4. Framework for Reform

Recommendation 4–1  Sections 70 and 79(3) of the Crimes Act 1914 (Cth) should be repealed and replaced by new offences in the Criminal Code (Cth)—the ‘general secrecy offence’ and the ‘subsequent disclosure offences’.

5. General Secrecy Offence: Harm to Public Interests

Recommendation 5–1   The general secrecy offence should require that the disclosure of Commonwealth information did, or was reasonably likely to, or intended to:

  1. damage the security, defence or international relations of the Commonwealth;
  2. prejudice the prevention, detection, investigation, prosecution or punishment of criminal offences;
  3. endanger the life or physical safety of any person; or
  4. prejudice the protection of public safety.

Recommendation 5–2   The terms ‘security’ and ‘international relations’ should be defined for the purposes of the general secrecy offence by reference to the relevant provisions of the Australian Security Intelligence Organisation Act 1979 (Cth) and the National Security Information (Criminal and Civil Proceedings) Act 2004 (Cth).

6. General Secrecy Offence: Elements

Recommendation 6–1    The general secrecy offence should regulate the conduct of those who are, or have been, ‘Commonwealth officers’, defined as follows:

  1. the Governor-General;
  2. ministers and parliamentary secretaries;
  3. Australian Public Service employees, that is, individuals appointed or engaged under the Public Service Act 1999 (Cth);
  4. individuals employed by the Commonwealth otherwise than under the Public Service Act;
  5. members of the Australian Defence Force;
  6. members or special members of the Australian Federal Police;
  7. individuals who hold or perform the duties of an office established by or under a law of the Commonwealth;
  8. officers or employees of Commonwealth authorities;
  9. individuals who exercise powers, or perform functions, conferred on them by or under a law of the Commonwealth;
  10. individuals and entities who are contracted service providers for a Commonwealth contract; or
  11. individuals who are officers or employees of a contracted service provider for a Commonwealth contract and who provide services for the purposes (whether direct or indirect) of the Commonwealth contract.

Recommendation 6–2   The general secrecy offence should regulate the disclosure of Commonwealth information as defined in Recommendation 6–3.

Recommendation 6–3   The general secrecy offence should apply to any information to which a person has, or had, access by reason of his or her being, or having been, a Commonwealth officer as defined in Recommendation 6–1.

Recommendation 6–4   The general secrecy offence should require intention as the fault element attaching to the physical element consisting of disclosure.

Recommendation 6–5   The general secrecy offence should require that a Commonwealth officer knew, intended that, or was reckless as to whether, the disclosure of Commonwealth information would harm, or was reasonably likely to harm, one of the public interests set out in Recommendation 5–1.

Recommendation 6–6   There should be a new offence in the Criminal Code (Cth) for the subsequent unauthorised disclosure of Commonwealth information where:

  1. the information has been disclosed by Commonwealth officer A to B (not a Commonwealth officer) in breach of the general secrecy offence; and
  2. B knows, or is reckless as to whether, the information has been disclosed in breach of the general secrecy offence; and
  3. B knows, intends or is reckless as to whether the subsequent disclosure will harm—or knows or is reckless as to whether the subsequent disclosure is reasonably likely to harm—one of the public interests set out in Recommendation 5–1.

Recommendation 6–7   There should be a new offence in the Criminal Code (Cth) for the subsequent unauthorised disclosure of Commonwealth information where:

  1. the information has been disclosed by Commonwealth officer A to B (not a Commonwealth officer) on terms requiring it to be held in confidence;
  2. B knows, or is reckless as to whether, the information has been disclosed on terms requiring it to be held in confidence; and
  3. B knows, intends or is reckless as to whether the subsequent disclosure will harm—or knows or is reckless as to whether the subsequent disclosure is reasonably likely to harm—one of the public interests set out in Recommendation 5–1.

7. General Secrecy Offence: Exceptions and Penalties

Recommendation 7–1   The general secrecy offence should expressly include exceptions applying where the disclosure is:

  1. in the course of a Commonwealth officer’s functions or duties;
  2. in accordance with an authorisation given by an agency head or minister that the disclosure would, on balance, be in the public interest; or
  3. of information that is already in the public domain as the result of a lawful disclosure.

Recommendation 7–2   The subsequent disclosure offences should include an exception where the disclosure is of information that is already in the public domain as the result of a lawful disclosure.

Recommendation 7–3   In developing public interest disclosure legislation the Australian Government should ensure that the legislation protects:

  1. individuals subject to the general secrecy offence;
  2. individuals who subsequently disclose Commonwealth information received by way of a protected public interest disclosure; and
  3. individuals subject to the subsequent disclosure offence for the unauthorised disclosure of information received from a Commonwealth officer on terms requiring it to be held in confidence.

Recommendation 7–4   The general secrecy offence should stipulate a maximum penalty of seven years imprisonment, a pecuniary penalty not exceeding 420 penalty units, or both.

Recommendation 7–5   The subsequent disclosure offences should stipulate maximum penalties of seven years imprisonment, a pecuniary penalty not exceeding 420 penalty units, or both.

Recommendation 7–6   The general secrecy offence and the subsequent disclosure offences should provide that, where a court is satisfied that a person has disclosed, or is about to disclose, information in contravention of the provisions, the court may grant an injunction to restrain disclosure of the information.

8. The Role of Specific Secrecy Offences

Recommendation 8–1   Specific secrecy offences are only warranted where they are necessary and proportionate to the protection of essential public interests of sufficient importance to justify criminal sanctions.

Recommendation 8–2   Specific secrecy offences should include an express requirement that, for an offence to be committed, the unauthorised disclosure caused, or was likely or intended to cause, harm to an identified essential public interest, except where:

  1. the offence covers a narrowly defined category of information and the harm to an essential public interest is implicit; or
  2. the harm is to the relationship of trust between individuals and the Australian Government integral to the regulatory functions of government. 

Recommendation 8–3   Specific secrecy offences should differ in significant and justifiable ways from the recommended general secrecy offence.

9. Specific Secrecy Offences: Elements

Recommendation 9–1   Specific secrecy offences that apply to individuals other than Commonwealth officers should clearly identify the parties regulated by the offence.

Recommendation 9–2   Specific secrecy offences that apply to Commonwealth officers should also apply to former Commonwealth officers.

Recommendation 9–3   Specific secrecy offences should not extend to conduct other than the disclosure of information—such as making a record of, receiving or possessing information—unless such conduct would cause, or is likely or intended to cause, harm to an essential public interest.

Recommendation 9–4   Specific secrecy offences should generally require intention as the fault element for the physical element consisting of conduct. Strict liability should not attach to the conduct element of any specific secrecy offence.

Recommendation 9–5   Specific secrecy offences with an express harm requirement should generally require that a person knew, intended that, or was reckless as to whether, the conduct would cause harm to an essential public interest.

Recommendation 9–6   Specific secrecy offences without an express harm requirement should require that a person knew, or was reckless as to whether, the protected information fell within a particular category, and should not provide that strict liability applies to that circumstance.

Recommendation 9–7   Offences for the subsequent unauthorised disclosure of information should require that:

  1. the information has been disclosed in breach of a specific secrecy offence;
  2. the person knows, or is reckless as to whether, the information has been disclosed in breach of a specific secrecy offence; and
  3. the person knows, intends or is reckless as to whether the subsequent disclosure will harm—or knows or is reckless as to whether the subsequent disclosure is reasonably likely to harm—a specified essential public interest.

Recommendation 9–8   Maximum penalties in specific secrecy offences should reflect the seriousness of the potential harm caused by the unauthorised conduct and the fault elements that attach to the elements of the offence.

Recommendation 9–9   Specific secrecy offences should not generally prescribe:

  1. fines for individuals and corporations different from those that would apply if the formulas set out in the Crimes Act 1914 (Cth) were adopted;
  2. penalties different from those that would apply if the alternative penalties for proceeding summarily on an indictable offence set out in the Crimes Act were adopted; or
  3. a penalty punishable on summary conviction when, under the Crimes Act, an offence carrying that maximum penalty would otherwise be tried on indictment.

10. Authorised Disclosure Provisions

Recommendation 10–1   Where a specific secrecy offence is repealed or amended as a result of Recommendation 11–1, consideration should be given as to whether any provisions which codify authorised information handling should be retained.

Recommendation 10–2   Specific secrecy provisions that impose secrecy obligations on officers should generally include an exception for disclosures in the course of an officer’s functions or duties.

Recommendation 10–3   Specific secrecy offences should not apply to the disclosure of information that is lawfully in the public domain.

Recommendation 10–4   Exceptions and defences in specific secrecy offences should be framed consistently with the principles set out in the Guide to Framing Commonwealth Offences, Civil Penalties and Enforcement Powers.

Recommendation 10–5   In developing public interest disclosure legislation the Australian Government should ensure that, where possible, the legislation protects individuals subject to specific secrecy offences.

11. Specific Secrecy Offences: Review and Guidance

Recommendation 11–1   Australian Government agencies should review specific secrecy offences to determine:

  1. whether a criminal offence is warranted;
  2. if so, whether the secrecy offence complies with the best practice principles set out in Recommendations 8­–1 to 8–3, 9–1 to 9–9 and 10–1 to 10–4; and
  3. whether it would be appropriate to consolidate secrecy offences into:
  1. a single provision or part where multiple secrecy provisions exist in the same Act; or
  2. one Act where secrecy offences exist in more than one Act for which the same Australian Government agency is responsible.

Recommendation 11–2   The Australian Government Attorney-General’s Department should incorporate guidance on the principles contained in Recommendations 8­–1 to 8–3, 9–1 to 9–9 and 10–1 to 10–4 in the Guide to Framing Commonwealth Offences, Civil Penalties and Enforcement Powers, including:

  1. the circumstances in which the enactment of a specific secrecy offence will be justified; and
  2. the elements of specific secrecy offences, including the requirement that the disclosure cause harm to an essential public interest.

12. Administrative Obligations in the Australian Public Service

Recommendation 12–1   Regulation 2.1(3) of the Public Service Regulations 1999 (Cth) should be amended to apply to information where the disclosure is reasonably likely to prejudice the effective working of government.

Recommendation 12–2   The Australian Public Service Commission should amend the APS Values and Code of Conduct in Practice to provide further guidance on what is meant by ‘reasonably likely to prejudice the effective working of government’ in reg 2.1 of the Public Service Regulations 1999 (Cth), as revised in Recommendation 12–1. This should include:

  1. that prejudice may arise from the nature of the information disclosed, such as where the information would not be subject to release under the Freedom of Information Act 1982 (Cth) or through some other means;
  2. that prejudice may arise from the circumstances in which the disclosure is made, such as where an Australian Public Service employee did not take reasonable steps to comply with the agency’s information-handling policy or any lawful and reasonable direction concerning the disclosure of information; and
  3. the fact that a disclosure could, for example, result in embarrassment to the government is not sufficient to establish prejudice.

Recommendation 12–3    The express prohibition on the disclosure of information communicated in confidence set out in reg 2.1(4) of the Public Service Regulations 1999 (Cth) should be removed.

Recommendation 12–4    The information-handling policies developed by Australian Government agencies in accordance with Recommendation 14–1 should set out the disciplinary penalties that may result from breach of secrecy obligations and an inclusive list of the factors that will be considered in determining a penalty.

13. Regulating Beyond the Australian Public Service

Recommendation 13–1    Australian Government agencies that employ persons other than under the Public Service Act 1999 (Cth) should, to the extent that it is consistent with agency functions and structure:

  1. include the requirements in reg 2.1 of the Public Service Regulations 1999 (Cth) in terms and conditions of employment; and
  2. adopt the safeguards under the Public Service Act for dealing with suspected breaches of reg 2.1.

Recommendation 13–2    Australian Government agencies should remind employees, on termination, of their continuing liability under the general secrecy offence and any relevant specific secrecy offence, and of their obligations under the equitable duty of confidence.

Recommendation 13–3    An Australian Government agency that enters into a contract for services involving access to Commonwealth information should include in the contract a confidentiality clause that:

  1. clearly sets out the information or categories of information that are confidential Commonwealth information;
  2. requires persons (other than Commonwealth employees) who have access to confidential Commonwealth information by reason of the contract to agree to comply with the contractual confidentiality requirements; and
  3. permits the disclosure of confidential Commonwealth information where the disclosure is protected under Commonwealth public interest disclosure legislation.

Recommendation 13–4   Private sector organisations that perform services for or on behalf of the Australian Government under contract should ensure that all employees who have access to Commonwealth information are aware of their obligations of secrecy, including the circumstances in which criminal and civil liability could result.

Recommendation 13–5   The Australian Government should include in the terms and conditions of appointment for members of boards and committees:

  1. secrecy requirements equivalent to those imposed on Commonwealth employees in a related employment context, to the extent that these requirements are consistent with the board’s or committee’s function and structure; and
  2. a right to terminate the appointment of a member in the event of a breach of the secrecy obligation.

Recommendation 13–6   The Australian Government should ensure that members of boards and committees who have access to Commonwealth information are aware of their obligations of secrecy, including the circumstances in which criminal and civil liability could result.

14. Frameworks for Effective Information Handling 

Recommendation 14–1   Australian Government agencies should develop and implement policies clarifying the application of relevant secrecy laws to their information holdings. These policies should include:

  1. the types of information that an employee can lawfully disclose in the performance of his or her duties;
  2. the types of information for which an employee must obtain authority for disclosure;
  3. the circumstances in which the unauthorised handling of information could lead to disciplinary action; and
  4. the circumstances in which the unauthorised handling of information could lead to criminal prosecution.

Recommendation 14–2  Australian Government agencies should make their information-handling policies publicly available, save in certain exceptional cases where this would be unreasonable or impractical.

Recommendation 14–3  Australian Government agencies should review ‘lawful and reasonable’ secrecy directions issued to employees to ensure that these are consistent with the implied constitutional freedom of political communication.

Recommendation 14–4  Australian Government agencies that regularly share information with other agencies or bodies should enter into memorandums of understanding (MOUs) setting out the terms and conditions for the exchange of information. Australian Government agencies should make such MOUs publicly available save in certain exceptional cases where this would be unreasonable or impractical.

Recommendation 14–5  Australian Government agencies should put in place and maintain information and communication technology systems to facilitate the secure and convenient handling of Commonwealth information, including access controls and audit mechanisms.

15. A Culture of Effective Information Handling

Recommendation 15–1  Australian Government agencies should develop and administer training and development programs for their employees, on induction and at regular intervals thereafter, about the information-handling obligations relevant to their position, including the need to share information in certain situations. Programs should also provide information about how employees can raise concerns and make public interest disclosures.

Recommendation 15–2  Any Australian Government agency that administers oaths, affirmations or declarations of secrecy should ensure that these properly reflect what is required under relevant Commonwealth secrecy laws.

Recommendation 15–3  The information-handling policies developed by Australian Government agencies in accordance with Recommendation 14–1 should set out how employees can raise concerns about their information-handling obligations.

Recommendation 15–4  The Information Commissioner should review and report to the Minister on the information-handling policies developed by Australian Government agencies in accordance with Recommendation 14–1 and any relevant employee directions.

16. Interactions with Other Laws

Recommendation 16–1  Section 38 of the Freedom of Information Act 1982 (Cth) should be amended to include a definitive list of secrecy provisions that provide an exemption from the requirement to disclose documents under the Act.

Recommendation 16–2  When it is proposed to add a secrecy provision to the revised s 38 of the Freedom of Information Act 1982 (Cth), the explanatory memorandum for the amending legislation should provide an assessment of the potential implications for open government, including:

  1. the breadth of the class of information to which the secrecy provision applies; and
  2. the likely significance for public scrutiny of government action.

Recommendation 16–3  Sections 91 and 92 of the Freedom of Information Act 1982 (Cth) (FOI Act) should be amended to extend the indemnities from civil and criminal actions to authorised FOI officers who:

  1. disclose an exempt document under the FOI Act pursuant to a bona fide exercise of discretion not to claim the exemption; or
  2. disclose a document other than under the FOI Act provided that:
  1.   the document would not have been exempt had it been requested under the FOI Act; or
  2.   the disclosure would have been a bona fide exercise of discretion not to claim an exemption had it been requested under the FOI Act.

Recommendation 16–4  The Freedom of Information Act 1982 (Cth) should be amended to expressly override obligations of non-disclosure in other legislation.

Recommendation 16–5  Section 33(3) of the Archives Act 1983 (Cth) should be repealed.

Recommendation 16–6  The Archives Act 1983 (Cth) should be amended to provide that the public access provisions of the Act override any secrecy provisions that would otherwise apply.

Recommendation 16–7  The Australian Government should conduct a Privacy Impact Assessment for a proposed secrecy provision that would require or authorise information-handling practices that significantly detract from the standards set out in the Privacy Act 1988 (Cth).