HANSARD
SITTING CALENDAR
SEARCH
LIVE BROADCAST
Hansard Dynamic Member Index
Legislative Council - Fifty-Third Parliament, Second Session (53-2)
2016-11-15 Daily Xml
Contents
Pdf Xml

Bills

Public Sector (Data Sharing) Bill

Second Reading

Adjourned debate on second reading.

(Continued from 20 October 2016.)

The Hon. R.I. LUCAS (16:38): I rise to speak to the second reading of the bill and, in doing so, congratulate my learned colleague the Hon. Andrew McLachlan for his excellent contribution to the second reading, which has made the task so much easier for the rest of us who follow in his wake. In particular, I repeat his summation of the background and purpose of the bill in acknowledging that the Liberal Party—and indeed, all in parliament—support the provisions directed to child protection. However, the point the Hon. Mr McLachlan makes is that the bill, as it is before us, seeks to do much, much more. It is the 'much, much more' that the Hon. Mr McLachlan, myself and others are interested in exploring in greater detail. I know the Hon. Mr Darley is of that mind as well.

In his contribution, the Hon. Mr McLachlan makes it quite clear, upon the work that he has done and the discussions he has had, that, to quote the Hon. Mr McLachlan, 'The government clearly contemplated legislation of this nature well before Commissioner Nyland's recommendations were handed down.' I will not repeat the honourable member's arguments in that respect other than to support them, but I want to address some general comments to the 'much, much more' sections of the legislation.

I must say, not having had carriage of this bill but being involved at the periphery initially and still at this stage, my comments are necessarily of a general nature. I have not had a detailed briefing, but I have followed the discussions the Hon. Mr McLachlan and others have had. One of my lower house colleagues organised a representative from the New South Wales public sector in a similar area to come across and speak to us of the value of the work that was being done. I must admit I was none the wiser, having listened for an hour to that particular presentation, as to the value and worth of at least the New South Wales model in this particular area of data sharing.

In addressing my comments, I want to trace a little bit of history as to why I am wary of what the government intends with these sorts of issues. I will instance two examples over recent years where, to use a colloquial expression, this government has form in the area of abusing the use of data within the public sector.

During the 2010 election campaign, I issued a press statement on 18 March with the eye-catching headline 'Rann caught out abusing public servant database'. Put simply, what I put on the public record at that stage was that then premier Rann and the Labor Party had been caught out abusing a government email database to circulate Labor Party campaign material to the state's public servants.

I contended that it was a clear breach of the caretaker conventions that Mr Rann and the government should have been observing. In fact, we lodged an objection to the then CEO of the Department of the Premier and Cabinet whose responsibility it was to manage the caretaker convention provisions at that particular time. Suffice to say we did not receive a satisfactory response to that complaint.

In essence, what the Labor government did at that particular stage was, through the department for education and children's services, circulate to the government email database the Labor Party's policy 'Labor's commitments to students with a disability'. This email included Mr Rann's Labor Party media release on the Labor Party policy on disability support with details of funding commitments from the Labor Party. Brazenly, it was actually authorised by state secretary Michael Brown.

There was no pretext at all that this was a government information campaign. It was actually authorised by the Labor Party secretary—someone who has a great desire to come into this chamber, I understand. He keeps getting knocked on the head; nevertheless, he keeps trying. As I said, brazenly, there was no pretext that this was government material. This was actually Labor Party material.

We are not sure how widely it was circulated. We had a number of complaints from people who said they received it on the official education department database and objected to Labor Party material being circulated in that particular way, authorised by the Labor Party state secretary Michael Brown; nevertheless, that occurred.

A number of members in this chamber will be familiar, as I think it has been the subject of some investigation by a parliamentary select committee, with the information supplied or circulated by the assistant secretary of the Housing Trust Tenants Association, Julie Macdonald, who was also, at that time, a member of the Australian Labor Party. The said person distributed a letter to Housing Trust tenants at their Housing Trust addresses, claiming that the Liberals were going to force tenants from their homes if they were elected.

That was a blatant lie, and I said so in a press statement. Unsurprisingly, when we complained about that and sought information as to how Ms Macdonald had got access to a confidential database of Housing Trust tenants, there was no response. Clearly, there are significant databases that exist within government departments and agencies.

The other trend that I note in terms of expressing my wariness and caution about this is that this government has adopted a policy of parachuting ministerial staffers and Labor Party spin doctors into senior positions within the Public Service. I will not prolong the debate today by listing examples of the Rik Morrises of this world, and formerly the Lachlan Parkers, the Paul Flanagans and the others who have all worked for the Labor cause in ministerial offices, to then be parachuted into government departments and agencies—there are too many to list during this debate.

But there is, as one of my colleagues has put to me, an increasingly clear policy position of the Labor Party in government to an Americanisation of the public sector; that is, as we see presidents or administrations change in the United States, as the new boss comes in the whole of the public service essentially gets swept away and his or her people are brought in.

That has not been the tradition in South Australia, or in Australia for that matter: the tradition has tried to be, with obviously some exceptions, an independent and impartial, apolitical Public Service that loyally serves the government of the day, whether it be Labor or Liberal. There has been an acceptance at the CEO level that governments can appoint whomsoever they wish, and terminate whomsoever they wish, and Labor and Liberal governments have done that on occasions consistent with that particular convention.

We have seen Premier Weatherill, who clearly is a passionate advocate of the Americanisation of our public sector, bring fellow Labor Party travellers or supporters into CEO positions: Kym Winter-Dewhirst in DPC, a former staffer; and fellow travellers from interstate, like Mr Michael Deegan and Dr Don Russell, as clear examples of Labor Party sympathisers/supporters/fellow travellers brought into CEO positions. As I said, the convention has been in the past, perhaps not as blatantly as this, that administrations are able to do that at the chief executive officer level. What we have seen in South Australia recently has been that creeping down to the middle management and senior management levels, not at the CEO level.

When we start talking about this issue of collapsing data, being able to switch data between agencies, having an office, having that managed, clearly, not on a day-to-day basis at the CEO level but at the middle management or senior management level, it raises concerns with some of us as to what the true purpose of this piece of legislation might be, how it might be used and how it might be misused or abused.

The examples I have given, in terms of the abuse of the education department database or the Housing Trust tenants database, again were not permitted. There was an abuse of the process there, but nevertheless they were in different areas. The convenience of being able to collapse all politically usable information into one particular area of government and having a key person appointed to that particular position by the government of the day is something that members at least ought to think about and see whether or not we are comfortable that the protections that should be in the legislation are in the legislation to protect us against those eventualities.

Something that has really only occurred in the last few years is government websites. Let's take the YourSAy website. Let's take the 50,000 or something supposed interactions, I assume through the website, in relation to the Premier's passionate vision for a nuclear waste dump future for South Australia. I note today that that is passionately supported by the Hon. Mr Malinauskas. He clearly nailed his colours to the nuclear waste dump vision for the future of South Australia during question time, so we know where the Hon. Mr Malinauskas stands; it is clear where he stands on the issue.

All of that information is currently available within one section of the Public Service. The YourSAy website would have literally, I assume, tens, if not hundreds, of thousands of contacts with individual voters and constituents, with email addresses, telephone numbers, and others, expressing their views on a whole variety of political issues. My questions to the government minister, or whoever it is who is handling this particular bill (ultimately, it is minister Rau), are: where is that information currently collected and what are the current protections and restrictions, if any, that exist within the public sector about sharing that information?

Is it clear that under the government's proposal that information could, by ministerial decision or chief executive officer decision, be transferred from one section of government all into the Department of the Premier and Cabinet, for example, or all into this office that is to be established and shared between departments and agencies; that is, the minister could construct a reason or an excuse for it to be centrally collected and to have it all transferred into a central location?

I have only listed the YourSAy website and the nuclear waste dump consultation, but I am sure that members will be aware of many other examples. There would be lists, for example, I assume, of recreational fishers and people who have expressed views about the marine parks legislation over the years available in the government department. Access to that information would clearly be advantageous for a political party in terms of campaigning, knowing their particular views on a particular issue. In the environment area, there would clearly be, and has been, a number of environmental issues where there has been interaction or contact sought from communities.

There is any number of agencies which have, as part of their work, consulted and collected political views—or views on political issues; let me put it that way—which would be invaluable to Reggie Martin, state secretary of the Labor Party, via the government in some way; that is, having access to the information about which members have particular views for or against marine parks, for or against nuclear waste dumps, for or against disability services, whatever it might be.

That is the sort of valuable information I am talking about. That is why the government circulated disability policy to some education department websites. That is why the confidential Housing Trust Tenants Association database was accessed by Ms Julie Macdonald, to get a Labor Party sympathetic view to those particular tenants. They are powerful political weapons in the hands of people who have no compunction at all in abusing access to databases, as, sadly, this Labor government has demonstrated over a long period of time.

What we are seeing here is the greater power to direct the sharing of information, the transfer of information, and the capacity for ministers to be able to make decisions and direct. I intend to raise this as perhaps an area that we ought to look at. The Hon. Mr McLachlan will correct me if I am wrong, but I think his amendments were at least looking ex post, that is, when the annual report comes out later on indicating what directions might have been indicated.

However, the issue I want to raise is that maybe it ought to be raised almost contemporaneously of ministerial directives in terms of information. Because, if something is directed to be done in December just prior to a March 2018 election and if the annual report has to reveal it, then that will be October/November in the year of the election, but after the election date. So, there are significant issues and concerns potentially in relation to how this process could be used and abused.

I specifically want to know whether or not there is anything in the legislation that would prevent a direction, for example, for confidential tax information through RevenueSA being shared with another agency other than RevenueSA? Is there something either within this bill or within other legislation that prevents what has up until now been the absolute privacy of tax information, to the extent that sometimes even members of parliament, when they raise issues on behalf of constituents, are told, 'Unless you get a disclaimer from the constituent, we can't talk to you about the land tax issues that might relate to a particular person,' or whatever it might happen to be.

I am assuming there is another layer of protection in relation to medical information being shared with other departments and agencies. I do not know that that is the case, but certainly I am seeking an answer as to what additional layers of protection there are in relation to medical information.

There are obvious questions also in relation to other statutory corporations, such as ReturnToWorkSA, for example. Is it included or excluded? Is information in relation to those people who might be either beneficiaries of a particular claim in the return to work legislation or unhappy with a particular aspect of changes to the return to work legislation going to be available for transfer to another government department or agency if the government of the day can construct some reasonable excuse for the transfer of that information to some central location?

They are the general questions I have. I will raise some specific questions about some of the clauses at the second reading so that the minister can at least take advice and see whether or not he is prepared to respond. Certainly, they will be issues I intend to pursue in the committee stage. In clause 3—Interpretation, under 'exempt public sector data', it provides:

(b) any other public sector data, or public sector data of a kind, prescribed by the regulations;

I ask the minister to indicate what the current intention is in relation to what might be prescribed by the regulations. The definition of 'individual' means a natural person, but does not include a deceased person. Can I ask the minister for an explanation as to why 'a deceased person' has specifically been incorporated in the drafting?

Under the definition of 'public sector agency' it 'excludes a person or body prescribed by the regulations'. Can the minister outline what the current intention is in relation to which persons or bodies are going to be prescribed by the regulations there? Further, it 'includes any other person or body prescribed by the regulations for the purposes of this definition.' Again, I ask what the current intention is in relation to which persons or bodies will be prescribed by regulations, and if there are not specific ones, can the minister give an indication of the general example or type that is being contemplated to require that particular provision in the drafting? In looking through clauses 4, 5 and subsequent clauses, it is clear that:

…the provision of public sector data by a public sector agency to another public sector agency is lawful for the purposes of any other Act or law that would otherwise operate to prohibit that provision…

I ask that specifically in relation to the RevenueSA information, ReturnToWorkSA information and Health information. Is there anything in the drafting of this clause 5 which actually restricts the potential access to information of that type from being subject to the provisions of the legislation?

Further on, in terms of clause 8—Public sector data sharing authorisation, this is where a public sector agency is authorised to provide public sector data, other than exempt public sector data, that it controls. I have a question on this clause—and it is really only a personal reflection at this stage—and also the following clause 9, which is data sharing on direction by a minister, which provides:

(1) The Minister may direct a public sector agency…

My view is stronger in relation to clause 9 than, perhaps, clause 8, but I think it equally applies. If you look at clause 9, if a minister directs a public sector agency to provide data, would it be possible to contemplate, for example, requiring the public release of that information much sooner than even perhaps contemplated by our amendments which, as I said and as I understand it, is in the annual report.

There are many other statutes where, when certain directions occur, the minister is required to put it in writing and to table that direction within six sitting days in the parliament. I think that is something at least worth discussing. I would be interested to hear a government response as to why they believe that would be either unfair, would not work or should not occur. Certainly, as I said, that is something that ought to be contemplated in relation to clause 9 and clause 8, possibly, as well.

Further on, clause 14—Restriction on further use and disclosure of public sector data, provides:

A data recipient must not use or disclose public sector data received pursuant to an authorisation under section 8 or section 9 other than for a purpose for which it was provided unless—

(a) the Minister…approves the use or disclosure…

Again, I raise the question about this: you must not use or disclose it for a purpose other than for which it was provided, unless the minister approves the use or disclosure. What we are saying here is that someone has received the data and you must not use it under sections 8 or 9, other than for a purpose for which it was provided. So, it was provided for a purpose and you cannot use it for anything other than that purpose, but the minister under clause 14(a) approves the use or disclosure.

I am interested to hear why that particular provision is needed and, if it is, whether or not—if the minister is going to approve the use or disclosure of information other than for a purpose for which it was provided—that should be revealed publicly and tabled in the parliament within six sitting days, or something like that. That is so, if a minister is directing or is making a decision about the use of data contrary to the purpose for which it had been provided, we (the parliament) and the community through the parliament are aware of the decision that the minister has taken. I am also interested in clause 15—Delegation by Minister, which provides:

(1) The Minister may delegate any of the Minister's functions or powers under this Act.

I assume that also relates to clause 14 and clause 9. I seek a government response to that, as to whether that is what is intended, that is, that the minister may delegate any of the minister's functions or powers under the act. Under clause 14, it is the minister who can approve the use or disclosure of the data contrary to the purpose for which it is used.

So, could the minister (e.g. the Premier) delegate to Kym Winter-Dewhirst the approval of the use or disclosure of information contrary to the purposes for which it was collected? I think that raises interesting questions. Mr Winter-Dewhirst is obviously not directly answerable to the parliament; his minister is. My question is: is that what is intended by minister Rau on this issue?

Similarly, in relation to clause 9, the minister may direct a public sector agency. On the surface of it—and perhaps my reading is wrong—when clause 15 provides that the minister may delegate any of the minister's functions, again, does this mean the Premier could delegate to Mr Winter-Dewhirst that he have the power to direct a public sector agency to provide public sector data that it controls, including exempt public sector data to another public sector agency?

They are the sorts of questions which I hope the minister, in reply at the second reading, will provide some information on. I know they are the sorts of issues that I intend to pursue during the committee stage, and I know the Hon. Mr McLachlan has a similar interest in pursuing some or all of those issues during the committee stage as well.

The Hon. P. MALINAUSKAS (Minister for Police, Minister for Correctional Services, Minister for Emergency Services, Minister for Road Safety) (17:06): I would like to thank honourable members who contributed to the second reading of this bill. This legislation is about overcoming the artificial walls that exist around government departments. It is about creating a safe and authorising environment for agencies to make the best use of their data assets, and to collaborate to improve their evidence-based supporting policy development and the services we deliver for the benefit of the public.

This legislation will effectively override the legislative or policy barriers that operate to prevent data sharing within government, yet will ensure data sharing is always safe and appropriate. This legislation provides the authority that is needed for agencies to share their data for the purpose of enabling agencies to develop, improve and undertake policymaking, program management, service planning and delivery and enabling data analytics work to be carried out on the data to identify issues and solutions regarding these same objectives.

The bill includes a framework for ensuring that this only occurs in safe circumstances. The bill permits the Minister for the Public Sector to establish an office of data analytics as a public sector agency to undertake data analytics work on government data and to make the results of the data analytics work available to government agencies, to the private sector and to the general public.

A set of trusted access principles is prescribed to encourage voluntary data sharing between public sector agencies and with the office of data analytics. The trusted access principles provide a framework for considering whether the quality of the data, the people using it, the storage environment, the purpose for which the data is to be used and any outputs are all safe and appropriate before the data is shared.

With one exception, relating to NGOs that are a party to a data sharing agreement with the minister, the intent of the bill is that the Freedom of Information Act 1991 does not apply to a document that has been provided by a data provider to a data recipient, or a document provided under a data sharing agreement between the minister and another body. This is intended to ensure that the body that is in the best position to consider the FOI request, does so. That would be the body that provided the data, as the originator of the document, rather than the body that received the data.

Should this bill be passed, the government will engage in wide consultation within government and with the community on the regulations that may be required to be made under this legislation, including provisions that might exempt certain data from the operation of the legislation, include or exclude certain agencies, persons or bodies from the operation of the act, and prescribe any additional trusted access principles or additional data sharing safeguards that might be required.

A number of honourable members have asked about the relationship of the bill to the findings and recommendations of the Nyland royal commission into child protection systems. In response to the delivery of the Child Protection Systems Royal Commission report, the government approved amending the bill as originally introduced in the lower house to align it directly to the report's recommendations, requiring information sharing between government agencies and other relevant parties, such as non-government organisations.

The bill responds to the research focused and information sharing focused recommendations on the Child Protection Systems Royal Commission, including information sharing between government and non-government agencies. The Nyland report found that significant obstacles remain to effective collaboration and information sharing between many government and non-government agencies that form South Australia's child protection system. This is despite the government's information sharing guidelines (ISGs). In respect of the ISGs, the report found:

The Information Sharing Guidelines (ISGs) are a 'statewide policy framework for appropriate information-sharing practice'. They apply to most state government agencies and to non-government organisations contracted by the state government to provide services. The ISGs require agencies to share information where 'a person is at risk of harm (from others or as a result of their own actions) and adverse outcomes can be expected unless appropriate services are provided'. They guide practitioners step by step in the responsibilities and decisions for information sharing.

A consistent theme in evidence before the Commission was that, in spite of the ISGs, many agencies fail to share information. The Commission was told of a persistent culture that privileges privacy and confidentiality over the need to share information relevant to the health, safety and wellbeing of children.

It may be that the ISGs, as a policy framework, do nothing to ease legislative restrictions on information sharing. The first step for decision making under the ISGs is to follow specific legislative requirements and the guidance of the practitioner’s agency.

The report went on to recommend amendments to the state's child protection legislation to permit and, in appropriate cases, require the sharing of information between prescribed government and non-government agencies with responsibilities for the health, safety or wellbeing of children where it would promote those responsibilities. The report observed that such a scheme would require a cultural shift for those agencies accustomed to holding client information closely.

The opportunity has been taken by the government in the lower house to strengthen the provisions of the bill in order to provide support to the report's recommendations. It should be noted, however, that the bill applies across government and not only in the child protection area. Although we are establishing a distinct child protection department to focus on the important task of protecting our state's vulnerable children, the department cannot be expected to operate in isolation. This bill is critical in supporting this new department and others to work collaboratively for better outcomes.

To address a question raised by the Hon. Ms Franks, the data that could be shared by government agencies relating to children and child protection could include data on education, health and welfare. The precise data that will be shared will depend on the particular data request and the particular policymaking or service delivery purpose underlying the request.

A number of honourable members asked how the privacy of individuals would be protected when data is shared under the bill. The bill establishes a process for sharing information primarily between government agencies. There is no privacy legislation in this state. However, no data can be shared between government agencies unless the data provider applies the trusted access principles and is satisfied that the sharing and use of the data is appropriate in all the circumstances.

The data provider must assess the particular data request under principles that ensure safe projects, safe people, safe data, safe settings and safe outputs. This includes the principle that requires the data provider to consider if the data contains personal information that identifies an individual, whether personal information is necessary for the purpose for which the data is proposed to be shared and used, or whether the data should be de-identified. The government is confident that the trusted access principles expressed in the bill and the information privacy principles that apply across government provide sufficient safeguards to ensure the protection of the privacy of individuals whose data is shared by government agencies against unnecessary disclosure and intrusion.

The data sharing safeguards in part 5 of the bill also protect confidential information by requiring the data recipient to deal with the data in a way that complies with any contractual or equitable obligations of the data provider concerning how the data is to be dealt with. The government respectfully disagrees with the comments of the Hon. Mr McLachlan that the trusted access principles lack clarity and detail. Ultimately, to meet the objectives of the bill, it may be necessary for privacy to be a secondary consideration in appropriate instances. As Commissioner Nyland observed in the report of the Child Protection Systems Royal Commission, among agencies:

…there is a persistent culture that privileges privacy and confidentiality over the need to share information relevant to the health, safety and wellbeing of children.

Another important feature of the trusted access principles, in a world in which data security is a common concern, is the requirement for the data provider to have regard to the environment in which the data will be stored, accessed and used by the proposed data recipient, including whether the data recipient has appropriate security and technical safeguards in place to ensure data remains secure and not subject to unauthorised access and use, such as secure login, user authentication, encryption and supervision or surveillance.

The bill also gives the Minister for the Public Sector the ability to enter into data sharing arrangements with agencies of the commonwealth and other states and territories, with local councils and with non-government organisations prescribed by regulation. These sharing arrangements may be subject to conditions, including the application of one or more trusted access principles. While the terms of the agreements will differ depending on the type of data and level of personal information involved, core conditions on each agreement can be expected to include appropriate provisions safeguarding the provision and confidentiality of the data and ensuring that data remains secure and not subject to unauthorised access or use.

As the house was advised in the introduction of this bill, in addition to the explicit safeguards in the bill, the principles of ethical behaviour and professional integrity found in the Public Sector Act 2009 and the professional conduct standards in the code of ethics for the South Australian public sector will apply and require public sector employees to maintain the integrity and security of official information and only access use and disclose information where authorised. Any employee who contravenes or fails to comply with these professional conduct standards may be liable to disciplinary action. To answer a question posed by the Hon. Ms Franks, the kind of disciplinary action taken would depend on the circumstances and the severity of the matter.

A number of questions were asked regarding the office for data analytics. The size and budget of the office for data analytics (ODA) are issues that remain undecided and are matters that cabinet will be asked to determine as soon as the bill is passed. As the Attorney-General indicated in committee in the lower house, there are a number of host agencies that could contain the ODA, including the Office for the Public Sector, the Department of the Premier and Cabinet, and others. This, too, is ultimately a matter for cabinet.

Notwithstanding the department in which the ODA might ultimately reside, it will perform its functions across government and not for the benefit of only its host agency. It will not, as the Hon. Mr Darley suggested, be an agency merely to gather and analyse data for cabinet. The functions of the ODA, as expressed in the bill, are clear that it operates across government.

The Attorney-General indicated in the other place that the ODA would probably commence a pilot phase to test the concept. The pilot would be a robust model for the future implementation of the ODA on a larger scale, and could possibly receive commonwealth funding support. I can advise the council that the Attorney-General has met with the commonwealth social services minister, the Hon. Christian Porter, to discuss this bill and the possibility of collaboration with the commonwealth if the bill were passed. I have been advised that it is intended that there would be more substantive discussions held with the commonwealth if the bill were passed.

I also take this opportunity to address two issues raised by the Deputy Leader of the Opposition in the other place regarding interaction between what is now clause 10 of this bill and the transfer and licensing of Lands Titles Office data to a private sector body. The Deputy Premier undertook to consider this question between the houses.

The first question is whether clause 10 of the bill will override or interfere with the confidentiality of data held by the Lands Titles Office or facilitate a stream of data from a government agency to a private entity. Clause 10 applies only to the transfer of data between public sector agencies, not to the transfer of data to an external party. It would not override or interfere with the confidentiality of such data.

The second question is whether clause 10 will interfere with the transaction and whether separate legislation will be needed to protect confidentiality of data. This section will not interfere with the transaction. In regard to the second part of the question, it is important to note that data held by the Lands Titles Office in the register book is currently publicly accessible and not confidential. Any member of the public can access this data by paying the requisite fee. There is no proposal for separate legislation on this issue, consistent with commitments already made by the government that:

there will be no change to the existing legal protections for the Torrens title system;

land registry and valuation information, now available to South Australians, will continue to be available in the same way it is today; and

the government will retain ownership of the data and information, and any information provided to a service provider will be subject to the relevant privacy laws and regulations in addition to strict contractual obligations, including stringent data integrity and security KPIs overseen by the Registrar-General and the Valuer-General, and contractual remedies will apply for any material breach by the service provider.

Bill read a second time.

PARLIAMENTARY BUSINESS
MEMBERS
GET INVOLVED
ABOUT PARLIAMENT
VISIT
LEGISLATIVE COUNCIL
HOUSE OF ASSEMBLY
CONTACT