The Hon. A.L. McLACHLAN ( 16:50 ): I rise to speak to the Public Sector (Data Sharing) Bill 2016. The Liberal Party is supporting the second reading of the bill. This bill provides explicit authority for agencies to share their data. It also includes a framework for how it is envisaged that the sharing of data will occur.
When I first laid eyes on this bill, my mind recalled the novel The Circle by Dave Eggers about a young woman who joins a global internet company, which operates like a cult. She fails to meet the company’s expectations when she does not share her experiences with everybody online. The company believes and reinforces the mantra, ‘Privacy is theft, secrets are lies and sharing is caring.’ I am surprised the Attorney-General did not adopt this catchy line when advancing this bill through the other place.
Probably a better metaphor was identified by the law academic Daniel Solove. He suggested that a better metaphor was Franz Kafka’s The Trial, which depicts a bureaucracy that uses an individual’s data to make important decisions about them, and at the same time does not allow them to participate in how the information is used. He identified this metaphor in an article discussing the sharing of data.
As Solove argues, data collection, processing and analysis has the potential to affect the power relationship between the citizen and the government. Personal information held by the bureaucracy and able to be shared is out of the individual’s control. At the same time there may not be sufficient controls and discipline within the bureaucracy in handling and using the information. The individual becomes helpless and the state more powerful. The relationship between citizen and the state is irreparably altered.
When introducing the bill, the Attorney-General advised that the two key objectives of this bill were to promote the management and use of public sector data as a public resource to support good government policymaking, program management and service planning and delivery and as well, to remove the barriers that impede the sharing of data between agencies. The Attorney-General indicated at the committee stage, in the other place, that many government agencies are currently reluctant to share information. The ultimate aim, therefore, is to enable agencies to make the best use of their data assets and collaborate to improve the evidence base for developing policy and services. These are, on their face, noble aims.
There are many evangelists for data sharing, both within the government and without. It is argued that public services can then be more closely aligned with community need. It is understandable that the government wants to make more efficient use of the data they have collected in order to improve public services, but data sharing also has inherent and serious risks. Data may be misused or wrongfully disclosed. Sufficient safeguards must exist to ensure the protection of privacy. The threat to an individual’s privacy has the potential to cause real harm, distress and damage to that person and their family.
We must not forget the horrible impact the operations of the Stasi had on the lives of East Germans. The scale of the manual record-keeping is a confronting reminder of what an unchecked government and its bureaucracy can eventually do to learn everything about everybody. I do not believe that any efficiency dividend (as the management consultants like to call it) would be worth such an intrusion of a person’s privacy, so there must be a balance between the competing values of social benefit, for example efficiencies and improved services, and on the other scale, the invasion of privacy of the individual. The benefit must be proportional to the cost.
These risks are particularly poignant in South Australia, as we have no privacy regime in this state where these competing values are clearly articulated and balanced. In many ways, it is comforting to hear from the Attorney-General that government departments are reluctant to share information. This demonstrates an inherent respect by the bureaucracy for the privacy of the individual. The data collected for a particular person is not passed on to others without the individual’s consent.
I feel when reading the clauses of this bill that the government bureaucracy has been placed at the centre of all the justifications for this legislation. The right of the individual appears to come a poor second. For those of us who have some experience in business, this is unusual. Business success comes from being customer-centric, not internally focused. Governments do need to work smarter and better and data is important to enable this, but we also need to ensure that there is accountability for sharing data, appropriate security and respect for individual privacy.
This bill has been based on similar legislation that currently operates in New South Wales. What I find particularly disappointing is that the Attorney-General has attempted to sell this legislative initiative as part of the government’s response to the Nyland royal commission’s findings and recommendations. The Attorney-General introduced this bill under the guise of child protection reform, stating that this bill is critical in supporting the new child protection department.
Whilst provisions contained in the bill will hopefully fulfil that objective, it is clear that the bill was contemplated well before the royal commissioner Margaret Nyland handed down her final report and the recommendations to which the Attorney refers. In a letter from the Attorney-General to the member for Bragg in the other place, dated 19 September, the Attorney stated:
The bill is part of a broader ‘Data for Public Value’ reform that progressed a number of initiatives to overcome the barriers that agencies experience in sharing data with each other.
A subgroup of the ‘Data for Change Working g roup’ established by the Premier in late 2015 initiated this work.
The Attorney-General went on to write:
In preparing the original Data for Public Value reform proposal, including the proposal to draft data sharing legislation, discussions were had at ministerial level and with the Premier’s Data for Change working group and officers across key departments to canvass support for reform of government data sharing and identify any initial concerns.
Agencies feedback confirmed that the current environment is difficult to navigate and that they are keen to see a consistent, transparent, whole of government framework that facilitates appropriate data sharing.
The letter then went on to set out the policy basis for the bill and the consultation that occurred, as well as major differences between the bill and the New South Wales legislation.
The failure to protect our children over the past 14 years is a stain on this government and its ministers. While this bill does support the implementation of various recommendations of commissioner Nyland, both in terms of sharing data between agencies and enabling such data to be analysed, to dress up this bill as a cogent response to the government’s failure on child protection is pure arrogance and gives us cause to suspect that the government’s responses to the royal commission are more to do with political survival.
The need to share data to protect children cannot be questioned. The balance between an individual’s privacy and the safety of the child is clear: the safety of the child comes first. This bill goes further and has a broader effect. The government clearly contemplated legislation of this nature well before commissioner Nyland’s recommendations were handed down.
I turn now to the provisions of the bill before the chamber. The bill provides the authority and safeguards for the exchange of information by two methods. It enables voluntary data sharing between public sector agencies and provides that the Minister for the Public Sector may direct a public sector agency to provide data that it controls to another public sector agency. This can be on the minister’s own initiative or where the agency is unsuccessful in pursuing the voluntary arrangement directly with another agency.
The bill sets out the objects of the act to be the following: to promote, in accordance with the trusted access principles and the data sharing safeguards, the management and use of public sector data as a public resource that supports good government policymaking, program management and service planning and delivery; to remove barriers that impede the sharing of public sector data between public sector agencies; to facilitate the expeditious sharing of public sector data between public sector agencies; and to provide protections in connection with public sector data sharing. It then lists a range of methods, albeit in very vague terms, as to how it is envisaged that these protections will be achieved.
I note that the bill also allows entities other than a government agency to be added or removed by regulation. The bill establishes an office for data analytics (ODA). It also grants the minister a power to enter data sharing agreements with other agencies, including councils or persons whom he prescribes. This is necessary in order to capture non-government organisations that are involved in child protection.
The legislation will override the legislative or policy barriers that would currently prevent data sharing within government. The bill bestows on the minister an extremely broad delegation power to delegate any of the powers under the act. It also allows certain information to be excluded by regulation. The bill also lists a set of data sharing safeguards and trusted access principles, with the ability to add to these by regulation. These include safe projects, safe people, safe data, safe settings and safe outputs.
Safe projects sets out the factors that must be considered when determining whether it is appropriate to share data in the first place; safe people sets out the requirements when assessing whether a proposed data recipient is an appropriate public sector agency with whom data is to be shared; safe data sets out what to consider when assessing whether the type of data is appropriate to be shared; safe settings sets out the factors to consider when assessing whether the environment in which data will be stored is appropriate; and safe output sets out the considerations for assessing whether publication or other disclosure of the results of data analysis is appropriate.
The bill then provides a range of data sharing safeguards. They lack detail and clarity, and are not as one might expect to see in a bill of this nature. They include the following:
that the recipient of data must ensure that confidential or commercially sensitive information is dealt with in a way that complies with any contractual or equitable obligations of the data provider;
data providers and recipients must ensure public sector data is maintained and managed in compliance with any legal requirements concerning its custody and control;
if a data recipient arranges for data analysis to be conducted on public sector data, they must ensure appropriate contractual arrangements are in place to ensure the data is dealt with in compliance with the requirements of the act and the State Records Act;
I note that the bill also provides that the legal requirements under the Freedom of Information Act continue to apply. This means that agencies or persons cannot make freedom of information applications to the agency that receives the data; they would have to apply to the agency that initially held the data; and
the bill states that any breaches may be dealt with by way of disciplinary action. I question whether this is a sufficient sanction, and therefore an incentive for the Public Service to ensure compliance.
The traditional view of privacy is that it is an individual right based on the premise of individualism. The right of privacy recognises the sovereignty of the individual. The law academic Daniel Solove argues that the value of protecting the individual should be seen as a social one. In other words, privacy is protected to ensure a healthy society that is civil, with appropriate norms of behaviour. Allowing individuals to be free from intrusiveness is a positive force in the community. If society ends up not supporting privacy it risks losing the development of individual identity, as forewarned by Eggers’ in The Circle.
The provisions of this bill, once enacted, have the potential to empower government and its bureaucracy to deprive individuals of their privacy and, in doing so, diminish their lives and undermine their communities. The government must make the case that there will be respect for the privacy of the individual, and that sufficient safeguards will be in place.
Given the repeated stories of hacking of government information, I do not believe we should be confident that our citizens’ data will be safe. This bill will allow the spread of our people’s data to a wider audience, and heighten the risk of unauthorised disclosure and abuse. This bill, in the name of seeking to improve government services, may, when enacted, be the first step in irrevocably changing the dynamic between the state and the citizens it purports to serve.
The Liberal Party will support the second reading. I anticipate that I will have questions for the government at the committee stage.See full session on Hansard