Commonwealth Numbered Regulations - Explanatory Statements

[Index] [Search] [Download] [Related Items] [Help]

PRIVACY AMENDMENT (2015 MEASURES NO. 2) REGULATION 2015 (SLI NO 58 OF 2015)

EXPLANATORY STATEMENT

Select Legislative Instrument No. 58, 2015

Issued by the authority of the Attorney-General

 

Privacy Act 1988

Privacy Amendment (2015 Measures No.2) Regulation 2015

 

The Privacy Act 1988 (Cth) (Privacy Act) establishes, among other things, the Australian Privacy Principles (APPs) which regulate the collection, use, disclosure and storage of personal information by APP entities.  Section 100(1) of the Privacy Act provides that the Governor-General may make regulations prescribing matters required or permitted by the Act to be prescribed, or necessary or convenient to be prescribed, for carrying out or giving effect to the Act.

 

Adoption, use or disclosure of government-related identifiers

 

APP 9 deals with the adoption, use or disclosure of government related identifiers by organisations.  APP 9.1 provides that an organisation must not adopt a government identifier in relation to an individual; APP 9.2 provides that an organisation must not use or disclose a government related identifier of an individual; and APP 9.3 provides that regulations may be made to permit the use of government identifiers by organisations.

 

Access to concession benefits and services - DVA Unique Identification Number

 

APP 9.3(a) provides that the adoption, use or disclosure by an organisation of a government related identifier of an individual is authorised if the identifier is prescribed by the regulations.  The Regulation prescribes the DVA Unique Identification Number.  The DVA Unique Identification Number is created by DVA and is used where organisations are unable to successfully match customer and income confirmation using just the DVA File Number (for example, where family members have the same file number). 

 

Access to concession benefits and services -prescribed classes of organisations

 

The Regulation replaces the list of prescribed organisations with prescribed classes of organisations that are permitted to handle certain government related identifiers, specifically the Centrelink Customer Reference Number, the Department of Veterans' Affairs (DVA) File Number and the new DVA Unique Identification Number.  The classes were developed to capture those types of organisations currently in the list of prescribed organisations.  The purpose of the Regulation is to reduce the need for ongoing updates to the list of prescribed organisations while still clearly articulating the types of organisations that can use or disclose the prescribed government related identifiers. The classes of organisations are set out in sub-regulation 17(2) and sub-regulation 18(b)(ii) and cover all organisations currently listed in Schedules 2, 3 and 4 of the Privacy Regulation 2013.

 

Relevantly, there are no changes to the prescribed circumstances in which the government related identifiers may be used or disclosed.  The Regulation facilitates the provision of benefits to individuals (e.g. entitlement to access concessions and other services).

 

In accordance with sub-section 100(2) of the Privacy Act the Department of Human Services and the Department of Veteran's Affairs have agreed the changes are appropriate, the Australian Information Commissioner (Commissioner) has been consulted on the changes and the the changes are for the benefit of the individuals to whom the identifiers relate.

 

Superannuation services

 

Sections 15 and 16 of the Privacy Regulation 2013 permit agencies to disclose government payroll numbers to certain prescribed superannuation organisations in order for those superannuation organisations to provide superannuation services to individuals employed by the agencies.  This amendment updates the list of agencies currently prescribed in Schedule 1 that may disclose Government identifiers for superannuation purposes.

 

In accordance with sub-paragraph 100(3) of the Privacy Act, the superannuation services are "for the benefit of Commonwealth officers or the class of Commonwealth officers" to be listed and the Australian Information Commissioner has been consulted on these amendments.

 

Details of the Regulation are set out in Attachment A.

 

A Statement of Compatibility with Human Rights is set out in Attachment B prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny Act) 2011.

 

Consistent with the requirements of the Legislative Instruments Act 2003 the following were consulted in making the Regulation: the Department of Human Services, Department of Veterans' Affairs, Department of Finance, Department of Industry, Department of Social Services, and the Office of the Australian Information Commissioner.

 

The Office of Best Practice Regulation was consulted on this Regulation and advised that no Regulation Impact Statement was required.

 

The Regulation is a legislative instrument for the purposes of the Legislative Instruments Act 2003.

 

The Regulation commenced on the day after it was registered.

ATTACHMENT A

 

Privacy Amendment (2015 Measures No. 2) Regulation 2015

 

Preliminary

 

Section 1 - Name of Regulation

 

This section provides that the title of the Regulation is the Privacy Amendment (2015 Measures No. 2) Regulation 2015.

 

Section 2 - Commencement

 

This section provides that the Regulation commences on the day after it is registered.

 

Section 3 - Authority

 

This section provides that the proposed Regulation is made under the Privacy Act 1988 (Privacy Act).

Section 4 - Schedule(s)

 

This section provides that amendments or repeals have effect according to the terms set out in the Schedule(s).

 

Section 5 - Definitions

 

This section defines the Centrelink Confirmation eServices scheme for the purposes of sections 17 and 18.

 

This section also defines the Human Services Department and the Human Services Minister for the purposes of the definition of Centrelink Confirmation eServices.

 

Furthermore, this section defines the Department of Veterans' Affairs (DVA) Unique Identification Number for the purposes of section 17.

 

Section 17 - Exceptions to Australian Privacy Principle 9.2-Centrelink Confirmation eServices (customer confirmation and income confirmation)

 

Sub-section 17(1)(a) includes the Customer Reference Number, DVA File Number and the DVA Unique Identification Number as prescribed identifiers.

 

Sub-section 17(1)(b) continues to authorise the adoption, use or disclosure of a government related identifier pursuant to APP 9.3 of the Privacy Act where an organisation is both a participant in the Centrelink Confirmation eServices scheme and falls within a class of organisations prescribed in subsection 17(2).

 

Sub-section 17(1)(c) provides the ways organisations may access services provided under the Centrelink Confirmation eServices scheme to enquire whether an individual is entitled to receive a concession, service or assistance.  The DHS has advised that organisations can only use the Centrelink Confirmation eServices scheme to confirm a customer's eligibility for a concession, rebate or service via secure online services.

 

Sub-section 17(2) replaces Schedule 2 (Centrelink Confirmation eServices (customer confirmation)- prescribed organisations) and Schedule 3 (Centrelink Confirmation eServices (income confirmation)-prescribed organisations) to the Privacy Regulation 2013 by removing individually listed organisations and replacing them with classes of organisations that can use or disclose Customer Reference Numbers, DVA File Numbers and DVA Unique Identification Numbers.

 

There are no changes to the prescribed circumstances in which the government related identifiers may be used or disclosed.  The proposed amendments will facilitate the provision of benefits to individuals (e.g. entitlement to access concessions and other services).

 

Section 18 - Exceptions to Australian Privacy Principle 9.2-Centrelink Confirmation eServices (superannuation confirmation).

 

Sub-section 18(a) establishes a Customer Reference Number as a prescribed identifier.

 

Sub-section 18(b)(i) continues to authorise the adoption, use or disclosure of a government related identifier pursuant to APP 9.3 of the Privacy Act where any organisation is both a participant in the Centrelink Confirmation eServices scheme and is a class of organisations prescribed in subsection 18(b)(ii).

 

Sub-section 18(b)(ii) replaces Schedule 4 (Centrelink Confirmation eServices (superannuation confirmation)-prescribed organisations) to the Privacy Regulation 2013 by removing individually listed organisations and replacing them with a class of organisation that provides superannuation products and services.

 

Sub-section 18(c) sets out the ways organisations may access services provided under the Centrelink Confirmation eServices scheme to enquire whether an individual is entitled to the early release of superannuation on the ground of financial hardship.

 

Schedules

 

Schedule 1 - Agencies

 

This item amends, updates and renumbers the current list of agencies provided in Schedule 1 to the Privacy Regulation 2013.


 

ATTACHMENT B

 

Statement of Compatibility with Human Rights

 

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

 

Privacy Amendment (2015 Measures No. 2) Regulation 2015

 

This Legislative Instrument is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

 

Overview of the Legislative Instrument

 

The Privacy Amendment (2015 Measures No.2) Regulation 2015 amends Part 2 of the Privacy Regulation 2013 by inserting classes of organisations that may adopt, use and disclose the government related identifiers in order to facilitate the provision of benefits to individuals (entitlement to access concessions and other services).

 

Human rights implications

 

This Legislative Instrument engages the right to the protection against arbitrary interference with privacy, protected in Article 17 of the International Covenant on Civil and Political Rights (ICCPR).  The right to privacy in Article 17 of the ICCPR prohibits unlawful or arbitrary interferences with a person's privacy, family, home and correspondence.  In order for an interference with a right not to be 'arbitrary', the interference must be for a reason consistent with the relevant Convention and reasonable in the particular circumstances.

 

The Regulation deals with the use and disclosure of government related identifiers, specifically Commonwealth employee payroll numbers, the Centrelink Customer Reference Number, the Department of Veterans' Affairs (DVA) File Number and the DVA Unique Identification Number.  The Regulation lists those agencies that may use government payroll numbers to provide superannuation services to individuals and also clearly stipulates classes of organisations that are permitted to use or disclose the identifiers in order to provide benefits to individuals.  There are no changes to the prescribed circumstances in which the government related identifiers may be used or disclosed.  These are legitimate objectives consistent with the Privacy Act.

 

Conclusion

 

This Legislative Instrument engages with the right to privacy, through the use and disclosure of personal information, and does so in a reasonable and proportionate way.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback