Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Schedule 7—Personal information that may be relevant for integrity purposes

Schedule 7 Personal information that may be relevant for integrity purposes

   

Crimes Act 1914

1  Subsection 3(1)

Insert:

Commonwealth entity has the meaning given by section 10 of the Public Governance, Performance and Accountability Act 2013 .

integrity purpose means the purpose of preventing, detecting, investigating or dealing with any of the following:

                     (a)  misconduct (within the meaning of the Privacy Act 1988 ) of a serious nature by any of the following:

                              (i)  an official (as defined in section 13 of the Public Governance, Performance and Accountability Act 2013 ) of a Commonwealth entity;

                             (ii)  a person employed by, or in the service of, a Privacy Act agency or a wholly-owned Commonwealth company;

                            (iii)  a person acting on behalf of, or for the purposes of activities of, a Privacy Act agency;

                            (iv)  an officer of a wholly-owned Commonwealth company;

                     (b)  conduct that may have the purpose or effect of inducing misconduct described in paragraph (a);

                     (c)  fraud that has or may have a substantial adverse effect on the Commonwealth or a target entity;

                     (d)  an offence against Chapter 7 of the Criminal Code (which is about the proper administration of Government).

Note 1:       An example of dealing with the matters described in paragraphs (a), (b), (c) and (d) is taking legal proceedings, disciplinary proceedings or other administrative action.

Note 2:       An integrity purpose relating to misconduct of a person covered by a subparagraph of paragraph (a) does not cease to exist merely because the person ceases to be covered by that subparagraph after the misconduct occurs.

personal information has the meaning given by section 6 of the Privacy Act 1988 .

Privacy Act agency has the same meaning as agency has in the Privacy Act 1988 .

sensitive information has the meaning given by section 6 of the Privacy Act 1988 .

substantial adverse effect means an effect that is adverse and not insubstantial, insignificant or trivial.

target entity means:

                     (a)  a Privacy Act agency; or

                     (b)  a wholly-owned Commonwealth company.

Note:          A target entity is an APP entity as defined in section 6 of the Privacy Act 1988 , because it is either an agency or an organisation for the purposes of that Act (as a wholly-owned Commonwealth company is an organisation as defined in section 6C of that Act).

wholly-owned Commonwealth company has the meaning given by section 90 of the Public Governance, Performance and Accountability Act 2013 .

2  Subsection 15YV(3)

Repeal the subsection.

3  After Part VIIC

Insert:

Part VIID Collecting, using and disclosing personal information that may be relevant for integrity purposes

   

86B   Simplified outline of this Part

This Part authorises collection, use and disclosure of personal information for preventing, detecting, investigating or dealing with:

       (a)     serious misconduct by persons working for Commonwealth bodies; or

      (b)     fraud affecting Commonwealth bodies; or

       (c)     offences against Chapter 7 of the Criminal Code (which is about the proper administration of Government).

The authorisation is relevant to laws (such as privacy laws) that limit the collection, use and disclosure of personal information unless authorised by law.

86C  Target entity may collect sensitive information for integrity purpose

                   A target entity may collect for an integrity purpose sensitive information that:

                     (a)  if the target entity is a Privacy Act agency—is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or

                     (b)  if the target entity is a wholly-owned Commonwealth company—is reasonably necessary for one or more of the entity’s functions or activities.

Note:          Subclause 3.3 of Australian Privacy Principle 3 limits the circumstances in which an APP entity may collect sensitive information. This section lets a target entity collect sensitive information for an integrity purpose in circumstances corresponding to those in which it may collect other personal information (see subclauses 3.1 and 3.2 of that Principle).

86D   Target entity may use personal information for integrity purpose

                   A target entity may use personal information for an integrity purpose relating to the entity.

86E   Disclosure of personal information to target entity for integrity purpose

             (1)  This section applies if a law of the Commonwealth or of a State or Territory:

                     (a)  limits disclosure of some or all personal information by a person, body or authority (however described); and

                     (b)  exempts from the limitation a disclosure authorised by a law of the Commonwealth.

Note:          Australian Privacy Principle 6 is an example of such a law of the Commonwealth. The Principle prohibits an APP entity from disclosing personal information for a purpose other than the one for which the entity collected the information, unless the disclosure is authorised under an Australian law or certain other exceptions apply.

             (2)  For the purposes of the exemption, the person, body or authority may disclose to a target entity for an integrity purpose personal information that the person, body or authority reasonably believes is related to one or more of the target entity’s functions or activities.

Limit on subsection (2) for disclosures by target entity

             (3)  Subsection (2) applies to a disclosure by a target entity other than the Australian Federal Police only if it is made for the target entity by a person who is authorised to make disclosures for integrity purposes by:

                     (a)  the accountable authority (within the meaning of the Public Governance, Performance and Accountability Act 2013 ) of the entity, if it is a Commonwealth entity; or

                     (b)  the entity or its principal executive (within the meaning of the Privacy Act 1988 ), if it is a Privacy Act agency other than a Commonwealth entity; or

                     (c)  a director of the entity, if it is a wholly-owned Commonwealth company.

86F   This Part does not limit other laws

                   To avoid doubt, this Part does not impliedly limit other laws (whether written or unwritten) that authorise collection, use or disclosure of personal information.

86G   Guidelines on the operation of this Part

             (1)  The Secretary of the Department may publish guidelines approved by the Information Commissioner on the operation of this Part.

             (2)  Guidelines under subsection (1) are not a legislative instrument.

4  Application

(1)       Section 86C of the Crimes Act 1914 applies to the collection of sensitive information on and after the commencement of that section.

(2)       Section 86D of the Crimes Act 1914 applies to the use of personal information by a target entity on or after the commencement of that section, whether the entity collected the information before, on or after that commencement.

(3)       Section 86E of the Crimes Act 1914 applies to the disclosure of personal information on or after the commencement of that section, whether the person, body or authority making the disclosure collected the information before, on or after that commencement.