The Privacy Legislation Amendment (Emergencies and Disasters) Bill 2006 (Bill) introduced into the Senate on 13 September 2006 amends both the Privacy Act 1988 (Act) and the Australian Security Intelligence Organisation Act 1979 (ASIO Act).
The Bill introduces a new Part VIA into the Act, which facilitates the exchange and disclosure of personal information in cases of national emergencies and disasters. While there already are exemptions in the Privacy Act which allow certain agencies to use and disclose personal information in an emergency or disaster situation, the Bill’s explanatory memorandum explains that these provisions are difficult to apply. Practical difficulties with their application were particularly experienced during the Asian Tsunami in December 2004.
Declaration of Emergency
If the Prime Minister is satisfied that an emergency of national significance has occurred in Australia or outside of Australia, that has affected one or more Australian citizens or permanent residents, and that is of such a kind that warrants the exchange of personal information, a declaration of emergency can be made.
The Bill makes it clear that a declaration so made only triggers Part VIA and is not directly related to any other legislative or non-legislative schemes about emergencies. An emergency declaration under Part VIA cannot operate indefinitely; the declaration ceases to have effect at the date stated within the declaration itself or the earlier of: (i) the time the declaration is revoked or (ii) 12 months from the date of the declaration.
Collection, Use or Disclosure of Personal Information
When an emergency declaration is made under Part VIA an entity may collect, use or disclose personal information relating to an individual if the entity reasonably believes that the individual concerned may be involved in the emergency or disaster; the collection, use or disclosure is for a permitted purpose; and the disclosure is to certain prescribed entities.
A permitted purpose is a purpose that is physically, spatially or by some other proximate connection related to action taken by the Commonwealth in response to the emergency. The Bill provides a non-exhaustive list of permitted purposes, including:
identifying individuals who may be injured, missing or dead as a result of the emergency or disaster
assisting individuals involved in the emergency or disaster to obtain services
assisting with law enforcement in relation to the emergency
ensuring people who are responsible (as defined in National Privacy Principle 2.5 of the Privacy Act) for individuals who may be involved in an emergency, are appropriately informed. A responsible person is a parent, child or spouse.
Limits on Collection, Use or Disclosure of Personal Information
The Bill places special limits on the types of bodies to whom agencies, organisations and persons can disclose personal information. For example, disclosures to the media are not permitted. Any disclosures to the media are to be made in accordance with the normal operation of the Act. Collection, use or disclosure of personal information can only occur by an officer or employee of an agency who is authorised to collect, use or disclose personal information.
Unauthorised Secondary Disclosures
The Bill creates an offence for unauthorised secondary disclosures unless they occur in prescribed circumstances. A secondary disclosure is made when a person who receives personal information under Part VIA discloses that information to another person. This offence does not apply to a person who is responsible for the person to whom the personal information pertains.
The circumstances under which the offence will not apply include disclosures:
made by an agency under an Information Privacy Principle
made by an organisation under an approved privacy code in a National Privacy Principle
permitted under Part VIA
made with consent of the individual
made to a court.
Designated Secrecy Provisions>
Where an entity is authorised to disclose personal information under Part VIA, the Bill ensures that it will not be liable for contravening a duty of confidence, an Information Privacy Principle or a secrecy provision, unless it is a designated secrecy provision.
A designated secrecy provision is defined to be certain sections of the ASIO Act; the Inspector-General of Intelligence and Security Act 1986, the Intelligence Services Act 2001 and other provisions of Commonwealth laws prescribed by their regulations for the purpose of this definition.
Amendment to ASIO Act
As a consequence of Part VIA, section 18(3) of the ASIO Act, which is a designated secrecy provision, is amended to allow the information that has come into the possession of ASIO to be communicated in accordance with Part VIA when an emergency declaration is in force.
The content of this article is intended to provide a general guide
to the subject matter. Specialist advice should be sought about your
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
As a licensor or a licensee, here are some tips you should consider when negotiating your next licence agreement.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).