Christine Milne (Tasmania, Australian Greens) Share this | Hansard source

Just to follow up on the answer from the Attorney-General, it interests me that you are bringing in legislation that deals with the security issues, after the fact. Why did we not do that first, before you brought that in as it currently stands? I particularly want to go to what you have just said: that the companies will be required to give an undertaking that, if they store the data offshore, it would be compliant with Australia's privacy requirements. I am interested to know what auditing or enforcement of compliance there will be. A company could easily say, 'Yes, we undertake to be in compliance with Australia's privacy laws,' but store the data offshore. Who is going to audit it? Who is going to enforce it? Where is the compliance?