13.74 In the following section, the ALRC considers the responsibilities of non-disclosure placed upon individuals who have access to Commonwealth information for reasons other than an employment relationship. These include:
- private-sector employees who access Commonwealth information under a contract for services;
- members of Commonwealth boards and committees;
- state and territory public sector employees; and
- individuals without any statutory or contractual relationship to the Commonwealth.
Contracted service providers
13.75 The Commonwealth outsources a wide variety of functions to contracted service providers. In the 2007–08 financial year, Australian Government agencies reported the award of almost 70,000 contracts and standing offer arrangements with a value of $10,000 or more—amounting to a combined value of approximately $26.4 billion. Many of these contracts are with private sector service providers.
13.76 Depending on the services being rendered, a contracted service provider could be given access to extensive and/or highly sensitive Commonwealth information. For example, a contracted service provider could be asked to determine how resources should be allocated among various aged-care facilities. To carry out this task, the contracted service provider may need the Australian Government to provide information as wide-ranging as budget estimates for the facilities, the current rate of use of each of the facilities, demographic details of the people who have used them, and the reasons for use.
13.77 In other situations, the information warranting protection may be generated by the contracted service provider itself, for example, where contractors are responsible for providing immigration detention services, and subcontractors are responsible for providing health services to detainees of the (now closed) Baxter Detention Centre.
13.78 In such circumstances, the principal mechanism of controlling the flow of Commonwealth information is contractual.
13.79 At a practical level, the ALRC has heard that information sharing between Australian Government agencies and contracted service providers generally works well, with one of the major providers advising that it has not encountered any situations where agencies have been unwilling to share confidential information that was necessary for it to adequately perform its services.
Guidance on Confidentiality in Procurement (FMG 3)
13.80 The Department of Finance and Administration (now the Department of Finance and Deregulation) has issued Financial Management Guidance No 3—Guidance on Confidentiality in Procurement (FMG 3). The FMG 3 provides general advice on managing confidential information in contracted relationships as well as model confidentiality clauses for Australian Government agency contracts.
13.81 The FMG 3 advises that ‘confidential information’ comprises information that is either:
- required to be kept confidential due to the operation of legislation; or
- determined by an agency to be confidential.
13.82 Legislative requirements to keep information confidential include, for example, information within the scope of a secrecy provision and information governed by the Privacy Act 1988 (Cth). Where there is no legislative confidentiality requirement, an Australian Government agency may determine information under a contract that should be kept confidential. However, an agency does not have unlimited discretion in making such a determination:
There are limits on the kind of information which can be protected as confidential under a contract. For example, if an attempt is made to protect from disclosure certain Government Information as confidential information when an analysis of public interest issues leads to a conclusion that the information is not confidential in nature (‘inherently confidential’), a court may refuse to enforce a contractual obligation not to disclose that information.
13.83 The FMG 3 suggests that one situation where it may be appropriate for an Australian Government agency to determine that information should be treated as confidential under a contract is where disclosure would be contrary to the public interest—for example, because it could compromise national security or defence or disclose Cabinet deliberations.
Confidential Commonwealth information
13.84 Not all confidential information under a contract for services is under the control of the Commonwealth. For example, trade secret information that a private sector partner provides to an Australian Government agency is likely to be confidential information, the use and disclosure of which is under the control of the contracting partner. What may be less clear, however, is the status of information prepared by a contracted service provider for the purposes of the contract, the use and disclosure of which an Australian Government agency may seek to control. The question, therefore, is when will ‘confidential information’ also be ‘confidential Commonwealth information’?
13.85 The model confidentiality clause for contracts set out in the FMG 3 provides that ‘a Party must not, without the prior written consent of the other Party, disclose any Confidential Information of the other Party to a third party’. The FMG 3 does not specify what information will be ‘of the other Party’.
Exceptions to the obligation of confidentiality
13.86 The model confidentiality clause in the FMG 3 sets out exceptions to the obligation of non-disclosure, where information is:
- disclosed to a party’s advisers or employees in order to comply with obligations, or to exercise rights, under the contract;
- disclosed to a party’s internal management personnel to enable effective management or auditing of contract-related activities;
- disclosed as authorised or required by law; or
- otherwise in the public domain.
Binding individual employees
13.87 As noted by the Australian Government Solicitor (AGS):
An organisation’s employees are not a party to any confidentiality agreement that the organisation may enter into with the agency. The same goes for subcontractors and the employees of subcontractors as well as the employees of subsidiary and holding companies for the commercialisation partner. The contract itself would not be able to impose any direct penalty on the employees for releasing confidential … information belonging to the agency.
13.88 Accordingly, where an agency wishes to ensure greater protection for confidential information, it may enter into confidentiality arrangements with nominated personnel of the contracted service provider, including subcontractors and their personnel:
The purpose of entering into these arrangements with nominated personnel is not primarily so the agency can take direct action against or sue individuals (as this is highly unlikely in practice) but, rather, to act as a clear reminder to those individuals of their responsibilities to protect the confidentiality of the agency’s intellectual property that they may see. This method can be highly effective when used in conjunction with a confidentiality agreement with the commercialisation partner. The element of personal responsibility that is missing from the agreement with the partner is provided through the agreements with the individuals.
13.89 In addition to a requirement for the contracted service provider to arrange for the provision of confidentiality undertakings from its personnel, confidentiality agreements could require a contracted service provider to:
- limit the release of Commonwealth confidential information on a ‘need to know’ basis—for example, by requiring the provider to provide a list of personnel who may gain access to the information, for the agency’s approval; or
- ensure that its nominated personnel have been informed of the confidential information that requires protection, or are trained in how to use the information in compliance with the agreement.
13.90 The model confidentiality clause set out in the FMG 3 provides the option for an agency to require a contracting party to obtain written undertakings from individuals (other than Commonwealth employees) who have access to confidential Commonwealth information about the use and disclosure of the information. The FMG 3 suggests that an undertaking is likely to be relevant:
when the Commonwealth is seeking to obtain the maximum protection for sensitive Commonwealth information or when the Commonwealth intends to disclose confidential information to third party consultants.
13.91 The equitable duty of confidence may also restrain individuals who receive confidential Commonwealth information in accordance with a contract for services from disclosing the information without authorisation. As discussed in Chapter 3, equity may provide a remedy for the unauthorised use of confidential information which has been imparted in circumstances importing an obligation of confidence. This obligation is independent of any contractual or employment relationship—although the confidential nature of the information may derive from the terms of the contract.
13.92 Finally, in some circumstances, the recommended general secrecy offence will apply to a person who discloses Commonwealth information that he or she obtained under a contract for services. Specific secrecy offences may also be relevant. The ALRC is also recommending that subsequent disclosure offences should apply in certain circumstances.
Applying the APS Code of Conduct
13.93 Another option for imposing secrecy obligations on the personnel of contracted service providers is to include a contractual requirement that some, or all, of those who have access to confidential Commonwealth information must comply with the APS Code of Conduct or some other administrative secrecy template. This is similar to the approach that has been taken, for example, in the Code of Conduct for Victorian Public Sector Employees:
Public sector employers are to require contractors or consultants engaged in or by their public body (including contractors or consultants engaged through an employment agency) to comply with this Code of Conduct and relevant policies and procedures, where the contractors or consultants:
- supervise public sector employees;
- undertake work that is of a similar nature to the work undertaken by public sector employees at a premise or location generally regarded as a public sector workplace; and
- use or have access to public sector resources or information that are not normally accessible or available to the public.
Approach in DP 74
13.94 In DP 74, the ALRC acknowledged the importance of protecting Commonwealth information that is disclosed to, or generated by, private sector contracted service providers and subcontractors through clearly drafted confidentiality clauses. The ALRC also noted, however, that contractual requirements only apply to the contracting organisation itself, not to employees who deal with the information. To ensure that Commonwealth information in the hands of contracted service providers received robust protection, the ALRC proposed that Commonwealth contracts should include confidentiality clauses that:
- clearly set out the categories of information that are confidential Commonwealth information; and
- require persons (other than Commonwealth employees) who have access to the information because of the contract to agree to comply with contractual confidentiality obligations.
13.95 The ALRC further proposed that contracts should expressly permit the disclosure of confidential Commonwealth information where this would amount to a public interest disclosure under the proposed Commonwealth public interest disclosure legislation.
13.96 Beyond any obligations set out in the contract, the ALRC sought to ensure that employees of contracted service providers who have access to Commonwealth information are aware of the circumstances in which liability could result. In particular, the ALRC proposed that private sector providers should take steps to make their staff aware of their obligations of secrecy—and, in particular, any relevant criminal offences. This proposal aimed to promote the deterrent effect of secrecy offences, as well as recognising the undesirability of imposing criminal sanctions on a person who was unaware of his or her potential liability.
Submissions and consultations
13.97 A number of stakeholders supported the ALRC’s proposed approach to contracted service providers and their personnel. The ACC, for example, suggested that the proposed contractual provisions would have the benefit of allowing contractors to be given a ‘fully effective briefing’ about relevant ACC information.
13.98 The ATO generally supported the proposal for contractual confidentiality provisions; however, it submitted that clearly setting out categories of information that are confidential may raise practical difficulties in some situations. The ATO also advised that an explanation of the role and operation of tax law secrecy provisions constitutes a standard clause in contracts with external service providers. Therefore, as a matter of practice it ensures that service providers are aware that taxpayer information is subject to ongoing protection under tax law secrecy provisions and that breach of these provisions could result in criminal prosecution.
13.99 Several submissions also commented on the relationship between contractual confidentiality provisions and the ALRC’s broader regulatory framework. For example, the Australian Privacy Foundation noted that mechanisms such as contractual provisions and confidentiality agreements were important compensation for the repeal of secrecy provisions in some individual laws. In its submission in response to IP 34, the DHS noted the importance of contracted service providers and subcontractors appreciating the personal nature of their secrecy obligations.
13.100 The Australia’s Right to Know coalition was concerned about the potential for confidentiality provisions in Commonwealth contracts to be cast too broadly:
Confidentiality provisions in contracts should only cover material which is truly confidential, such as a trade secret. The terms of an agreement between a commercial entity and the government will not normally be entirely confidential, and often the terms and desirability of such contracts should be subject to public scrutiny. This is especially the case for contracts involving the sale of or provision of public facilities, infrastructure or services.
Many recent contracts impose a general obligation of confidentiality over material that is not truly confidential so that there is a contractual obligation not to reveal the information. This device should not be permitted or condoned in either government departments or in bodies established or funded by government, privately contracted government services and government-subsidised private sector bodies.
13.101 Contractual confidentiality provisions are a valuable tool for protecting Commonwealth information that is disclosed to, or generated by, private sector contracted service providers and subcontractors. Contracted service providers may be sued for breach of contract for inappropriate disclosures, or remedies in an action for breach of confidence. As stakeholders noted, this may be particularly important in the context of the ALRC’s recommendations for narrowing the scope of the general secrecy offence, and narrowing the scope of and repealing many specific secrecy offences.
13.102 There was broad stakeholder support for including in contracts the categories of information that are ‘confidential Commonwealth information’. This could include, for example, personal taxation information or security classified information. However, the ALRC agrees with the ATO that sometimes it will be preferable to identify confidential information in some other way than categories of information. For example, where a contracted service provider is only being provided with one Commonwealth dataset, then the contract could specifically identify this dataset as confidential rather than attempting to delineate a more general category. Accordingly, the ALRC recommends that Commonwealth contracts should set out the ‘information or categories of information’ that are confidential Commonwealth information.
13.103 One limitation of contractual requirements is that they only apply to the contracting organisation itself—no obligations are directly imposed on employees who deal with the information. The ALRC is making two recommendations to impress upon employees and others their personal responsibilities for protecting information received under a contract with the Australian Government. First, Australian Government agencies should require contracting organisations to ask employees who receive or generate confidential information under the contract to agree to comply with the contractual confidentiality requirements. Secondly, contracted service providers should take steps to ensure that all employees who access Commonwealth information are aware of their obligations of secrecy, including the circumstances in which criminal or civil liability could result.
13.104 The ALRC is not recommending that contracts for services should include, as a matter of course, a requirement for personnel to comply with the APS Code of Conduct. It will often be unreasonable to expect contracting personnel to ascertain the circumstances when disclosure of information is likely to be prejudicial to ‘the effective working of government’. Further, where a contract involves access only to limited Commonwealth information, it will usually be clearer to identify the precise information that is the subject of protection.
13.105 Nor is the ALRC specifying the way in which the agreement of personnel should be sought. Normally it will be appropriate for the contracting organisation to decide how it will assure itself of the compliance of its personnel. In some circumstances, however, the potential consequences of disclosure of Commonwealth information will warrant an Australian Government agency requesting the contracted service provider to arrange for subcontractors, employees, and others to provide a signed deed of confidentiality. The option to require such a deed is already made clear in the FMG 3 and, therefore, is not the subject of an ALRC recommendation.
13.106 Finally, in the ALRC’s view, contracted service providers and subcontractors should be shielded from civil or criminal liability for the disclosure of Commonwealth information where this is in accordance with public interest disclosure legislation. This is consistent with the recommendation of the House of Representatives Standing Committee on Legal and Constitutional Affairs, in its report on whistleblowing in the Commonwealth public sector, that contractors and consultants engaged by the public sector and their employees should be entitled to make a protected disclosure. Flowing on from this immunity, contractual confidentiality clauses should include an exception for conduct that amounts to a public interest disclosure under public interest disclosure legislation.
Recommendation 13–3 An Australian Government agency that enters into a contract for services involving access to Commonwealth information should include in the contract a confidentiality clause that:
- clearly sets out the information or categories of information that are confidential Commonwealth information;
- requires persons (other than Commonwealth employees) who have access to confidential Commonwealth information by reason of the contract to agree to comply with the contractual confidentiality requirements; and
- permits the disclosure of confidential Commonwealth information where the disclosure is protected under Commonwealth public interest disclosure legislation.
Recommendation 13–4 Private sector organisations that perform services for or on behalf of the Australian Government under contract should ensure that all employees who have access to Commonwealth information are aware of their obligations of secrecy, including the circumstances in which criminal and civil liability could result.
Members of boards and committees
13.107 The various roles of government boards and committees have been explained as follows:
Governing Boards are empowered to govern the management of the organisation which are subject to control and direction of the Minister but the circumstances in which ministerial control and direction are exercised are specific.
Advisory Boards provide advice to a portfolio Minister on matters relevant to the management of an authority but the Minister retains unfettered right to control and direct the Board and the [Chief Executive Officer].
Advisory Committees, Councils etc provide advice on policy or operational issues with little or no policy determination or operational executive functions.
13.108 Depending on the functions of a Commonwealth board or committee, and the context in which it operates, members may handle highly sensitive information. Advisory committees and councils, for example, typically perform a deliberative function for an Australian Government agency or minister. As part of this role, committee members may be privy to internal policy discussions, unauthorised disclosure of which could cause harm to the implementation of government policies or programs. In other situations, members may come into possession of information that requires protection because it is personal or commercially sensitive. For example, sponsors of pharmaceuticals that are seeking to have a product added to the Pharmaceutical Benefits Scheme (PBS) must provide members of the Pharmaceutical Benefits Advisory Committee (PBAC) with extensive commercial information, including comparisons between the clinical benefits of the product and other similar pharmaceuticals and an evaluation of the economic implications of listing the product on the PBS.
13.109 The terms and conditions of appointment of members of boards and committees directly established under legislation are usually at the discretion of the Governor-General or the responsible minister. The establishing legislation, however, often provides for the prospect of termination of membership in the event of ‘misbehaviour’.
13.110 The terms and conditions of appointment of members of advisory committees or councils without an express legislative foundation may be determined by the responsible minister or agency. The conduct requirements that apply to members of Commonwealth boards and committees are not usually publicly available.
13.111 Some members of boards and committees serve in an ex officio capacity—automatically appointed by reason of their office. For example, s 7B of the Australian Crime Commission Act 2002 (Cth) establishes the membership of the board of the ACC as being:
- the Commissioner of the Australian Federal Police;
- the Secretary of the Department;
- the Chief Executive Officer of Customs;
- the Chairperson of the Australian Securities and Investments Commission;
- the Director-General of Security holding office under the Australian Security Intelligence Organisation Act 1979;
- the Commissioner or head (however described) of the police force of each State and of the Northern Territory;
- the Chief Police Officer of the Australian Capital Territory;
- the CEO.
13.112 Certain disclosures of Commonwealth information by members of boards and committees will be restrained by the equitable duty of confidence. In some circumstances, the recommended general secrecy offence, subsequent disclosure offences and specific secrecy offences may also be relevant.
Submissions and consultations
13.113 In DP 74, the ALRC proposed that the Australian Government should include secrecy requirements in the terms and conditions of appointment for members of boards and committees. The ALRC expressed the preliminary view that these should be equivalent to the secrecy requirements that would apply to Commonwealth employees in a related employment context—which would usually mean reg 2.1 of the Public Service Regulations—to the extent that this would be consistent with the board’s or committee’s functions and structure.
13.114 A number of stakeholders supported this proposal. The ATO agreed that if a member of a board or committee was successfully prosecuted for breach of a tax law secrecy provision then it would support that member’s tenure being terminated.
13.115 Members of Commonwealth boards and committees will often have access to sensitive information. It is important, therefore, to make sure that these members are subject to sufficient requirements of confidentiality. A logical location for these is in the terms and conditions of appointment.
13.116 In the ALRC’s view, equivalent secrecy requirements should be imposed on members of boards and committees to those that apply in a related Commonwealth employment context—in particular, a Commonwealth employee who accesses similar information to the board or committee. For example, members of PBAC, discussed above, could be made subject to secrecy obligations equivalent to those that apply to employees of the Therapeutic Goods Administration, which provides the secretariat for PBAC.
13.117 Often this will mean that members of boards and committees will be subject to a duty of non-disclosure analogous to that set out in reg 2.1 of the Public Service Regulations—that is, where the disclosure is reasonably likely to be prejudicial to the effective working of government and does not fall within any of the relevant exceptions. Where the most closely related Commonwealth employment situation for a board or committee involves different non-disclosure requirements from those set out in reg 2.1, those different obligations are also likely to be appropriate for the board or committee.
13.118 There may be some boards and committees that perform such a distinct role, or have access to such particular information, that no reasonable comparison can be made with the secrecy obligations that apply to Commonwealth employees. In these circumstances, the duty of non-disclosure should be at the discretion of the responsible minister or agency.
13.119 In order to ensure that there is a mechanism to enforce the obligation of secrecy, the terms and conditions of appointment of members of Commonwealth boards and committees should specify the right to terminate the member for breach. The termination provision serves a protective function analogous to disciplinary proceedings for Commonwealth employees and, accordingly, should be accompanied by timely and effective processes for making determinations of breach.
13.120 Where a board or committee member discloses Commonwealth information and that disclosure caused, or was reasonably likely, or intended to cause, harm to an essential public interest, he or she may also be subject to criminal proceedings for breach of the recommended general secrecy offence, the subsequent disclosure offences, and/or specific secrecy offences. At the time of appointment, the Australian Government should make members aware of their potential liability in this regard. This is important to promote the deterrent function of the criminal law. It also recognises the undesirability of imposing criminal sanctions on a person who was unaware of his or her potential liability. Members of boards and committees should also be advised of their obligations under the equitable duty of confidence.
13.121 As noted by the ACC, ex officio members are largely unaffected by the ALRC’s recommended framework for boards and committees. The responsible minister or agency has no discretion as regards the appointment of the office-holder to the board or committee and, consequently, is not empowered to terminate his or her membership. This may be especially troubling where the position held by an ex officio member is outside the Australian Government altogether—for example, a state or territory public servant—and, on this basis, is not covered by other disciplinary avenues in the Australian Government. The ALRC’s recommendation that the Australian Government should raise awareness of board and committee members’ obligations of secrecy under the equitable duty of confidence and general and specific secrecy offences will be especially important in the case of ex officio members.
Recommendation 13–5 The Australian Government should include in the terms and conditions of appointment for members of boards and committees:
- secrecy requirements equivalent to those imposed on Commonwealth employees in a related employment context, to the extent that these requirements are consistent with the board’s or committee’s function and structure; and
- a right to terminate the appointment of a member in the event of a breach of the secrecy obligation.
Recommendation 13–6 The Australian Government should ensure that members of boards and committees who have access to Commonwealth information are aware of their obligations of secrecy, including the circumstances in which criminal and civil liability could result.
State and territory public sector employees
13.122 Public sector employees in most Australian states and territories are subject to duties of non-disclosure either through legislation or whole of government codes of conduct. In New South Wales (NSW), for example, the Model Code of Conduct for NSW Public Agencies, issued by the Department of Premier and Cabinet, requires NSW Government agencies to have in place ‘clearly documented procedures regarding the storage, disclosure and distribution of confidential or sensitive personal, commercial or political information’. Employees must handle such information in accordance with these procedures and ‘must take special precautions to make sure that it is not disclosed without clear authority’.
13.123 The Victorian public sector is governed by the Code of Conduct for Victorian Public Sector Employees. This document has been issued by the Victorian Public Sector Standards Commissioner under the authority provided by s 63 of the Public Administration Act 2004 (Vic). Under the Code, employees must
only disclose official information or documents acquired in the course of their public employment when required to do so by law, in the legitimate course of duty, when called to give evidence in court, or when proper authority has been given.
13.124 South Australia has in place the most detailed codification of the circumstances in which the disclosure of official information by public sector employees will be permissible. Under s 57 of the Public Sector Management Act 1995 (SA), an employee is liable to disciplinary action if he or she discloses information gained in his or her official capacity, except as authorised under the regulations. That is, where disclosure:
- is required as part of the employee’s official duties; or
- is required or authorised under the Freedom of Information Act 1991 or the Whistleblowers Protection Act 1993 or is otherwise required by law; or
- is made with the permission of the Chief Executive of the administrative unit in which the employee is employed; or
- does not give rise to any reasonably foreseeable possibility of prejudice to the Government in the conduct of its policies, having regard to the nature of the disclosure or comment, the employee’s current position or previous positions in the Public Service and the circumstances in which the disclosure or comment is made; and
- is not made with a view to securing a pecuniary or other advantage for the employee or any other person; and
- does not involve—
- any disclosure of information contrary to any law or lawful instruction or direction; or
- any disclosure of trade secrets or information of commercial value the disclosure of which would diminish its value or unfairly advantage a person in commercial dealings with the Government; or
- any disclosure of information in breach of intellectual property rights.
13.125 In the ACT, a public servant is prohibited, without lawful authority, from disclosing ‘any information acquired by him or her as a consequence of his or her employment’ or ‘any information acquired by him or her from any document to which he or she has access as a consequence of his or her employment’. The State Service Act 2000 (Tas) requires Tasmanian public servants to maintain ‘appropriate confidentiality’ about information that they acquire in the course of employment. Public sector obligations under Western Australian legislation include an obligation not to use ‘for any purpose other than the discharge of official duties as an officer, information gained by or conveyed to that officer through employment in the Public Service’.
13.126 The Queensland regime focuses on the procedure for developing public sector codes of conduct, as opposed to the substantive content of agency codes. The ALRC anticipates, however, that the vast majority of public sector codes will include a duty of non-disclosure. For example, the Code of Conduct for People Working in Queensland Transport prevents an employee from using or disclosing any ‘sensitive’ or ‘confidential’ information that he or she gains by working for the department other than in limited circumstances.
13.127 All Australian governments have agreed through a memorandum of understanding to comply with the minimum protective security standards contained in the Australian Government Protective Security Manual (PSM) for handling national security information.
13.128 In DP 74, the ALRC expressed the preliminary view that there was no need to reform the administrative framework for state and territory public sector employees who access Commonwealth information. These persons are subject to state and territory legislative and administrative secrecy requirements. In the particular context of national security information, the states and territories have agreed to comply with protective security measures set out in the PSM. Similar arrangements could be made to accommodate any other specific concerns about information sharing with state and territory public sectors that arise in the future. The submissions on DP 74 did not raise any further concerns in this regard.
13.129 Accordingly, the ALRC is not making any recommendations for reform to the administrative framework for state and territory public sector employees who access Commonwealth information.
No statutory or contractual relationship with the Commonwealth
13.130 The discussion above has focused on people who are connected to the Commonwealth, either through employment or some other relationship. However, sometimes information will come into the hands of people who do not have any relationship with the Commonwealth. For example, the case of R v Goreng Goreng concerned the unauthorised disclosure of certain information by Ms Tjanara Goreng Goreng to her daughter and to a member of the administration of an Indigenous community. Although both criminal and administrative disciplinary penalties were applicable to the conduct of Goreng Goreng herself, no administrative (or other non-criminal) penalties would have been available to address any further disclosure by her daughter or the community member.
13.131 The Australian Press Council noted the difficulties that the lack of disciplinary penalties can create for private sector employees, such as the media:
Whereas the conduct of government employees is regulated by legislation and internal administrative procedures, which specify the officer’s duties and obligations with regard to information handling, a journalist or editor is subject only to criminal legislation … This raises difficulties, which need to be considered when framing secrecy legislation. Because media professionals are not subject to the disciplinary processes, which are available in relation to public servants, a situation may arise where a minor disclosure that is ostensibly in the public interest is treated as a breach of secrecy warranting criminal conviction. By contrast, a public servant making a disclosure of the same information for the same purpose might instead be disciplined by way of a range of internal mechanisms, even though the duty breached is arguably a higher one than that breached by the journalist.
13.132 In DP 74, the ALRC asked whether gaps remain in the ALRC’s proposed framework for regulating the disclosure of Commonwealth information and, if so, whether there is a role for civil penalty provisions in addressing this gap. Only one stakeholder addressed this question, advising that it did not see a need for civil penalties in this area.
13.133 The limited response from stakeholders on this question seems to indicate that there are not significant problems in this area. Accordingly, the ALRC is not making a recommendation for reform in this regard. The subsequent disclosure offences recommended by the ALRC in Chapter 6 would apply to the subsequent unauthorised disclosure of Commonwealth information by non-Commonwealth officers where the information has been supplied in confidence or in breach of the general secrecy offence.
 Department of Finance and Deregulation, Statistics on Australian Government Procurement Contracts (2009) <www.finance.gov.au/publications/statistics-on-commonwealth-purchasing-contracts/index.html> at 30 November 2009.
 Other than the private sector, the Australian Government may also enter into contracts with Commonwealth statutory entities and state and territory departments and entities.
 A description of the contractual arrangements for service provision at the Baxter Detention Centre is set out in S v Secretary, Department of Immigration and Multicultural and Indigenous Affairs (2005)
143 FCR 217.
 PricewaterhouseCoopers, Submission SR 53, 7 August 2009.
 Australian Government Department of Finance and Administration, Financial Management Guidance No 3: Guidance on Confidentiality in Procurement, 1 July 2007, [3.1].
 Australian Government Solicitor, Legal Briefing No 64: Identifying and Protecting Confidential Information (2002). This also considers the circumstances in which an equitable obligation to protect information arises in the absence of a contract. Government Information in this context is defined as ‘information about government which has been generated by government’: Australian Government Solicitor, Legal Briefing No 64: Identifying and Protecting Confidential Information (2002).
 Other situations include, eg, where the Australian Government will hold intellectual property rights over the information; or the contracted service provider demonstrates that the commercial sensitivity of the information warrants confidentiality: Australian Government Department of Finance and Administration, Financial Management Guidance No 3: Guidance on Confidentiality in Procurement, 1 July 2007,
 Ibid, Appendix B, cl B3(1.1.1) (emphasis added).
 Ibid, Appendix B, cl B3(1.3.1). Exceptions also apply to permit the Commonwealth to disclose information to the responsible minister, or a House or Committee of Parliament or to share information within the Commonwealth to serve legitimate interests.
 A Snooks, Commercial Notes No. 25: Protecting Commonwealth Information (2008).
 Ibid. The AGS notes, however, that private sector organisations may resist having confidentiality undertakings imposed on their personnel—for example, because they are of the view that these people are already sufficiently bound by confidentiality obligations.
 Australian Government Department of Finance and Administration, Financial Management Guidance No 3: Guidance on Confidentiality in Procurement, 1 July 2007, 39.
 The elements of the general secrecy offence are discussed in Ch 6.
 Specific secrecy offences are discussed in Chs 8–11.
 Recommendations 6–6, 6–7.
 Victorian Government State Services Authority, Code of Conduct for Victorian Public Sector Employees (2007) <www.ssa.vic.gov.au/> at 4 December 2009, [1.4].
 Australian Law Reform Commission, Review of Secrecy Laws, Discussion Paper 74 (2009), Proposal
 Ibid, Proposal 15–7.
 Department of Human Services, Submission SR 83, 8 September 2009; Department of Health and Ageing, Submission SR 81, 28 August 2009; R Fraser, Submission SR 78, 21 August 2009; Australian Crime Commission, Submission SR 75, 19 August 2009; Indigenous Business Australia, Submission SR 64, 13 August 2009; Australian Taxation Office, Submission SR 55, 7 August 2009.
 Australian Crime Commission, Submission SR 75, 19 August 2009.
 Australian Taxation Office, Submission SR 55, 7 August 2009.
 Australian Privacy Foundation, Submission SR 71, 16 August 2009.
 Department of Human Services, Submission SR 26, 20 February 2009.
 Australia’s Right to Know, Submission SR 72, 17 August 2009; Australia’s Right to Know, Submission SR 35, 6 March 2009.
 The general secrecy offence is discussed in Chs 5–7. Specific secrecy offences are discussed in Chs 8–11.
 The duty of non-disclosure in the APS Code of Conduct is discussed in detail in Ch 12.
 Australian Parliament—House of Representatives Standing Committee on Legal and Constitutional Affairs, Whistleblower Protection: A Comprehensive Scheme for the Commonwealth Public Sector (2009), Rec 3.
 New South Wales Premier’s Department, Conduct Guidelines for Members of NSW Government Boards and Committees (2001), 2. Although this description was in the context of the NSW Government, the same definitions apply in the context of the Australian Government.
 Department of Health and Ageing, Guidelines for preparing submissions to the Pharmaceutical Benefits Advisory Committee (Version 4.3) (2004) <www.health.gov.au/internet/main/publishing.nsf/content/
pbacguidelines-index> at 30 November 2009.
 See, eg, Australian Heritage Council Act 2003 (Cth) s 13(a); Fuel Quality Standards Regulations 2001 (Cth) reg 12(a); Plant Breeder’s Rights Act 1994 (Cth) s 64(5).
 The general secrecy offence and subsequent disclosure offences are discussed in Chs 5–7. Specific secrecy offences are discussed in Chs 8–11.
 Department of Human Services, Submission SR 83, 8 September 2009; Department of Health and Ageing, Submission SR 81, 28 August 2009; R Fraser, Submission SR 78, 21 August 2009; Indigenous Business Australia, Submission SR 64, 13 August 2009.
 Australian Taxation Office, Submission SR 55, 7 August 2009.
 Situations in which the obligation of non-disclosure that applies to a Commonwealth employee may differ from reg 2.1 are discussed above.
 Recommendation 6–1. Members of Commonwealth boards and committees may fall within ‘individuals who exercise powers, or perform functions, conferred on them by or under a law of the Commonwealth’.
 Recommendations 6–6, 6–7.
 Specific secrecy offences are discussed in Chs 8–11.
 However, where the office-holder is a state or territory public servant, the disclosure may constitute a breach of secrecy obligations that apply to his or her substantive position, and result in disciplinary proceedings by the state or territory government. Secrecy obligations in state and territory public sectors are discussed below.
 New South Wales Premier’s Department, Model Code of Conduct for NSW Public Agencies (1997), 6.
 Victorian Government State Services Authority, Code of Conduct for Victorian Public Sector Employees (2007) <www.ssa.vic.gov.au/> at 4 December 2009.
 Ibid, [3.4]. The Public Sector Employment and Management Regulations 1998 (NT) sets out similar requirements for the disclosure of official information. Disclosure is permitted ‘as required by law’ or ‘where proper authority has been given’: [10.1].
Public Sector Management Regulations 1995 (SA) reg 15.
Public Sector Management Act 1994 (ACT) s 9.
State Service Act 2000 (Tas) s 9.
Public Service Regulations 1988 (WA) reg 8.
 The Public Sector Ethics Act 1994 (Qld) provides that a code ‘may contain anything the responsible authority considers necessary or useful for achieving the purpose of a code of conduct’: s 14.
 Disclosure is permitted, eg, where an employee is lawfully allowed to disclose the information; the information is on the public record; the information was supplied for a purpose which allows disclosure; or where the consent of the individual has been obtained: Queensland Transport, Code of Conduct for People Working in Queensland Transport (2008), 17–18.
 See New South Wales Department of Premier and Cabinet, NSW Policy and Guidelines for Protecting National Security Information, M2008–17 (2008).
R v Goreng Goreng  ACTSC 74.
 Australian Press Council, Submission SR 16, 18 February 2009.
 Australian Law Reform Commission, Review of Secrecy Laws, Discussion Paper 74 (2009), Question
 Australian Crime Commission, Submission SR 75, 19 August 2009.
 Recommendations 6–6, 6–7.