Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Part 4—Gathering and using information

Part 4 Gathering and using information

Division 1 Simplified outline of this Part

36   Simplified outline of this Part

The Secretary may require a reporting entity for, or an operator of, a critical infrastructure asset to provide certain information or documents.

Information, in relation to a critical infrastructure asset, that is obtained under this Act is protected information. The fact that an asset is declared under section 51 to be a critical infrastructure asset is also protected information. If information is disclosed in accordance with Division 3 or subsection 51(3) or 52(4), the information is still protected information.

The making of a record, or the use or disclosure, of protected information is authorised in particular circumstances but is otherwise an offence.

The privilege against self-incrimination does not apply in relation to a requirement to provide information or documents under this Part.

Division 2 Secretary’s power to obtain information or documents

37   Secretary may obtain information or documents from entities

             (1)  This section applies if the Secretary has reason to believe that an entity that is a reporting entity for, or an operator of, a critical infrastructure asset has information or a document that:

                     (a)  is relevant to the exercise of a power, or the performance of a duty or function, under this Act in relation to the asset; or

                     (b)  may assist with determining whether a power under this Act should be exercised in relation to the asset.

Requirement to give information or documents

             (2)  The Secretary may, by notice in writing given to the entity, require the entity to:

                     (a)  give any such information; or

                     (b)  produce any such documents; or

                     (c)  make copies of any such documents and to produce those copies;

to the Secretary within the period, and in the manner, specified in the notice.

Matters to which regard must be had

             (3)  Before giving the entity the notice, the Secretary:

                     (a)  must have regard to the costs that would be likely to be incurred by the entity in complying with the notice; and

                     (b)  may have regard to any other matters the Secretary considers relevant.

Compliance with notice

             (4)  An entity must comply with a notice given to the entity under subsection (2).

Note 1:       This subsection is not subject to the privilege against self-incrimination, but there are limits on the uses to which the information, document or copy may be put (see section 40).

Note 2:       If the entity is not a legal person, see Division 2 of Part 7.

Civil penalty:          150 penalty units.

Matters to be set out in notice

             (5)  The notice must set out the effect of the following provisions:

                     (a)  subsection (4);

                     (b)  Part 5 (enforcement);

                     (c)  sections 137.1 and 137.2 of the Criminal Code (false or misleading information or documents).

Compensation for producing copies of documents

             (6)  An entity is entitled to be paid by the Commonwealth reasonable compensation for complying with a requirement covered by paragraph (2)(c).

38   Copies of documents

             (1)  The Secretary may inspect a document or copy produced under section 37 and may make and retain copies of such a document.

             (2)  The Secretary may retain possession of a copy of a document produced in accordance with a requirement covered by paragraph 37(2)(c).

39   Retention of documents

             (1)  The Secretary may take, and retain for as long as is necessary, possession of a document produced under section 37.

             (2)  The entity otherwise entitled to possession of the document is entitled to be supplied, as soon as practicable, with a copy certified by the Secretary to be a true copy.

             (3)  The certified copy must be received in all courts and tribunals as evidence as if it were the original.

             (4)  Until a certified copy is supplied, the Secretary must, at such times and places as the Secretary thinks appropriate, permit the entity otherwise entitled to possession of the document, or a person authorised by that entity, to inspect and make copies of the document.

40   Self-incrimination

             (1)  An entity is not excused from giving information or producing a document or copy of a document under subsection 37(4) on the ground that the information or the production of the document or copy might tend to incriminate the entity or expose the entity to a penalty.

             (2)  However, in the case of an individual:

                     (a)  the information given or the document or copy produced; or

                     (b)  giving the information or producing the document or copy; or

                     (c)  any information, document or thing obtained as a direct or indirect consequence of giving the information or producing the document or copy;

is not admissible in evidence against the individual:

                     (d)  in criminal proceedings other than proceedings for an offence against section 137.1 or 137.2 of the Criminal Code that relates to this Act; or

                     (e)  in civil proceedings other than proceedings for recovery of a penalty in relation to a contravention of subsection 37(4).

Division 3 Use and disclosure of protected information

Subdivision A Authorised use and disclosure

41   Authorised use and disclosure—performing functions etc.

                   An entity may make a record of, use or disclose protected information if the entity makes the record, or uses or discloses the information, for the purposes of:

                     (a)  exercising the entity’s powers, or performing the entity’s functions or duties, under this Act; or

                     (b)  otherwise ensuring compliance with a provision of this Act.

Note:          This section is an authorisation for the purposes of other laws, including the Australian Privacy Principles.

42   Authorised use and disclosure—other person’s functions etc.

             (1)  The Secretary may:

                     (a)  disclose protected information to a person mentioned in subsection (2); and

                     (b)  make a record of or use protected information for the purpose of that disclosure;

for the purposes of enabling or assisting the person to exercise his or her powers or perform his or her functions or duties.

Note:          This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.

             (2)  The persons to whom the Secretary may disclose protected information are the following:

                     (a)  a Minister of the Commonwealth who has responsibility for any of the following:

                              (i)  national security;

                             (ii)  law enforcement;

                            (iii)  foreign investment in Australia;

                            (iv)  taxation policy;

                             (v)  industry policy;

                            (vi)  promoting investment in Australia;

                           (vii)  defence;

                          (viii)  the regulation or oversight of the relevant industry for the critical infrastructure asset to which the protected information relates;

                     (b)  a Minister of a State, the Australian Capital Territory, or the Northern Territory, who has responsibility for the regulation or oversight of the relevant industry for the critical infrastructure asset to which the protected information relates;

                     (c)  a person employed as a member of staff of a Minister mentioned in paragraph (a) or (b);

                     (d)  the head of an agency (including a Department) administered by a Minister mentioned in paragraph (a) or (b), or an officer or employee of that agency.

43   Authorised disclosure relating to law enforcement

                   The Secretary may disclose protected information to an enforcement body (within the meaning of the Privacy Act 1988 ) for the purposes of one or more enforcement related activities (within the meaning of that Act) conducted by or on behalf of the enforcement body.

Note:          This section is an authorisation for the purposes of other laws, including the Australian Privacy Principles.

44   Secondary use and disclosure of protected information

                   An entity may make a record of, use or disclose protected information if:

                     (a)  the entity obtains the information under this Subdivision (including this section); and

                     (b)  the entity makes the record, or uses or discloses the information, for the purposes for which the information was disclosed to the entity.

Note:          This section is an authorisation for the purposes of other laws, including the Australian Privacy Principles.

Subdivision B Offence for unauthorised use or disclosure

45   Offence for unauthorised use or disclosure of protected information

             (1)  An entity commits an offence if:

                     (a)  the entity obtains information; and

                     (b)  the information is protected information; and

                     (c)  the entity makes a record of, discloses or otherwise uses the information; and

                     (d)  the making of the record, or the disclosure or use, is not authorised under Subdivision A or required by subsection 51(3) or 52(4).

Note 1:       For exceptions to this offence, see section 46.

Note 2:       Information includes the fact that an asset is declared under section 51 to be a critical infrastructure asset (see the definition of protected information in section 5).

Note 3:       If the entity is not a legal person, see Division 2 of Part 7.

Penalty:  Imprisonment for 2 years or 120 penalty units, or both.

             (2)  Section 15.1 of the Criminal Code (extended geographical jurisdiction—category A) applies to an offence against subsection (1).

46   Exceptions to offence for unauthorised use or disclosure

Required or authorised by law

             (1)  Section 45 does not apply if the making of the record, or the disclosure or use, of the information is required or authorised by or under:

                     (a)  a law of the Commonwealth, other than Subdivision A or subsection 51(3) or 52(4); or

                     (b)  a law of a State or Territory prescribed by the rules.

             (2)  For the purposes of subsection (1) of this section, the following laws:

                     (a)  the Corporations Act 2001 , except a provision of that Act prescribed by the rules;

                     (b)  a law, or a provision of a law, of the Commonwealth prescribed by the rules;

are taken not to require or authorise the making of a record, or the disclosure, of the fact that an asset is declared under section 51 to be a critical infrastructure asset.

Good faith

             (3)  Section 45 does not apply to an entity to the extent that the entity makes a record of, discloses or otherwise uses protected information in good faith and in purported compliance with Subdivision A or subsection 51(3) or 52(4).

Person to whom the protected information relates

             (4)  Section 45 does not apply to an entity if:

                     (a)  the entity discloses protected information to the entity to whom the information relates; or

                     (b)  the entity is the entity to whom the protected information relates; or

                     (c)  the making of the record, or the disclosure or use, of the protected information is in accordance with the express or implied consent of the entity to whom the information relates.

Note:          A defendant bears an evidential burden in relation to the matters in this section (see subsection 13.3(3) of the Criminal Code ).

47   No requirement to provide information

                   Except where it is necessary to do so for the purposes of giving effect to this Act, an entity is not to be required to disclose protected information, or produce a document containing protected information, to:

                     (a)  a court; or

                     (b)  a tribunal, authority or person that has the power to require the answering of questions or the production of documents.