Scott Ludlam (WA, Australian Greens) Share this | Hansard source

I understand the point that you make. However, that judgement will exist if you are a bank, if you are a government department, if you are a large company, if you are Coles or any of the other entities that I mentioned in my contribution earlier. You are already going to need to be exercising judgement, as is explained in the EM and in the bill, around whether you have caused your user base, or people you have been collecting information on, serious harm. Why not extend that to anybody who is holding considerable amounts of information on their users? I would have thought that the purpose of the bill, which is going to be supported by everybody in here when we come to the final vote, is about protecting people. So we are imposing an obligation on one sector of the economy and on one big part of the public service but not on others not through any arbitrary distinction about whether they are holding information or not but around scale. I would have thought that scale, as the kind of metric that you are describing, is actually irrelevant under this circumstance.