HANSARD
SITTING CALENDAR
SEARCH
LIVE BROADCAST
Hansard Dynamic Subject Index
House of Assembly - Fifty-Third Parliament, Second Session (53-2)
2016-09-20 Daily Xml
Contents
Pdf Xml

Public Sector (Data Sharing) Bill

Second Reading

Adjourned debate on second reading.

(Continued from 4 August 2016.)

Ms CHAPMAN (Bragg—Deputy Leader of the Opposition) (15:58): I rise to speak on the Public Sector (Data Sharing) Bill 2016, which was introduced by the Attorney-General on 4 August 2016. The bill predated the release and then subsequent disclosure, on 5 and 8 August respectively, of the Nyland royal commission. In short, it frankly has nothing to do with child protection, but in the interests of advancing a piece of legislation so that we are not all going home at 4.01 today, I am happy to bring this piece of legislation, this bill, on for debate so that we might advance its progress and not waste the time of the parliament.

In this instance, this bill, unlike the preceding bill, was known and disclosed to everyone here in the chamber, including the opposition, because it was tabled on 4 August. Again, unlike the preceding bill, during the course of public submissions it has been brought to our attention via the website, at the end of August, that the government had proposed to make some substantial changes to this bill in two major areas: one is providing for the inclusion of an office for data analytics (what is to be part 2A of the bill), and a provision for the minister to be able to enter into data sharing agreements with entities other than state government agencies, and that is to be incorporated in new part 4A. I have not seen those in drafted amendments. I have seen them on the basis of an amended bill that was on the website.

I will assume for the purposes of this contribution that it is the intention of the government to move amendments to expand the provisions and structure of this new regime in those terms. Accordingly, given the efflux of time, and even with the anticipated significant amendment to this bill, the opposition has considered the same and indicates that we will support this bill and, if necessary, make amendments after further consultation in respect of the delegation power of the minister (who is the Attorney-General under this bill) and/or rather extraordinary powers in relation to the exemption in respect of data that is to be within a definition and, also, as to the agencies that are to apply.

For example, if we cut to the chase, I think there is some merit in having other agencies—other departments at the commonwealth or state level, or indeed at a local council level and non-government organisations—if, in fact, for example, we were to be debating this bill as a regime which is in response to the recommendations of the Nyland royal commission. I think there would be some merit in that.

The Hon. J.R. Rau interjecting:

Ms CHAPMAN: The Attorney indicates that he considers that this bill is in response to the Nyland royal commission. It seems rather difficult to do that, seeing that it was tabled in the parliament a day prior to the report being handed up and, in any event, purports to be modelled on a data-sharing model that operates in New South Wales, which was not set up, quite clearly, for child protection purposes. It was set up to establish a model of data sharing within the public sector, largely to promote the opportunity of having good policymaking from the release of data that would be helpful in informing agencies and their operations—and, indeed, ministers—for the purposes of having some structured and sensible policymaking, and even the development of programs and the services they provide and the delivery of them.

There is a good case to have data sharing within government departments and the agencies or statutory bodies that they are responsible for so that we do not have holes in the information that is really necessary for good governance and good policymaking. The New South Wales data sharing act of 2015, which became effective last year, is one that identifies the importance of the government not having barriers between its entities and the benefits of being collaborative in making sure they make decisions that are going to be effective for that objective.

That is easy. What is distinguishable, however, between the government's plan to deal with this is really twofold; one is that the New South Wales environment is within the envelope of privacy law, which has statutory protections within it. In South Australia, we do not have any privacy law. We have been begging for it for a long time, and we keep having promises from the Attorney that we are going to see it one day. I hope it is in my time here in the parliament when we actually see something to consider; nevertheless, it is a fairly important addition to have if we are going to protect the interests of South Australians in the disclosure, discourse and sharing of information which may adversely affect them, if it becomes public.

So, it seems all the more important that we ensure that whatever data is shared reaches a standard or threshold of protection which we are entitled to have as citizens. One way of doing that, it seemed to me, was to have legislation, under this regime, which at least had the same standards and the same definitions of protection that we have in our freedom of information law in South Australia, which is another area, of course, in urgent need of reform.

The Hon. J.R. Rau: It is in 11A(7).

Ms CHAPMAN: The Attorney is indicating that that has been added in, so I will have a look at that.

The Hon. J.R. RAU: The effect of that should be that no agency receiving a document through this piece of legislation will wind up being able to release it at all under FOI, and the agency that would have to deal with the FOI request is the home agency from which the document came.

Ms CHAPMAN: I thank the Attorney for that helpful interjection. I do not think I am supposed to respond to interjections, but I thank him for that. In this instance, he is being helpful, so we will have a look at that between the houses to see if that is the intended effect, and that might resolve it. I have to say, at first blush in looking at this bill, the extent to which the Attorney-General had some control via prescription as to what was to be data that was releasable and what was not was far too slack and certainly needed to be tightened, but it may be that the new regime will allow for that, so we will have a look at it.

The other issue is in relation to the delegation power, and I would have to check whether that has also been remedied. This is a bill which essentially gives the Attorney-General, via prescription, quite considerable control over what is released and to whom. Whilst attorneys-general generally act in a responsible manner, some have not in the past, and we have to make laws that work on the lowest common denominator. I do not need to traverse the detail of that other than to say that for all fruitcakes that might fill a role in any position in public office, we have to make sure that there is a standard which cannot be exploited or abused.

I have said 'former attorneys', and I am not suggesting the current one would, but I make that qualification. I do not see any need for what appears to be a significant delegation power, which I would be concerned about. If the Attorney wants to consider that between the houses then so be it. I will have to check through this amended bill to see whether there is any change to that, but it looks like it is still as expansive.

The third area of concern is this question of the involvement of other government agencies. I understand you can enter into agreements with them at the federal level, for example, for the release and exchange of data. I suppose that involves two parties negotiating from a bargaining position of some strength. The provision for agreements with local government (or councils) is something which I think needs a bit more investigation.

Local government exists in South Australia via the instrument of a statute in this parliament. I think it is fair to say there is a maturing of that sector, so much so that in fact some want to have their own constitutional recognition; nevertheless, they do operate relatively autonomously. Whilst they have some processes that do require approval of the Minister for Local Government in South Australia, I think the public expects that they should be able to operate independently.

I would like to have some information about how that is going to work, in the imposition on a local government agency of the requirement to produce data, in the full knowledge that the state government versus the local council entity is hardly in an equal bargaining position. I would certainly want to have a look at that. I would also like to hear what the Local Government Association has to say about this bill. I particularly say that because I met with the Local Government Association a month or so ago, during the winter break, to discuss some other matters. I asked them about this bill, and the chief executive and president shook their heads dismay as to what I was talking about, because they did not know anything about it.

The Hon. J.R. Rau: It's possible that you did not explain it properly.

Ms CHAPMAN: It is possible that I did not explain it, as the Attorney less helpfully interjects, but I think it was pretty clear that there was potentially going to be some involvement from them in this process. I would have thought that it would have been reasonable for the Attorney to have consulted with this agency. After all, it is the representative body of local government.

The other aspect is to nut out how the trusted principles guidelines are going to operate and how they will be applied. In New Zealand, a system where they have a data-sharing model, there needs to be some application of what they call the 'trusted access principles'. I am not entirely sure what they do in New South Wales, although I think a representative from the New South Wales Data Analytics Centre was in parliament today to provide some insight into how they operate. They were the guests of the member for Mitchell who had provided some advice to my colleagues as to the importance of having some sharing of data, as supported by the Australian Computer Society.

We are always willing on this side of the house to listen to how these things operate, especially if they have already been established in another jurisdiction. If we do adopt a policy or an idea from another state, then we need to have some good explanation as to how we are going to either protect our citizens (for example, in this jurisdiction where there is no privacy law), or how we are going to identify what is in the trusted access principles to facilitate this sharing of data.

It is fairly clear from reports such as the Nyland royal commission report, made public on 8 August, that there are some agencies within this government who not only fail to share data, but they even act in circumstances of refusing to provide data. The most recent and, I think, the most heinous of those examples, is that of Mr Scheepers, an employee of the department, and the royal commissioner recorded that in her view there had been a breach of the Royal Commissions Act in the failure to produce a report in its original form, and which clearly was ultimately produced in a completely different form.

It had removed from it, apparently, material which was at best not favourable in its description of conduct or failings of the department. It had been excised, and an amended report had been presented. If a document, under a subpoena by a court, had been produced to a judge—doctored—there would, quite frankly, be all hell to pay. It is just not acceptable that documents, under a legal obligation to be produced to a tribunal, or a court, or a commission are tampered in this way, in this case, clearly for self-serving purposes.

Again, whilst Ms Nyland did not go on to say that she would be calling for action in respect of what she found to be a breach, I think it is pretty clear for anyone who reads that report to understand how angry she was about what had occurred. She went on to say that she was unable to make certain findings about some of the facts surrounding the case which she was reporting on as a direct result of the tampering of a document, and then all of the attempts that were made to protect those who had been a party to that.

I have heard since that the government has made announcements that the Premier is looking into the conduct of other personnel as a result of statements made by the commissioner, and those matters will play out. But for the purposes of this exercise, it is absolutely clear that this government has a problem, at the very least in that department where there is a concealment of information and, in fact, in relation to totally unacceptable conduct that has followed.

Let me give you another example of where the government has not had forthcoming information that ought to be in the public domain—and I talk about the months in the lead-up to the release of a discussion paper in mid this year promised by the Premier late last year in respect of domestic violence law reform. For seven months since the Premier announced that he would look at the preparation of an issues paper being published, and look at law reform such as Clare's law and the like, we had to wait until the middle of this year to get the issues paper, and in that was certain information.

But in leading up to this report, of which there had been repeated criticism of the government's failure to produce it, there had been requests made to the police commissioner to provide updated information in respect of crime and investigations that they had made and recorded in respect of domestic violence cases. That information, according to the published statement of the Commissioner of Police, in the detail was unable to be released publicly—this is stats; these are statistics; these tell us what a shocking situation we have in South Australia on domestic violence—and he was unable to release that until he had the permission of cabinet.

The Hon. J.R. RAU: Whatever it is that the deputy leader's comments might be relevant to presently, it is not this bill and—

The ACTING SPEAKER (Mr Odenwalder): Is your point of order relevance?

The Hon. J.R. RAU: Yes.

The ACTING SPEAKER (Mr Odenwalder): If the deputy leader could bring herself back to the substance of the bill, that would be handy.

Ms CHAPMAN: The bill, if I can remind members, is the Public Sector (Data Sharing) Bill 2016, and if the data that is within the repository, in this case, of the police department and it cannot be released to the public unless it has the permission of cabinet, then that is exactly what this bill is about. That is one of the reasons I am supporting it, because although one has to rely with some level of trust on the current Attorney managing the practice of this bill in its model of operation it is not acceptable to me—and it ought not to be to other members—that we have members in departments, employees sometimes as high as commissioners in departments, who selectively share information. That is completely unacceptable.

Every day we hear ministers speak here in parliament and publicly about how open and transparent this government is. Simple data, whether it is lining up to get into a hospital or whether it is to deal with environmental prosecutions or whether it is to deal with domestic violence and crime statistics, ought to be made available, not just for decent policy making of all this bunch but also for us as members of the public.

I am sympathetic to the idea of there being a data sharing bill which has a structure to make sure that we get this information to those who analyse it, screen it for protective measures and then utilise it for good public policy—great—but I totally and utterly reject the statement that seemed to be added in, as a sentence on its own, to the second reading by the Attorney-General that this in some way is legislation that is going to help us deal with the breaking down of silos and cooperation which Margaret Nyland demanded in her report. Not only, as I say, did it predate it but it has nothing to do with that.

She made it very clear in recommendation 242 of her report that there should not only be the sharing of information between the agencies that are dealing with child protection—government, non-government, statutory bodies, etc., anyone who was dealing with child protection—but that we need to have a change to the Child Protection Act to do that and to require that there be a cooperation in the delivery of services. The government has not done anything on that. It has failed to produce any legislation to amend the Child Protection Act other than as a consequential amendment to the recent commissioner's bill which we dealt with this morning to remove certain entities out of one regime and into another. They have not done anything to deal with that.

Today, I gave notice that we will do something about it because we are sick of waiting. This is something that very simply could occur but, as we know, in the government's position of announcing 35 recommendations that it has accepted, it has picked out the easy ones, the cheap ones; not the hard ones and the legislative ones which requires the government, if it follows them, to have a child protection act which imposes obligations on the people who work in this area and make sure that they are followed through, so that if we have a situation like a deputy in a department who is flagrantly breaching a royal commission act requirement, he is actually made accountable. I totally reject that this is a bill to remedy that issue. It is nothing to do with it, but if it helps to make good public policy then, yes, bring it on.

We will have a look at some of the detail in these foreshadowed amendments that help to tidy up some of those other issues, but, in the meantime, we need to be absolutely clear that, in a state which has no privacy law, we have sufficient protections in this bill to deal with that aspect. I only hope that we actually have, by the implication of this bill, some understanding in some of these departments that they serve the people of South Australia and not the other way around. This data is important for them to make informed decisions on proposals put out by this government and it ought to be released in a timely manner, in a protected manner and in an effective manner.

Mr WINGARD (Mitchell) (16:26): I rise to speak on the Public Sector (Data Sharing) Bill and to concur with the sentiments of the deputy leader. As she pointed out a little earlier today—and, Acting Deputy Speaker, you were involved as well—there was a gathering to listen to Dr Ian Oppermann, the CEO of the New South Wales Data Analytics Centre, talk about good public policy and the advantages in data sharing. There was a lot to be gained out of this. It was a very insightful discussion and talk from Dr Oppermann and we really appreciated him sharing his time.

I want to go to lengths to say that I can see a great upside in data sharing and the potential to create very good public policy but, like the deputy leader, I have some grave concerns with the way the Deputy Premier has put together this bill. I have concerns that he has just rushed this through in response to the Nyland royal commission, and I will get to that in a few moments' time. Whilst I said that data sharing is a very important bill and a very important facet that we should be looking at in South Australia, in fact, it is probably a little bit disappointing that we have not looked at it before now. I think some work needs to be done on what the Deputy Premier has put forward with this bill.

I have looked at a number of aspects of the bill, and I know from the second reading speech that the Deputy Premier made that he then went away and made a number of changes, which indicates to me that this is potentially policy on the fly from his perspective. I looked through the second reading speech and I quote from the Deputy Premier:

In considering whether the data should be shared, the agency seeking to receive the data must provide satisfactory assurance against a set of Trusted Access Principles. These Principles provide a framework for considering that the quality of the data, the people using it, the storage environment, the purpose for which the data is to be used and any outputs are all considered safe and appropriate before the data is shared and that there are adequate controls in place to support this assessment.

To me, that is a little bit vague and a little bit wishy-washy. I think there are some concerns that have been raised and some concerns that I would like clarified as to what mechanisms will be used to ensure the principles actually protect data against misuse, disclosure and theft. The principles set out in the bill really do not show how data will be protected or by what standards. What will be used to determine whether a person's data is safe, for instance, is one of the big questions that is not outlined. Again, what the Deputy Premier has put forward is quite wishy-washy.

We also need to talk about storage in a storage facility for this data to make sure that it is secure. Cyber theft is something as well that has not been addressed here. A cyberthreat is also something that potentially we need to address here. Again, this concerns me, working on the second reading speech and looking through the bill, that the Deputy Premier has just thrown this forward. He has tied it to the Nyland report.

I do not want to be too cynical here, but I hope the fact that he has tied it to the Nyland report is not a cover for a bill he is trying to push through because he has no other contents. There is a lot more in the Nyland report that needs to be done and just trying to push this through under the guise of the Nyland report when it will impact on a lot of other aspects of policy-making in this state raises some significant alarm bells with me. We can go through some other parts of his second reading explanation. One part I would like to look at states:

The legislation predominantly applies to Public Sector Agencies as defined in the Public Sector Act 2009. It does allow for additional entities to be added or removed from this definition by way of regulation and the intention is to consult further about which agencies may be appropriate to exclude.

Again, the Premier wants to bring in regulation at a later date. He is putting forward a bill and he is already anticipating regulations. He will not specify what those regulations are, but he is anticipating regulations to clarify what he perhaps has not pulled together in putting the bill forward. I think maybe that is something that could have been worked into the bill, and the Deputy Premier should have spent a bit more time working on that.

He talks about the outsourcers who will be able to access this data and he says he will deal with it in regulation. How will any outsourcers be held to account for appropriate data use where the data is analysed as it is outsourced? That is another one of the questions that is really not addressed very clearly in this bill. Another part of this bill refers to trusted access principles. Whilst they are not all outlined in the second reading explanation, the Deputy Premier says:

The Trusted Access Principles that are embedded in the Bill reflect international best practice and are employed by the Australian Bureau of Statistics for assessing the safe and appropriate sharing of data.

The Australian Bureau of Statistics has had a couple of hiccups in recent times. We would like to see more clarification from the Deputy Premier to outline what best practices the Australian Bureau of Statistics is using and which ones specifically will be adopted in the South Australian Public Sector (Data Sharing) Bill. As I pointed out, as we all know, unfortunately, during the census, the Australian Bureau of Statistics did have a couple of issues.

Perhaps they will be fixing up some things and I want to ensure that those fixes, if you like, are applied in the bill that is being put forward here. Another part of this second reading explanation refers to 'any data or security policies that are applicable to the data recipient' and the State Records Act. We need to know what these are. What data and security policies are we talking about, and where are they applicable? The Deputy Premier's second reading explanation further states:

Any employee who contravenes or fails to comply with these professional conduct standards may be liable to disciplinary action.

What is this disciplinary action? How is this going to be measured? How will the disciplinary action be put in place? As we look through some of these aspects that have been raised in the second reading explanation by the Deputy Premier, we have some concerns about how they are all actually going to play down. The information about the trusted access principles is not clear. He has referred to the Australian Bureau of Statistics' best practice, and we want some clarification around that. A number of times, he refers to remedying some of these situations with regulation. I again read from the Deputy Premier's second reading explanation:

Regarding the definition of public sector data, this also allows for the regulations to prescribe exempt data either being all data held by [the] prescribed agency, or data of a prescribed kind. In New South Wales, information that is exempt from disclosure under [the] equivalent of the Freedom of Information Act 1991 (SA) is exempt also from the data sharing authority. In drafting the regulations for this legislation we will consider what might be appropriate to exempt and take outside the scope of what may be authorised for sharing under this Act.

Again, he uses the word 'regulation'. That is something that the minister is going to do a little bit later. The Deputy Premier wants to put in regulations later. He does not want to disclose what they are now. He is just saying, 'Trust me. I will take care of it. I will look after it down the track.' Deputy Premier, we do not trust you on this account. We want to know what these regulations are. We want to know what you are planning to put in place, and I think South Australians want to know what that is as well.

Again, I stress that data sharing is a great concept and has a great upside and great potential for South Australia, but just throwing this forward in the manner you have, full of holes, really raises a lot of questions. In the interest of the Nyland report—and I know that is what you have tied it to—we support this bill and we will move it through, with the right to explore some more of those avenues you have talked about. Just having them hanging in the breeze, with everyone trusting the regulations you plan to bring in without actually outlining what they are, makes it incredibly difficult.

Another point that probably raises a little bit of concern, as I look through the comparisons between the New South Wales bill and the South Australian bill, is that it gives the minister quite a bit of freedom to do as he wishes in this case. Clause 8—Data sharing on direction by Minister, provides that the minister can direct a public sector agency to provide data for the following purposes and lists (a), (b) and (c). The minister can just direct that instruction, yet in New South Wales:

The Minister may direct a government sector agency in writing to provide specified government sector data that it controls to the DAC within 14 days or such longer period specified in the direction, but only if the Premier has advised the Minister that the data concerned is required to be shared for the purpose of advancing a Government policy.

It is interesting that the minister can take control in South Australia, allowing the Deputy Premier, in this case, to have control carte blanche over what is going on, whereas in New South Wales the minister must be in concert with the Premier to make that same request. Again, there are perhaps slightly tighter stipulations and regulations in New South Wales, and it is interesting that they have gone down that path.

Our deputy leader, the member for Bragg, also spoke about the privacy laws in New South Wales, and they raise a couple of issues. New South Wales has those privacy laws in their legislation, and that is enveloped within data sharing legislation in New South Wales, yet we do not have that in South Australia. Our deputy leader, the member for Bragg, has raised that as a point, and I do agree with her that it is something we must also consider with this legislation going forward.

I refer to the Nyland royal commission and the fact that the sharing of information can be very beneficial in what we have seen happen in the space of child protection. A lot of this was outlined in the Nyland royal commission. Like no-one else, I want to see children in our state and children arguably under the care of this government be protected. I think it is vitally important and something I am very passionate about. In the interest of that, I am happy to see this progress, but I have grave concerns that the Deputy Premier is pushing through this data sharing bill to show, in effect, that something is being done around the concerns of the Nyland royal commission.

Has he looked at this Public Sector (Data Sharing) Bill in the bigger scheme of what is happening in South Australia? It worries me that a few things are being done on the fly and not really being given the full consideration they should be because he is engulfing this bill under the guise of the Nyland royal commission. This will have impacts, as outlined by Justice Nyland in that report, but it will also have very big impacts on other parts of South Australia. As I stressed at the outset, data sharing has a very big upside and great potential, and there are great opportunities for South Australia by getting this right, but it must be good public policy to ensure that is done.

One of the things I noticed out of the New South Wales report as I skimmed through it was that they have a review built into their legislation. Reading through the Deputy Premier's bill before the house, I do not see a review. I am led to believe that New South Wales will have theirs reviewed within five years. Bearing in mind that this is a very quickly evolving space, again I refer to the presentation from Dr Ian Oppermann today and some of the things we looked at. For crying out loud, we are digitally printing steaks, hamburgers and all sorts to go on the barbecue. The scope of what can happen with data is quite out of this world. The things he had to say were really exciting. I would like to see South Australia at the forefront of the opportunities that are presenting themselves with data sharing.

I fear and worry about a rushed bill that does not look after cybersecurity and makes no mention of cybersecurity. There are questions that need to be asked. The fact that the minister wants to put in a lot of regulation, which he talked about in the second reading speech, leads to some grave concerns, as he has not fully outlined what the regulations will be or put those regulations on the table. If they are so good, why not work them into the legislation and make sure that we know what is going on so that the people of South Australia know how this is going to work? Whilst I will pass this bill in the interest of moving things along, and I understand its importance in relation to the Nyland royal commission, there are still some things that we need to keep a very close eye on.

I note from the minister's second reading speech that there was no office of data analytics, but the amendment he put forward not so long ago has the scope for an office of data analytics. I am really keen to hear more about the cost of this office, how it is going to be set up, where and when it will be set up, and whether the office of data analytics will be the kick start. That is potentially where there is a lot of the opportunity for South Australia going forward.

The scope is very far and wide for what an office of data analytics can achieve. That was added in with a couple of amendments made by the Deputy Premier. It would be absolutely fantastic to have a bit more information on how it is going to work in relation to business opportunities and growth opportunities in South Australia and also how it is going to work in relation to the Nyland royal commission findings because that is something that all South Australians want to know.

Again, I stress the point that data sharing has a lot of upsides, and people can be very excited about what it has to offer. What the Deputy Premier has put forward does not answer enough questions but leaves a lot of questions that South Australians will want to ask to ensure that data is safe and secure and that it can still be used effectively to give great gains and benefits to all South Australians. We know that cybersecurity is a threat. New South Wales and Victoria have also advanced very heavily in the cybersecurity space. South Australia is perhaps lagging a little bit behind, so I am very keen to push that forward.

Federally, the cybersecurity space is moving along and a lot is happening. I would like to see South Australia jump into that space, as cybersecurity safety centres have a great upside. Speaking to some federal colleagues, I am really keen to push that in South Australia. When we speak to people in the streets, they raise the whole issue of data analytics and the way data can be used. I mentioned before things like printing a steak, which sounds quite unbelievable but is eminently doable.

We see and hear about that side of data analytics and think it is a little bit sci-fi, but we all know that we can go to the bank to use our Visa card, we can shop online or we can use payWave. It is becoming very easy, and we know that cybersecurity is a big part of that. To have a bill that talks about public sector data sharing but does not mention cybersecurity is of great concern. I think the minister still has some work to do to make sure that this data sharing bill appeases everyone and satisfies the whole of South Australia that it will take us forward in the right direction.

We understand the Nyland report and its implications, but this bill has other implications for all South Australians. We must make sure that the right thing is done, that this is not just being rushed through as a knee-jerk reaction to satisfy the findings of the Nyland report and does not consider all aspects of cybersecurity and data sharing within South Australia. I recommend this bill to the house, but I have some concerns I will be taking up with the minister.

The Hon. J.R. RAU (Enfield—Deputy Premier, Attorney-General, Minister for Justice Reform, Minister for Planning, Minister for Industrial Relations, Minister for Child Protection Reform, Minister for the Public Sector, Minister for Consumer and Business Services, Minister for the City of Adelaide) (16:44): I thank members for their contribution. There are just a couple of things I wanted to say so that people are very clear about where this has come from, where we see it going and what the basic scheme is intended to be.

I have discovered over time, as have my ministerial colleague the Minister for Education and others, that there is a reluctance by government agencies to share information. It is sometimes described as a silo mentality and sometimes it has got something to do with a legal impediment to sharing but, more often than not, it is a cultural, policy or administrative impediment. These things, in the hands of particularly unhelpful bureaucrats, result in the information available to government being extremely difficult to flow from one agency to another. I think most members of the public would find that slightly bizarre: they assume that, if the government holds information, then the government holds information, but that is not actually the way, historically, it has worked. The government agency holds information.

When we started down the path of the royal commission with Margaret Nyland, minister Close and I would frequently meet with the royal commissioner and just have a general chat about how she was going and talk about issues that we thought were important, and it was obvious to both of us, some time ago, that data sharing was going to be an issue. For example, most of the kids who wind up being the subject of intervention by the child protection agencies share certain characteristics, unfortunately.

Some of them are geographical commonalities. Some of them are commonalities relating to the type of housing they occupy. In particular, many of them are living in housing provided by Housing SA. There are certain educational markers for some of these people—for example, poor attendance at school, poor achievement in class and poor achievement generally in literacy, numeracy and general educational standing. I am only mentioning a couple of things. There is a whole cluster of other reasonably common elements that you find in this child protection area.

That led us to ask the question and to consider a project which we have had going for a while, which is the MAPS project, which is actually focused on domestic violence, not on child protection. MAPS is an example of multi-agency collaboration and sharing of information designed to assess risk profiles for DV—which is, incidentally, sadly, another marker for child protection issues. In that context, this legislation was not pulled out of somebody's hat in five minutes. Work was done on this and a lot of thought went into it.

Initially, not having read what commissioner Nyland had to say, we worked on the basis that what we would be looking to do is basically dissolve silos within government so that information, for example, held by Housing could be made available to Child Protection. A very obvious example is that Housing sends people out to check on Housing properties. They might go quite regularly. They might make observations about whether a child is there or not there, and a whole range of other things. How easy is it for that information to be shared with Families? The answer is: not very easy.

Despite what the deputy leader had to say, child protection was the angle that we came at this from in the beginning—as well as domestic violence but, particularly, child protection—because we had already worked out that a whole bunch of government agencies were holding information quite separately about the same kids. We looked around at what was going on—and we did look at New South Wales, and New South Wales has a far more complex apparatus than this.

I formed the view, and the government has formed the view, that, given the size of South Australia and the realistic chance of our utilising some of these things in the broad scope, that to construct that whole, quite elaborate mechanism New South Wales has, would not only be expensive but, also, for the time being overkill. If, in due course, something like that was required, well and good: it is for a future parliament to look at introducing that sort of thing. But, for the time being, this was intended to be a bill sufficient to enable us to do what we needed to do with a minimum of fuss and a minimum of cost and a minimum of red tape.

So, that is why, contrary again to what the deputy leader said, this has a lot to do with child protection, and it was evolving in the context of the anticipated release of Commissioner Nyland's report. In recommendation 242(a) of Commissioner Nyland's report, however, she talks about using the Children's Protection Act but, leaving aside what coathanger you put it on, she asks for the sharing of information between prescribed government and non-government agencies, so that struck us, again, in child protection.

If you have an NGO that is delivering some services to a family, given appropriate safeguards and confidentiality arrangements which are provided for in the data sharing agreements in part 4, it might be important for the delivery of service to that family that some information is given to that provider, and it might also be important for the government that that provider shares information with us. To take the thing a bit further, a few weeks back, I had a conversation with federal minister Porter. He is a very lateral-thinking individual. I had the privilege of working with him some years ago when he was attorney-general and deputy premier of Western Australia. He is now Minister for Social Services.

Ms Chapman: He is a lot smarter than you.

The Hon. J.R. RAU: He is a very clever fellow. I had a chat with him a while ago, and we were talking about, in rudimentary terms, the thing that was in the paper today about him giving a report to the National Press Club about the importance of data analytics in the commonwealth. He and I had a conversation about how useful it would be for some things to be able to be shared across the commonwealth-state divide to enable us to achieve better outcomes.

The example we discussed, which I am delighted to see was in the paper today, was we—the Minister for Education in particular—have access to records about whether students are attending school. We have real-time information about whether kids are at school. The commonwealth does not have access to that information unless we give it to them. The commonwealth controls the social security network.

It might interest members to know that, according to the minister, that no jab no play campaign they had recently, which was designed to improve the levels of immunisation, has been dramatically successful. The minister sees potential opportunities for the state to cooperate with the commonwealth with a view to getting other positive social outcomes using collective effort, and I strongly endorse that. In fact, I said to the minister that I would be very keen to offer South Australia's partnership to work with the commonwealth on some of these very issues.

Again, that is why this is in here. I want the ability to say to the minister, 'South Australia wants to get involved in these things. We want to be in now.' I want us to be part of pilot programs which enable data sharing between the commonwealth and the state. I think it is a great opportunity for us here, and the quicker we get this thing through, the quicker I can write a letter to Mr Porter to say, 'You know that phone call we had a few weeks ago? Guess what? We are ready, willing and able to work with you.'

Mr Wingard: What about cybersecurity?

The Hon. J.R. RAU: I will come to that. So, that is why this thing has changed in the way it has. When it started off, we were just thinking about within the state. According to Commissioner Nyland, we need to think about other agencies and, after having a conversation with the federal minister, I am absolutely convinced we have to include the commonwealth as well. It is in our interest, it is in the commonwealth's interest and it might mean we get to be first movers in really innovative policy work, and I want us to be ready to take advantage of that.

I explained why NGOs might need to be involved in this. The deputy leader made some comments about the LGA, and there are a couple of points on that. First of all, they clearly knew about this bill and had read it because it was up on the web, and they were told anyway by the deputy leader, she says, what the bill was all about. The point I would make is: there is no need for them to be worried about this thing, because this bill does not actually require them to do anything unless they strike an agreement with the minister.

This does not give me the power to tell local government what to do any more than it gives me the power to tell the commonwealth what to do. It just simply says that local government can be a partner. The way I would look at this—and this partly answers the cybersecurity proposition—is that each one of these agreements, at least initially, will be in the nature of a pilot, and we will actually have to craft individual agreements.

I take the honourable member to part 4A, proposed new section 11A. We will have to craft individual agreements with whomever the partner might be—I am talking external to government. Part 4A is only when we deal with people outside of the state government. When we are dealing within the state government, we do not have to worry about most of part 4A except for 11A(7), which says that if agency A in the state hands a document to agency B, and if somebody wants to FOI agency B, agency B is not allowed to release that document. That document can only be obtained from its home, which is agency A.

That is intended to preserve the security of data held within the state so that nothing is subjected to a lower standard of security than is provided for right now under the Freedom of Information Act. We ban the information being passed out at all, other than from its home agency. As for the sharing outside the state government, that is the balance of part 4A. If we are going to enter into an agreement with the commonwealth, each agreement would have to be nutted out on the basis of what the subject matter was, what the data was that we were wanting to share, and what the term of the sharing might be—so, all of the work.

The reason there is not so much heavy detail in here is that the real work will be in entering into these agreements with other entities. The agreements are actually going to be the thing that does all the work. This is just enabling or authorising those agreements to be entered into on an ad hoc basis. I have to emphasise: I envisage at the moment that this is going to be occurring, initially anyway, on a pilot basis.

Ms Chapman: With which department?

The Hon. J.R. RAU: Whichever one is relevant. The example I just gave was if minister Porter is interested in cooperating with the state to improve truancy outcomes, an agreement would then have to be struck between the Department of Social Services and minister Close's department.

Mr Wingard: Who is going to check to make sure that the security is in place in that agreement? Is it you?

The Hon. J.R. RAU: Not me personally, no; it would be part of our legal team.

Mr Wingard: And how are they qualified to do that? Do they have cybersecurity experts?

The DEPUTY SPEAKER: This is actually highly unusual, isn't it? Are we going to do questions in committee, or are we going to—

The Hon. J.R. RAU: We can do it in committee. The intention is that yes, we would address all those issues, but I am just trying to help the member for Mitchell understand. The reason all of this is not in here is that we cannot anticipate every single possible agreement we might have with every single possible partner in advance. What we have done is provide a very flexible opportunity for partnership to occur, and then it will be an ad hoc, bespoke response to each one of those particular requirements.

I am happy to put on the record that, as far as I am concerned, the security of that data is an absolutely critical element of that. That would mean that we would want to be very confident that the material we share, say, with the commonwealth, is not going to be moved on to third parties or put in an insecure environment. I completely get that. That would be an absolutely essential element, in my view, of any such agreement.

I think that probably covers off all the matters that were raised by the members. I do thank both the deputy leader—although she did wander off a bit at one point, but she came to the point—and the member for Mitchell for their comments. Hopefully I have answered many of the questions, but I am obviously happy to take further questions in committee.

Bill read a second time.

Committee Stage

In committee.

Clauses 1 and 2 passed.

Clause 3.

The Hon. J.R. RAU: I move:

Amendment No 1 [DepPrem–1]—

Page 3, line 2 [clause 3, definition of data provider]—Delete 'this Act' and substitute 'Part 2A or Part 3'

Amendment No 2 [DepPrem–1]—

Page 3, line 4 [clause 3, definition of data recipient]—Delete 'this Act' and substitute 'Part 2A or Part 3'

Amendment No 3 [DepPrem–1]—

Page 3, line 14 [clause 3, definition of individual]—Delete:

', but does not include a deceased person' and substitute:

(including a deceased person)

Amendment No 4 [DepPrem–1]—

Page 3, after line 14—After the definition of individual insert 'ODA—see section 5A;'

Amendment No 5 [DepPrem–1]—

Page 3, after line 28—After subclause (2) insert:

(3) If part of an existing public sector agency is designated as ODA under section 5A, ODA is taken to be a public sector agency in its own right for the purposes of this Act.

Amendments carried; clause as amended passed.

Clause 4.

The Hon. J.R. RAU: I move:

Amendment No 6 [DepPrem–1]—

Page 4, after line 12—After paragraph (d) insert:

and

(e) to provide for the Minister to enter into data sharing agreements with certain entities.

Amendment carried; clause as amended passed.

Clause 5 passed.

New part 2A.

The Hon. J.R. RAU: I move:

Amendment No 7 [DepPrem–1]—

Page 5, after line 3—Insert:

Part 2A—Office for Data Analytics

5A—Office for Data Analytics

(1) The Minister may, by notice in the Gazette, designate a public sector agency, or part of a public sector agency, as the Office for Data Analytics (ODA).

(2) The functions of ODA are—

(a) to undertake data analytics work on public sector data received from across the whole of Government; and

(b) to make the results of that data analytics work available to public sector agencies, to the private sector and to the general public as ODA sees fit; and

(c) to perform any other functions conferred on ODA by the Minister.

(3) ODA is to undertake its functions in a manner that prioritises the provision of relevant and up to date information to public sector agencies about their service delivery, operations and performance.

(4) ODA may, with the approval of the Minister, direct a public sector agency to provide public sector data to ODA for the purposes of carrying out its functions.

(5) The Minister must have regard to the trusted access principles before granting an approval under subsection (4).

(6) The Minister may impose specified requirements or limitations on the power of ODA to make a direction under subsection (4).

(7) ODA must comply with all relevant data sharing safeguards in respect of public sector data provided to it under this section.

Ms CHAPMAN: I have some questions.

The CHAIR: You have some questions on the new part 2A?

Ms CHAPMAN: Yes. This is for the establishment of an office for data analytics which, as the Attorney knows, not being in the original bill, was a matter of concern to us. My question is: in which department or public sector agency is it proposed that this office will reside?

The Hon. J.R. RAU: At the moment, we have not decided exactly where it will reside, nor have we decided what budget there would be for this because without the enabling structure, which is section 5A, none of it is possible. Because it has a sort of central agency feel about it, it could be in the Office for the Public Sector, it could be in DPC; it could be pretty well anywhere. Obviously, there are some places where it is more rational to put it, but we have not got that far.

I can tell you that there is a small version of this already functioning within the state, which is at ReturnToWorkSA, where they have a very sophisticated data analytics unit which they use as a risk management tool. They have been very successful at being proactive with risk management concerning workplace injury.

Ms Chapman: Predicting.

The Hon. J.R. RAU: Predicting, yes exactly. The idea is that this should give us enough structure to be able to establish an agency. It is important—and I pick up the concerns of the member for Mitchell—if you look at 5A(7) we are talking there about data sharing safeguards, and that would obviously include cybersecurity and other such matters.

This is an enabling provision and, on the assumption that this passes, again this would be the sort of thing that we probably would start off with a pilot to test the concept. Where exactly in government that would sit and what its budget would be is something we will have to work out, but it might be that child protection is an initial piece of work that this could be tasked to look at. We will just have to see. At the moment, there are many possibilities for how this will be done but without this it cannot be done. Rather than put the horse before—sorry, the horse does go before the cart, doesn't it? Yes.

The CHAIR: Normally.

The Hon. J.R. RAU: Normally, and so that is what I am trying to do: I am trying to put the horse in front of the cart, not the other way around.

Ms CHAPMAN: How does this provision, to have a data sharing bill and this office to be able to analyse the data and so on, comply with the first section of the recommendation of the Nyland requirement in 242 which actually does not talk about data analysis: it talks about a mandating of the obligation to share information between agencies? What is proposed here is a bill that has a voluntary disclosure of material and a capacity for you, as Attorney, to direct the provision of certain information and, indeed, by adding this clause, to have a centre within some agency to analyse that data and keep it secure, etc., and make the data available and so on. How on earth does all that comply with the first section of the provision of the Nyland report?

The Hon. J.R. RAU: It is very simple. The 242(a) is talking about sharing between government and non-government agencies. The office of data analytics is talking about analysing data within government. If you read the whole of the Nyland recommendations—and I cannot summon to my memory at the moment exactly which ones are pertinent to this proposition, so I will paraphrase them—a strong theme coming out of the Nyland recommendations is that there should be a research-based element within government—

Ms Chapman interjecting:

The Hon. J.R. RAU: No, but 242 is not about this; 242 is about the government sharing with somebody outside. This is about the government crunching its data, whatever data it has, to come up with statistically based policy positions.

Ms Chapman: So now you are basically doing this on child protection for research.

The Hon. J.R. RAU: The ODA is part of the research proposition coming out of Nyland. You have seen what will look like before Margaret Nyland's report. You have seen how it is different. I am explaining: the commonwealth bit came in because I have been talking to Christian Porter. The non-government and local government stuff comes out of 242(a). Data analytics, amongst other things, comes out of the very successful work that has been going on at ReturnToWork SA and the Nyland report recommendations which strongly emphasise the notion of there being a research-based evaluation orientated policy element established under the Nyland royal commission recommendations. If one of my colleagues here can tell me the number I can go to it. It is No. 50, I am told, so let's spin over to No. 50 and see how good my advice is.

Ms Chapman interjecting:

The Hon. J.R. RAU: It is pretty impressive, is it not, to be able to do that on my feet, if that is the case? It is not the case: I have been thinking about this for a long time. In relation to early intervention research, recommendation 50 states:

a prepare a Prevention and Early Intervention Strategy that is updated at least every five years:

I to identify service models…

III to form the basis of negotiations with the federal and local governments…

b establish research partnerships and fund evaluation of innovative service models to determine their effectiveness and value for money; and

c focus on the prevention and early intervention investment priorities identified in this report.

That is talking about analysing data and this is facilitating the provision of an entity within the state government that is able to do what recommendation 50 asks for.

Ms CHAPMAN: You say that no budget has been allocated to do this important role in the establishment of the office for data analytics. My next question is: is it proposed therefore that we are not going to get any of this, even as a pilot, until the budget next year?

The Hon. J.R. RAU: My hope is that, if we can get this bill though the parliament fairly quickly, I am going to be knocking on minister Porter's door in Canberra and saying to him, 'I am very interested in South Australia partnering with the commonwealth to utilise all of these types of opportunities.' That would be in a pilot sort of context. My expectation is that, if we got to that point quickly, the commonwealth frequently is prepared to provide some financial assistance in relation to cooperation in a pilot sense.

I heard on the radio this morning that the minister said there was something like $92 million being made available presently for support for the current program the minister is undertaking in relation to long-term carers and the fact that these people apparently leave the workforce and never get back into it. It was something that was on the radio this morning.

The Hon. Z.L. Bettison: Young carers.

The Hon. J.R. RAU: Young carers. There are shocking figures about people who have been on a young carers allowance who average the next 40 years out of employment.

Ms Chapman interjecting:

The Hon. J.R. RAU: I am trying to answer your question.

Ms Chapman interjecting:

Mr WINGARD: In 501, it says that you 'may' put this in place. Is there a guarantee that you are going to put the office of data analytics in place or is that just a cover-off, so you may not put it in place?

The Hon. J.R. RAU: It is my intention, if we get this through, that I will be going to cabinet and saying that we should do this.

Ms Chapman: Only if Christian Porter pays for it.

The Hon. J.R. RAU: No, I think we should be doing it anyway. I am just saying that minister Porter is on exactly the same wavelength as me about this. He sees the power of statistics and the power of numbers to be able to drive evaluation of decent policy. Incidentally, if members are interested in this, in New Zealand they are actually very good at this too, but in New Zealand they do not have the complexity of a federal system, so all the data is much easier to assemble.

It is my intention, if this gets up that, yes, I will be going to my colleagues in cabinet and discussing with them how we can actually start to move this forward. I do not know what cabinet will ultimately decide, but my own view is that you would start off with a sufficiently robust model to be able to use it as a trial because you do not want to spend a large amount of effort and dollars on setting up something until you have actually given it a bit of a test drive.

I would be wanting to get started on this straightaway and we do have, as I said before—and I would like to say this to all members who are interested—one functioning example of this within the state of South Australia's public sector already, which is in ReturnToWorkSA, and it is a very impressive outfit they have there. If anyone wants to have a briefing from them—

Mr Wingard interjecting:

The Hon. J.R. RAU: It is all within one agency. They are just using their own data. They get reports of work injuries and whatever and they are massaging those in their data analytic section. This is talking about dragging data from all over the place.

Mr WINGARD: To follow up on that, I know that you have said that you are keen to start the pilot in this smaller sphere, yet we look at New South Wales and we look at New Zealand as well and they have done it in a bigger space with bigger advantages. Are you concerned that you may be looking to be a little bit too insular and you should be looking bigger?

The Hon. J.R. RAU: Ultimately, that is going to be a matter for cabinet. My own view is that I think we need to prove the concept on a relatively containable scale. I think we can do that. As I said, ReturnToWorkSA has already successfully got into this space but, as I mentioned, they are only working with their own data. This is the next step, really, which is multiple agencies drawing data from one another. Can I just explain how I think it might be necessary to test it first up? One of the issues across government is the fact that each agency, for historical reasons, has different data management systems. They are of different ages, different capabilities, and different complexities and they speak different languages in many cases.

The practical issues relating to how you make this happen and the IT element should not be underestimated. Even within the courts, you have the police, the DPP, the courts themselves and Corrections. They all have different operating platforms and different data management systems. I think we are going to have to walk before we can run with this, but I have no doubt that this is the future. In South Australia, if we pass this legislation, we are going to be in a position where we are capable of having for the first time strongly data-driven capacity to make good policy and to be able to evaluate in real-time whether that policy is working. This is a pretty exciting opportunity.

Imagine this: in the past, we have had to wait for annual reports and all these sorts of things. We are always looking in the rear-vision mirror at things that have been and trying to work out, based on that, what will be. The advantage of this is that this potentially gives tools that will actually predict things. It also means that we might get real-time data feedback that says, 'That program you're doing over there and spending money on isn't working. Cut it out.' How valuable is that sort of stuff, rather than waiting for years for anecdotal evidence to tumble out? This is a factual basis for policy and administration of government.

Mr WINGARD: I very much understand what you are saying and I stressed before that I see and understand that upside. You talk about bringing the courts, police and justice together, but you have not outlined the security measures. The principle is fantastic. The delivery is the question that we are asking about here and you have not covered off on that. You talk about them all having differing systems and differing operators but this information is now being shared. When information is going from the courts to justice to families and police, if that is what is involved, how do you guarantee the cyber safety of the transfer of this information?

The Hon. J.R. RAU: I can say this: I am absolutely confident, having dealt with all those agencies, that none of them will want their data being placed in an environment that is less secure than theirs. That is the first point. In the discussion with the entities, I would imagine the security issue would come right to the top very quickly. We would not be getting agency buy-in and cooperation without that. The second thing is, if we are dealing with the police, for example, I can promise you that there is no way on earth that the police, on being asked to share data, will not immediately default to the question you have just asked me. That will be very central in their minds.

Undoubtedly, it will be the case that the sorts of agreements we strike with agencies may differentiate in levels of data. If we take the police, for example, if they have data about people who they have issued warrants for or people they have on police bail, that is one level of stuff. They may also have stuff that we will call criminal intelligence. I can tell you that they will have a very different view about where that should be going and, quite frankly, I do not think that is what we are talking about here. What we are talking about here is measurable stuff, measurable things.

The data may or may not be actually required or sought in a personal sense. It might be that it is digested material. Instead of being just about the member for Mitchell, it might be about a particular postcode. Questions about personal data safety can be dealt with not just by cybersecurity measures but also by the nature of the questions that are being asked. It may well be that, for many purposes, a sample survey of a postcode or CCD might be the only search reference that we need to know.

Some more work will have to be done on this, but this facilitates the establishment of this thing. I cannot emphasise enough that I am really very enthusiastic about this. I think it is one of the most potentially innovative and liberating pieces of apparatus that the state can have to actually tailor its policies and deliver its policies, and more particularly when things are not working, to root them out and spend money on things that are working.

Mr WINGARD: I am equally as excited about the prospects, but when you compare this bill with the New South Wales bill and even the Data Analytics Centre—I understand that New South Wales have invested more funds into their Data Analytics Centre—in turning their bill into an act, they have invested a whole lot more. Are you concerned that by coming up short you are half pregnant?

The Hon. J.R. RAU: No. I emphasise again that this is an enabler. The next step would be I then go to cabinet with a scoped proposition—

Mr WINGARD: Why not go there first and then come back?

The Hon. J.R. RAU: That is putting the cart before the horse. If I go to cabinet and say, 'Hypothetically, if I had a bill that enabled me to do this, what would you say?' they would say, 'Come back when you have something to talk to us about.' You have to go in with concrete proposals. This is the platform that enables me to go and ask for support for the establishment of this sort of thing. If I can get it established as a full-blown unit, terrific. I am being perfectly frank with you.

I am just saying that the complexities of this are such that they should not be underestimated, and it might be that we have to start small before we can get big, that is all I am saying. It does not mean I am not interested in it being a very large, inclusive apparatus; I am. But it is like anything that you are doing for the first time. It is logical, I think, that you do a bit of an experiment and a proof of concept or something.

Mr WINGARD: Why not use the New South Wales model and marry it over? If they have already looked at it and done it—

The Hon. J.R. RAU: Just because they have done it, does not mean it is right. We have to have something which works for us and fits our environment. New South Wales does a number of things that we do not do. Sometimes they have a good reason and sometimes they haven't. New South Wales, for instance in the justice system, has a court of appeal; we do not. But they also have about 50 judges—

Ms Chapman interjecting:

The Hon. J.R. RAU: I still think that one day, that is going to happen here. I am just making the point: when you have 50 Supreme Court judges, or 60 or whatever they have, a court of appeal makes sense. We do not have that many, so it does not make sense at the present time. You have to think about the scale of these things. I am confident this is going to be liberating for good policy formulation and oversight of government programs.

Mr WINGARD: Are you concerned you have too many holes in it?

The Hon. J.R. RAU: No, I am not. We have left it deliberately flexible.

Mr WINGARD: Holey or flexible?

The Hon. J.R. RAU: Flexible.

New part inserted.

Clause 6.

Ms CHAPMAN: I have a question on the trusted access principles. This is to be prescribed by somebody. My question is: do we have a draft of what the trusted access principles are?

The Hon. J.R. RAU: No, that is something that we will complete. There is a clarification. The basic trusted access principles appear in clause 6(3).

Ms Chapman interjecting:

The Hon. J.R. RAU: Yes, that is them, but you will see that there is also in subsection (7) the capability of additional requirements or principles. What we have done there is said that these things, we think, are safe principles which are self-evident and are appropriate to have hardwired through the bill, but it is entirely possible that experience will show that there are other things that we need to consider as well. For that reason, we have subsection (7) there, and we do not have anything in mind presently for subsection (7).

Ms CHAPMAN: Is this any different from the regime that operates in New South Wales?

The Hon. J.R. RAU: I cannot vouch for the fact that it is exactly the same wording, but, yes, they do operate with the idea of trusted access principles as a core feature.

Mr WINGARD: Can you explain 'safe'? You have safe projects, safe data, safe settings. What is 'safe'?

The Hon. J.R. RAU: If you read it, 'safe' is a heading.

An honourable member interjecting:

The Hon. J.R. RAU: It does not mean anything, to be honest. It just means projects and people. That is a heading, that is a tag, but if you go beneath that it actually explains what that particular thing is about. The first one is:

The purpose for which data is proposed to be shared and used must be assessed as appropriate having regard to—

whether the data is necessary for the appropriate use, etc., etc. If it passes all of those things, it is deemed to be a safe project. If you like, the definition of 'safe' in each one of these is set out below.

Mr WINGARD: Whereas in New South Wales law they have a privacy act that is enveloped within their data sharing act. They have an act ensuring privacy; you have the word 'safe'. Are you concerned that you have put the cart before the horse? Should there have been a privacy act to cover it?

The Hon. J.R. RAU: I think we can be too slavish in copying literally what other states do. We unashamedly acknowledge New South Wales' leadership in this area conceptually. We have safety in here in the sense that, as I explained before in 11A(7), we have a provision that says that the Freedom of Information Act presently does protect certain information. What you can be certain of is that under this there will be no reduction in the level of protection of information over and above what is there now.

Clause passed.

Clause 7 passed.

Clause 8.

The Hon. J.R. RAU: I move:

Amendment No 8 [DepPrem—1]—

Page 7, line 22 [clause 8(3)]—Delete 'apply' and substitute 'have regard to.'

Amendment carried.

The CHAIR: You have a question on amended clause 8, deputy leader?

Ms CHAPMAN: Yes, thank you. This is the direction power where the minister may direct an agency to provide information. Is there any other circumstance or any other initiating practice or process that can result in a department or agency producing any data, or is this the only section? If and when you want to issue a direction, they have to do it?

The Hon. J.R. RAU: Yes.

Ms CHAPMAN: That is it? Everything else is voluntary?

The Hon. J.R. RAU: The concept behind this is basically that the legislation says, 'Listen, all you lot, you should be sharing stuff with each other. Now, go away and play nicely.' That is the starting point. If that does not happen, it gets escalated to the point where we have a collection—a conclave, if that is the right word—of chief executives who meet and try to sort things out. If that still fails to sort things out, it escalates to the minister who says, 'Either do it or don't do it.'

Ms Chapman interjecting:

The Hon. J.R. RAU: Yes, at the present time, it would be me. That might be as Attorney-General or Minister for the Public Sector. I think it might be the Minister for the Public Sector.

There is a tiered system. The first part of the system is, 'Look, everybody, this is now how we expect you to behave. Go away and behave properly.' If we start running into problems, then the first escalation is to this group of chief executives who are supposed to sit around and talk it out and, hopefully, resolve the issue but, if parties still remain unhappy about that, the last point is it gets flicked up to the minister of the day, who then makes a call yes or no and that is the end of the dispute.

Ms CHAPMAN: Particularly if we are dealing with departments or agencies that relate to child protection, as the minister covering child protection is also the minister for public employment, would it be your intention to ensure that whichever minister has control of this is not the minister for child protection?

The Hon. J.R. RAU: Ultimately, that would be a matter for the Premier, but I do recognise this. If we are using this in a child protection context and I continue to be a minister who has some responsibility in that respect, there would be a conflict.

Ms Chapman interjecting:

The Hon. J.R. RAU: Just let me finish. It may be that there is at least an apparent conflict—if not a real one, at least an apparent one—if the minister for child protection happens to also be giving directions about child protection-related matters in a capacity of wearing another hat. I think the simple answer to that is that you would delegate that particular matter to another minister on the basis that you were trying to avoid the conflict. I know that, as planning minister, from time to time there have been examples of where I have delegated a particular planning determination to another minister because the matter that was before us actually was a matter relating to Renewal SA, which at that point in time reported to me.

Clause as amended passed.

Clause 9.

The Hon. J.R. RAU: I move:

Amendment No 9 [DepPrem-1]

Page 7, lines 31 and 32 [clause 9(1)]—

Delete 'pursuant to an authorisation under section 7 or section 8' and substitute 'under Part 2A or Part 3'

Amendment carried.

Ms CHAPMAN: We are currently looking at an area of potential sale by the government of the data in the Lands Titles Office and certain services that are provided by that agency. There has been an indication, I think in a budget bill that has just gone through our house today, of some of the necessary reforms to accommodate the potential sale. One of those things is to ensure that there is some confidentiality of data that might leave that agency, especially if it is to be provided to an entity which buys that data stream.

Is this clause going to override or interfere with that in some way, or do you say that it facilitates it, that is, that stream of data which leaves a government agency and goes to a private entity which purchases that information? When it has occurred in other situations, like in the Motor Accident Commission, for example, which has legislation surrounding it to facilitate the sale of that right to have insurance, the confidentiality of that data is protected in a statute. I am just trying to make sure that this, firstly, does not interfere with the commercial sale because, clearly, that is what the government intends to do, but also that the data, when it does leave, is going to be covered by this. If it is not, are we still going to need legislation to protect that?

The Hon. J.R. RAU: I think that is a difficult question for me to answer because I am not entirely familiar with the detail of whatever the ultimate proposal might be in respect of that other proposed project. My understanding is that the interaction with other acts, as far as that is concerned, is dealt with in clause 5.

Ms CHAPMAN: But this is clause 9(1).

The Hon. J.R. RAU: Yes, but in talking about—

Ms CHAPMAN: It states it 'must ensure that the confidential or commercially sensitive information is dealt with in a way that complies with any contractual or equitable obligations', which it will have if you sign the contract, is my point.

The Hon. J.R. RAU: I can look at that between the houses.

Mr WINGARD: On the confidentiality and commercial-in-confidence, again, I will ask a question about what we are doing to keep this secure, as outlined in this clause. Are you confident that the current systems can provide that cybersecurity? Do you think the government will be investing more money in the short, immediate and long term, and how is that going to play out?

The Hon. J.R. RAU: If we are asking questions about investing cash, all I can say is that is obviously a matter for budget processes, and I am not able to answer that in the absence of there being any determination of any matter, and understandably so because this bill has not even passed the parliament. Once it has, I intend to seek to make it operational, but that will be a matter for budget.

Mr WINGARD: More specifically, can you provide the cybersecurity with the facilities you have at hand at the minute?

The Hon. J.R. RAU: We can certainly deliver whatever level of security we presently have, and we are not proposing to reduce the level of security by reason of anything in this bill.

Mr WINGARD: Once we start sharing this information, are you foreseeing a need for higher security?

The Hon. J.R. RAU: The answer to that really depends on with whom we are sharing it. If we are sharing it within government—

Mr WINGARD: Systems are different.

The Hon. J.R. RAU: Yes, and this is a perennial problem in government. Systems are different, and each one of those agencies will have different views about how much sensitivity attaches to different pools of data. There is nothing in here that is intended to weaken anything that is there presently.

When we are sharing within government, all I can say to you is we are not proposing that anybody's information be given less protection than it presently has either from an FOI perspective or from a perspective of the place where the data is held being vulnerable to attack from China or somewhere. When we are sharing outside of the state government, we would then insert all of those criteria into those agreement provisions that we would have to strike with whoever the other external partner might be.

Clause as amended passed.

Clause 10.

The Hon. J.R. RAU: I move:

Amendment No 10 [DepPrem–1]—

Page 8, line 3 [clause 10(1)]—Delete 'pursuant to an authority under section 7 or section 8' and substitute:

under Part 2A or Part 3

Amendment carried; clause as amended passed.

Clause 11.

The Hon. J.R. RAU: I move:

Amendment No 11 [DepPrem–1]—

Page 8, line 16 [clause 11]—Delete 'pursuant to an authority under section 7 or section 8' and substitute:

under Part 2A or Part 3

Mr WINGARD: I just want to get clarification on the minister's ability to enter into these data-sharing agreements. I have not asked the question, but I raised it in my speech, as to how the minister will enter into these agreements. Surely, he needs someone who knows something about the 'interweb', as he likes to call it, to make these agreements. How is he going to structure it? Is he going to just go with the guys with the federal minister or will there be qualified people to help make these decisions?

The Hon. J.R. RAU: I want to reassure the members for Bragg and Mitchell that my reasonably constrained comprehension of the interweb means that I will not be the technical adviser in any of these commercial arrangements.

The Hon. T.R. Kenyon: Nor will you be consulting on it after you leave parliament.

The Hon. J.R. RAU: Nor will I will be consulting on it any time after this phase of my career ends. Obviously, the government would be seeking out competent people, experts, who know what they are doing. I think it is fair to say that if we were dealing with the commonwealth, they would be a very well funded and sophisticated partner to work with, and I would not expect there to be lots of problems working with them.

If we started working with other partners like local government or an NGO, I think we would have to be very careful about these things. That might just mean that the pipeline of data exchange with them is relatively small and very particular. But, yes, I can assure you that technical advice regarding cybersecurity will not be coming from me.

Ms CHAPMAN: For the purposes of a commonwealth agency entering into an agreement with you as the relevant minister, is it necessary for them to pass legislation in the commonwealth parliament?

The Hon. J.R. RAU: That is a very good question, and it is a question that I want to discuss with minister Porter when I have the opportunity to speak with him.

Ms Chapman: They don't have privacy legislation, that I know of.

The Hon. J.R. RAU: This is interesting, actually. I think the answer might be that if we are seeking to deal with only one agency of the commonwealth, like, for example, Social Services, I would envisage that that minister would be subject to any act of his own to the contrary. I assume he would be authorised to deal with stuff within his department. There may be constraints on that, too, by legislation.

If we actually had to interact with more than one commonwealth agency (so, it is interaction with the commonwealth but then there are horizontal commonwealth agency connections) that might well require the commonwealth to consider whether it is—we may be in a far more flexible position than they are. I am hoping to talk to the minister about this soon. I told him that we were going to be putting this bill to the parliament and I intend to write to him and give him an update on how we are going.

I cannot emphasise enough that I do think the opportunity for the commonwealth and the states to partner up where the commonwealth has data and we have data—if you actually put them together, you get an incredibly powerful tool. I think this is very cutting edge stuff.

Ms CHAPMAN: In respect of the agreements with a relevant entity which is a local council, what is the Local Government Association's view on this?

The Hon. J.R. RAU: I do not know their view, but this would only occur if the council in question decided they wish to participate. This does not give me any more capacity to direct the council than it does give me to direct the commonwealth. It just means that I am authorised to seek to reach an agreement with the commonwealth, or a council, or another entity. It does not mean that I have the capacity to direct the council in respect of this any more than I do the commonwealth. Each one of those things would be dealt on an ad hoc basis with whatever entity it might be. If I was offering terms they did not like, I assume they would tell me to go away.

Ms CHAPMAN: Have any councils or the LGA written to you, emailed you or spoken to you and asked you to be part of this new regime?

The Hon. J.R. RAU: Not that I know of, no. It struck me though that, again, coming at it from a child protection perspective, there are various things that councils do that we might want to be sharing data about. For example, they may have information through council inspectors doing certain things which might be relevant. Council inspectors look at whether houses have—and I do not know what they call those people, but people who seem to have old cars and washing machines on their front lawns. What do they call those people?

Ms Chapman: Hoarders.

The Hon. J.R. RAU: Hoarders. So council would know about that sort of person, for example, because they then have to send a van out to collect all the rubbish eventually and send them a bill—or places which appear to be derelict or whatever, or health inspectors. There is a whole range of things that councils do that might—I am not saying 'are' definitely—conceivably be useful for us to actually have information directly from them. Whether or not there is much that we might supply to councils that would be of legitimate interest to them is a matter for them.

Ms Chapman: That would be a lot.

The Hon. J.R. RAU: If they come up with a suggestion about things that they think they would like to know and that we have information about, they can drop me a line if this goes through and we will have a chat about it.

Mr WINGARD: The line that states that a minister may enter into an agreement relating to the sharing of data with a relevant entity, how do you determine what is appropriate? As we said, there is data right across the board, but how are you going to determine which data is appropriate and which data is not appropriate?

The Hon. J.R. RAU: Each one of these things has got to be a case-by-case value judgement about whether or not the proposed access to data is (a) reasonable, and (b) for a purpose which is likely to deliver any value. You would have to actually present the case, and I will go back to the example I gave about schools.

We know there are a lot of kids who do not go to school when they should, and we also know that the more often a child is not attending school the more likely it is that child has a problem. The problem might be health, but more likely it is a chaotic life at home. There is a strong linkage between absenteeism from school, child protection issues, poor educational outcomes, illiteracy, and a whole bunch of other things.

Ms Chapman: The council health inspector would tell you that.

The Hon. J.R. RAU: No—I was asked more generally about this. If the commonwealth says to me, 'We'll do some data sharing with you if you tell us all the real-time information about whether these kids are bobbing up at school. We will do something like "no jab no cash" for the parents who aren't sending those kids,' I then have to assess that as a value proposition. Do I think, first of all, that the goal of this process is a laudable goal? Namely, get rid of truancy or reduced truancy?

In my opinion, tick, yes, that is very important. What are they asking me to do in order to enable us to share data and do this? The answer is that they just want us to give them real-time data about children not being at school. Do I think that is a reasonable request given the magnitude of the potential benefit? Tick, yes. Then we go off and do the deal. But if they come up with something in which I can see no merit, then we will not do it.

Mr Wingard: That is you personally?

The Hon. J.R. RAU: Yes, but obviously I would be discussing these things with other ministers. In the case I just gave you, for example, I would obviously discuss that with the Minister for Education because it involves the education portfolio.

Ms CHAPMAN: Attorney, are you not making it quite clear that you want to be able to enter into agreements with parties, some of whom have no capacity to negotiate with you on any kind of equal basis: individuals, members of council, and which is going to be a no data, no dollars, no-deal arrangement. Surely, it is just unconscionable that you should be introducing a structure about which you are going to make it abundantly clear that you want cooperation on for the information that they have to disclose to you. If there is any capacity for you to show me where this type of model actually works which expands to these other agencies who do not even know that you are asking to put this into legislation we will have a look at it. But so far, there is none.

The Hon. J.R. RAU: I cannot emphasise this enough. All this is saying is that I can go to the commonwealth government, or the local government, or Anglicare, or somebody and knock on their door and say, 'Excuse me, I'd like to share some data with you, are you interested in talking?'

Ms Chapman: No, it's got to be 'You give me your data or you get no money.'

The Hon. J.R. RAU: No, it's not. Where does it say that? That is ludicrous. I do not control the commonwealth government, I do not control Anglicare, I do not control local government. The only way we are going to get one of these agreements is if I am offering something they want and they want to sign up for it. That is it.

Ms Chapman interjecting:

The CHAIR: Do you have another question?

Ms Chapman: No.

Amendment carried; clause as amended passed.

New part 4A.

The Hon. J.R. RAU: I move:

Amendment No 12 [DepPrem–1]—

Page 8, after line 16—Insert:

Part 4A—Minister may enter data sharing agreements

11A—Minister may enter data sharing agreements

(1) The Minister may enter into an agreement relating to the sharing of data with a relevant entity.

(2) An agreement between the Minister and a relevant entity under this section may be subject to such conditions as are agreed between the Minister and the relevant entity, including conditions providing for—

(a) the provision of public sector data by a public sector agency to the relevant entity; and

(b) the provision of data by the relevant entity to the Minister or a public sector agency; and

(c) the application of 1 or more of the trusted access principles to the sharing of data under the agreement.

(3) If a relevant entity enters into an agreement under this section, the relevant entity must comply with the conditions of the agreement.

(4) If the Minister enters into an agreement that involves the provision of public sector data by a public sector agency to a relevant entity, the Minister may direct the public sector agency to provide public sector data that it controls to the relevant entity in accordance with the agreement.

(5) The provision of public sector data by a public sector agency to a relevant entity under an agreement under this section is lawful for the purposes of any other Act or law that would otherwise operate to prohibit that provision (whether or not the prohibition is subject to specified qualifications or exceptions) if the public sector data is provided in accordance with the agreement.

(6) Section 14(1) does not apply to a relevant entity that enters into an agreement under this Part.

(7) The Freedom of Information Act 1991 does not apply to or in relation to a document (within the meaning of that Act) that is provided by a relevant entity, other than a person or body (or a person or body of a class) prescribed for the purposes of paragraph (c) of the definition of relevant entity, under an agreement under this section.

(8) In this section—

relevant entity means—

(a) an agency or instrumentality of the Commonwealth, another State or a Territory of the Commonwealth; or

(b) a council (within the meaning of the Local Government Act 1999); or

(c) a person or body, or a person or body of a class, prescribed by the regulations.

New part inserted.

Clause 12.

The Hon. J.R. RAU: I move:

Amendment No 13 [DepPrem–1]—

Page 8, line 22 [clause 12(a)]—After 'Minister' insert ', after consultation with the data provider,'

Amendment carried; clause as amended passed.

Clauses 13 to 15 passed.

Long title.

The Hon. J.R. RAU: I move:

Amendment No 14 [DepPrem–1]—

Long title—After 'agencies;' insert 'to provide for the sharing of data between public sector agencies and other entities; to provide for an Office of Data Analytics;'

Amendment carried; long title as amended passed.

Bill reported with amendment.

Third Reading

The Hon. J.R. RAU (Enfield—Deputy Premier, Attorney-General, Minister for Justice Reform, Minister for Planning, Minister for Industrial Relations, Minister for Child Protection Reform, Minister for the Public Sector, Minister for Consumer and Business Services, Minister for the City of Adelaide) (17:52): I move:

That this bill be now read a third time.

Bill read a third time and passed.

PARLIAMENTARY BUSINESS
MEMBERS
GET INVOLVED
ABOUT PARLIAMENT
VISIT
LEGISLATIVE COUNCIL
HOUSE OF ASSEMBLY
CONTACT