Australian Crime Commission

Background

37.2 Organised crime is recognised as a major threat to individuals and to society. In adopting the United Nations Convention against Transnational Organized Crime, the main international instrument relied upon to combat such activity, the General Assembly of the United Nations stated that it was:

Deeply concerned by the negative economic and social implications related to organized criminal activities, and was convinced of the urgent need to strengthen cooperation to prevent and combat such activities more effectively at the national, regional and international levels.[2]

37.3 Organised crime groups are involved in a diverse range of criminal activities, including drug trafficking, corruption, violence, fraud, money laundering and other financial sector crimes.[3] These groups are influential and have significant resources and capability to resist law enforcement. They tend to utilise sophisticated methods and techniques that target weaknesses in individuals, agencies, organisations and industries. For example, organised crime groups often gather intelligence about those they seek to influence—including businesses, public officials and law enforcement officers—through the use of corruption, intimidation, extortion, or implied or actual violence. They also may protect themselves by disguising their identity and laundering proceeds of crime to conceal the origin of those proceeds.[4]

37.4 To counter serious and organised crime in Australia, the ACC was established under the Australian Crime Commission Act 2002 (Cth) (ACC Act). The ACC was formed by replacing the National Crime Authority (NCA), and absorbing the functions of the Australian Bureau of Criminal Intelligence (ABCI)[5] and the Office of Strategic Crime Assessments.[6] The functions of the ACC include: collecting and analysing criminal intelligence; setting national criminal intelligence priorities; providing and maintaining criminal intelligence systems; and investigating federally relevant criminal activity and undertaking taskforces.[7]

37.5 Although the ACC falls within the definition of ‘agency’ under the Privacy Act, the acts and practices of the ACC are excluded from the reference to ‘an act or practice’ in the Act.[8] In addition, s 7(2) of the Act exempts the ACC from compliance with the tax file number provisions of the Act. The ACC, therefore, is completely exempt from the operation of the Act.

37.6 Acts and practices in relation to records that have originated with, or have been received from, the ACC or the Board of the ACC (ACC Board) also are exempt.[9] Accordingly, agencies and organisations receiving a record from the ACC are exempt from the operation of the Privacy Act in relation to that record. Furthermore, since the ACC falls within the definition of an ‘enforcement body’ under the Act,[10] personal information may be disclosed by an organisation to the ACC in defined circumstances, including where the disclosure is reasonably necessary for the prevention, detection, investigation, prosecution or punishment of criminal offences; or the prevention, detection, investigation or remedying of seriously improper conduct.[11]

37.7 The ACC may conduct its investigations or operations through the use of a range of law enforcement powers, including the application for search warrants, participation in controlled operations, use of surveillance devices, interception of telecommunications, access to stored communications and use of assumed identities.[12] In addition, the ACC has a range of special powers that are used ‘where ordinary law enforcement methodologies are ineffective’.[13] These include the power to conduct examinations, issue a summons requiring a person to attend an examination to give evidence under oath or affirmation, and requiring the production of any document or thing.[14] Failure to attend an examination, or to answer questions or produce specified documents or things at an examination, are offences that are punishable by fines and imprisonment.[15]

37.8 The ACC Act contains a secrecy provision that prohibits ACC officials and staff from recording, communicating or divulging any information acquired by reason, or in the course, of the performance of their duties under the Act.[16]

37.9 There is tension between privacy and law enforcement, particularly in the context of organised crime. As noted by Dr Chris Corns:

By definition, effective law enforcement and investigation of organised crime requires maximum disclosure of information by government departments to law enforcement agencies. In theory, a maximum flow of information between law enforcement agencies is also required. At the same time, governments have an interest in preventing the unjustified or unnecessary disclosure of information and protecting citizens from unjustified invasions of their privacy by state officials.[17]

37.10 In a recent review of the ACC Act, the Parliamentary Joint Committee on the ACC commented that:

Given the particularly violent and pernicious nature of organised crime, history has shown the need to create specialist crime fighting bodies with significant powers to combat these organised crime networks. However, it is evident from the description of the ACC’s powers … that the actions of the ACC have the potential to impact profoundly on the individual citizen’s freedom and privacy.[18]

Information management guidelines

37.11 The primary documents that prescribe the requirements for the management and security of information by the ACC include the Protective Security Manual (PSM 2005), the Australian Government Information and Communications Technology Security Manual (ACSI 33) and the ACC Policy and Procedures Manual.[19] The ACC Policy and Procedures Manual is a classified document.[20]

37.12 The PSM 2005 is a policy document that sets out guidelines and minimum standards in relation to protective security for agencies and officers. It also applies to contractors and their employees who perform services for the Australian Government. In particular, Part C provides guidance on the classification system and the protective standards required to protect both electronic and paper-based security classified information.[21] The part sets out minimum standards addressing the use, access, copying, storage, security and disposal of classified information.

37.13 Agencies also are required by the PSM 2005 to comply with the ACSI 33, which has been developed by the Defence Signals Directorate (DSD) to provide policies and guidance to agencies on the protection of their electronic information systems.[22]

Accountability and oversight mechanisms

37.14 The ACC is subject to oversight through a number of mechanisms described below.

Ministerial oversight

37.15 The ACC currently is responsible to the Minister for Home Affairs.[23] The Chair of the ACC Board must keep the Minister informed of the general conduct of the ACC in the performance of its functions and comply with the Minister’s request for information concerning any specific matter relating to such conduct.[24] The Minister also may give directions or issue guidelines to the ACC Board in relation to the performance of the Board’s functions.[25]

ACC Board

37.16 The ACC Board consists of the Commissioner of the Australian Federal Police (AFP), the Secretary of the Attorney-General’s Department (AGD), the Chief Executive Officer (CEO) of the Australian Customs Service, the Chairperson of the Australian Securities and Investments Commission (ASIC), the Director-General of Security, eight state and territory police commissioners, and the CEO of the ACC (as a non-voting member).[26]

37.17 The Board’s functions include:

  • determining national criminal intelligence priorities;

  • authorising the ACC to undertake intelligence operations or to investigate matters relating to federally-relevant criminal activity;

  • determining whether an operation or investigation is a special operation or investigation;[27]

  • determining the classes of persons to participate in an intelligence operation or investigation;

  • establishing task forces;

  • disseminating strategic criminal intelligence assessments to law enforcement agencies, foreign law enforcement agencies, or prescribed federal, state or territory agencies; and

  • reporting to the Inter-Governmental Committee on the ACC’s performance.[28]

Inter-Governmental Committee

37.18 The Inter-Governmental Committee on the ACC (IGC) consists of the Minister for Home Affairs, and federal, state and territory police or justice ministers.[29] It was established under the ACC Act to: monitor the work of the ACC and the ACC Board; oversee the strategic direction of the ACC and the ACC Board; and receive reports from the Board for transmission to federal, state and territory governments.[30] Where the ACC Board has determined that an investigation or operation is a special investigation or operation, the IGC may request that the Chair of the ACC Board provide the IGC with further information in relation to the determination.[31] The IGC also has the power to revoke that determination.[32]

Parliamentary Joint Committee

37.19 The Parliamentary Joint Committee on the ACC comprises members from both the Senate and the House of Representatives.[33] It is responsible for:

  • monitoring and reviewing the performance of the ACC;

  • reporting to the Parliament in relation to the ACC;

  • examining the ACC’s annual reports;

  • examining trends and changes in criminal activities, practices and methods;

  • recommending changes to the functions, structure, powers and procedures of the ACC to the Parliament; and

  • conducting inquiries.[34]

Commonwealth Ombudsman

37.20 Under the Ombudsman Act 1976 (Cth), the Commonwealth Ombudsman has the power to investigate complaints against the ACC that relate to matters of administration.[35] It also has oversight of the ACC’s use of controlled operations under Part IAB of the Crimes Act 1914 (Cth), surveillance devices under the Surveillance Devices Act 2004 (Cth) and state and territory surveillance device laws, and telephone intercept and stored communications warrants under the Telecommunications (Interception) Act 1979 (Cth).[36]

37.21 In 2006–07, the Commonwealth Ombudsman received nine complaints about the ACC,[37] three of which were within its jurisdiction.[38] One complaint was referred to the ACC, which appointed an independent officer to investigate. No evidence of misconduct by ACC officers was found. Another complaint was investigated by the Ombudsman, who decided not to take any further action as he was satisfied that the ACC had already provided an appropriate remedy to the complainant. The Ombudsman decided not to investigate the third complaint, on the basis that an investigation into matters that have allegedly occurred many years ago was ‘problematic’ and ‘unlikely to achieve the remedy sought by the complainant’.[39] In 2007, the Ombudsman also referred an allegation of corruption related to the ACC to the ACLEI.[40]

37.22 The Commonwealth Ombudsman inspected the records of the ACC on six occasions in 2006–07, and concluded that there was general compliance with legislative requirements by the ACC. The Ombudsman also reported that his recommendations to improve record keeping were generally accepted by the ACC, which has since implemented measures to improve record keeping and procedures.[41]

Australian Commission for Law Enforcement Integrity

37.23 The Integrity Commissioner, supported by the ACLEI, is responsible for preventing, detecting and investigating serious corruption issues in agencies with law enforcement functions, including the ACC.[42] The functions of the Integrity Commissioner include, among other things, investigating and reporting on corruption issues, conducting public inquiries into corruption, and handling information and intelligence relating to corruption.[43]

Auditor-General

37.24 The Auditor-General is an independent officer of the Australian Parliament responsible for performing financial and performance audits of certain agencies, including the ACC.[44] The Auditor-General has broad information-gathering powers and authority to have access to Commonwealth premises.[45]

Discussion Paper proposal

37.25 In the Discussion Paper, Review of Australian Privacy Law (DP 72), the ALRC considered how best to accommodate the law enforcement functions of the ACC. The ALRC noted the Office of the Privacy Commissioner (OPC) submission that the exemption that applies to the ACC originally applied to the NCA, and that the reasons behind the exemption that applied originally to the NCA

appear to have been based on the NCA’s coercive powers, unique to Commonwealth law enforcement, which allowed the collection of personal information of a speculative and untested nature.[46]

37.26 The OPC submitted that, since the absorption of the ABCI’s functions into the ACC, much of the information collected by the former ABCI is now collected and stored on the ACC’s intelligence databases. In addition, the OPC observed that many of the records held in these databases are sourced from the AFP, Australian Transaction Reports and Analysis Centre (AUSTRAC), ASIC and other agencies that are covered by the Privacy Act. The OPC also stated that some agencies that perform a law enforcement function are covered by the Privacy Act, and that it has issued guidance on how the Act provides for law enforcement needs.[47] The OPC submitted that ‘in view of the changed role of the ACC over the years … it may be timely to reassess the suitability of the current ACC exemption from the Privacy Act’. The OPC suggested that ‘one option [for reform] could be for the administrative operations of the ACC to be covered by the Privacy Act’.[48]

37.27 In another submission, it was suggested that the ACC should be partially exempt from the Privacy Act, but only on a case-by-case basis and where there is sufficient oversight.[49]

37.28 The ALRC considered three options for reform in DP 72. One option would be to remove the exemption that applies to the ACC and rely on its inclusion in the definition of ‘enforcement body’ under the Privacy Act. This would ensure that the ACC is subject to the privacy principles except to the extent that non-compliance is required for the performance of its law enforcement activities. In the United Kingdom, for example, the Serious Organised Crime Agency is not exempt from compliance with the Data Protection Act 1998 (UK), but relies on exceptions under that Act for its operations.[50]

37.29 Another option would be to modify the exemption so that the ACC is covered by the Privacy Act in respect of its administrative operations, such as the handling of its employee records, but otherwise is exempt. For instance, the New South Wales Crime Commission is exempt from compliance with the Privacy and Personal Information Protection Act 1998 (NSW) except in connection with the exercise of its administrative and educative functions.[51]

37.30 A third option would be to require the ACC to comply with information-handling guidelines, to be developed in consultation with the OPC and issued by the Minster for Home Affairs. This approach is similar to the approach taken in relation to exempt defence and intelligence agencies, which are still required to comply with ministerial directions or guidelines in relation to privacy.[52] In its 2007 report, Inquiry into the Future Impact of Serious and Organised Crime on Australian Society, the Parliamentary Joint Committee on the ACC observed that the adoption by the ACC of information-handling protocols would be an appropriate means of ensuring the protection of intelligence data handled by the ACC. The Committee therefore recommended that the ACC ‘give consideration to the extent to which its information handling protocols incorporate, and could be enhanced by, the principles of the Privacy Act’.[53]

37.31 In DP 72, the ALRC observed that the ACC already is subject to information management guidelines and a substantial amount of oversight. The ALRC noted, however, that there is significant potential for the ACC’s activities to affect the privacy of individuals. The ALRC also noted that the ACC’s exempt status is anomalous with the position of other federal law enforcement agencies, which are covered by the Privacy Act. In addition, many of the records held in the ACC’s databases are collected from the AFP, AUSTRAC, ASIC and other agencies that already are covered by the Privacy Act.

37.32 The ALRC expressed the preliminary view that there are several specific exceptions to the IPPs that allow federal law enforcement agencies to carry out their law enforcement functions, and that the proposed Unified Privacy Principles (UPPs) also contain a number of specific exceptions that would allow those agencies to function effectively. The ALRC therefore proposed that the Privacy Act be amended to remove the exemption that applies to the ACC and the ACC Board by repealing s 7(1)(a)(iv), (h) and 7(2) of the Act.[54]

Submissions and consultations

37.33 Some stakeholders supported the proposal to remove the exemption for the ACC and the ACC Board.[55] The Cyberspace Law and Policy Centre argued that the ACC should be required to justify any exemption from both the Privacy Act and the related provisions of the Freedom of Information Act 1982 (Cth) (FOI Act), and that ‘no agency should be wholly exempt from the obligation to comply with fundamental human rights and administrative law principles’. It also suggested that, where an exemption is justified, information-handling guidelines should be developed and published in consultation with the OPC.[56]

37.34 The Public Interest Advocacy Centre (PIAC) noted that the activities of the ACC may have a significant impact on the privacy of individuals, and that the exemption for the ACC is anomalous with the position of other federal law enforcement agencies.[57] Stakeholders also argued that current privacy regulation and exceptions to the privacy principles allow for the specific needs of law enforcement and should be sufficient to enable the ACC to function effectively.[58]

37.35 The OPC submitted that entities with like functions should be treated consistently under the Privacy Act and that other Australian law enforcement agencies, such as the AFP and AUSTRAC, are covered by the Privacy Act. The exemption that applies to the ACC could therefore be considered ‘an irregularity’ and maintaining it ‘may create a break in the continuity of privacy protections’.[59]

37.36 The OPC submitted that personal information sourced from enforcement agencies that are covered by the Privacy Act would fall outside the scope of the Act once it is held on the ACC’s records, including records held in the Australian Criminal Intelligence Database, which is used by all Australian police forces and many other agencies.[60]

37.37 Two stakeholders did not support the proposal to remove the exemption that applies to the ACC and the ACC Board. The AFP submitted that the original policy reasons for the exemption continue to apply, and that the ACC has limited functions and strict secrecy provisions that obviate the need for it to be subject to the Privacy Act.[61]

37.38 The ACC submitted that it is generally accepted that the public interest in combating organised crime outweighs an individual’s right to privacy. It suggested that the ACC is distinguishable from other law enforcement agencies in that the ACC has greater coercive information-gathering powers that are similar to those of Royal Commissions. Such powers, it argued, are justified because of the complex and sophisticated organisational structure and operations of organised crime groups, and the substantial resources such groups have at their disposal.[62]

37.39 The ACC further advised that applying the Privacy Act to the ACC would adversely affect the effectiveness of its investigations and operations for two reasons. First, the ACC’s access to coercive powers that may impinge upon the privacy of individuals is necessary to allow it to lawfully obtain information that is unavailable by other means and therefore is central to the effectiveness of its operations. It argued that the requirements of the Privacy Act would be incompatible with the ACC’s exercise of these coercive powers.[63]

37.40 Secondly, subjecting the ACC to complaint, investigation and review procedures under the Privacy Act could result in difficulties in obtaining evidence from some witnesses, and in encouraging agencies to share criminal intelligence. The ACC suggested that, given it is already subject to extensive internal and external oversight mechanisms, review by another external body like the OPC would result in a perceived weakening of the secrecy regime under the ACC Act and discourage witnesses from cooperating with the ACC.[64]

37.41 In addition, the ACC suggested that there already is sufficient regulation of the way it handles personal information, including secrecy provisions, non-publication orders imposed by ACC examiners and other legislation (such as the Surveillance Devices Act and the Telecommunications (Interception and Access) Act), and extensive internal and external oversight of the ACC’s activities. Information obtained by the ACC also is subject to special protection when it is passed on to other agencies—the classification and conditions of use for that material is specified by the ACC and the recipient of the information is required to seek the approval of the ACC for any additional use.[65]

37.42 Finally, the ACC submitted that partially exempting it from the operation of the Privacy Act would be unworkable, because the need to ensure high standards of integrity of ACC staff means that sensitive information obtained by the ACC on current and prospective staff should not be made available to the individual staff members concerned. It argued that denying access to personal information requested by a particular ACC staff member in a particular case could alert the individual to the fact that he or she is under suspicion and impede the effective investigation of that individual by the ACC or the ACLEI.[66]

ALRC’s view

37.43 As the discussion in Chapter 1 illustrates, the right to privacy is not absolute. Privacy interests must be balanced with other competing public interests, including ‘the need of society to create and enforce rules of personal and corporate behaviour for the common good’.[67] Due to the insidious and particularly violent nature of organised crime, the ACC has been given significant coercive information-gathering powers, including traditional law enforcement powers, such as covert intelligence gathering and surveillance. The ACC also has been given powers that are not available to other law enforcement agencies, such as the power to conduct examinations.[68] As recognised by the Parliamentary Joint Committee on the ACC, it is clear that the ACC’s activities can have a significant impact on the privacy of individuals. There is a need, therefore, to ensure that personal information handled by the ACC is protected adequately.

37.44 The Privacy Act, however, may not be the appropriate mechanism to address privacy issues relating to the ACC. First, the powers of the ACC are required to be exercised in a confidential manner to protect the integrity of its investigations, as well as the privacy and safety of witnesses and other persons assisting the ACC.[69] Given the sensitive nature of the ACC’s operations, the OPC may not be the appropriate body to deal with complaints against the ACC. Secondly, a separate system of oversight and accountability has been established specifically to ensure that the ACC exercises its powers appropriately while maintaining the appropriate balance between secrecy and accountability. Any privacy issues relating to the ACC should be monitored through this separate system.

37.45 The ALRC, therefore, has come to the view that the ACC and the ACC Board should remain exempt from the operation of the Privacy Act, provided that they are subject to information-handling guidelines to be developed and published in consultation with the OPC. In the ALRC’s view, these guidelines should correspond with the model UPPs as closely as possible. Compliance with the information-handling guidelines should be overseen by the Parliamentary Joint Committee on the ACC, the main external body responsible for monitoring the ACC in the performance of its functions.

37.46 To address the OPC’s concern that information, once held on the ACC’s records, could result in a break in the continuity of privacy protection, the information-handling guidelines should address the conditions to be imposed on the recipients of personal information disclosed by the ACC in relation to the further handling of that information. In addition, the information-handling guidelines should address whether an appropriate complaint-handling mechanism for privacy-related complaints that do not fall under the jurisdiction of the Commonwealth Ombudsman or the Integrity Commissioner needs to be established.

Recommendation 37-1 (a) The Australian Crime Commission (ACC), in consultation with the Office of the Privacy Commissioner, should develop and publish information-handling guidelines for the ACC and the Board of the ACC. The information-handling guidelines should address the conditions to be imposed on the recipients of personal information disclosed by the ACC in relation to the further handling of that information.

(b) The Parliamentary Joint Committee on the ACC should monitor compliance by the ACC and the Board of the ACC with the information-handling guidelines.

[2] United Nations Convention against Transnational Organized Crime, 12 December 2000, [2004] ATS 12, (entered into force generally on 29 September 2003). The Convention was ratified by the Australian Government on 27 May 2004 and entered into force for Australia on 26 June 2004.

[3] Ibid; United Nations on Drugs and Crime, UNODC and Organized Crime <www.unodc.org> at 27 March 2008; Australian Crime Commission, Organised Crime in Australia (2008), 4.

[4] Australian Crime Commission, Organised Crime in Australia (2008), 4–6, 13.

[5] The ABCI was established to facilitate the exchange of criminal intelligence among federal, state and territory law enforcement agencies, anti-corruption bodies and regulatory agencies. It was responsible for the analysis and dissemination of criminal intelligence, but relied on these agencies for the collection of information: Australian Crime Commission, Annual Report 2002–2003 (2003), 152; Parliament of Australia—Parliamentary Joint Committee on the Australian Crime Commission, The Law Enforcement Implications of New Technology (2001).

[6] The Office of Strategic Crime Assessments was an element of the Australian Government Attorney-General’s Department preparing national level strategic law enforcement intelligence: Australian Crime Commission, Submission to the Inquiry by the Parliamentary Joint Committee of Public Accounts and Audit Management and Integrity of Electronic Information in the Commonwealth, 1 January 2003, 4.

[7] Australian Crime Commission, Australian Crime Commission Profile (2008) <www.crimecommission.
gov.au/content/about/ACC_PROFILE.pdf> at 27 March 2008, 1.

[8] Privacy Act 1988 (Cth) s 7(1)(a)(iv).

[9] Ibid s 7(1)(h).

[10] Ibid s 6(1).

[11] Ibid sch 3 NPP 2.1(h).

[12] Australian Crime Commission Act 2002 (Cth) s 22; Crimes Act 1914 (Cth) ss 15J, 15XB; Surveillance Devices Act 2004 (Cth) pts 2–4; Telecommunications (Interception) Act 1979 (Cth) ss 39, 110.

[13] Australian Crime Commission, Australian Crime Commission Profile (2008) <www.crimecommission.
gov.au/content/about/ACC_PROFILE.pdf> at 27 March 2008, 1.

[14] Australian Crime Commission Act 2002 (Cth) pt II div 2.

[15] Ibid s 30.

[16] Ibid s 51. The section applies to the Chief Executive Officer of the ACC, members of the ACC Board, members of the ACC staff and examiners. Australian Crime Commission Act 2002 (Cth) ss 24A, 46B.

[17] C Corns, ‘Inter Agency Relations: Some Hidden Obstacles to Combating Organised Crime?’ (1992) 25 Australia and New Zealand Journal of Criminology 169, 177.

[18] Parliament of Australia—Parliamentary Joint Committee on the Australian Crime Commission, Review of the Australian Crime Commission Act 2002 (2005), [5.86].

[19] Australian Crime Commission, Submission to the Inquiry by the Parliamentary Joint Committee of Public Accounts and Audit Management and Integrity of Electronic Information in the Commonwealth, 1 January 2003, 11. The ACC also is required to comply with Australian Government Standards for the Protection of Information Technology Systems Processing Non-National Security Information at the Highly Protected Classification (ACSI 37) published by the DSD. ASCI 37 is a controlled document that outlines certain requirements for physical security.

[20] In addition, there is a range of state legislative and guidance documents prescribing the ACC’s requirements for the management and security of information entrusted to the ACC: Ibid, 11.

[21] Australian Government Attorney-General’s Department, Protective Security Manual (PSM 2005) <www.
ag.gov.au/www/agd/agd.nsf/Page/National_security> at 8 April 2008.

[22] Australian Government Defence Signals Directorate, Australian Government Information and Communications Technology Security Manual (ACSI 33) (2007).

[23]Australian Crime Commission, Australian Crime Commission Profile (2008) <www.crimecommission
.gov.au/content/about/ACC_PROFILE.pdf> at 27 March 2008
.

[24] Australian Crime Commission Act 2002 (Cth) s 59.

[25] Ibid s 18.

[26] Ibid ss 7B, 7G(3).

[27] The ACC Board may determine that an intelligence operation is a special operation if it considers that methods of collecting criminal information and intelligence that do not involve the use of powers in the ACC Act have not been effective: Ibid s 7C(2). The Board may determine that an investigation into matters relating to federally relevant criminal activity is a special investigation if it considers that ordinary police methods of investigation into the matters are unlikely to be effective: s 7C(3). The making of such a determination by the ACC Board allows an eligible person within the ACC to apply for search warrants; or an ACC examiner to apply to the Federal Court for the surrender of a passport, conduct examinations, summon a person to attend an examination, require a person to produce documents or other things, or apply to the Federal Court for a warrant where a witness fails to surrender a passport: ss 22–25A, 28, 29, 31.

[28] Ibid s 7C(1).

[29] Ibid s 8(1).

[30] Ibid s 9(1).

[31] Ibid s 9(2). The Chair of the ACC Board only may refuse to give that information if it considers that the disclosure of the information to the public could prejudice the safety or reputation of persons or the operation of the law enforcement agencies. If the information is withheld on this ground, the IGC may refer its request to the Minister for his or her determination: Australian Crime Commission Act 2002 (Cth) s 9(3), (6).

[32] Australian Crime Commission Act 2002 (Cth) s 9(7).

[33] Ibid s 53.

[34] Ibid s 55.

[35] Ombudsman Act 1976 (Cth) ss 3(13A), 5(1).

[36] Crimes Act 1914 (Cth) s 15UB; Surveillance Devices Act 2004 (Cth) s 55; Telecommunications (Interception) Act 1979 (Cth) ss 83, 152. A ‘controlled operation’ is an operation that: involves the participation of law enforcement officers; is carried out for the purpose of obtaining evidence in relation to a serious Commonwealth offence or a serious state offence that has a federal aspect; and may involve a law enforcement officer or other person in acts or omissions that would constitute an offence: Crimes Act 1914 (Cth) s 15H.

[37] Commonwealth Ombudsman, Annual Report 2006–2007 (2007), 96. This is the same number of complaints against the ACC as in 2005–06: Commonwealth Ombudsman, Annual Report 2005–2006 (2006), 91.

[38] The Commonwealth Ombudsman stated that some of the other complaints were from people seeking to report criminal activity and the Ombudsman gave them the contact details of the ACC: Commonwealth Ombudsman, Annual Report 2006–2007 (2007), 96.

[39] Ibid, 96–97.

[40] Ibid, 97. See also Australian Commission for Law Enforcement Integrity, Annual Report of the Integrity Commissioner 2006–07 (2007), 23.

[41] Commonwealth Ombudsman, Annual Report 2006–2007 (2007), 109–110.

[42] Law Enforcement Integrity Commissioner Act 2006 (Cth) ss 5(1) (definition of ‘law enforcement agency’), 7, 15. At present, the Act only applies to the ACC, Australian Federal Police and the former NCA.

[43] Ibid s 15.

[44] Auditor-General Act 1997 (Cth) ss 11, 15, 18; Financial Management and Accountability Act 1997 (Cth) s 5; Financial Management and Accountability Regulations 1997 (Cth) sch 1 pt 1 item 108A.

[45] Auditor-General Act 1997 (Cth) pt 5 div 1.

[46] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[47] Office of the Federal Privacy Commissioner, Plain English Guidelines to Information Privacy Principles 1–3: Advice to Agencies about Collecting Personal Information (1994), 28.

[48] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[49] K Handscombe, Submission PR 89, 15 January 2007.

[50] Section 29 of the Data Protection Act 1998 (UK) relevantly provides that data controllers do not have to comply with certain data protection principles where the personal data are processed for the purposes of, among other things, the prevention or detection of crime, or the apprehension or prosecution of offenders. See also Serious Organised Crime and Police Act 2005 (UK) s 33(4).

[51]Privacy and Personal Information Protection Act 1998 (NSW) s 27.

[52] See discussion in Ch 34.

[53] Australian Parliament—Parliamentary Joint Committee on the Australian Crime Commission, Inquiry into the Future Impact of Serious and Organised Crime on Australian Society (2007), [8.51], rec 20.

[54] Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 34–2.

[55] Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; P Youngman, Submission PR 394, 7 December 2007.

[56] Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[57] Public Interest Advocacy Centre, Submission PR 548, 26 December 2007.

[58] Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[59] Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[60] Ibid.

[61] Australian Federal Police, Submission PR 545, 24 December 2007.

[62] Australian Crime Commission, Correspondence, 8 May 2008.

[63] Ibid.

[64] Ibid.

[65] Ibid.

[66] Ibid.

[67] Parliament of Australia—Parliamentary Joint Committee on the Australian Crime Commission, Review of the Australian Crime Commission Act 2002 (2005), [5.85].

[68] Australian Crime Commission, Organised Crime in Australia (2008), 13.

[69]M Irwin, ‘Policing Organised Crime’ (Paper presented at 4th National Outlook Symposium on Crime in Australia: New Crimes or Responses, Canberra, 21–22 June 2001), 8.