Christopher Back (WA, Liberal Party) Share this | Hansard source

I am delighted to continue my remarks on the Privacy Amendment (Privacy Alerts) Bill 2014, introduced by Senator Singh in March. I wish to go back to the topic that I was speaking on prior to the adjournment, and that was that this government is not going to be drawn into the same errors that characterised the Rudd followed by Gillard followed by Rudd governments between 2007 and 2013. Those governments were characterised by thought bubbles, poor consultation and hasty decision making, with poor outcomes and, inevitably, tears all around. Of course the government and all senators on this side have a deep concern about this, because measures that enhance the protection and security of the personal information of Australians are critical, particularly in the digital environment in which we find ourselves. That does not only extend to Australia, of course; it extends well beyond Australia's borders, internationally. But there is much more work to be done, and Senator Singh, as I said in my contribution in March, should have known that and the opposition should have been prepared to engage with the government much earlier than this.

The government have always supported the broad principles of privacy protection for individuals. It is part of our DNA. But we have previously expressed concerns about the details of this bill and especially about the Labor Party in government—and then in opposition rushing to make the same mistake—failing to consult broadly with affected members in the community and with industry, those who will be responsible for the implementation. It was my colleagues Senator Sue Boyce, whom I congratulate on her valedictory speech last night, and then Senator Gary Humphries, who was here gracing us with his presence in the chamber last night, who drew attention to many of the concerns that I wish to address in my contribution this morning—concerns, for example, as were expressed by a number of the submitters regarding the lack of definition of terms such as 'serious breach' or 'serious harm' in the legislation, as well as concerns, which my colleagues cited in their minority report, about the regulatory overload for business. That was something that very rarely concerned the Labor Party in government, and it would appear they have not learned their lessons, because they are again having no regard for this in opposition.

The bill in 2013 was based on the general requirements of Australian Privacy Principle 11—which requires regulated entities that hold personal information to prevent the loss, unauthorised disclosure or misuse of that personal information—all of them reasonable precepts. We look then to the term of risk. The proposed model, we were told, would create a requirement to notify the Office of the Australian Information Commissioner and affected individuals where there has been a data breach which has given rise to a real risk of serious harm to an individual. That was their recommended approach, the ALRC's recommended approach, in which they defined a real risk as a risk that is not a remote risk. These are indefinite terms and should obviously be given much more consideration and credibility in terms of the activities.

It was not just the coalition that was concerned at the lack of time given by the then Labor government when this legislation was introduced. I quote from Liberty Victoria at the time:

… we note with extreme disappointment that public comment opened on 18 June 2013 and closed two days laterJune 2013.

Not two weeks, not two months, but two days. They went on to say:

This is not conducive to open and transparent Government and it is extremely unlikely that many members of the public or any other interested party will have had time to review the Bill, let alone prepare submissions to this Committee. Privacy is an important issue and with increasing amounts of personal data being collected by both the private and public sectors, the issue as to how that information is used and protected is of high public interest.

We confirm that view taken by Liberty Victoria. A second group, one that you would think would have enormous interest in this question, is the Australian Privacy Foundation. They expressed their concern, citing:

… seriously negative impact on the democratic process that is inherent in the provision by the Parliament of 1½ working days—

they brought it down from two—

during which civil society organisations are expected to discuss, draft and finalise a Submission to your Committee.

Surely the Labor Party must have seen the signals at that time. Then there was a submission from the Cyberspace Law and Policy Centre at the University of New South Wales Faculty of Law highlighting their concerns that there were 'around 10 working hours to collaborate on, draft and finalise a submission'. It begs the question whether or not the Labor Party at that time, then in government and now in opposition, were even serious about consultation when one group said two days, another said 1½ days and then the University of New South Wales law faculty centre said 10 hours for consultation.

Why do we have this massive concern on our side? Because we do not want to see again Australia descend into what we saw between 2007 and 2013, and that was the exercise of the Rudd, followed by the Gillard, followed by the Rudd Labor government rushing into poor policy development. Let me give some examples of those. The first was the pink batts, where there was a failure to consult with the states, who for a long time had the expertise, the opportunity and the time to implement the type of activity proposed, and a failure to consult with industry, particularly in relation to occupational health and safety and welfare issues. This was evident in the recent royal commission into the pink batts project, and what a tragedy that we even had the circumstances where a royal commission had to be called. Evidence came out about the failure by the government of the day to consult with their own departments as to how it would be implemented. We had seen evidence at the time—we said so, and unfortunately it played out in the royal commission—of the basic lack of any business experience. If only a risk analysis had been done at that time to understand that a project of that nature was only ever going to get the sharks, the fly-by-nighters, the people with no interest at all in anything other than their own wealth acquisition, coming into that sort of market. So, to come back to the legislation that has been brought forward by Senator Singh, there was a circumstance where there was inadequate time to consult, inadequate opportunity to engage with stakeholders and inadequate involvement in the decision-making process by people affected or likely to be affected.

We saw this again with the NBN. Needless to say when we speak of privacy issues, those associated with internet connectivity et cetera are very much to the fore. I recall when I first came into this place that Senator Conroy, in response to a question I asked him about a business plan, very proudly told the chamber that we did not need a business plan, that we did not need a cost-benefit analysis. I asked him what risk analysis he had undertaken? Well, of course, that was not necessary either! We have now seen the failure of the NBN project. I will give just one small example of things that would have been shown up by a proper risk analysis, and that is the asbestos contained within the pits—the old Telecom, PMG, now Telstra pits. That would have been exposed, we would have known about them and we could have dealt with them if only there had been adequate consultation.

I will not dwell today on the ban on the live export of cattle in June 2011, except to say it is still very raw for those who were the victims of it, whose lives and businesses and activities and families were destroyed by that. There was no consultation with industry, there was no consultation with the department who advise them, there was no consultation with affected personnel and, worse than that, there was not even dialogue with the government of Indonesia or other Asian neighbours. We are still living today with the overall impact of that failed process.

I say again that the government is in favour of all of those activities that will protect the privacy of individuals to the extent that that is possible. But, unlike Labor, we are not going to be rushed into activities in which industry is not consulted, families are not consulted and affected people are not consulted.