Commonwealth Numbered Regulations - Explanatory Statements

[Index] [Search] [Download] [Related Items] [Help]


PRIVACY (PRIVATE SECTOR) AMENDMENT (CENTRELINK ESERVICES ORGANISATIONS) REGULATION 2013 (SLI NO 67 OF 2013)

EXPLANATORY STATEMENT

 

Select Legislative Instrument 2013 No. 67

 

Issued by the authority of the Attorney-General

 

Privacy Act 1988

 

Privacy (Private Sector) Amendment (Centrelink eServices Organisations) Regulation 2013

 

The Privacy Act 1988 (the Act) regulates the collection, storage, use and disclosure of personal information (as defined in section 6 of the Act) by Commonwealth Government agencies and large private-sector organisations.

Subsection 100(1) of the Act provides that the Governor-General may make regulations, not inconsistent with the Act, prescribing matters required or permitted by the Act to be prescribed, or necessary or convenient to be prescribed for carrying out or giving effect to the Act.

Schedule 3 to the Act contains the National Privacy Principles (NPPs), which apply to private-sector organisations subject to the Act. NPP 7.2 provides that an organisation must not use or disclose an identifier assigned to an individual by an agency, or by an agent or contracted service provider mentioned in NPP 7.1 unless " ... (c) the use or disclosure is by a prescribed organisation of a prescribed identifier in prescribed circumstances". An individual's Medicare number is an example of an 'identifier' for the purposes of NPP 7.2.

Subsection 100(2) of the Act provides that before the Governor-General makes regulations for the purposes of  NPP 7.2(c) the responsible Minister must be satisfied that: (a) the agency or the principal executive of the agency has agreed that adoption, use or disclosure by the organisation of the identifier in the circumstances is appropriate; and (b) the agency or the principal executive of the agency has consulted the Australian Privacy Commissioner (the Commissioner) about adoption, use or disclosure by the organisation of the identifier in the circumstances; and (c) adoption, use or disclosure by the organisation of the identifier in the circumstances is for the benefit of the individual concerned.

The Privacy (Private Sector) Regulations 2001 (the Principal Regulations) contain three sections relating to the use by organisations of an individual's Customer Reference Number (CRN) issued by the Department of Human Services (DHS) through Centrelink, or an individual's File Number issued by the Department of Veterans' Affairs (DVA).  The Principal Regulations allow prescribed organisations to use or disclose an individual's CRN or DVA File Number - with his or her consent - for the purpose of using DHS's Centrelink Confirmation eServices.  This enables Centrelink customers to access concessions and other services, such as subsidised housing, offered by external organisations. 

Regulation 9(1) provides that prescribed organisations may use or disclose an individual's CRN for the purposes of Customer Confirmation; Regulation 10 provides that prescribed organisations may use or disclose an individual's CRN for the purposes of Income Confirmation; and Regulation 11 provides that prescribed organisations may use or disclose an individual's CRN for the purposes of Superannuation Confirmation.

Regulation 9(2) provides that prescribed organisations may use or disclose an individual's DVA File Number - with his or her consent - to access Centrelink Confirmation eServices for the purpose of making a Customer Confirmation enquiry to determine whether the individual is entitled to receive a concession.

The amending Regulation prescribes various additional organisations that may use or disclose CRNs and DVA File Numbers to access Centrelink Confirmation eServices.

DHS has confirmed that the adoption, use or disclosure by these additional organisations of CRNs or DVA File Numbers in the circumstances prescribed by Regulations 9(1), 9(2), 10 and 11 would be for the benefit of the individual concerned.  In addition, DHS has consulted the Commissioner about the amendments. 

The amending Regulation also removes organisations that no longer require access to Centrelink Confirmation eServices and amend the names of prescribed organisations to reflect changes to the names of already listed businesses.

Details of the Regulation are set out in the Attachment.

The Regulation is a legislative instrument for the purposes of the Legislative Instruments Act 2003.

The Regulation commences on the day after it is registered.


ATTACHMENT

 

Privacy (Private Sector) Amendment (Centrelink eServices Organisations) Regulation 2013

Section 1 - Name of Regulation

This section provides that the title of the Regulation is the Privacy (Private Sector) Amendment (Centrelink eServices Organisations) Regulation 2013.

Section 2 - Commencement

This section provides for the Regulation to commence on the day after it is registered.

Section 3 - Authority

This section provides that the Regulation is made under the Privacy Act 1988.

Section 4 - Schedule(s)

This section provides that the Privacy (Private Sector) Regulations 2001 (the Principal Regulations) are amended as set out in Schedule 1.

Schedule 1 - Amendments

Item [1] Schedules 3, 4 and 5

This item substitutes the lists of organisations in Schedules 3, 4 and 5 to the Principal Regulations.

The substituted Part 1 of Schedule 3 renumbers the current list of organisations and includes two additional organisations that are allowed to use and disclose Customer Reference Numbers for the purpose of making a Customer Confirmation enquiry at items 12 and 49 of Schedule 3, Part 1.

The substituted Part 1 makes amendments to reflect changes in the names of 11 prescribed organisations for consistency with their Australian Business Number (ABN) at items 4, 13, 19, 20, 22, 30, 33, 50, 60, 61 and 65 of Schedule 3, Part 1.

The substituted Part 1 deletes three prescribed organisations that no longer require use or disclosure of the Centrelink Customer Reference Number for the purpose of making a Customer Confirmation enquiry.   The current items 3 'AGL Sales (Queensland Electricity) Pty Limited', 25 'IBN Foundation No 1' and 52 'St.George Bank Limited' of Schedule 3, Part 1 are to be deleted.

The substituted Part 1 also makes a minor amendment to the name of one of the prescribed organisations at item 39.

The substituted Part 2 of Schedule 3 renumbers the current list of organisations allowed to use and disclose DVA File Numbers for the purpose of making a Customer Confirmation enquiry and amends the names of seven organisations for consistency with the relevant ABN at items 3, 4, 5, 6, 7, 13 and 16 of Schedule 3, Part 2.

The substituted Part 2 also deletes one prescribed organisation that no longer requires use or disclosure of DVA File Numbers for the purpose of making a Customer Confirmation enquiry.  The current item 12 'Powerdirect Australia Pty Ltd' is to be deleted.

The substituted Schedule 4 renumbers the current list of organisations and includes 21 additional organisations that are allowed to use and disclose the Customer Reference Number for the purpose of making an Income Confirmation enquiry at items 8, 17, 25, 29, 30, 41, 50, 51, 70, 87, 111, 120, 126, 133, 137, 159, 171, 173, 190, 202 and 218 of Schedule 4.

The substituted Schedule 4 amends the names of 18 organisations for consistency with the relevant ABN from the organisations allowed to use Centrelink Confirmation eServices for the purpose of making an Income Confirmation enquiry at items 22, 23, 40, 64, 82, 85, 86, 94, 130, 149, 193, 194, 197, 199, 204, 205, 208 and 216 of Schedule 4.

The substituted Schedule 4 also deletes five prescribed organisations that no longer require use of Centrelink Confirmation eServices for the purpose of making an Income Confirmation enquiry.  The current items 51 'Community Rent Scheme Assoc Townsville Inc', 80 'IBN Foundation No 1', 106 'Metro West Housing Services Limited', 146 'Shadforths Limited' and 196 'Uniting Church in Australia Property Trust' are to be deleted.

The substituted Schedule 5 renumbers the current list of organisations and includes two additional organisations that are allowed to use and disclose the Customer Reference Number for the purpose of making a Superannuation Confirmation enquiry at items 5 and 27 of Schedule 5.

The substituted Schedule 5 amends the names of three organisations for consistency with the relevant ABN at items 17, 19 and 31 of Schedule 5.

The substituted Schedule 5 also makes an amendment to delete four prescribed organisations that no longer require use of Centrelink Confirmation eServices for the purpose of making a Superannuation Confirmation enquiry.  The current items 19 'Old Mutual Australia Limited', 26 'Superannuation Plan for Electrical Contractors Super', 32 'The Trustee for Queensland Independent Education and Care Superannuation Trust',  and 33 'The Trustee for Savings and Loans Members Superannuation Fund' are to be deleted.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

STATEMENT OF COMPATIBILITY WITH HUMAN RIGHTS

 

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

Privacy (Private Sector) Amendment (Centrelink eServices Organisations) Regulation 2013

 

This Regulation is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

 

Overview of the Regulation

 

The Privacy (Private Sector) Regulations 2001 (the Principal Regulations) contain three sections relating to the use by organisations of an individual's Customer Reference Number (CRN) issued by the Department of Human Services (DHS) through Centrelink, or an individual's File Number issued by the Department of Veterans' Affairs (DVA).  The Regulations allow prescribed organisations to use or disclose an individual's CRN or DVA File Number - with his or her consent - for the purpose of using DHS's Centrelink Confirmation eServices.  This enables Centrelink customers to access concessions and other services, such as subsidised housing, offered by external organisations. 

The Regulation substitutes the existing Regulations 9, 10 and 11 of the Privacy (Private Sector) Regulations 2001. The Regulation will commence on the day after it is registered.

 

Regulation 9(1) provides that prescribed organisations may use or disclose an individual's CRN for the purposes of Customer Confirmation; Regulation 10 provides that prescribed organisations may use or disclose an individual's CRN for the purposes of Income Confirmation; and Regulation 11 provides that prescribed organisations may use or disclose an individual's CRN for the purposes of Superannuation Confirmation.

Regulation 9(2) provides that prescribed organisations may use or disclose an individual's DVA File Number - with his or her consent - to access Centrelink Confirmation eServices for the purpose of making a Customer Confirmation enquiry to determine whether the individual is entitled to receive a concession.

The amending Regulation prescribes various additional organisations that may use or disclose CRNs and DVA File Numbers to access Centrelink Confirmation eServices.

DHS has confirmed that the adoption, use or disclosure by these additional organisations of CRNs or DVA File Numbers in the circumstances prescribed by Regulations 9(1), 9(2), 10 and 11 would be for the benefit of the individual concerned.  In addition, DHS has consulted the Australian Privacy Commissioner about the amendments. 

The amending Regulation also removes organisations that no longer require access to Centrelink Confirmation eServices and amend the names of prescribed organisations to reflect changes to the names of already listed businesses.

Human rights implications

 

The Regulation engages the following rights:

 

The right to privacy


Article 17 of the ICCPR provides that:

  1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
  2. Everyone has the right to the protection of the law against such interference or attacks.

The Regulation protects the right to privacy. The prescribed private sector organisations cannot use or disclose CRNs or DVA File Numbers without the consent of the individual concerned. The use or disclosure of CRNs or DVA File Numbers would be for the individual's benefit by providing real-time determinations of eligibility for concessions or services.

 

The requirements under s 100(2) for the making of regulations related to the National Privacy Principle (NPP) 7.2(c) have been satisfied including consultation with the Australian Privacy Commissioner.

 

Conclusion

 

The Regulation is compatible with human rights because it appropriately protects the right to privacy in article 17 of the ICCPR.

 


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback