Christopher Back (WA, Liberal Party) Share this | Hansard source

I certainly would withdraw any suggestion that I was reflecting on another senator in my comment. Senator Moore, I withdraw, through you, Mr Deputy President. It was not my intention; it was simply to point out the importance of this particular bill and to make some comments on the coalition's points. Part of my reason for making that point was to allow Senator Singh an opportunity in having me respond to a comment that she made in introducing the bill. It was the comment she made to my colleagues about the adequacy of time that has been allowed for public consultation. Quite clearly, we see this as further evidence of the failure of the now Labor opposition in this very area. We are again going to see discussion in this place this afternoon about activity that has resulted from inadequate public consultation and opportunity for the wider community to have its say in these areas.

Senator Singh made the point that there had been adequate time for public consultation. I go to last year's submission of the Cyberspace Law and Policy Centre of the Faculty of Law at the University of New South Wales. This very august body highlighted that, despite the apparent adequacy of the time that had been given for consideration by members of the public, it had had just 10 working hours—not 10 days, not 10 weeks, but 10 hours—in which to collaborate, to draft and to finalise its submission. I would see that as a deep insult to any body whose views were genuinely being sought and who might be able to make a useful contribution.

The Australian Privacy Foundation is another body that one might think would make a useful contribution and that the wider community would have a view on and be particularly keen on hearing from. I know that there would be many people wanting to know what the Australian Privacy Foundation's interests are. They said a 'seriously negative impact on the democratic process' was inherent in the provision by the parliament of just 1½ working days—very close to that 10 hours of the Cyberspace Law and Policy Centre—for civil society organisations to discuss, draft and finalise a submission to the committee. I would say to anyone who thinks that 10 hours, or 1½ days, is adequate time for a reputable body to consider, discuss, draft and finalise a submission to the committee, that it as a deep insult. Indeed, regrettably, we on this side continue to regard it as a deep insult.

As we know, the proposed model would create a requirement to notify the Office of the Australian Information Commissioner and affected individuals where there has been a data breach that gives rise to a real risk of serious harm. I would go to your background, Mr Deputy President, in the law enforcement area in Australia. How would you regard the words 'real risk of serious harm'? What is real to you might not be real to me. What is serious to Senator Scullion might not be serious to me. If a crocodile were chasing me, I would be very worried. Senator Scullion, on the other hand, would possibly see it as an opportunity that he would relish. I do not use this term flippantly. I would make the point that it would mean entities would not be required to report less serious privacy breaches to affected individuals or to the commissioner.

Senator Seselja spoke eloquently when he referred to the Australian Federal Police in this same area. He made the point that an unintended consequence might be that it makes the issue more serious, rather than less serious, simply because of the point of definition: what constitutes a serious breach of privacy? The requirement to notify would apply to data breaches involving personal information, credit-reporting information, credit eligibility information and tax file information. All of us in the community would share that concern. We do not want to see our private information—tax file, credit eligibility, banking details and personal information—being made public. All of us in this chamber would support that. The wider community would definitely support that proposition.

The important point to make is that the coalition will not allow the Senate to descend into the failure of the Labor opposition, and that is to rush through the decision-making and consultation process. We will not be pressured into agreeing to a proposal without giving it full and proper consideration. I have considered the points that Senator Seselja has made and the comments by Senator Boyce and my colleague Senator McKenzie in the same context. Senator Singh has introduced this bill without proper consultation, and I say that that is premature. The opposition could have done this in a more timely fashion. They could have informed the government of their proposal earlier. There is no good reason why they did not. I heard Senator Singh adversely commenting on the Attorney-General and his apparent lack of speed in introducing legislation in this area. She could have approached him some time earlier. If the opposition had wanted to address this issue seriously and in a timely fashion, they could have taken the opportunity to consult more widely and more quickly.

We are not opposed to considering the proposals to improve data security practices. They are of universal concern. We see around the world now the ease and speed with which cyberhackers and others can interfere with private data and information. And there are no geographic or national borders when it comes to this situation. But we know that there is more work to be done. We know that we must collaborate with officials in other countries—in Europe, the United States, Canada, New Zealand, the Eastern bloc and Asian countries. But the government is not prepared to agree to a proposal without giving it full and proper consideration. I thank you for the opportunity to comment.

Debate adjourned.