House of Representatives

Explanatory Memorandum

(Circulated by authority of the Minister for Housing and Assistant Treasurer, the Hon Michael Sukkar MP)

Chapter 3 Statement of Compatibility with Human Rights

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

Commonwealth Registers Bill 2019

Treasury Laws Amendment (Registries Modernisation and Other Measures) Bill 2019

Business Names Registration (Fees) Amendment (Registries Modernisation) Bill 2019

Corporations (Fees) Amendment (Registries Modernisation) Bill 2019

National Consumer Credit Protection (Fees) Amendment (Registries Modernisation) Bill 2019

3.1 These Bills (the legislative package) are compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Overview

3.2 The legislative package contains measures that:

•

modernise Commonwealth business registers; and

•

introduce a DIN requirement.

Modernisation of Commonwealth Registers

3.3 The new law facilitates a modern government registry regime that is flexible, technology neutral and governance neutral. The regime initially applies to the business registers administered by ASIC and the Australian Business Register. Additional government registers may be brought into the regime by future legislative reforms.

3.4 Under the new regime, the Minister appoints an existing Commonwealth body to be the registrar. Different registrars can be appointed for different functions or powers of the registrar.

3.5 The functions and powers of the registrar are largely set out in existing Commonwealth laws. In particular, most powers and functions are set out in the Commonwealth acts that contain the registers being brought into the new regime. These acts include: the Corporations Act; the ABN Act; the Business Names Act; the Credit Act; and, the SIS Act.

3.6 The registrar performs its functions and exercises its powers in accordance with the data standards and other Commonwealth laws. The data standards are disallowable instruments made by the registrar. They may deal with a variety of matters including what information may be collected for the purposes of performing the registrar's functions, how such information is to be given to the registrar, and how information held by the registrar is to be stored.

3.7 The new law also provides for the protection and disclosure of information held by the registrar. It is an offence for an official to disclose information held by the registrar unless the disclosure is authorised. A disclosure is authorised where: it is for the purposes of the new registry regime; it happens in the course of the performance of an official's duties; each person to whom the information relates consents to the disclosure; the information is disclosed to a government agency for the performance of its functions; or, the benefits associated with the disclosure outweigh the risks (including privacy risks) after those risks have been mitigated.

3.8 All decisions made by the registrar under the new regime are reviewable by the Administrative Appeals Tribunal except those made by disallowable instrument.

Director Identification Number

3.9 The new law amends the Corporations Act and the CATSI Act to introduce a DIN requirement. The new requirement assists regulators to better detect, deter and disrupt phoenixing and improves the integrity of corporate data maintained by the registrar.

3.10 Under the new requirement a person appointed as a director of a body corporate registered under the Corporations Act or the CATSI Act must apply to the registrar for a DIN. The person must apply before they are appointed as a director unless the regulations provide additional time or they are provided an exemption or extension by the registrar. After receiving an application, the registrar must provide the director with a DIN if the registrar is satisfied that the director's identity has been established.

3.11 The registrar is provided with powers to administer the new requirement. These include powers to: issue DINs; keep necessary records; cancel and reissue DINs; determine the numbering plan for the new requirement; and, determine how directors are to establish their identity. The registrar may make data standards, by way of legislative instrument, in relation to these and other matters.

3.12 There are civil and criminal penalties for directors that fail to apply for a DIN within the applicable timeframe. The registrar, or a senior member of its staff, may also issue infringement notices in relation to such conduct. There are also civil and criminal penalties which apply to conduct that would otherwise undermine the new DIN requirement. For example, there are criminal penalties for deliberately providing false identity information to the registrar, intentionally providing a false DIN to a Government body or relevant body corporate, and intentionally applying for multiple DINs.

3.13 The new requirement contains transitional provisions that apply in relation to a person who is currently appointed as a director at the time the new requirement starts to apply. Such a person has the time specified in a legislative instrument to apply for a DIN from the day the new requirement starts, and the new requirement does not apply to them unless such an instrument is made. In addition, during the first 12 months of the new requirement's operation a person appointed as a director will have an additional 28 days to apply for a DIN (that is, for the first 12 months of new requirement's application, a person must apply for a DIN within 28 days of first being appointed as a director).

Human rights implications

3.14 The legislative package engages, or may engage, the following human rights:

•

the right to the presumption of innocence; and

•

the right to privacy.

Engagement of the presumption of innocence

3.15 Paragraph 2 of Article 14 of the International Convention on Civil and Political Rights (ICCPR) protects the right of a person charged with a criminal offence to be presumed innocent until proven guilty according to law. The presumption of innocence is also a fundamental principle of the common law. As the Parliamentary Joint Committee on Human Rights has observed, the presumption of innocence 'imposes on the prosecution the burden of proving the charge, guarantees that no guilt can be presumed until the charge has been proved beyond reasonable doubt, ensures that the accused has the benefit of doubt, and requires that persons accused of a criminal act must be treated in accordance with this principle'. ^[83] The presumption of innocence generally requires the prosecution to prove each element of a criminal offence beyond reasonable doubt.

Offence provisions that carry an evidential burden

3.16 An offence provision that requires a defendant to carry an evidential burden may be considered to engage the right to the presumption of innocence. A number of offences in the legislative package contain offence specific defences for which the defendant carries an evidential burden. In accordance with the Criminal Code Act 1995 and the Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers ^[84] , offence specific defences in the legislative package are made explicit through words of exception and exemption.

3.17 The evidential burden in those defences has been reversed because the subject matter of the defence is:

•

peculiarly within the knowledge of the defendant; and,

•

significantly more difficult and costly for the prosecution to disprove than for the defendant to establish.

3.18 Details of each defence and the relevant subject matter are in the following table.

Table 3.1 Offence Specific Defences

3.19 The offences are critical to the operation of the regime. The imposition of an evidential burden for the defences achieves a legitimate object because it ensures that the offences are prosecutable, thereby allowing effective enforcement of the new regime.

3.20 The burden of proof on the defendant is an evidential burden. The effect of the imposition is therefore that the defendant must merely adduce or point to evidence of the defence. Once this is done, the prosecution bears the burden of proof.

3.21 Because of the low evidential burden on the defendant, to the extent that imposing that burden is a limitation on the right to be presumed innocent, it is proportionate and reasonable in the circumstances.

Strict liability offences

3.22 The new DIN requirement engages the presumption of innocence because it creates several new strict liability offences. A strict liability offence means that the prosecution is not required to prove fault as part of the offence; it must merely prove that a contravention took place and the only permissible defence is an erroneous belief about a material event or circumstance.

3.23 The measure includes the following strict liability offences, each attracting a penalty of 60 penalty units under the Corporations Act or 25 penalty units under the CATSI Act:

•

failure to apply for a DIN within the prescribed period (subsections 1272C(1) of the Corporations Act and 308-20(1) of the CATSI Act); and

•

failure to apply for a DIN after being directed by the registrar (subsections 1272D(1) of the Corporations Act and 308-25(1) of the CATSI Act).

3.24 As explained in Chapter 2 of this memorandum, the offences are also subject to the infringement notice regime under the Regulatory Powers (Standard Provisions) Act 2014.

3.25 The presumption of innocence is not an absolute right and is subject to permissible limits, for example in a situation in which threats to the rights of the innocent are minimal in comparison to the threats to the wider public interest. However, because proof of fault is one of the fundamental protections of criminal law, strict liability should only apply where there is adequate justification and subject to specific considerations.

3.26 The strict liability offences created by the legislative package pursue the legitimate objectives of enforcing the DIN regime. The strict liability nature of the offences is also consistent with existing offences in the Corporations Act and CATSI Act. For example, those Acts contain strict liability offences relating to the information requirements around the registration of bodies and keeping that information up to date.

3.27 These offences are directed at proving the identity of directors to assist regulators better detect, deter and disrupt phoenixing and improve the integrity of corporate data maintained by the registrar. The limitations on the presumption of innocence afforded by these offences can be considered rational and necessary because they enhance the effectiveness of the enforcement regime in deterring avoidance of the DIN requirement and ensure the integrity of information about companies and their officers.

Right to a fair hearing

3.28 Article 14 of the ICCPR ensures that everyone shall be entitled to a fair and public hearing by a competent, independent and impartial tribunal established by law.

3.29 In relation to the DIN requirement, the strict liability offences above relating to failure to apply for a DIN might be considered to engage the right to a fair and public hearing because they are subject to the infringement notice regime under the Regulatory Powers (Standard Provisions) Act 2014. Infringement notices can be issued when an infringement officer reasonably believes that the offences have been contravened and give the option of paying a stated penalty as an alternative to Court proceedings.

3.30 Because the obligations to apply for a DIN involve timeframes and apply to a large number of people, minor breaches may be expected to occur with some frequency. Infringement notices are an efficient way of dealing with minor breaches, as they avoid the significant delays and costs associated with court action. Compliance with infringement notices as an alternative to Court action is also voluntary. For these reasons, the DIN requirement is not considered to limit the right to a fair and public hearing.

Engagement of the right to privacy

3.31 Article 17 of the ICCPR requires parties to the ICCPR to uphold the individual right not to have one's private, family and home life or correspondence unlawfully or arbitrarily interfered with. It also includes the right to protection by law of one's reputation. According to the Parliamentary Joint Committee on Human Rights' Guide to Human Rights, the right to privacy includes:

•

the right to respect for confidential and private information, particularly the storing, use and sharing of such information; and

•

the right to control dissemination of information about one's private life.

3.32 The right to privacy is not an absolute right and is subject to permissible limits. The implied limitation arises, inter alia, from the term 'arbitrary' in Article 17 of the ICCPR, which prohibits unlawful or arbitrary interferences with a person's privacy, family, home and correspondence.

3.33 The modernisation of Commonwealth registers and DIN measures could engage the right to privacy because they provide for the collection and disclosure of information that may include personal information. Personal information could potentially be collected and/or disclosed as part of the administration of the Commonwealth registers and DIN regimes.

Collection of information by the registrar

3.34 The registrar performs its functions and exercises its powers in accordance with the data standards and other Commonwealth laws. The data standards are disallowable instruments made by the registrar. They may deal with a variety of matters including what information may be collected for the purposes of performing the registrar's functions, how such information is to be given to the registrar, and how information held by the registrar is to be stored.

3.35 The data standards may engage the right to privacy by requiring that personal information be provided to the registrar. While the making of the data standards is a matter for the registrar, it is likely that personal information about company officers, financial service licensees and other persons on the current business registers will be collected. This is because such information is required for the effective operation of the registry regime.

3.36 In relation to a DIN, the registrar will make data standards that require personal information be given for the purposes of verifying a directors identity. This is an essential part of the effective administration of the DIN regime.

3.37 The data standards are disallowable instruments for the purposes of the Legislation Act 2003. Under that Act, legislative instruments and their explanatory statements must be tabled in both Houses of the Parliament within six sitting days after the date of registration of the instrument on the Federal Register of Legislation. Once tabled, the instruments will be subject to the same level of parliamentary scrutiny as regulations (including consideration by the Senate Standing Committee on Regulations and Ordinances), and notice of a motion to disallow the instruments may be given in either House of the Parliament within 15 sitting days after the date the instruments are tabled. In addition to parliamentary oversight, relevant data standards are subject to a privacy impact assessment under the Privacy Act 1988 and the consultation requirements contained in the Legislation Act 2003.

3.38 Before the data standards are made, a full assessment of their compatibility with human rights cannot be made. When the data standards are made by the registrar a human rights compatibility statement will be completed for them in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Disclosure of information by the registrar

3.39 Information held by the registrar is protected by offences in the new law. Specifically, registry information cannot be disclosed unless the disclosure is authorised.

3.40 Disclosure is authorised in the following circumstances:

•

the recording or disclosure is for the purposes of the new regime or happens in the course of the performance of the duties of a person's official employment;

•

the disclosure is to another person for use, in the course of the performance of the duties of the other person's official employment, in relation to the performance of the functions of a government entity;

•

the disclosure is to a State or Territory official for use in the course of their duties of employment in relation to the performance or exercise of functions or powers of a government entity, pursuant to an intergovernmental agreement with the Commonwealth;

•

each person to whom the information relates consents to the disclosure; or

•

the disclosure is in accordance with the disclosure framework.

3.41 These disclosures achieve a number of legitimate objectives, and ensure that the new registry regime can be effectively administered.

3.42 In relation to disclosure within Government, registry information that is required for the administration of other Australian laws is made available for that purpose. Disclosure with consent achieves the benefit of allowing data to be used for other purposes with a public benefit so long as each person to whom the data relates consents to the disclosure.

3.43 Disclosure in accordance with the disclosure framework is intended to provide the registrar with flexibility that will provide broader public benefits in the future. It is envisaged that the ability to make a disclosure framework will provide the registrar with flexibility regarding the release of registry information. For example, the framework could allow a trusted user (for instance a university whose IT systems, processes and staff have been vetted) to access information that may not be appropriate for wider dissemination where a social benefit exists and appropriate undertakings are made.

3.44 The registrar makes the disclosure framework by legislative instrument. It may provide for any matter related to the disclosure of registry information. The registrar will decide what information is disclosed based on a balance of the benefits of disclosure, such as the ability to use data for research purposes, with the risks of disclosure, including those related to privacy, after those risks have been mitigated.

3.45 The disclosure framework is a disallowable instrument for the purposes of the Legislation Act 2003. Under that Act, legislative instruments and their explanatory statements must be tabled in both Houses of the Parliament within six sitting days after the date of registration of the instrument on the Federal Register of Legislation. Once tabled, the instruments will be subject to the same level of parliamentary scrutiny as regulations (including consideration by the Senate Standing Committee on Regulations and Ordinances), and notice of a motion to disallow the instruments may be given in either House of the Parliament within 15 sitting days after the date the instruments are tabled. In addition to parliamentary oversight, the disclosure framework is subject to a privacy impact assessment under the Privacy Act 1988 and the consultation requirements contained in the Legislation Act 2003.

3.46 Until the disclosure framework is made, a full assessment of its compatibility with human rights cannot be made. When the framework is made by the registrar a human rights compatibility statement will be completed for it in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Conclusion

3.47 These Bills are compatible with human rights. The legislative package engages, or may engage the right to the presumption of innocence and the right to privacy and reputation. However, to the extent that the legislative package places limitations on these rights, these limitations can be considered legitimate, rational and necessary in light of the objectives they aim to achieve, and reasonable and proportionate in their extent.