Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015

Bill home page  


Download WordDownload Word


Download PDFDownload PDF

7669

2013-2014-2015

 

The Parliament of the

Commonwealth of Australia

 

THE SENATE

 

 

 

 

 

Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015

 

 

(1)     Schedule 1, item 1, page 3 (line 14), omit “specified in or under section 187AA”, substitute “specified in section 187AA”.

[information to be defined by Act]

(2)     Schedule 1, item 1, page 4 (line 3), omit “ 1992 ); or”, substitute “ 1992 ); and”.

[services to be defined by the Act]

(3)     Schedule 1, item 1, page 4 (lines 4 and 5), omit subparagraph 187A(3)(b)(iii).

[services to be defined by the Act]

(4)     Schedule 1, item 1, page 8 (line 1) to page 9 (line 2), omit subsections 187AA(2) to (5), substitute:

             (2)  For the purposes of items 2, 3, 4 and 6 of the table in subsection (1), 2 or more communications that together constitute a single communications session are taken to be a single communication.

[information to be defined by Act]

(5)     Schedule 1, item 1, page 10 (lines 16 to 34), omit subsections 187C(1) and (2), substitute:

             (1)  The period for which a service provider must keep, or cause to be kept, information or a document under section 187A is the period:

                     (a)  starting when the information or document came into existence; and

                     (b)  ending 3 months after it came into existence.

[closure of customer accounts; period of retention]

(6)     Schedule 1, item 1, page 11 (after line 5), at the end of Division 1, add:

187CA   Information or documents must be kept in Australia

                   A service provider must take all reasonable steps to ensure that information or a document that section 187A requires to be kept is kept in Australia.

[data must be kept in Australia]

(7)     Schedule 1, item 1, page 11 (before line 6), at the end of Division 1, after proposed section 187CA, add:

187CB   Destruction of records

                   If:

                     (a)  information, or a document, is kept, or caused to be kept, by a service provider in accordance with section 187A; and

                     (b)  the period for which the service provider must keep, or cause to be kept, the information or document has ended; and

                     (c)  the information or document is no longer required in relation to billing by the service provider;

the service provider must cause the information or document, including any copies of the information or document, to be destroyed as soon as practicable.

Note:          If a preservation notice is in force under Part 3-1A this section does not apply to require the destruction of any information or documents that are the subject of the preservation notice.

[retained data must be destroyed after retention period]

(8)     Schedule 1, item 1, page 13 (after line 19), after subsection 187G(1), insert:

Copy of any comments must be given to service provider

          (1A)  If the Communications Access Co-ordinat or receives a comment from an enforcement agency or security authority on a data retention implementation plan, the Co-ordinat or must give the service provider a copy of the comment as soon as practicable.

[service providers to receive agency comments]

(9)     Schedule 1, item 1, page 13 (lines 20 to 31), omit subsection 187G(2), substitute:

Request for amendment of original plan

             (2)  If:

                     (a)  the Communications Access Co-ordinat or receives a comment from an enforcement agency or security authority requesting an amendment of the original plan; and

                     (b)  the Co-ordinat or considers the request to be a reasonable one;

the Co-ordinat or must request that the service provider make the amendment within 30 days (the response period ) after receiving the comment or summary.

Note:          The Communications Access Co-ordinat or must give the service provider a copy of the comment as soon as practicable, see subsection (1).

[service providers to receive agency comments]

(10)   Schedule 1, item 1, page 16 (lines 18 and 19), omit “a specified service provider from the obligations imposed on the service provider”, substitute “a specified class of service provider from the obligations imposed on the class of service provider”.

[exemptions to apply to class]

(11)   Schedule 1, item 1, page 16 (line 22), omit “a specified service provider”, substitute “a specified class of service provider”.

[exemptions to apply to class]

(12)   Schedule 1, item 1, page 16 (line 25), omit “a specified service provider”, substitute “a specified class of service provider”.

[exemptions to apply to class]

(13)   Schedule 1, item 1, page 17 (line 8), omit “relating to the service provider”, substitute “relating to the class of service provider of which the service provider is a member”.

[exemptions to apply to class]

(14)   Schedule 1, item 1, page 17 (lines 23 to 27), omit subsection 187K(6), substitute:

             (6)  A decision that is taken under paragraph (5)(b) to have been made in relation to a class of service of providers has effect only until the Communications Access Co-ordinat or makes, and communicates to the service provider that made the application, a decision on the application.

[exemptions to apply to class]

(15)   Schedule 1, item 1, page 17 (after line 27), after subsection 187K(6), insert:

Decision to be published

          (6A)  If a decision is made under subsection (1), or taken to have been made under subsection (5)(b), as soon as practicable:

                     (a)  the decision must be published on the Department’s website; and

                     (b)  the Communications Access Co-ordinat or must take all reasonable steps to notify service providers in the relevant class of service providers.

[exemptions to apply to class]

(16)   Schedule 1, item 1, page 17 (lines 29 and 30), omit “a service provider”, substitute “a class of service providers”.

[exemptions to apply to class]

(17)   Schedule 1, item 1, page 18 (line 1), omit “the service provider’s”, substitute “the class of service providers’”.

[exemptions to apply to class]

(18)   Schedule 1, item 1, page 18 (line 3), omit “the service provider’s”, substitute “the class of service providers’”.

[exemptions to apply to class]

(19)   Schedule 1, item 1, page 18 (line 6), omit “the service provider has identified”, substitute “have been identified by service providers in the relevant class”.

[exemptions to apply to class]

(20)   Schedule 1, item 1, page 19 (lines 11 to 20), omit section 187KB, substitute:

187KB   Commonwealth must make a grant of financial assistance to service providers

             (1)  The Commonwealth must make a grant of financial assistance to a service provider for the purpose of assisting the service provider to comply with the additional costs that service provider’s incur in complying with the service provider’s obligations under this Part.

             (2)  The terms and conditions on which that financial assistance is granted are to be set out in a writt en agreement between the Commonwealth and the service provider.

             (3)  An agreement under subsection (2) may be entered into on behalf of the Commonwealth by the Minister.

[costs must be paid]

(21)   Schedule 1, page 22 (after line 15), after Part 1, insert:

Part 1A Amendments relating to authorisations

Telecommunications (Interception and Access) Act 1979

1AA  Subsection 174(1)

Repeal the subsection, substitute:

             (1)  Sections 276, 277 and 278 of the Telecommunications Act 1997 do not prohibit a disclosure by a person (the holder ) of information or a document to the Organisation if:

                     (a)  the disclosure is in connection with the performance by the Organisation of its functions; and

                     (b)  the information or documents would be likely to assist in connection with the performance of those functions in relation to a serious contravention.

1AB  Subsection 175(3)

Repeal the subsection, substitute:

             (3)  The eligible person must not make the authorisation unless he or she is satisfied that:

                     (a)  the disclosure would be in connection with the performance by the Organisation of its functions; and

                     (b)  the information or documents that would be likely to be obtained by the disclosure under the authorisation would be likely to assist in connection with the performance of those functions in relation to a serious contravention.

1AC  Subsection 176(4)

Repeal the subsection, substitute:

Limits on making the authorisation

             (4)  The eligible person must not make the authorisation unless he or she is satisfied that:

                     (a)  the disclosure would be in connection with the performance by the Organisation of its functions; and

                     (b)  the information or documents that would be likely to be obtained by the disclosure under the authorisation would be likely to assist in connection with the performance of those functions in relation to a serious contravention.

1AD  Subsections 177(1) and (2)

Repeal the subsections, substitute:

             (1)  Sections 276, 277 and 278 of the Telecommunications Act 1997 do not prevent a disclosure by a person (the holder ) of information or a document to an enforcement agency if the disclosure is reasonably necessary for the investigation of a serious contravention.

1AE  Section 178 (heading)

Repeal the heading, substitute:

178   Authorisations for access to existing information or documents

1AF  Subsection 178(3)

Repeal the subsection, substitute:

             (3)  The authorised officer must not make the authorisation unless he or she is satisfied that the disclosure is reasonably necessary for the investigation of a serious contravention.

1AG  Section 179

Repeal the section.

1AH  Paragraph 186(1)(b)

Repeal the paragraph.

[access limited to serious contraventions]

(22)   Schedule 1, item 1C, page 23 (line 26), omit “journalist information warrants”, substitute “data authorisation warrants”.

[data authorisation warrant]

(23)   Schedule 1, item 1C, page 23 (line 28), omit “journalist information warrants”, substitute “data authorisation warrants”.

[data authorisation warrant]

(24)   Schedule 1, item 5, page 28 (before line 32), before the definition of Defence Minister , insert:

data authorisation warrant means a warrant issued under Division 4C of Part 4-1.

[data authorisation warrant]

(25)   Schedule 1, item 5, page 29 (after line 8), after the definition of infrastructure , insert:

journalist means a person who is engaged and active in the publication of news and who may be given information by a source in the expectation that the information may be disseminated in the form of:

                     (a)  news, current affairs or a documentary; or

                     (b)  commentary, observations or opinion on, or analysis of, news, current affairs or a documentary.

[definition of journalist]

(26)   Schedule 1, item 5, page 29 (lines 9 and 10), omit the definition of journalist information warrant .

[data authorisation warrant]

(27)   Schedule 1, item 5, page 29 (lines 26 to 29) omit paragraphs (a) and (b) of the definition of source , substitute:

                     (a)  to another journalist; and

                     (b)  in the normal course of the other person’s work as a journalist; and

[definition of journalist]

(28)   Schedule 1, item 6E, page 31 (lines 23 to 30), omit paragraph 176(5)(b), substitute:

                     (b)  unless it is revoked earlier, ends at the time specified in the authorisation, which must be a time that is no later than the end of the period specified under section 180N as the period for which the warrant is to remain in force.

[data authorisation warrant]

(29)   Schedule 1, item 6F, page 32 (lines 7 to 13), omit paragraph 176(6)(b), substitute:

                     (b)  either:

                              (i)  the warrant is revoked under subsection 180N(1); or

                             (ii)  the Director-General of Security has informed the Minister under section 180P that the Director-General is satisfied that the grounds on which the warrant was issued have ceased to exist.

[data authorisation warrant]

(30)   Schedule 1, item 6G, page 32 (lines 17 to 24), omit paragraph 180(6)(b), substitute:

                     (b)  unless it is revoked earlier, ends at the time specified in the authorisation, which must be a time that the end of the period specified under subsection 180U(3) as the period for which the warrant is to remain in force.

[data authorisation warrant]

(31)   Schedule 1, item 6H, page 33 (lines 1 to 3), omit paragraph 180(7)(b), substitute:

                     (b)  the warrant is revoked under subsection 180W(1).

[data authorisation warrant]

(32)   Schedule 1, item 6L, page 33 (line 23) to page 43 (line 28), omit the item, substitute:

6L  After Division 4B of Part 4-1

Insert:

Division 4C Data authorisation warrant

Subdivision A The requirement for data authorisation warrant

180G   The Organisation

                   An eligible person (within the meaning of subsection 175(2) or 176(2), as the case requires) must not make an authorisation under Division 3 that would authorise the disclosure of information or documents relating to a particular person unless a data authorisation warrant is in force in relation to that particular person.

180H   Enforcement agencies

             (1)  An authorised officer of an enforcement agency must not make an authorisation under section 178, 178A or 180 that would authorise the disclosure of information or documents relating to a particular person unless a data authorisation warrant is in force, in relation to that particular person, under which authorised officers of the agency may make authorisations under that section.

             (2)  An authorised officer of the Australian Federal Police must not make an authorisation under Division 4A that would authorise the disclosure of information or documents relating to a particular person unless a data authorisation warrant is in force, in relation to that particular person, under which authorised officers of the agency may make authorisations under that Division.

Subdivision B Issuing data authorisation warrants to the Organisation

180J   Requesting a data authorisation warrant

             (1)  The Director-General of Security may request the Minister to issue a data authorisation warrant in relation to a particular person.

             (2)  The request must specify the facts and other grounds on which the Director-General considers it necessary that the warrant be issued.

180K   Further information

             (1)  The Minister may require the Director-General of Security to give to the Minister, within the period specified in the requirement, further information in connection with a request under this Subdivision.

             (2)  If the Director-General breaches the requirement, the Minister may:

                     (a)  refuse to consider the request; or

                     (b)  refuse to take any action, or any further action, in relation to the request.

180L   Issuing a data authorisation warrant

             (1)  After considering a request under section 180J, the Minister must:

                     (a)  issue a data authorisation warrant that authorises the making of authorisations under Division 3 in relation to the particular person to which the request relates; or

                     (b)  refuse to issue a data authorisation warrant.

             (2)  The Minister must not issue a data authorisation warrant unless the Minister is satisfied that:

                     (a)  the Organisation’s functions would extend to the making of authorisations under Division 3 in relation to the particular person; and

                     (b)  the public interest in issuing the warrant outweighs the public interest in protecting privacy, having regard to:

                              (i)  the extent to which the privacy of any person or persons would be likely to be interfered with by the disclosure of information or documents under authorisations that are likely to be made under the authority of the warrant; and

                             (ii)  the gravity of the matter in relation to which the warrant is sought; and

                            (iii)  the extent to which that information or those documents would be likely to assist in the performance of the Organisation’s functions; and

                            (iv)  whether reasonable attempts have been made to obtain the information or documents by other means; and

                             (v)  any submissions made by a Public Interest Advocate under section 180X; and

                            (vi)  any other matters the Minister considers relevant.

             (3)  A data authorisation warrant issued under this section may specify conditions or restrictions relating to making authorisations under the authority of the warrant.

180M   Issuing a data authorisation warrant in an emergency

             (1)  The Director-General of Security may issue a data authorisation warrant in relation to a particular person if:

                     (a)  a request under section 180J has been made for the issue of a data authorisation warrant in relation to the particular person; and

                     (b)  the Minister has not, to the knowledge of the Director-General, made a decision under section 180L in relation to the request; and

                     (c)  within the preceding period of 3 months:

                              (i)  the Minister has not refused to issue a data authorisation warrant in relation to the particular person; and

                             (ii)  the Director-General has not issued such a data authorisation warrant; and

                     (d)  the Director-General is satisfied that, security will be, or is likely to be, seriously prejudiced if the access to which the request relates does not begin before a data authorisation warrant can be issued and made available by the Minister; and

                     (e)  either:

                              (i)  the issuing of the warrant is authorised under subsection (3); or

                             (ii)  the Director-General is satisfied that none of the Ministers specified in subsection (4) is readily available or contactable.

             (2)  The Director-General must not issue a data authorisation warrant unless the Director-General is satisfied as to the matters set out in paragraphs 180L(2)(a) and (b).

Authorisation to issue a warrant under this section

             (3)  A Minister specified in subsection (4) may, if he or she is satisfied as to the matter set out in paragraphs 180L(2)(a) and (b), orally give an authorisation under this subsection for the Director-General to issue the warrant under this section.

             (4)  The Ministers who may orally give an authorisation are:

                     (a)  the Minister; or

                     (b)  if the Director-General is satisfied that the Minister is not readily available or contactable—any of the following Ministers:

                              (i)  the Prime Minister;

                             (ii)  the Defence Minister;

                            (iii)  the Foreign Affairs Minister.

             (5)  The authorisation may specify conditions or restrictions relating to issuing the warrant.

             (6)  The Director-General must ensure that a written record of an authorisation given under subsection (3) is made as soon as practicable (but no later than 48 hours) after the authorisation is given.

Duration of a warrant under this section

             (7)  A data authorisation warrant under this section must specify the period (not exceeding 48 hours) for which it is to remain in force. The Minister may revoke the warrant at any time before the end of the specified period.

Copies of warrant and other documents

             (8)  Immediately after issuing a data authorisation warrant under this section, the Director-General must give the Minister:

                     (a)  a copy of the warrant; and

                     (b)  a statement of the grounds on which the warrant was issued; and

                     (c)  either:

                              (i)  a copy of the record made under subsection (6); or

                             (ii)  if the Director-General was satisfied as mentioned in subparagraph (1)(e)(ii)—a summary of the facts of the case justifying issuing the warrant.

             (9)  Within 3 business days after issuing a data authorisation warrant under this section, the Director-General must give the Inspector-General of Intelligence and Security:

                     (a)  a copy of the warrant; and

                     (b)  either:

                              (i)  a copy of the record made under subsection (6); or

                             (ii)  if the Director-General was satisfied as mentioned in subparagraph (1)(e)(ii)—a summary of the facts of the case justifying issuing the warrant.

           (10)  Subsection (9) has effect despite subsection 185D(1).

180N   Duration of a data authorisation warrant

                   A data authorisation warrant issued under section 180L must specify the period (not exceeding 6 months) for which it is to remain in force. The Minister may revoke the warrant at any time before the end of the specified period.

180P   Discontinuance of authorisations before expiry of a data authorisation warrant

                   If, before a data authorisation warrant issued under this Subdivision ceases to be in force, the Director-General of Security is satisfied that the grounds on which the warrant was issued have ceased to exist, he or she must:

                     (a)  forthwith inform the Minister accordingly; and

                     (b)  takes such steps as are necessary to ensure that the making of authorisations under the authority of the warrant is discontinued.

Subdivision C Issuing data authorisation warrants to enforcement agencies

180Q   Enforcement agency may apply for a data authorisation warrant

             (1)  An enforcement agency may apply to a Part 4-1 issuing authority for a data authorisation warrant in relation to a particular person.

             (2)  The application must be made on the agency’s behalf by:

                     (a)  if the agency is referred to in subsection 39(2)—a person referred to in that subsection in relation to that agency; or

                     (b)  otherwise:

                              (i)  the chief officer of the agency; or

                             (ii)  an officer of the agency (by whatever name called) who holds, or is acting in, an office or position in the agency nominated under subsection (3).

             (3)  The chief officer of the agency may, in writing, nominate for the purposes of subparagraph (2)(b)(ii) an office or position in the agency that is involved in the management of the agency.

             (4)  A nomination under subsection (3) is not a legislative instrument .

             (5)  The application may be made in writing or in any other form.

Note:          The Electronic Transactions Act 1999 deals with giving information in writing by means of an electronic communication.

180R   Further information

             (1)  The Part 4-1 issuing authority may require:

                     (a)  in any case—the chief officer of the agency; or

                     (b)  if the application is made, on the agency’s behalf, by a person other than the chief officer—that other person;

to give to the Part 4-1 issuing authority, within the period and in the form specified in the requirement, further information in connection with the application.

             (2)  If the chief officer or other person breaches the requirement, the Part 4-1 issuing authority may:

                     (a)  refuse to consider the application; or

                     (b)  refuse to take any action, or any further action, in relation to the application.

180S   Oaths and affirmations

             (1)  Information given to the Part 4-1 issuing authority in connection with the application must be verified on oath or affirmation.

             (2)  For the purposes of this section, the Part 4-1 issuing authority may:

                     (a)  administer an oath or affirmation; or

                     (b)  authorise another person to administer an oath or affirmation.

The oath or affirmation may be administered in person, or by telephone, video call, video link or audio link.

180T   Issuing a data authorisation warrant

             (1)  After considering an application under section 180Q, the Part 4-1 issuing authority must:

                     (a)  issue a data authorisation warrant that authorises the making of authorisations under one or more of sections 178, 178A and 180, or Division 4A, in relation to the particular person to which the application relates; or

                     (b)  refuse to issue a data authorisation warrant.

             (2)  The Part 4-1 issuing authority must not issue a data authorisation warrant unless the Part 4-1 issuing authority is satisfied that:

                     (a)  the warrant is reasonably necessary for whichever of the following purposes are applicable:

                              (i)  if the warrant would authorise the making of authorisations under section 178—for the enforcement of a serious contravention;

                             (ii)  if the warrant would authorise the making of authorisations under section 178A—finding a person who the Australian Federal Police, or a Police Force of a State, has been notified is missing;

                            (iii)  if the warrant would authorise the making of authorisations under section 180—the investigation of an offence of a kind referred to in subsection 180(4);

                            (iv)  if the warrant would authorise the making of authorisations under Division 4A—the investigation of a serious foreign contravention; and

                     (b)  the public interest in issuing the warrant outweighs the public interest in protecting privacy, having regard to:

                              (i)  the extent to which the privacy of any person or persons would be likely to be interfered with by the disclosure of information or documents under authorisations that are likely to be made under the authority of the warrant; and

                             (ii)  the gravity of the matter in relation to which the warrant is sought; and

                            (iii)  the extent to which that information or those documents would be likely to assist in relation to that matter; and

                            (iv)  whether reasonable attempts have been made to obtain the information or documents by other means; and

                             (v)  any submissions made by a Public Interest Advocate under section 180X; and

                            (vi)  any other matters the Part 4-1 issuing authority considers relevant.

180U   Form and content of a data authorisation warrant

             (1)  A data authorisation warrant issued under this Subdivision must be in accordance with the prescribed form and must be signed by the Part 4-1 issuing authority who issues it.

             (2)  A data authorisation warrant issued under this Subdivision may specify conditions or restrictions relating to making authorisations under the authority of the warrant.

             (3)  A data authorisation warrant issued under this Subdivision must specify, as the period for which it is to be in force, a period of up to 90 days.

             (4)  A Part 4-1 issuing authority must not vary a data authorisation warrant issued under this Subdivision by extending the period for which it is to be in force.

             (5)  Neither of subsections (3) and (4) prevents the issue of a further warrant under this Act in relation to a person, in relation to which a warrant under this Act has, or warrants under this Act have, previously been issued.

180V   Entry into force of a data authorisation warrant

                   A data authorisation warrant issued under this Subdivision comes into force when it is issued.

180W   Revocation of a data authorisation warrant by chief officer

             (1)  The chief officer of an enforcement agency:

                     (a)  may, at any time, by signed writing, revoke a data authorisation warrant issued under this Subdivision to the agency; and

                     (b)  must do so, if he or she is satisfied that the grounds on which the warrant was issued to the agency have ceased to exist.

             (2)  The chief officer of an enforcement agency may delegate his or her power under paragraph (1)(a) to a certifying officer of the agency.

Subdivision D Miscellaneous

180X   Public Interest Advocates

             (1)  The Prime Minister shall declare, in writing, one or more persons to be Public Interest Advocates.

             (2)  A Public Interest Advocate may make submissions:

                     (a)  to the Minister about matters relevant to:

                              (i)  a decision to issue, or refuse to issue, a data authorisation warrant under section 180L; or

                             (ii)  a decision about the conditions or restrictions (if any) that are to be specified in such a warrant; or

                     (b)  to a Part 4-1 issuing authority about matters relevant to:

                              (i)  a decision to issue, or refuse to issue, the warrant under section 180T; or

                             (ii)  a decision about the conditions or restrictions (if any) that are to be specified in such a warrant; or

             (3)  The regulation s may prescribe matters relating to the performance of the role of a Public Interest Advocate.

             (4)  A declaration under subsection (1) is not a legislative instrument .

[data authorisation warrant]

(33)   Schedule 1, item 6V, page 46 (line 11) to page 47 (line 29), omit the item, substitute:

6V  At the end of Division 6 of Part 4-1

Add:

182A   Disclosure/use offences: data authorisation warrants

             (1)  A person commits an offence if:

                     (a)  the person discloses or uses information; and

                     (b)  the information is about any of the following:

                              (i)  whether a data authorisation warrant (other than such a warrant that relates only to section 178A) has been, or is being, requested or applied for;

                             (ii)  the making of such a warrant;

                            (iii)  the existence or non-existence of such a warrant;

                            (iv)  the revocation of such a warrant.

Penalty:   Imprisonment for 2 years.

             (2)  A person commits an offence if:

                     (a)  the person discloses or uses a document; and

                     (b)  the document consists (wholly or partly) of any of the following:

                              (i)  a data authorisation warrant (other than such a warrant that relates only to section 178A);

                             (ii)  the revocation of such a warrant.

Penalty:  Imprisonment for 2 years.

182B   Permitted disclosure or use: data authorisation warrants

                   Paragraphs 182A(1)(a) and (2)(a) do not apply to a disclosure or use of information or a document if:

                     (a)  the disclosure or use is for the purposes of the warrant, revocation or notification concerned; or

                     (b)  the disclosure or use is reasonably necessary:

                              (i)  to enable the making of submissions under section 180X; or

                             (ii)  to enable a person to comply with his or her obligations under section 185D or 185E; or

                            (iii)  to enable the Organisation to perform its functions; or

                            (iv)  to enforce the criminal law; or

                             (v)  to enforce a law imposing a pecuniary penalty; or

                            (vi)  to protect the public revenue; or

                     (c)  in the case of a disclosure—the disclosure is:

                              (i)  to an IGIS official for the purpose of the Inspector-General of Intelligence and Security exercising powers, or performing functions or duties, under the Inspector-General of Intelligence and Security Act 1986 ; or

                             (ii)  by an IGIS official in connection with the IGIS official exercising powers, or performing functions or duties, under that Act; or

                     (d)  in the case of a u se—the use is by an IGIS official in connection with the IGIS official exercising powers, or performing functions or duties, under the Inspector-General of Intelligence and Security Act 1986 .

Note:          A defendant bears an evidential burden in relation to the matter in this section (see subsection 13.3(3) of the Criminal Code ).

[data authorisation warrant]

(34)   Schedule 1, item 6X, page 48 (line 1) to page 49 (line 36), omit section 185D, substitute:

185D   Notification etc. of authorisations

The Organisation

             (1)  If:

                     (a)  a data authorisation warrant is issued under Subdivision B of Division 4C of Part 4-1; and

                     (b)  the warrant relates to a person who:

                              (i)  is a journalist; or

                             (ii)  is an employer of a journalist;

then:

                     (b)  the Director-General of Security must, as soon as practicable, give a copy of the warrant to the Inspector-General of Intelligence and Security; and

                     (c)  the Minister must, as soon as practicable, cause the Parliamentary Joint Committee on Intelligence and Security to be notified of the issuing of the warrant.

             (2)  If an authorisation under Division 3 of Part 4-1 is made under the authority of the warrant, the Director-General of Security must, as soon as practicable after the expiry of the warrant, give a copy of the authorisation to the Inspector-General of Intelligence and Security.

             (3)  If:

                     (a)  the Inspector-General gives to the Minister a report under section 22 or 25A of the Inspector-General of Intelligence and Security Act 1986 ; and

                     (b)  the report relates (wholly or partly) to one or both of the following:

                              (i)  a data authorisation warrant issued to the Organisation in relation to a person who is a journalist, or an employer of a journalist;

                             (ii)  one or more authorisations referred to in subsection (2) of this section;

the Minister must, as soon as practicable, cause a copy of the report to be given to the Parliamentary Joint Committee on Intelligence and Security.

             (4)  The Parliamentary Joint Committee on Intelligence and Security may request a briefing from the Inspector-General on:

                     (a)  a data authorisation warrant; or

                     (b)  an authorisation or authorisations;

to which a report referred to in paragraph (3)(b) of this section relates.

Enforcement agencies

             (5)  If:

                     (a)  a data authorisation warrant is issued to an enforcement agency; and

                     (b)  the warrant relates to a person who:

                              (i)  is a journalist; or

                             (ii)  is an employer of a journalist;

then:

                     (a)  if the agency was the Australian Federal Police:

                              (i)  the Commissioner of Police must, as soon as practicable, give copies of the warrant to the Minister and the Ombudsman ; and

                             (ii)  the Minister must, as soon as practicable after receiving a copy, cause the Parliamentary Joint Committee on Intelligence and Security to be notified of the issuing of the warrant; and

                     (b)  otherwise—the chief officer of the agency must, as soon as practicable, give a copy of the warrant to the Ombudsman.

             (6)  If an authorisation under Division 4 of Part 4-1 is made under the authority of the warrant, the chief officer of the agency must, as soon as practicable after the expiry of the warrant, give a copy of the authorisation to the Ombudsman.

             (7)  If:

                     (a)  the Ombudsman gives to the Minister a report under section 186J of this Act; and

                     (b)  the report relates (wholly or partly) to one or both of the following:

                              (i)  a data authorisation warrant issued to the Australian Federal Police in relation to a person who is a journalist, or an employer of a journalist;

                             (ii)  one or more authorisations, referred to in subsection (6) of this section, that were made by one or more authorised officers of the Australian Federal Police;

the Minister must, as soon as practicable, cause a copy of the report to be given to the Parliamentary Joint Committee on Intelligence and Security.

             (8)  The Parliamentary Joint Committee on Intelligence and Security may request a briefing from the Ombudsman on:

                     (a)  a data authorisation warrant; or

                     (b)  an authorisation or authorisations;

to which a report referred to in paragraph (7)(b) of this section relates.

[data authorisation warrant]

(35)   Schedule 1, item 6Y, page 51 (lines 16 to 21), omit paragraphs 186(1)(i) and (j), substitute:

                      (i)  the number of data authorisation warrants issued to the agency under Subdivision C of Division 4C of Part 4-1; and

[data authorisation warrant]

(36)   Schedule 2, items 3 and 4, page 56 (line 12) to page 62 (line 4), to be opposed.

[enforcement agencies to be defined by the Act]

(37)   Schedule 2, item 6, page 63 (lines 6 to 10), omit the item, substitute:

6  Subsection 5(1) (definition of criminal law-enforcement agency )

Omit “paragraphs (a) to (k)”, substitute “paragraphs (a) to (l)”.

[enforcement agencies to be defined by the Act]

(38)   Schedule 2, item 7, page 63 (lines 11 to 13), omit the item, substitute:

7  Subsection 5(1) (definition of enforcement agency )

Repeal the definition, substitute:

enforcement agency means:

                     (a)  the Australian Federal Police; or

                     (b)  a Police Force of a State; or

                     (c)  the Australian Commission for Law Enforcement Integrity; or

                     (d)  the ACC; or

                     (e)  the Australian Customs and Border Protection Service; or

                      (f)  the Crime Commission; or

                     (g)  the Independent Commission Against Corruption; or

                     (h)  the Police Integrity Commission; or

                      (i)  the IBAC; or

                      (j)  the Crime and Corruption Commission of Queensland; or

                     (k)  the Corruption and Crime Commission; or

                      (l)  the Independent Commissioner Against Corruption; or

                    (m)  a body or organisation responsible to the Ministerial Council for Police and Emergency Management-Police; or

                     (n)  the CrimTrac Agency; or

                     (o)  any body whose functions include:

                              (i)  administering a law imposing a pecuniary penalty; or

                             (ii)  administering a law relating to the protection of the public revenue.

[enforcement agencies to be defined by the Act]

(39)   Schedule 2, item 8, page 63 (lines 14 to 24), to be opposed .

[enforcement agencies to be defined by the Act]

(40)   Schedule 2, Part 2, page 68 (after line 12), at the end of the Part, add:

47A  At the end of Division 6 of Part 4-1

Add:

Division 7 Destruction of information or documents

182C   Destruction of information or documents obtained under authorisation

Authorisations under Division 3 by the Organisation

             (1)  If:

                     (a)  information, or a document, that was obtained by the Organisation in accordance with an authorisation under Division 3 is in the Organisation’s possession; and

                     (b)  the Director-General of Security is satisfied that the information or document is no longer required, and is not likely to be required, in connection with the purpose for which the authorisation was given;

the Director-General of Security must cause the information or document, including any copies of the information or document, to be destroyed as soon as practicable.

Authorisations under Division 4 by an enforcement agency

             (2)  If:

                     (a)  information, or a document, that was obtained by an enforcement agency in accordance with an authorisation under Division 4 is in an enforcement agency’s possession; and

                     (b)  the head (however described) of the agency is satisfied that the information or document is no longer required, and is not likely to be required, in connection with the purpose for which the authorisation was given;

the head (however described) of the enforcement agency must cause the information or document, including any copies of the information or document, to be destroyed as soon as practicable.

Authorisations under Division 4A by the Australian Federal Police

             (3)  If:

                     (a)  information, or a document, that was obtained by the Australian Federal Police in accordance with an authorisation under Division 4A is in the Australian Federal Police’s possession; and

                     (b)  the Commissioner of Police is satisfied that the information or document is no longer required, and is not likely to be required, in connection with the purpose for which the authorisation was given;

the Commissioner of Police must cause the information or document, including any copies of the information or document, to be destroyed as soon as practicable.

[disclosed data must be destroyed]

(41)   Schedule 3, item 6, page 75 (line 2) omit “section 178, 178A, 179 or 180”, substitute “section 178, 178A or 180”.

[access limited to serious contraventions]

(42)   Schedule 3, item 6, page 75 (lines 6 and 7) omit “subsection 178(3), 178A(3), 179(3) or 180(4)”, substitute “subsection 178(3), 178A(3) or 180(4)”.

[access limited to serious contraventions]

(43)   Schedule 3, item 7, page 77 (after line 29), after subsection 186B(1), insert:

          (1A)  For the purposes of paragraph (1)(a), the Ombudsman must inspect the records of each enforcement agency at least once every 6 months in relation to authorisations under Division 3, 4 or 4A of Part 4-1.

[ Ombudsman must inspect records every 6 months]