Natasha Stott Despoja (SA, Australian Democrats) Share this | Hansard source

I move:

That the Senate take note of the answer given by the Minister for Human Services (Senator Ian Campbell) to a question without notice asked by Senator Stott Despoja today, relating to the access card.

The Minister for Human Services, Senator Ian Campbell, almost answered my question in question time today relating to unauthorised access to the ID card—the so-called access card. The issue of privacy breaches and the security surrounding the government’s proposed card is a really serious one. At this stage the legislation and the card itself do not prevent unauthorised access—that is, the legislation does not specifically and explicitly prohibit unauthorised access. My question to the government was whether or not they were prepared to outlaw that, to make it very clear that unauthorised access was prohibited. Beyond that there are a range of other issues; not just the issue of detection but the issue of compensation and the issue of informing people who may be affected by a breach.

I drew the senator’s attention to the fact that in August last year, as we know, more than 100 Centrelink employees were disciplined and/or sacked and/or fined for unauthorised access to information about their clients. I am sure everyone in this place is united in the view that it was inappropriate that unauthorised access took place and it was appropriate that people were disciplined, fined, sacked or resigned—whatever the consequences were. But the issue in that case was that there are no mechanisms under our current laws, and specifically under the Privacy Act, to ensure that those Australians who are adversely affected, whose information is accessed and their privacy breached in some way, are informed about the particular breach. So what we would like to know is whether the government is going to ensure that the legislation dealing with the proposed card will provide for people to be informed about breaches and therefore have some recourse under legislation to compensation or some other provisions.

This is not unusual. We know that in the private sector, for example, when your credit card is stolen or you are subject to identity theft or fraud you can actually be compensated. But under the current legislation there is no prohibition of unauthorised access, there is no way of ensuring that individuals who are adversely affected are informed of that particular breach and therefore there is no mechanism through which they can obtain compensation or an apology or whatever may be appropriate. The focus should be on the harm that is caused to the particular individual whose personal information is snooped or tapped, whether it is photocopied inappropriately or whether someone browses inappropriately. This is not only about the people who do that being disciplined or punished in some way; it is also about ensuring that the harm suffered by those individuals who have had their privacy breached is acknowledged, that it is drawn to their attention and that there are some measures they can take accordingly.

Yes, we support measures to eradicate welfare fraud and to crack down on people who may be rorting the system. But my broad concern at this point is for those 17-plus million Australians who are going to have to apply for this card if they want Medicare benefits. They are not being given any certainty, any guarantees, that their privacy and their personal security will not be affected. If the government tries to suggest that, for example, Commonwealth employees from certain agencies, state employees or even private sector employees are prohibited from unauthorised access, at the moment that is a load of rot. I cannot find a line in the legislation that makes that explicit. Senator Campbell gave an undertaking to me in the chamber today that he would willingly consider amendments or changes to the legislation to beef it up, to make it secure—whatever the case may be. That, I can flag to the government, is one amendment that they will have to consider.

This database, the central database that will be created as a consequence of this card, is going to be a honey pot of information that will be able to be tapped into by individuals, lawfully and in an unauthorised way. That is of great concern to me. It is one of the greatest risks to privacy and security of individuals in this country’s history. Yet we do not have an answer today from the minister that unauthorised access will be prohibited. That just goes to show how this ID card is completely outrageous, and the alacrity with which it is being rammed through this place is shameful. (Time expired)

Question agreed to.