wong, Sen Penny)
National Broadband Network
(Birmingham, Sen Simon, Conroy, Sen Stephen)
(Milne, Sen Christine, Conroy, Sen Stephen)
Western Sydney: Regional Development Australia Fund
(Payne, Sen Marise, Conroy, Sen Stephen)
- QUESTIONS WITHOUT NOTICE: TAKE NOTE OF ANSWERS
- MATTERS OF PUBLIC IMPORTANCE
- MINISTERIAL STATEMENTS
- Community Affairs Legislation Committee, Education, Employment and Workplace Relations Legislation Committee
- Legal and Constitutional Affairs Legislation Committee
- Public Works Committee
- Corporations and Financial Services Committee
- Australian Commission for Law Enforcement Integrity Committee
- Migration Committee
- Financial Framework Legislation Amendment Bill (No. 4) 2012, Marine Safety (Domestic Commercial Vessel) National Law Amendment Bill 2013, Migration Amendment (Reform of Employer Sanctions) Bill 2012, Offshore Petroleum and Greenhouse Gas Storage Amendment (Compliance Measures) Bill 2012, Protection of Cultural Objects on Loan Bill 2012, Federal Circuit Court of Australia (Consequential Amendments) Bill 2013
- Stephens, Sen Ursula (The ACTING DEPUTY PRESIDENT)
- Murray-Darling Basin
- Medal of the Order of Australia
- Goulburn Sesquicentenary
- National Close the Gap Day
- National Broadband Network
- Goods and Services Tax
- Creative Industries Plan for Tasmania
- Commonwealth Grants Commission: Report on State Revenue Sharing Relativities
- National Cultural Policy
- Therapeutic Goods Administration
- DISTINGUISHED VISITORS
Tuesday, 19 March 2013
Senator MASON (Queensland) (18:23): I will leave the broader debate surrounding this bill to my colleagues, particularly the ever-eloquent Senator Fifield, and confine my remarks to just one issue: the protection of privacy of individuals under this act. I have spoken about this issue over the years in various different contexts and I do so because privacy reflects the great tension in our democratic life between the quest for individual autonomy on one hand and the impulse for community on the other—a great philosophical, moral, social and political battle. There is never any easy answer, but even here today on the National Disability Scheme Bill 2013 those issues are again alive. I will confine my remarks just to the issue.
I am concerned that in its current form the bill does not adequately protect the privacy concerns that scheme participants and service providers may have in relation to the handling of their data. First, section 60 of the bill allows any person to obtain, make a record of, disclose or otherwise use protected information held by the National Disability Insurance Scheme Launch Transition Agency if it relates to the purposes of the bill. This potentially represents a broad infringement of privacy rights because the objects of the bill, set out in section 3, are highly generic. They include, for example:
… support the independence and social and economic participation of people with disability; and
… … …
raise community awareness of the issues that affect the social and economic participation of people with disability, and facilitate greater community inclusion of people with disability.
These are broad, highly generic terms.
In promoting these wide-ranging objectives, it is the privacy rights of scheme participants that are expected to give way. Moreover, according to subsection 60(3) of the bill, obtaining, recording, disclosing or using information will be taken to be for the purposes of the bill if the CEO of the agency believes on reasonable grounds that it is reasonably necessary to facilitate research or actuarial analysis into matters relevant to the scheme or, even more broadly, to facilitate policy development.
This provides an executive official with considerable discretion over the privacy rights of scheme participants. It is concerning that these rights, under the express terms of the bill, are subject to such generic matters as policy development. Surely, some thought should be given to the development of much clearer guidelines with respect to the exercise of this discretion. I note that such guidelines are not included in any of the draft NDIS rules released on 5 March.
Section 66 of the bill enables the CEO of the agency to disclose NDIS information if the CEO certifies that it is necessary to do so in the public interest. The CEO may also disclose information to the secretary, chief executive or head of a Commonwealth, state or territory department or authority for the purposes of that department or authority.
These provisions significantly expand the disclosure powers of the CEO and might further undermine the privacy rights of scheme participants. The draft NDIS Rules for the Protection and Disclosure of Information do not impose defined guidelines to limit the exercise of the CEO's discretion. For example, in considering whether to issue a public interest certificate, the CEO is required under clause 4.3 of the rules to consider whether:
… the person to whom the information will be disclosed has sufficient interest in the information.
A person will have sufficient interest in NDIS information if the person has:
… a genuine and legitimate interest in the information …
These criteria hardly alleviate concerns about the abrogation of privacy rights under the bill. Indeed, the rules simply replace one set of broad criteria with another. The end result is that there is a threat to privacy rights under the NDIS bill and its accompanying rules as currently drafted.
At section 12.7 of its 2011 inquiry report entitled Disability Care and Support, the Productivity Commission argues that any national disability insurance scheme must preserve the confidentiality and privacy of data provided by scheme participants. The Productivity Commission recommends, among other things: de-identifying scheme data; imposing conditions on how data can be used by researchers, for example, through enforceable undertakings; and requiring researchers to comply with principles regarding responsible and ethical research conduct. These matters are not expressly dealt with in the bill or the draft NDIS rules.
Some protection is afforded under the newly-created Australian Privacy Principles set out in the Privacy Amendment (Enhancing Privacy Protection) Actthat was passed late last year and is due to commence in March 2014. For example, clause 6.4 of the sixth Australian Privacy Principle requires the de-identification of data collected by an agency prior to disclosure to another entity.
However, while the Australian Privacy Principles will apply to the National Disability Insurance Scheme Launch Transition Agency, as a Commonwealth public agency, it is unclear what privacy protections will apply to the handling of information by the wide range of other entities that are likely to be involved in the NDIS. In particular, I note that the 'small business exemption' applying to any business with an annual turnover of less than $3 million has been retained in the formulation of the new Australian Privacy Principles. Further, state public agencies are not covered by the Australian Privacy Principles and not all of the states—specifically Western Australia and South Australia—have in place similar privacy arrangements to the Commonwealth scheme.
In its submission to the Senate Standing Committee on Community Affairs inquiry into the bill, the Office of the Australian Information Commissioner said:
Given the amount of personal information that will be collected and used under the Scheme, it will be important to ensure appropriate and consistent coverage of all participating entities under privacy law.
It is crucial that a uniform approach to privacy protection is mandated under the bill.
I note that the Department of Families, Housing, Community Services and Indigenous Affairs will be conducting a privacy impact assessment in relation to the NDIS. While I welcome this development as a means of considering in further detail the privacy implications of the scheme, it is unfortunate that the Senate could not have had the benefit of this analysis before being called upon to pass the bill and to debate the issues.
It is also disappointing that the Senate standing committee's final report dealt with the privacy implications of the bill in less than two pages, and in those two pages did not really provide any substantive policy analysis. The standing committee's conclusion in relation to the privacy implications of the bill is simply that:
Department officials are scheduled to meet with the Australian Information Commissioner to discuss the concerns outlined in his submission. The Committee anticipates that if any amendment to the provisions that ensure consistency across jurisdictions was required, this would be considered by the Department.
Again, it would have been useful for privacy concerns in relation to the bill to have been properly assessed and brought to the attention of the Senate before the debate here this evening.
The protection of privacy rights is by no means a 'side-issue' that we can allow to slide under the radar. As we saw last week when the government announced its new media law package, Australians do not take the abrogation of privacy rights and freedom of speech lightly. Indeed, the protection of privacy and freedom of speech are foundations of the society that we live in today. It is important that any debate about privacy rights takes place in the public domain upon a consideration of all the relevant circumstances and implications. In the event that the privacy impact assessment finds that there are gaps with respect to privacy protection under the bill, the parliament must ensure that these gaps are remedied without delay by amending the NDIS legislation as passed.