House of Assembly - Fifty-Fourth Parliament, Second Session (54-2)
2021-02-03 Daily Xml

Contents

COVID-19 Contact Tracing

Ms BEDFORD (Florey) (14:58): My question is to the Attorney-General. What is being done to protect the privacy of data on contact tracing record forms at retail, hospitality and other places? With your leave, sir, and that the house I will explain.

Leave granted.

Ms BEDFORD: Earlier today, my office took a very worrying report of a person observed photographing contact forms outside supermarkets and shopping centres, and in light of your comment, which is reported in The Advertiser this morning, I am just wondering how those forms are protected by the Emergency Management Act.

The Hon. V.A. CHAPMAN (Bragg—Deputy Premier, Attorney-General, Minister for Planning and Local Government) (14:59): Firstly, I thank the member for raising the matter. I would hope that her office has referred that information to the police if there has been any breach in relation to the codes, that is, the privacy.

As the member may be aware, under the Emergency Management Act there is a $5,000 fine for any intentional disclosure of information. There are a couple of exemptions to that: that is, if the disclosure is for the purposes of enforcing the act, which I think the member would appreciate; or having the consent of the person concerned; or the disclosure is ultimately required for a court or for the enforcement arrangements. Apart from that, we have a very clear provision, statutory protection. It's an offence and it's punishable.

The other matter relates to this question of privacy generally. It has been the government's view that the advance of the QR code technology and access to that would be beneficial for a number of reasons, including what the member has just raised: a constituent who has access to viewing someone's name and details as they might go into a deli or a meeting, or at any other time, and there has been a hard copy listing arrangement provided. We have them in schools, we have them in that area.

It has been the government's view that, with the QR technology coming on stream last year, it is something we should access and, in fact, we have done that. In fact, the Coordinator (the police commissioner) has, with the health agencies, understood how valuable that has been in being able to trace that information within hours. So, yes, it is important that there be a privacy law around that and it's there.

In addition to that, the government has been of the view, especially in this state where we don't have any privacy law—that is, tort law, the right to be able to sue someone if they access and use your data—that we have an obligation that the information be deleted after 28 days. That has been happening and I have reported to the parliament that on Tuesday, as of Monday, there were 30-odd million. Yesterday, it was 31 million. I can say for today's tally that 32.4 million sets of contact details have been deleted because they have got to the expiry date. They haven't been required for the purposes of tracing and so that information gets deleted.

So, yes, the government treats very seriously matters in relation to data, whether it's in hard form, whether it's electronically recorded or whether it's used via technology such as the QR code. We do need to hear if there are any circumstances where someone feels that their information has either not been deleted—and I have had no evidence of that, but that was a concern—and/or that someone has accessed it for purposes other than the three exemptions that I have indicated. If there is any suggestion of that, I would be happy for the member to refer it to me, but I would urge any member who has any concern about this in their constituency to please refer it to the police.