Anne Ruston (SA, Liberal Party) Share this | Hansard source

I too rise to speak on the Privacy Amendment (Privacy Alerts) Bill 2014, which contains proposed amendments to the Privacy Act. It is really disappointing that for the second time in a week we are standing here and discussing a bill that we support in principle. The concept of improving the provisions of security around privacy of information is something that I do not think anybody in this place would dispute as being a terribly important thing for us to do to maximise the protection of individuals. It is very frustrating that, instead of being able to stand up here today and say how fabulous this bill is and that we can support it, we cannot. Once again, there has been a lack consultation and a lack of regard by those on the other side for the reasonably simple and sensible changes that we would have expected.

As you have probably heard in previous contributions, Mr Acting Deputy President, this bill was substantively put before the House of Representatives in 2013. That bill was passed in the House of Representatives but the coalition, which was in opposition at the time, expressed a level of concern about a number of things in it. So the bill was subsequently sent up to this place and referred off to the appropriate committee for investigation. A report came back from the coalition senators—who, at the time, were a minority on the Legal and Constitutional Affairs Legislation Committee looking into bill—with additional comments suggesting that they would like to see some things done to make the bill more appealing in order for them to support it. Now in 2014 we find that the bill has just been plonked down again, without those opposite taking any of the issues that were raised at that time into account. Once again, there has been no consultation and no attempt to address any of those issues raised—and many of them were quite simple.

I was just reading through the comments made by the coalition senators about the 2013 bill, and I would have thought that those opposite might have thought those comments warranted further investigation. The Cyberspace Law and Policy Centre of the University of New South Wales Faculty of Law highlighted that it had around 10 working hours in which to collaborate on a draft on the bill and finalise its submission. The Australian Privacy Foundation also made the comment:

... seriously negative impact on the democratic process that is inherent in the provision by the Parliament of 1-1/2 working days, during which civil society organisations are expected to discuss, draft and finalise a Submission to your Committee.

It seems to me that it would not actually be all that difficult to go out and deal with a number of these organisations, which obviously have a major input and a major interest in this area, to find out what their concerns are in relation to this bill, because they are the ones who actually have to deal with the fall-out when this legislation is passed without consultation and fails. I would have thought that it was a pretty simple thing for us to be able to do that. I condemn those opposite for not having dealt with their concerns, albeit minor as they may well have seemed at the time, in the reintroduction of a very similar bill to that which was before this place in 2013.

The really sad thing is that this seems to be a bit of trend. Only last week we were before this place speaking on a bill about the Woomera prohibited area. As a fellow South Australian, Mr Acting Deputy President Fawcett, I am sure you would have had concerns about it, because we would like to see the economic potential of this area unlocked for the benefit of our fellow citizens in South Australia. But, once again, we had a bill that was rushed into this place without the appropriate consultation with the wide range of people who are interested in this area, particularly when we had made it quite clear that we were very keen to see legislation passed to assist with the unlocking of this land. I believe it was only this week that the government's bill in relation to the Woomera prohibited area was introduced in the other place. We see these silly, rushed political exercises by those opposite in bringing these sorts of bills into this place when there is a proper process. A sensible consultation process needs to be undertaken and it is very, very frustrating that we are seeing silly politics being played when it would be really nice to see some good outcomes instead.

This whole concept of policy on the run probably warrants a little more comment because it does have some very, very serious implications. Even with the best intent and the best of ideas, if you do not actually get the details sorted out, you can cause yourself amazing and significant problems. You have often heard the saying, 'the devil is in the detail'—and that is often the case with legislation and regulation. The unintended consequences of ill-conceived or not properly researched and consulted policy can have major impacts. I can assure you, Mr Acting Deputy President, having been a business person before I came into this place, I have seen the consequences of policy that has not been properly thought out and the people who were the recipients of that policy affected by it, because nobody actually bothered to go out and speak to them. They are the people who will be able to tell you, 'If you do this, this is what the consequence will be in reality.' It is not something that you will find in a textbook. It is not something that you will learn at university. It is not something that your union mates will have told you about. You need to speak to the people who are going to be impacted by the changes in legislation.

I can think of millions of examples of this, but none more than current the debacle which was revealed last night in the NBN interim report. The problem with the NBN was not the concept of providing faster, more reliable and more affordable internet services to the majority of Australians. We all support that as a concept. There is no argument about that in any party, whether it be a minority party, a majority party or the Independents in this place. We would all like to see that as an outcome. But what we do not want to see is policy that is developed on the back of a serviette during a VIP flight from Perth, which ends up costing the Australian public way more than it can possibly afford or which makes promises that were never able to be kept because the capacity to keep them was never there—simply because nobody had thought through the details or the machinery behind the delivery of the particular promise. Last night we saw a terribly pathetic attempt to try to defend a legacy that was totally indefensible—a policy developed on the back of a serviette—whereby we have ended up spending nearly $8 billion and managed to provide less than three per cent of Australians with access to the NBN. We can go on: pink batts and the thought-bubble that was GroceryWatch.

It stresses the importance of doing two things: making sure you are properly researched and properly prepared; and making sure you speak to the people at the grassroots level who will be affected by the policy, regulation or legislation. There is no question that we came into this place saying that we would be a government that tried to reduce the regulatory burden—and no-one disagrees that there is a need for regulation in some areas—but there has been an extraordinary increase in the number of regulations placed on the Australian community over the last six years and before that by state governments. There is a need to ensure that, whenever you put legislation before this place, you have made a sensible and thorough assessment of the regulatory impact so that you are not simply putting in a regulation for the sake of regulation. There has to be a need, a benefit; and this confirms that.

We have made it clear that we are not going to regulate for anything unless we have to and that we are intending to reduce the level of regulation out there in the marketplace. Only last week the coalition introduced a suite of bills into the lower house that outlined areas where we think there has been unnecessary and burdensome regulation placed on the Australian public and businesses for too long. The concerns that have been raised about this particular bill are not insurmountable, but we draw attention to the constant attempts by those opposite to dump things into this place. You have to start wondering whether it is simply distracting and malicious activity.

The other issue that came out of this bill—and unlike others in this place, I am no lawyer—is that of definition. In the coalition senators' dissenting report in 2013, they noted the concerns expressed by a number of submissions on the lack of definition of the terms 'serious breach' or 'serious harm' in the legislation. I have had a quick look through the legislation and the explanatory memorandum this morning, and the memorandum refers to:

Serious harm, in this context, includes physical and psychological harm, as well as injury to feelings, humiliation, harm to reputation and financial or economic harm. The risk of harm must be real, that is, not remote, for it to give rise to a serious data breach.

That sounds interesting, but how would you assess that in your institution which holds cold private information for the people you look after. How does someone in one of these institutions make a determination about what constitutes 'psychological harm' or 'injury to feelings'?

If we went around this chamber and surveyed all 76 senators about whether something had injured their feelings, you would probably get 76 different responses. You only need to look at some of the comments from the South Australian election. A pamphlet was put out in relation to one of our candidates. I know this is not about a breach of privacy or security, but it does emphasise the point of how you determine whether something is criminal in nature or whether it is something to be legislated for. The pamphlet basically dog whistled that one of our candidates because of her surname might have been a Middle Eastern terrorist. That may have hurt her feelings—and it probably did—and it may have been humiliating, but the question has to be: did this cause her serious harm? She might have thought it did. It goes to the point of how do you define these sorts of spurious terminologies—'as well as injury to feelings'? I find that an extraordinary thing to put in the explanatory memorandum.

Most concerning of all in this bill—the Privacy Amendment (Privacy Alerts) Bill 2014, a bill for an act to amend the Privacy Act 1998 and related purposes—are the definitions found in division 3. Clause 26ZF 'real risk' is defined as:

For the purposes of this Part, real risk means a risk that is not aremote risk.

And 'harm' is defined as:

For the purposes of this Part, harm includes:

(a) harm to reputation; and

(b) economic harm; and

(c) financial harm.

However, there is also 'serious harm', so I am not sure whether we are talking about 'harm' or 'serious harm'. What is the difference between 'harm' or 'serious harm' in that context? It talks about 'serious harm' in one context and defines 'harm' in another context: does that mean we are not talking about the same thing? In the other schedule of amendments, it says 'the access or disclosure will result in real risk of serious harm', but we do not have a definition of 'serious harm'; we only have a definition of 'harm'.

That is one difficulty I picked up this morning. I would suggest the bill has been rushed. It would be nice to think that, in the future, we might be able to have a thorough and rigorous process that would allow us to deal with all those sorts of little, petty issues which, I am sure, the average person out there who was not affected or impacted on by this particular legislation probably would think we were just being pedantic about. But it highlights the fact that sometimes just the use of a word or a phrase, a comment here or there that has not been thought through properly, can actually have quite a significant impact.

In conclusion, I and all of my colleagues on this side of the chamber support the provisions that ensure and maximise the protection of the individual from security breaches. We have absolutely no issue whatsoever with making sure that people are protected—or, at least, advised if there is something that is likely to be a problem to them.

What we do not support is something that has been just put through, I believe, because of some political motivation, as a political trick. It is something that could have been very easily fixed by just coming back to this place and speaking in an adult way, and by going back through the committee process to make sure that the concerns of everybody on the committee were addressed and speaking to the people in the community who are most likely to be impacted on by these changes. If we had just gone through that very simple process, we could be standing here today and enabling an amended version of this bill to go through.

Instead, we are standing here today, once again, saying, 'Guys, you haven't done your homework, and if you don't do your homework you're not going to pass.' We all went to school and we all knew that, the harder you worked and the better the research you did, the better your pass mark would be. And, once again, regrettably, you on the other side have got a fail.