What conduct should be regulated?

6.59       The following section considers what conduct should be covered by the general secrecy offence. At present, approximately half of Commonwealth secrecy provisions regulate activities other than (but usually in addition to) the disclosure of information—including soliciting,[53] receiving,[54] obtaining,[55] possessing,[56] making a record of,[57] or using[58] information. Section 70 of the Crimes Act regulates publishing or communicating information, and s 79(3) regulates communicating information. The unauthorised disclosure of information is also described in legislation as divulging information.[59]

6.60       The Criminal Code contains a number of provisions that extend criminal responsibility in certain circumstances. These provisions regulate: attempt, which must involve conduct that is more than merely preparatory to the commission of the offence;[60] aiding, abetting, counselling or procuring the commission of an offence by another person;[61] incitement, where a person urges the commission of an offence;[62] and conspiracy, where a person conspires with another person to commit an offence.[63]

6.61       If a new criminal offence for disclosure of Commonwealth information by Commonwealth officers were included in the Criminal Code, as recommended in this Report, then these extensions would automatically apply to the offence. The extended criminal liability would catch activity such as soliciting the unauthorised disclosure of Commonwealth information.

6.62       In IP 34, the ALRC asked whether it is appropriate for secrecy provisions to regulate conduct other than the disclosure of information—such as the unauthorised receipt, copying, recording or use of information.[64] In DP 74, the ALRC proposed that the general secrecy offence should be limited to the disclosure of Commonwealth information, while noting that, in some specific contexts it may be appropriate to regulate a wider range of activity. The ALRC argued that a great deal of conduct that may precede an unauthorised disclosure, such as recording or copying information, should be dealt with through administrative procedures and penalties. In addition, some conduct may attract criminal penalties, in more serious circumstances, under the Criminal Code provisions extending criminal responsibility, for example, where copying the information provides evidence of complicity or conspiracy.

6.63       In the following section, the ALRC considers activity other than disclosure of Commonwealth information—including receiving, copying, recording and using information—and whether this conduct should be covered by the general secrecy offence. The issues and submissions received are considered under three headings: receiving information; copying, recording and using information; and disclosing, divulging and communicating information. The ALRC’s views in relation to conduct are set out at the end of the discussion. This section is also relevant to the subsequent disclosure offences—which cover the unauthorised disclosure of Commonwealth information by non-Commonwealth officers in some circumstances. These offences are considered further below.[65]

Receiving information

6.64       The ALRC’s mapping exercise identified seven secrecy provisions that criminalise the possession or receipt of information.[66] The House of Representatives Standing Committee on Legal and Constitutional Affairs has cautioned against the creation of offences for the mere possession or receipt of confidential information. In the Committee’s view, criminal liability should only attach where the person ‘has the requisite mental element and proceeds to use, disclose or make a record of the confidential information’.[67]

Submissions and consultations

6.65       A number of stakeholders expressed concern about offences that extended to unsolicited possession or receipt of information.[68] The Australian Press Council, for example, submitted that:

The Press Council is of the view that the receipt and holding of information should only be treated as an offence if the recipient has an intention to use the information maliciously, recklessly or with intent to obtain benefit.[69]

6.66       The Public Interest Advocacy Centre agreed that it would be undesirable to criminalise the mere receipt of information

where the recipient has no intention of publishing that information. It is important to consider the position of journalists charged in these circumstances, who are faced with the prospect of going to gaol for an indeterminate period of time, rather than breaching their ethical obligations by revealing their sources. There is real potential for such provisions to be used to target end recipients of information, in an effort to pressure them into revealing information that enables ‘leaks’ to be traced back to their source.[70]

6.67       The AFP, on the other hand, expressed the view that unauthorised receipt and retention of information should be covered, particularly where the person in receipt of the information is aware that the disclosure to them was unlawful.[71]

Copying, recording and using information

6.68       A number of secrecy provisions regulate conduct potentially leading up to an unauthorised disclosure of information, such as copying and recording information, as well as unauthorised use of information. The Privacy Commissioner has drawn a distinction between the use of information and the disclosure of information on the basis that, in general terms, a ‘use’ refers to the handling of information within an organisation; while a ‘disclosure’ refers to the release of information to those outside an organisation.[72]

6.69       The Tax Laws Exposure Draft Bill covers both the recording and disclosure of taxpayer information.[73] The Explanatory Material accompanying the Draft Bill states that the former conduct is covered ‘not only to ensure that information is not disclosed unlawfully, but that the information is not recorded in another form that can be readily accessed by others’.[74]

Submissions and consultations

6.70       A number of stakeholders suggested that conduct other than disclosure should be regulated in some way. The ATO submitted that the primary mischief addressed by the operation of tax secrecy provisions is disclosure, but noted that the unauthorised collection, use and recording of information could lead to inadvertent disclosures of information. Tax law also regulates access to information—for example, s 8XA of the Taxation Administration Act 1953 (Cth) prohibits unauthorised access to information about another person’s tax affairs. The ATO stated that access to, use, recording and disclosure of information should be addressed, but noted that such provisions should be separate from secrecy provisions.[75]

6.71       The Department of Education, Employment and Workplace Relations noted that, although the primary reason to have secrecy provisions was to prevent the harm that may flow from disclosure:

This reason for protecting information against unauthorised disclosure would seem to apply equally to ensuring that the collection and use of the information was also appropriate. For example, accessing a departmental database would generally be considered a ‘use’ of the information. If a staff member was to intentionally access a database to locate a spouse, who purposely did not want to be found because of domestic violence issues, then the harm that could flow from this could be significant. It would seem equally desirable and necessary to regulate this behaviour as it would the inappropriate disclosure of information.[76]

6.72       The AIC noted that the offences in s 79 of the Crimes Act—which apply to unauthorised communication of information—also apply to unauthorised retention or receipt of information; failure to comply with a reasonable direction to dispose of information; and failure to take reasonable care of information. The espionage offences in s 91.1 of the Criminal Code also apply to unauthorised making, obtaining or copying a record. The AIC considered it essential to preserve these elements in the intelligence context.[77]

Disclosing, divulging and communicating information

6.73       As noted above, most secrecy provisions regulate the disclosure of information, although this is described in different ways, including divulging, communicating and publishing information.

Submissions and consultations

6.74       The ATO and APRA submitted that disclosure should be the primary mischief addressed by secrecy provisions.[78] Ron Fraser expressed the view that:

Much of the conduct covered by many secrecy provisions, such as receipt, collection, use or recording or otherwise dealing with information … seems marginal to the real concerns of disclosure and or communication.[79]

6.75       The DHS noted that while there are arguments in favour of including other activity such as unauthorised collection, accessing, browsing, use or disclosure:

it can be argued that the prohibition in secrecy provisions should be limited to use and disclosure, or even disclosure alone. Disclosure is the dealing most likely to lead to disadvantage to the person concerned.[80]

6.76       The DHS also drew attention to the legal issues that arise as a consequence of the inconsistent terminology used in legislation:

For example, Medicare Australia officers are variously forbidden from ‘divulging or communicating’ (National Health Act [1953 (Cth)], Health Insurance Act [1973 (Cth)]), ‘disclosing or producing’ (Medical Indemnity Act [2002 (Cth)]), and ‘disclosing’ only (Aged Care Act [1997 (Cth)], Dental Benefits Act [2008 (Cth)]). There is a difference between ‘divulging or communicating’ (Medicare Australia—Health Insurance Act, National Health Act) and ‘disclosing’ (Centrelink and Australian Hearing) as it is possible to divulge or communicate information which has already been disclosed and is publicly known. Meanwhile [Child Support Agency] officers are forbidden from ‘communicating’ only and [Commonwealth Rehabilitation Service] Australia from ‘divulging’ only. The rationale for these distinctions is not clear and does not easily justify the withholding of information which another agency has already properly disclosed publicly.[81]

6.77       The Law Council of Australia expressed some concern over the use of the word ‘publish’ in s 70 of the Crimes Act, noting that, in the absence of a definition, ‘guidance as to the meaning of the term may need to be taken from case law, including defamation law, which may not be appropriate for cases dealing with secrecy’.[82]

6.78       The AGD stated that:

The conduct that should be regulated by secrecy provisions will depend upon the policy rationale and harm sought to be avoided. If harm can be caused by unauthorised handling, access or use of information, then it would seem appropriate for these actions to also be prohibited.[83]

ALRC’s views

6.79       The ALRC agrees with the AGD that the focus of the new offences should be the potential harm caused by the conduct. In this case, the ALRC’s view is that the relevant harm to the public interests identified in Chapter 5 would arise only from unauthorised disclosure of Commonwealth information. The term ‘disclosure’ is preferred because it is widely used and understood in the privacy context. The provisions of the Criminal Code dealing with extension of criminal responsibility will ensure that a range of other activity leading up to an unauthorised disclosure, such as procuring or conspiring to bring about a disclosure, may also attract criminal sanctions.

6.80       While the ALRC recommends that the new general secrecy offence should be limited to ‘disclosure’ of Commonwealth information, Chapter 9 considers the circumstances that might justify applying criminal sanctions to other conduct in specific secrecy offences. The ALRC recognises that in some contexts, such as national security, offences that cover conduct other than disclosure may be necessary to prevent harm to an essential public interest. These are context-specific provisions, however, and this approach is not appropriate in general provisions applying to all Commonwealth information.

6.81       How information is ‘used’ within an agency is a different and wider issue than simply protecting the information from unauthorised disclosure. A clear distinction between use and disclosure is drawn in the Privacy Commissioner’s guidelines, discussed above. While it may be necessary to criminalise inappropriate uses in some circumstances—for example, where information is security-classified or otherwise sensitive—this is an issue that requires consideration on an agency-by-agency basis and not one that can be addressed in a general secrecy offence.

6.82       The ALRC’s view is that the mere receipt or possession of information should not be covered in the general secrecy offence or the subsequent disclosure offences. However, where information is received in confidence or in breach of the general secrecy offence, and subsequently disclosed in circumstances that are unauthorised and likely to harm essential public interests, the ALRC has recommended a number of ‘subsequent disclosure’ offences, discussed below.[84]

6.83       The ALRC’s view is that a great deal of conduct that may precede an unauthorised disclosure, such as recording or copying information, should be dealt with through administrative procedures and penalties. In particular, the example provided in the Explanatory Material to the Tax Laws Exposure Draft Bill of an officer copying a person’s tax information into a diary, where the conduct is discovered before any disclosure has occurred, would appear to be of this order.[85] Such conduct may attract criminal penalties, in more serious circumstances, under the Criminal Code provisions extending criminal responsibility, for example, where copying the information provides evidence of complicity or conspiracy.

Recommendation 1–13           The general secrecy offence should regulate the disclosure of Commonwealth information as defined in Recommendation 6–3.

[5]           The definition is set out in full in Appendix 5.

[6]           Revised Explanatory Memorandum, Criminal Code Amendment (Theft, Fraud, Bribery and Related Offences) Bill 2000 (Cth), [367].

[7]           Ibid.

[8]           Ibid.

[53]          See, eg, A New Tax System (Family Assistance)(Administration) Act 1999 (Cth) s 165.

[54]          See, eg, Crimes Act 1914 (Cth) s 79(6).

[55]          See, eg, A New Tax System (Family Assistance)(Administration) Act 1999 (Cth) s 163.

[56]          See, eg, Defence (Special Undertakings) Act 1952 (Cth) s 9.

[57]          See, eg, A New Tax System (Australian Business Number) Act 1999 (Cth) s 30.

[58]          See, eg, Aged Care Act 1997 (Cth) s 62-1.

[59]          See, eg, Equal Opportunity for Women in the Workplace Act 1999 (Cth) s 32.

[60]          Criminal Code (Cth) s 11.1.

[61]          Ibid s 11.2.

[62]          Ibid s 11.4.

[63]          Ibid s 11.5.

[64]         Australian Law Reform Commission, Review of Secrecy Laws, Issues Paper 34 (2008), Question 3–4.

[65]          Recommendations 6–6, 6–7.

[66]         See eg Crimes Act 1914 (Cth) s 79(4)–(6); Defence (Special Undertakings) Act 1952 (Cth) s 9(2).

[67]          Australian Parliament—House of Representatives Standing Committee on Legal and Constitutional Affairs, In Confidence: A Report of the Inquiry into the Protection of Confidential Personal and Commercial Information Held by the Commonwealth (1995), [7.11.7].

[68]          Law Council of Australia, Submission SR 30, 27 February 2009; The Treasury, Submission SR 22, 19 February 2009.

[69]          Australian Press Council, Submission SR 16, 18 February 2009.

[70]          Public Interest Advocacy Centre Ltd, Submission SR 38, 9 March 2009.

[71]          Australian Federal Police, Submission SR 70, 14 August 2009.

[72]          Office of the Federal Privacy Commissioner, Guidelines to the National Privacy Principles (2001), NPP 2.

[73]          Exposure Draft, Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 (Cth) sch 1 pt 1 cl 355-20.

[74]          Explanatory Material, Exposure Draft, Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 (Cth), [3.15].

[75]          Australian Taxation Office, Submission SR 13, 16 February 2009.

[76]          Department of Education, Employment and Workplace Relations, Submission SR 24, 19 February 2009.

[77]          Australian Intelligence Community, Submission SR 37, 6 March 2009.

[78]          Australian Taxation Office, Submission SR 13, 16 February 2009; Australian Prudential Regulation Authority, Submission SR 12, 13 February 2009.

[79]          R Fraser, Submission SR 42, 23 March 2009.

[80]          Department of Human Services, Submission SR 26, 20 February 2009.

[81]          Ibid.

[82]          Law Council of Australia, Submission SR 30, 27 February 2009.

[83]          Attorney-General’s Department, Submission SR 36, 6 March 2009.

[84]          Recommendations 6–6, 6–7.

[85]          Explanatory Material, Exposure Draft, Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 (Cth), [3.15]. This issue is discussed further in Ch 9.