Commonwealth Electoral Act 1918 (Cth)

16.136 The Commonwealth Electoral Act 1918 (Cth) and the Privacy Act provide the legislative privacy framework governing the Commonwealth electoral roll. Part VI of the Commonwealth Electoral Act provides for the establishment of an electoral roll. Under s 101 of the Act, it is compulsory for all eligible persons in Australia to maintain continuous enrolment on the Commonwealth electoral roll for the purposes of federal elections and referendums. The names and addresses of all electors on the Commonwealth electoral roll are available for public inspection in various formats specified under the Commonwealth Electoral Act.[192] The Act also requires the Australian Electoral Commission (AEC) to provide electoral roll information to a number of different individuals and organisations, including members of Parliament and registered political parties.[193]

16.137 Section 91A of the Commonwealth Electoral Act provides that a person or organisation that obtains information from the electoral roll must not use it except for a permitted purpose. The permitted purposes in relation to a political party include: any purpose in connection with an election or referendum; research regarding electoral matters; and monitoring the accuracy of information contained in a roll. Disclosure to political organisations for these permitted purposes would be authorised by law for the purposes of the Privacy Act.[194]

16.138 One issue for consideration is whether the provisions under the Commonwealth Electoral Act and the Privacy Act provide adequate protection for personal information—particularly information provided to political organisations.[195] Although the Commonwealth Electoral Act regulates what electoral roll information can be provided to individuals and organisations, and how they can use the information, it does not provide for other information privacy protection such as data security and retention. These issues are dealt with in the NPPs. The NPPs do not, however, apply to acts or practices carried out by political organisations and their contractors, subcontractors and volunteers in relation to electoral matters.[196]

16.139 In IP 31, the ALRC asked whether the Commonwealth Electoral Act provided adequate protection of personal information included on the electoral roll.[197] The OPC submitted that protection consistent with the principles contained in the Privacy Act should be afforded to the handling of information from the electoral roll, particularly in regard to those bodies that may handle such information but which are not regulated under the Privacy Act.[198]

16.140 Some stakeholders submitted that amendments to the Commonwealth Electoral Act have resulted in personal information on the electoral roll being used for a purpose other than the primary purpose for which it was collected. In particular, the Australian Privacy Foundation submitted that the electoral roll is now a resource for identity verification. This is the case particularly in relation to the new obligations under the AML/CTF Act.[199]

16.141 The OPC also reported concerns in the community about the use of information obtained from old electoral rolls, in particular, the use of the information for direct marketing and by debt collectors. In one case, a debt collector, acting on behalf of a psychiatrist, allegedly sent an account on the psychiatrist’s letterhead to the debtor’s work address. In another case, a debt collector allegedly sent letters of demand to all persons of the same name listed on the electoral roll in an attempt to recover a debt.[200]

16.142 There was, however, some support for greater access to the electoral roll. The Institute of Mercantile Agents, for example, noted that the cost of debt arising from unlocated account holders is passed on to consumers. It submitted that the prohibition on the use of electoral roll information to locate debtors costs consumers over $4 billion.[201]

16.143 The OPC noted that a range of agencies can obtain access to the electoral roll. Under the Electoral and Referendum Regulations 1940 (Cth), 22 Australian Government agencies are authorised to use information on the electoral roll for a range of regulatory, law enforcement and public revenue purposes.[202] In the OPC’s view, given the mandatory nature of enrolment, it is appropriate that access to the electoral roll remain relatively narrow.[203]

16.144 Stakeholders also expressed concern about the use of information from other agencies to update the roll. Under s 92 of the Commonwealth Electoral Act, the AEC has substantial powers to collect personal information from a range of Australian Government and state and territory agencies to maintain the integrity of the electoral roll. Updating the roll would include, for example, matching personal information from another source with the personal information held on the electoral roll. The OPC submitted that:

In the context of the Electoral Roll, it may be appropriate that any data-matching only be pursued where appropriate regard for privacy issues has been given. In particular, the purpose of the data-matching should be narrowly defined as being to maintain the accuracy of the Electoral Roll. Further, formal protocols may be required to ensure that redundant or unmatched personal information is not retained.[204]

The political exemption and electoral roll information

16.145 In DP 72, the ALRC stated that the compulsory provision of information for the electoral roll requires that an appropriate balance be struck between the public interest in ensuring transparent electoral procedures and the public interest in protecting privacy.[205] The ALRC expressed the preliminary view that the Commonwealth Electoral Act and the Privacy Act balance these interests appropriately.[206]

16.146 The ALRC noted that it was concerned, however, that, due to the interaction between the Commonwealth Electoral Act and the exemptions under the Privacy Act, political organisations and their contractors, subcontractors and volunteers, are not subject to any rules relating to secure storage and retention of personal information held on the electoral roll.[207]

16.147 The ALRC proposed that, in the event that the exemption under the Privacy Act that applies to registered political parties and political acts and practices is not removed, the Commonwealth Electoral Act should be amended to provide that prescribed individuals, authorities and organisations, to whom the AEC must give information in relation to the electoral roll and certified lists of voters, must: take reasonable steps to protect the information from misuse and loss, and from unauthorised access, modification or disclosure; and destroy or render the information non-identifiable if it is no longer needed for a permitted purpose.[208]

16.148 While there was some support from stakeholders for the proposed amendment to the Commonwealth Electoral Act,[209] a number argued that it was preferable that the exemption for political parties be removed from the Privacy Act.[210]

ALRC’s view

16.149 The issues raised in relation to the use of electoral roll information are best addressed by the removal of the political exemption from the Privacy Act. In Chapter 41, the ALRC recommends that the Privacy Act be amended to remove the exemption for registered political parties and the exemption for political acts and practices.[211]

16.150 In the event that the exemption under the Privacy Act that applies to registered political parties and political acts and practices is not removed, however, the Commonwealth Electoral Act should be amended to provide that prescribed individuals, authorities and organisations, to whom the AEC must give information in relation to the electoral roll and certified lists of voters, must take reasonable steps to:

  • protect the information from misuse and loss and from unauthorised access, modification or disclosure; and

  • destroy or render the information non-identifiable if it is no longer needed for a permitted purpose.

Uses other than for the primary purpose of collection

16.151 In DP 72, the ALRC acknowledged concerns raised by the OPC about the use of data-matching to update the electoral roll, and the retention of redundant or unmatched personal information.[212] The ALRC proposed that the AEC and state and territory electoral commissions, in consultation with the OPC, should develop and publish protocols that address the collection, use, storage and destruction of personal information shared for the purposes of the continuous update of the electoral roll.[213]

Submissions and consultations

16.152 This proposal was supported by almost all of the stakeholders that addressed the issue.[214] The OPC again expressed concern about the broad and general powers of demand under the Commonwealth Electoral Act, which it argued may be excessive and unnecessary for purposes of updating the electoral roll.[215] The OPC recommended that state and territory privacy and information commissioners also be involved in the development of protocols regarding the handling of personal information pursuant to continuous roll update.[216] This view was shared by the OVPC, which submitted that:

while some limited scope for collection, use and disclosure of personal information for political and electoral purposes is desirable in a parliamentary democracy, this should be achieved in such a way as to maximise the protection afforded to the personal information involved and minimise the risks to privacy.[217]

16.153 The ABA and the Investment and Financial Services Association (IFSA) submitted that the Privacy Commissioner should consult stakeholders when developing protocols.[218] IFSA argued that this was necessary to facilitate a comprehensive understanding of the purposes for which information on the electoral roll is used—for example, superannuation providers often use electoral roll information as a tool to locate ‘lost members’.[219]

ALRC’s view

16.154 There is merit in the development of protocols that address the collection, use, storage and destruction of personal information shared for the purposes of the continuous update of the electoral roll. The AEC and state and territory electoral commissions should develop and publish protocols. This should occur in consultation with the OPC as well as state and territory privacy commissioners and agencies with responsibility for privacy regulation. The wider consultation process is a matter for the AEC and state and territory electoral commissions, however, they should note the views expressed by stakeholders to this Inquiry concerning such a process.

Recommendation 16-3 The Australian Electoral Commission and state and territory electoral commissions, in consultation with the Office of the Privacy Commissioner, state and territory privacy commissioners and agencies with responsibility for privacy regulation, should develop and publish protocols that address the collection, use, storage and destruction of personal information shared for the purposes of the continuous update of the electoral roll.

[192]Commonwealth Electoral Act 1918 (Cth) ss 90, 90A.

[193] Ibid s 90B.

[194]Privacy Act 1988 (Cth) s 14, IPP 10.1(c).

[195] Australian Law Reform Commission, Review of Privacy, IP 31 (2006), Question 7–6(k).

[196]Privacy Act 1988 (Cth) s 7C. The application of the Privacy Act to registered political parties and political acts and practices is discussed in detail in Ch 41.

[197] Australian Law Reform Commission, Review of Privacy, IP 31 (2006), Question 7–6(k).

[198] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[199] Australian Privacy Foundation, Submission PR 167, 2 February 2007.

[200] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[201] Institute of Mercantile Agents, Submission PR 101, 15 January 2007.

[202] Commonwealth Electoral Act 1918 (Cth) sch 1.

[203] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[204] Ibid.

[205] Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), [13.93].

[206] Ibid.

[207] Ibid, [13.94].

[208]Ibid, Proposal 13–1.

[209] Australian Direct Marketing Association, Submission PR 543, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Queensland Government, Submission PR 490, 19 December 2007.

[210] Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007.

[211] Rec 41–1.

[212] See, eg, Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[213] Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 13–2.

[214] Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; Australian Direct Marketing Association, Submission PR 543, 21 December 2007; Queensland Government, Submission PR 490, 19 December 2007; Australia Post, Submission PR 445, 10 December 2007.

[215] Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[216] Ibid.

[217] Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007.

[218] Australian Bankers’ Association Inc, Submission PR 567, 11 February 2008; Investment and Financial Services Association, Submission PR 538, 21 December 2007.

[219] Investment and Financial Services Association, Submission PR 538, 21 December 2007. Australia Post submitted that it should be noted as a stakeholder in the process: Australia Post, Submission PR 445, 10 December 2007.