Subsequent disclosure offences

9.98       In Chapter 6, the ALRC recommends the creation of two offences for the subsequent unauthorised disclosure of Commonwealth information: (a) where a person receives the information in confidence; and (b) where a person receives the information knowing that, or reckless as to whether, the information has been disclosed in breach of the general secrecy offence (the general subsequent disclosure offences).[125] In addition, in Chapter 7, the ALRC recommends that any person should be able to apply to the court for an injunction to restrain the disclosure of information in contravention of the general or subsequent disclosure offences.[126]

9.99       A number of specific secrecy offences extend to some form of subsequent disclosure—that is, disclosure by a person who received protected information as a result of a disclosure by a Commonwealth officer or official entity. There are two kinds of subsequent disclosure offences. The majority deal with subsequent disclosure of information legally obtained by a person. A smaller number of offences cover the subsequent disclosure of information obtained as a result of breach of a secrecy law. Because different issues arise in relation to each, they are discussed separately below.

Subsequent disclosure of lawfully disclosed information

9.100   Most subsequent disclosure offences cover disclosures by persons who obtain protected information legally—for example, under specific legislative provisions that provide for information to be shared. For example, s 86-5 of the Aged Care Act (discussed above) makes it an offence for a person to disclose information given to them by the Secretary for a purpose other than that for which the information was originally disclosed.[127]

9.101   As noted earlier in this chapter, specific secrecy offences may extend to a wide range of people who handle sensitive government information, such as officers in other agencies, contracted service providers and state and territory government employees. Subsequent disclosure offences are one way to ensure that protected information remains protected when shared with others within and beyond the Australian Government.

9.102Generally, where a secrecy offence includes an offence of subsequent disclosure of information obtained as a result of a lawful disclosure, the penalties for the initial and subsequent disclosure of protected information are the same.[128] In DP 74, the ALRC proposed that maximum penalties for the initial and subsequent unauthorised handling of Commonwealth information under specific secrecy offences should generally be the same, subject to relevant differences in relation to fault elements or the reasonable likelihood of harm.[129]

Submissions and consultations

9.103   Several government agencies expressed the view that, in some circumstances, subsequent disclosure offences should extend to the unauthorised disclosure of information obtained lawfully. The AGD noted that the proposed general secrecy offence and accompanying subsequent disclosure offence did not cover the situation in which Commonwealth information is lawfully received by a person who is not a Commonwealth officer and that person discloses the Commonwealth information in circumstances which would otherwise breach the general secrecy offence. The AGD considered that:

there needs to be an offence for subsequent unauthorised disclosure of information by a third party who has received information lawfully from a Commonwealth officer for a specified purpose. Without this, there will be no protection provided to Commonwealth information under the proposed general secrecy offence where the information was on-disclosed by an individual not covered by the definition of Commonwealth officer.[130]

9.104   AUSTRAC submitted that information, regardless of whether the initial disclosure was authorised or unauthorised, needs to be protected if subsequent disclosure would harm the public interest:

The subsequent disclosure provisions in the AML/CTF Act prohibit the disclosure of AUSTRAC information except in a limited number of circumstances. The circumstances in which AUSTRAC information could be released include for the purposes of or in connection with an investigation or possible investigation, and for tribunal and court proceedings. This recognises that the harm that might be caused by the disclosure of AUSTRAC information is not lessened by its previous disclosure.[131]

9.105   The DHS submitted that one advantage of subsequent disclosure provisions is that they extend the ‘lifespan and consistency of the protection of the secrecy law to the information in the hands of a third party’:

In the absence of secondary obligations, there will be different rights and obligations applying to identical information depending on whose hands it is in. This diminishes the level of protection warranted to the person whose information is concerned when that information was collected or created. Human services agencies typically ensure that any contract for services where sensitive information will be exchanged contains a clause requiring the [contracted service provider] to abide by the agency’s secrecy provision, whether or not the contractor is legally bound by that provision under the terms of the Act. However, the position with potential partners such as state governments, NGOs and private sector entities, is not clear particularly where they may already be subject to (legislative) regulation of their own which is at variance with the agency’s secrecy laws.[132]

9.106   The Treasury noted that the Tax Laws Exposure Draft Bill regulates the subsequent disclosure of information obtained lawfully, as well as unlawfully:[133]

Disclosure provisions in the Tax Secrecy Bill seek to clearly identify the circumstances in which taxpayer information can be disclosed, usually in terms of the agency to whom the disclosure can be made and the purpose of that disclosure … Given that these disclosures are limited to particular purposes, there would be an understandable expectation that these limitations would continue to apply. Otherwise, the initial limitations on disclosure by the ATO would arguably be of little importance.[134]

9.107   Because most lawful disclosures occur between Commonwealth agencies, the Treasury considered that specific secrecy provisions may be more effective in regulating subsequent disclosure by non-Commonwealth officers than the general subsequent disclosure offence:

While Treasury support the notion that limitations should be applied along ‘the chain’ of disclosure, it is not clear whether this could meaningfully be applied in a general context. The Tax Secrecy Bill proposes to impose limitations on the on-disclosure of taxpayer information by clearly distinguishing between ‘tax officers’ and ‘non taxation officers’ who are in receipt of information lawfully.[135]

ALRC’s views

9.108   As noted above, in Chapter 6 the ALRC recommends the creation of two offences for the subsequent unauthorised disclosure of Commonwealth information. One of these offences is framed to apply to the subsequent disclosure of information by a person, who is not a Commonwealth officer, who has received the information on terms requiring it to be held in confidence. This offence is intended to apply to a range of situations in which Commonwealth information is shared lawfully with people who are not Commonwealth officers, where they are aware, or are reckless as to whether, the information should be protected. In addition the person must know, intend, or be reckless as to whether, the subsequent disclosure of the information will harm, or is reasonably likely to harm, one of the public interests set out in
Recommendation 5–1.[136]

9.109   The ALRC considers that, in some circumstances, the imposition of criminal sanctions for the subsequent disclosure of information lawfully obtained may also be warranted in specific secrecy offences; in particular, where the offences relate to defined information and include a prescriptive regime for sharing information with particular persons for particular purposes.

9.110   As with all specific secrecy offences, however, subsequent disclosure offences should be confined to unauthorised disclosures of information which would cause, or are likely or intended to cause, harm to essential public interests. This will require that the subsequent disclosure offence include an express requirement that the subsequent disclosure cause, or be likely or intended to cause, harm to an essential public interest, except in the very limited circumstances discussed in Chapter 8.[137] Where the fault elements are the same and similar harm is caused by the conduct, the maximum penalties for both the initial and subsequent unauthorised handling of Commonwealth information should be consistent.

9.111   Where the imposition of criminal sanctions for subsequent disclosure is not warranted, it will be appropriate to protect confidentiality using other means, such as memorandums of understanding, contractual confidentiality clauses and other measures discussed in Chapter 14.

Subsequent disclosure of unlawfully disclosed information

9.112   The ALRC has identified a number of areas in which specific secrecy offences include offences for the subsequent disclosure of information that has been unlawfully disclosed.

Taxation information

9.113   Section 8XB(1) of the Taxation Administration Act 1953 (Cth) provides that a person

shall not directly or indirectly … divulge or communicate to another person any taxation information relating to a third person … being information disclosed to or obtained by the person in breach of a provision of a taxation law (including this provision).

9.114   The Tax Laws Exposure Draft Bill proposes to continue to regulate the subsequent disclosure of unlawfully (as well as lawfully) obtained taxation information. Clause 355-265 of the draft Bill would make it an offence for a person to use or disclose protected information that was disclosed or obtained in breach of a provision of a taxation law.

Health and social security

9.115   A number of legislative provisions in the health and social security area create offences for the subsequent disclosure of protected information. For example, the National Health Act 1953 (Cth) makes it an offence for a person to use or disclose information that he or she ‘knows or ought reasonably to know’ was disclosed in contravention of a secrecy provision.[138] The secrecy offence in the Child Care Act 1972 (Cth), which applies to any person and may therefore extend to subsequent disclosure, takes a different approach, in that it requires that the person ‘knows, or is reckless as to whether, the information is protected information’.[139]

9.116   Some offences in this area provide higher penalties for subsequent disclosure than the initial unauthorised disclosure. For example, under the Health Insurance Act 1973 (Cth), where protected information is disclosed to a person in contravention of s 130, the person is guilty of an offence if he or she subsequently discloses the information to another person where he or she knows, or reasonably ought to know, that the disclosure is in breach.[140] The maximum penalty for this subsequent disclosure is two years imprisonment,[141]while the officer making the initial unauthorised disclosure is liable only to a fine of $550.[142]

National security and law enforcement

9.117   There are currently no subsequent disclosure offences in the specific legislation governing the AIC. As outlined in Chapter 8, the secrecy offences in the Australian Security Intelligence Organisation Act 1979 (Cth) and the Intelligence Services Act 2001 (Cth) cover disclosures of information prepared by or on behalf of the respective intelligence agencies, and having come to the knowledge of the person by reason of being an officer of, or having entered into a contract or arrangement with, the agency.[143] This offence covers people who receive intelligence information lawfully. It does not cover people who disclose information that was disclosed to them unlawfully.

9.118   Similarly, secrecy offences governing law enforcement agencies, while widely drawn, generally do not include specific subsequent disclosure offences for information disclosed in breach of a secrecy offence.

9.119   In these circumstances, the subsequent disclosure of information unlawfully obtained may be regulated in other ways. For example, s 79 of the Crimes Act includes two offences of receiving information, knowing or having reasonable ground to believe that it is communicated in contravention of:

  • ·                section 91.1 of the Criminal Code or s 79(2) of the Crimes Act—which prohibit the disclosure of information concerning security or defence of the Commonwealth or other country, or other information, with the intention of prejudicing the security or defence of the Commonwealth; or

  • ·                section 79(3) of the Crimes Act—which prohibits the disclosure of prescribed information ‘entrusted’ to a person by a Commonwealth officer.[144]

9.120   In addition, individuals who subsequently disclose information unlawfully disclosed to them may be liable under ancillary offences in the Criminal Code, as the following case study illustrates.

Case study: R v Seivers[145]

James Seivers was an officer of ASIO. In 2002, he removed documents containing information about the Bali bombings from his workplace and took them to his home. His flatmate, Matthew O’Ryan, provided the information to the media.

The jury found Seivers guilty of breaching s 18(2) of the Australian Security Intelligence Organisation Act 1979 (Cth), which makes it an offence for a person to disclose information that has come into his or her knowledge by reason of having been an officer of ASIO. O’Ryan was found guilty of aiding, abetting or procuring the commission of the offence committed by Seivers.

Even though the Court considered that the two men had engaged in a ‘joint enterprise’, the Court imposed a higher penalty on Seivers on the ground that he, as an officer of ASIO, had a greater obligation not to disclose the information.[146]

Submissions and consultations

9.121Most submissions on this issue were directed to the proposed general subsequent disclosure offence, and are discussed in detail in Chapter 6. However, a number of government agencies highlighted the importance of subsequent disclosure offences to their agencies. For example, the Treasury submitted that provisions such as that in s 8XB of the Taxation Administration Act were necessary to protect taxation information and ‘continue to be appropriate to ensure the integrity of information and the integrity of authorised chains of disclosure’.[147]

9.122   The AIC submitted that, depending on the nature of any general subsequent disclosure offence, specific subsequent disclosure offences could be added to legislation governing the AIC.[148] The AFP suggested that secrecy offences should cover the subsequent use of information in circumstances where a person

should reasonably be aware that the information they have obtained was, at some point, disclosed on an unlawful basis and/or is classified or protected and should not be further used or disseminated.[149]

9.123   The AFP considered that this type of offence was

particularly necessary in the spheres of criminal investigations and national security where the disclosure of information can compromise a serious investigation, threaten the security of the Commonwealth and diminish the confidence that Government holds in its agencies. Breaches of secrecy laws in these spheres have serious, long lasting effects irrespective of whether they are coupled with potential immediate consequences to life, property, and ongoing operations.[150]

9.124   The Australian Commission for Law Enforcement Integrity (ACLEI) submitted that it is particularly concerned to guard against ‘tip-offs’ being given to witnesses or persons of interest. In this context, ‘the same damage, and sometimes more, can result from a secondary disclosure as it can from the primary disclosure’.[151]

9.125   Finally, as noted in Chapter 6, some stakeholders expressed concerns about criminalising the subsequent disclosure of information unlawfully disclosed at all.[152] For example, CLA did not support either the proposed general subsequent disclosure offence, or specific subsequent disclosure offences:

Extending secrecy provisions beyond the present confines, particularly to persons who are not Commonwealth officers, raises the issue of how this law could be used in the future to silence reporting of poor governance, maladministration or corruption.[153]

ALRC’s views

9.126   The unauthorised disclosure of some kinds of information unlawfully in the hands of third parties has the potential to cause harm to essential public interests.  There are persuasive reasons, therefore, to protect it with criminal sanctions.

9.127   However, as discussed in Chapter 6, there are concerns that subsequent disclosure offences have the potential to impact adversely on freedom of expression and could unreasonably curtail the media’s ability to discuss matters of public interest. In order to avoid placing a disproportionate restriction on freedom of expression, the ALRC considers that, where a criminal offence regulates disclosure by a third party who has received Commonwealth information by way of unlawful disclosure, several safeguards should be put in place.

9.128   First, the ALRC considers that offences for the subsequent disclosure of information unlawfully disclosed should require that the person knew, or was reckless as to whether, the information was initially disclosed in contravention of a secrecy offence. Secondly, all subsequent disclosure offences should require that the person know, intend or be reckless as to whether, the subsequent disclosure of the information would cause, or was reasonably likely to cause, harm to an essential public interest.

9.129   For example, officers in the AIC should know that the information they handle is inherently sensitive, and that any disclosure has the potential to harm national security. Similarly, persons who have entered an arrangement or agreement with an AIC agency should be made aware of the high level of responsibility associated with access to intelligence information. However, a person outside the AIC cannot be expected to have a similar level of knowledge or responsibility.

9.130   This approach reflects the UK Official Secrets Act, which requires that a subsequent disclosure of information obtained by way of an unauthorised disclosure must be ‘damaging’, regardless of whether the initial disclosure offence has a similar requirement. For example, while s 1(1) of the Official Secrets Act makes it an offence for a member of the security and intelligence services to disclose any information obtained by virtue of his or her position as a member of the services (without a need to show that the disclosure caused harm), the subsequent disclosure offence requires that the subsequent disclosure cause damage, or that the person making the disclosure knew, or had reasonable cause to believe, that it would be damaging.[154]

9.131   Some existing subsequent disclosure offences have inconsistent fault elements attaching to the circumstances in which information has been disclosed. For example, some apply when a person ‘ought reasonably to know’ or ‘has reasonable grounds to believe’ that the information has been unlawfully disclosed to them. As noted above, the AGD Guide to Framing Commonwealth Offences characterises these formulations as an ‘attempted compromise between requiring proof of fault and imposing strict liability’ and recommends that they be avoided.[155] In the ALRC’s view, the fault element attaching to this circumstance should be knowledge or recklessness, consistent with the automatic fault element in the Criminal Code.[156]

Recommendation 6–7               Offences for the subsequent unauthorised disclosure of information should require that:

(a)       the information has been disclosed in breach of a specific secrecy offence;

(b)     the person knows, or is reckless as to whether, the information has been disclosed in breach of a specific secrecy offence; and

(c)       the person knows, intends or is reckless as to whether the subsequent disclosure will harm—or knows or is reckless as to whether the subsequent disclosure is reasonably likely to harm—a specified essential public interest.

[1]           Recommendation 8–3.

[12]         Recommendation 6–1.

[13]         Intelligence Services Act 2001 (Cth) s 41.

[14]         Australian Security Intelligence Organisation Act 1979 (Cth) s 92(1).

[15]         Australian Intelligence Community, Submission SR 37, 6 March 2009.

[125]       Recommendations 6–6, 6–7. In Australian Law Reform Commission, Review of Secrecy Laws, Discussion Paper 74 (2009), only one subsequent disclosure offence was proposed, which applied to information received as a result of an unlawful disclosure: Proposal 8–3.

[126]       Recommendation 7–6.

[127]       See also Aboriginal Land Rights (Northern Territory) Act 1976 (Cth) s 23E.

[128]       See, eg, Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) s 121(2), (7), (12); Aged Care Act 1997 (Cth) ss 86-2, 86-5.

[129]       Australian Law Reform Commission, Review of Secrecy Laws, Discussion Paper 74 (2009), Proposal
11–6.

[130]       Attorney-General’s Department, Submission SR 67, 14 August 2009.

[131]       Australian Transaction Reports and Analysis Centre, Submission SR 73, 17 August 2009.

[132]       Department of Human Services, Submission SR 26, 20 February 2009.

[133]       Exposure Draft, Tax Laws Amendment (Confidentiality of Taxpayer Information) Bill 2009 (Cth) sch 1 pt 1 cl 355-155 (subsequent disclosure of information lawfully obtained); sch 1 pt 1 cl 355-265 (subsequent disclosure of information unlawfully obtained).

[134]       The Treasury, Submission SR 60, 10 August 2009.

[135]       Ibid.

[136]       Recommendation 6–7.

[137]       Recommendation 8–2.

[138]       National Health Act 1953 (Cth) s 135A(14). Similar offences are contained in the Private Health Insurance Act 2007 (Cth) s 323-50; Health Insurance Act 1973 (Cth) s 130(15).

[139]       Child Care Act 1972 (Cth) s 12L.

[140]       Health Insurance Act 1973 (Cth) s 130(15).

[141]       Ibid s 130(23).

[142]       Ibid s 130(1).

[143]       Australian Security Intelligence Organisation Act 1979 (Cth); Intelligence Services Act 2001 (Cth) ss 39, 39A, 40.

[144]       Criminal Code (Cth) s 79(5), (6).

[145]       R v Seivers (Unreported, Reasons for Sentence, Supreme Court of the Australian Capital Territory,
Gray J, 10 June 2009).

[146]       Seivers was sentenced to 12 months imprisonment, with six months served through 24 periods of periodic detention. O’Ryan was sentenced to 12 months imprisonment, with three months served through 12 periods of periodic detention. Both were to be released on recognisance in the sum of $2,000 to be of good behaviour for one year.

[147]       The Treasury, Submission SR 22, 19 February 2009.

[148]       Australian Intelligence Community, Submission SR 77, 20 August 2009.

[149]       Australian Federal Police, Submission SR 33, 3 March 2009.

[150]       Ibid.

[151]       Australian Commission for Law Enforcement Integrity, Submission SR 18, 18 February 2009.

[152]       Non-Custodial Parents Party (Equal Parenting), Submission SR 82, 3 September 2009; Australian Press Council, Submission SR 62, 12 August 2009; L McNamara, Submission SR 51, 6 August 2009.

[153]       Civil Liberties Australia, Submission SR 47, 27 July 2009.

[154]       Official Secrets Act 1989 (UK) s 5(3). The exception to this rule is information obtained as a result of the espionage offence in s 1 of the Official Secrets Act 1911 (UK): s 5(6).

[155]       Australian Government Attorney-General’s Department, A Guide to Framing Commonwealth Offences, Civil Penalties and Enforcement Powers (2007), 21.

[156]       Criminal Code (Cth) s 5.6.