pdf (19.82 KB)

Our reference: 02-388-1CIC/BL
Ms Maureen Weeks
Committee Secretary
Joint Committee on the National Crime Authority
Parliament House
Canberra ACT 2600
Dear Ms Weeks

Australian Crime Commission Establishment Bill 2002

Thank you for the opportunity to attend the Hearing of the Joint Committee on the National Crime Authority, held in Sydney on 8 October 2002. The Committee invited me to make a submission on the proposed accountability and complaints handling mechanism for the new expanded agency, the Australian Crime Commission (‘ACC’). In the time, and with the resources available, I am able to provide some further views on these matters.

There is a need to recognise and balance competing community interests when dealing with proposed increases in law enforcement or similar investigative powers. The community has strong interests in combating crime (in this case, ‘serious and organised crime’), as well as in safeguarding individual liberties, including privacy. Our Office does not seek to place privacy above all else, but to balance it with a range of other community interests.

The community expects to be protected from crime, and recognises the need for law enforcement agencies to have sufficient and effective powers to meet this goal. The Privacy Act 1988, through its Privacy Principles for both the Commonwealth public sector and the private sector nationally, recognises this need for balance. Within the principles, for example, there are provisions permitting the use or disclosure of personal information, to a law enforcement body, where reasonably necessary for the enforcement of the criminal law. Privacy is not intended to stand in the way of necessary law enforcement functions.

Indeed, in the Office’s research into community attitudes to privacy, conducted in 2001, 57% of respondents said they would agree with more police access to information held on databases if this were to lead to a significant increase in crime prevention. A copy of the survey is attached, should the Committee be interested in further detail.

New functions: is there a need to change corresponding accountability arrangements?

The addition of the Australian Bureau of Crime Intelligence to the functions of the National Crime Authority (‘NCA’), in the creation of the ACC, brings a powerful database to the agency with the desirable intention of making the current elements of Australia’s criminal intelligence system more effective. Another consequence would appear to be that certain types of information would be available to State and Territory law enforcement bodies for the first time. Issues of privacy jurisdiction notwithstanding, the development of potentially more effective data collection and sharing arrangements also raises the need for close consideration of the corresponding accountability arrangements, and whether these are also likely to operate effectively and in comparable ways.

The importance of effective oversight and accountability arrangements is part of the balancing of law enforcement powers with individuals’ private interests. The confidence of the community in such oversight and accountability arrangements is pivotal to its confidence in, and acceptance of, the investigatory mechanisms in the first instance.

Law enforcement agencies across Australian jurisdictions are generally subject to oversight by State and Commonwealth bodies, such as their respective State or Commonwealth Ombudsman’s Offices. The community generally expects that it has a legitimate right to have any complaints they might have in relation to law enforcement activities heard and dealt with effectively. Furthermore, parliaments have considered, or created, systems for more closely monitoring some of the more intrusive law enforcement activities. The records relating to telecommunications interceptions, for instance, are subject to regular inspection by the respective Commonwealth and State Ombudsmen.

I recognise the continuing oversight role of the Joint Parliamentary Committee in relation to the ACC, and I also understand that the current Bill proposes a continuation of the independent oversight arrangements involving the various Ombudsmen’s Offices. There are also, as I understand it, some revised operational and resource allocation reporting arrangements within the proposed ACC structure (as set out in an attached table, provided to us by the Attorney-General’s Department – at Attachment A).

The move from the NCA to the newly constructed ACC raises the question of whether the current complaint handling arrangements will continue to provide an appropriate and effective balance. From my experience in looking at other cross-jurisdictional data protection issues, such as the national DNA database system (currently the subject of a review under Part 1D of the Crimes Act 1914), and across other private sector or Commonwealth/State issues, challenges arise most where data is transferred, merged or matched across different jurisdictions. Where regulatory jurisdiction ceases at a border or jurisdictional boundary, then the processes of investigation are apt to become more complex; and matters are more likely to ‘fall between the gaps’.

I understand that issues relating to complaints handling and accountability in relation to the NCA have been the subject of previous Reports and Inquiries, including that of the Parliamentary Joint Committee on the National Crime Authority in April 1998. These issues appear to have been addressed in some measure through the provision, following amendments to the NCA legislation in 2001, for the Commonwealth Ombudsman to transfer a complaint to another authority or to take part in a joint investigation, including in conjunction with a State or Territory body.

These amendments appear to respond to the prior concerns about the difficulties or inadequacies in complaint handling and investigation across jurisdictions. These co-operative oversight arrangements still rest, it seems, on whether there is corresponding, enabling legislation within the respective State/Territory, and corresponding agreements in place between the key bodies. A closer analysis and evaluation of the operational effectiveness of the oversight arrangements appears to be something more properly for the respective Ombudsmen, their stakeholders and the community to address.

The establishment of the ACC, however, may be an opportune time to consider whether (and when) Parliament should look again at the current arrangements, either now or at a future time, to further consider whether there is a need for enhancement of the oversight and accountability arrangements. While it may be difficult to assess the effectiveness of current arrangements in advance of the ACC’s operation, this is an issue that appears worthy of monitoring, including by having a set point for review once empirical evidence on the operation of the arrangements has been gathered.

I note that there is no correspondingly specific data protection accountability within the current regulatory arrangements. It appears that personal information handling issues resulting in complaints are to be handled by the Commonwealth Ombudsman, as is the case with the NCA. Overall, Parliament has recognised the need for a specific regulator for data protection issues for most other federal agencies and their activities, rather than such issues being addressed by a generalist regulator. Perhaps an issue for the Committee to consider is whether these arrangements strike the right balance in offering sufficient data protection, particularly when such sensitive information is being handled, which could lead to very serious consequences for an individual if their data is mishandled.

Whether there is a specific need for separate arrangements, at this stage remains unclear, as does how such arrangements may be alternately constructed. The independence of oversight and accountability bodies from law enforcement bodies, though, is critical from the perspective of the public perception of the efficacy of such arrangements. I appreciate the nature of the ACC’s activities and recognise that in the security and intelligence environment there is perhaps a stronger need for an oversight body that is cognisant of the sensitivities of the important work of such government agencies. It is imperative that the ACC be able to effectively perform its role, while at the same time the community must enjoy the assurance that there is an independent and effective accountability mechanism in place.

In my view, it would seem both appropriate and timely to consider these issues (namely, the effective operation of accountability and oversight generally, and matters of data protection more specifically) at the five year review. Currently, the review appears to focus on the ACC’s proposed coercive powers.

I would greatly welcome the Committee’s consideration of the need to broaden the scope of the five year review to look also at the effectiveness of the overall oversight, accountability and complaints handling processes, and more specifically at privacy/data protection issues.

If you require any further details on our submission or further information, please contact Ms Barbra Luby, Senior Policy Advisor, on (02) 9284 9874 or by email barbraluby@privacy.gov.au">barbraluby@privacy.gov.au.

Yours sincerely
Malcolm Crompton
Federal Privacy Commissioner
1 November 2002

Attachment A

ACCOUNTABILITY