Scott Ludlam (WA, Australian Greens) Share this | Hansard source

I thank the minister. I will just quickly provide some comments on the three opposition amendments that Senator Carr has moved together and the government amendment. The Australian Greens will be supporting all four.

I think the government amendment in part goes some way towards upholding the principle and the spirit of some of the comments that were made by senators during the committee review process into the bill and some of the witnesses who spoke out quite strongly against some of the clauses in the bill. Nonetheless, we do not think that it goes far enough,

In fact I think the opposition amendment is more specific, probably has more teeth and will be more effective in terms of who is present when identification tests are being conducted on minors or incapable persons. I want to acknowledge and thank Senator Carr on behalf of the opposition for bringing those amendments forward. I think they are very worthy. They obviously do not go very far in satisfying the Greens' concerns about the bill which were echoed by many submitters as we expressed during the second reading debate.

I want to draw attention to the fourth opposition amendment around mandatory data breach notification—if anything, this is probably the most significant of the amendments that the opposition has brought forward. The idea that if agencies with considerable power over very, very highly personalised and intimate information, including this biometric data, lose control of it, they are not under any obligation at all to inform the people whose privacy has been breached that that has happened. This is not an abstract or hypothetical concern, given that the department in its former incarnation let slip personal identifiers of nearly 10,000 asylum seekers—people fleeing violent regimes in the region and in our part of the world—for whom the consequences were not merely inconvenient but potentially life threatening. This is a department that does not have excellent form as I identified in my second reading contribution.

Mandatory data breach notification exists in many—not quite all—similar jurisdictions to ours with three basic principles: you collect the minimum data that you require; you protect it with systems of robustness and integrity; and, if those protection mechanisms fail, you have an obligation to the people whose privacy has been violated—or potentially their safety—to let them know so that they can take countermeasures or at least be aware of what is going on.

We are strongly in support of the fourth opposition amendment on the running sheet and, were Senator Singh here, through you, Mr Chair, I would encourage her to bring forward mandatory data breach notification—and I believe she still has a private senator's bill on the Notice Paperso that these mandatory data breach provisions do not simply apply narrowly to Border Force's operations but in fact to any entity of the Commonwealth that is holding people's private information in trust. I am very happy to commend all of these amendments to the chamber.

The CHAIRMAN: The question is that opposition amendments (1) to (4) on sheet 7725 revised be agreed to.