EXPLANATORY STATEMENT

 

Select Legislative Instrument 2005 No. 301

 

PRIVACY (PRIVATE SECTOR) AMENDMENT REGULATIONS 2005 (No. 1)

The Privacy Act 1988 (the Act) establishes, among other things, the National Privacy Principles (NPPs) which regulate the collection, use, disclosure and storage of personal information by private sector organisations.

NPP 7.2 provides that a private sector organisation must not use or disclose an identifier assigned to an individual by a Commonwealth agency, or by an agent or contracted service provider to that agency, except where:

(a)       the use or disclosure is necessary for the organisation to fulfil its obligations to the agency; or

(b)       the use or disclosure is in support of measures detailed in NPP 2.1(e) to 2.1(h) inclusive to lessen or prevent a threat to the health or safety of an individual or the public, is required or authorised by law, or is in support of law enforcement or prosecution activities; or

(c)       the use or disclosure is by a prescribed organisation of a prescribed identifier in prescribed circumstances.

Subsection 100(1) of the Act provides that the Governor-General may make regulations, not inconsistent with the Act, prescribing matters required or permitted by the Act to be prescribed, or necessary or convenient to be prescribed for carrying out or giving effect to the Act.

In determining the need for a Regulation under section 100 of the Act, Centrelink has consulted extensively the Office of the Privacy Commissioner, the Australian Government Solicitor, the Attorney‑General's Department and the Department of Family and Community Services.

The purpose of the Regulations is to authorise the use and disclosure of the Customer Reference Number, assigned to individuals by Centrelink, by certain private sector organisations so that they can access the 'Centrelink Confirmation eService' for the purpose of determining whether certain individuals are entitled to receive a concession.  These private sector organisations are listed in Schedule 3.

The use and disclosure of the Centrelink Customer Reference Number by each private sector organisation is in each case only for the benefit of the individual concerned.  It enables service providers to access Centrelink's Confirmation eService, with the customer's consent, and determine a customer's eligibility to concessional entitlements.  This removes the need for customers to go into a Centrelink office to get proof of their eligibility for these concessions.  The verification occurs on-line in real time, providing up to date eligibility information.  

Subsection 100(2) of the Act provides that before the Governor-General makes regulations for the purposes of NPP 7.2(c) prescribing an organisation, identifier and circumstances, the Attorney-General must be satisfied that affected agencies have agreed to the use or disclosure, that those agencies have consulted the Privacy Commissioner, and that the use or disclosure can only be for the benefit of the individual concerned. The Attorney-General is satisfied of these matters in relation to the use or disclosure of Customer Reference Numbers by the organisations listed in Schedule 3.

Details of the Regulations are set out in the Attachment.

The Regulations commenced on the day after they were registered.

PRIVACY (PRIVATE SECTOR) AMENDMENT REGULATIONS 2005 (No. 1)

Regulation 1 describes how the Regulations are to be cited.

Regulation 2 provides that the Regulations commence on the day after they are registered.

Regulation 3 provides that the Privacy (Private Sector) Regulations 2001 (the Principal Regulations) are amended in accordance with Schedule 1 of the Regulations.

The Regulations make additions to the Principal Regulations to authorise an exception to National Privacy Principle 7.2 in relation to the use and disclosure of the Customer Reference Number assigned by Centrelink.

Schedule 1, Item 1 defines 'Centrelink'.

Schedule 1, Item 2 inserts a new exception to National Privacy Principle 7.2 in Part 3 of the Principal Regulations. The new exception authorises the use and disclosure by 24 organisations of the Customer Reference Number assigned by Centrelink for the purpose of accessing the Centrelink Confirmation eService in order to determine whether an individual is entitled to receive a concession.

Schedule 1, Item 3 inserts a new schedule 3 in the Principal Regulations listing the organisations that are able to use or disclose the Customer Reference Number.