Crimes Legislation Amendment (Powers, Offences and Other Measures) Act 2018 (75 of 2018)
Schedule 7 Personal information that may be relevant for integrity purposes
Crimes Act 1914
3 After Part VIIC
Insert:
Part VIID - Collecting, using and disclosing personal information that may be relevant for integrity purposes
86B Simplified outline of this Part
This Part authorises collection, use and disclosure of personal information for preventing, detecting, investigating or dealing with:
(a) serious misconduct by persons working for Commonwealth bodies; or
(b) fraud affecting Commonwealth bodies; or
(c) offences against Chapter 7 of the Criminal Code (which is about the proper administration of Government).
The authorisation is relevant to laws (such as privacy laws) that limit the collection, use and disclosure of personal information unless authorised by law.
86C Target entity may collect sensitive information for integrity purpose
A target entity may collect for an integrity purpose sensitive information that:
(a) if the target entity is a Privacy Act agency - is reasonably necessary for, or directly related to, one or more of the entity's functions or activities; or
(b) if the target entity is a wholly-owned Commonwealth company - is reasonably necessary for one or more of the entity's functions or activities.
Note: Subclause 3.3 of Australian Privacy Principle 3 limits the circumstances in which an APP entity may collect sensitive information. This section lets a target entity collect sensitive information for an integrity purpose in circumstances corresponding to those in which it may collect other personal information (see subclauses 3.1 and 3.2 of that Principle).
86D Target entity may use personal information for integrity purpose
A target entity may use personal information for an integrity purpose relating to the entity.
86E Disclosure of personal information to target entity for integrity purpose
(1) This section applies if a law of the Commonwealth or of a State or Territory:
(a) limits disclosure of some or all personal information by a person, body or authority (however described); and
(b) exempts from the limitation a disclosure authorised by a law of the Commonwealth.
Note: Australian Privacy Principle 6 is an example of such a law of the Commonwealth. The Principle prohibits an APP entity from disclosing personal information for a purpose other than the one for which the entity collected the information, unless the disclosure is authorised under an Australian law or certain other exceptions apply.
(2) For the purposes of the exemption, the person, body or authority may disclose to a target entity for an integrity purpose personal information that the person, body or authority reasonably believes is related to one or more of the target entity's functions or activities.
Limit on subsection (2) for disclosures by target entity
(3) Subsection (2) applies to a disclosure by a target entity other than the Australian Federal Police only if it is made for the target entity by a person who is authorised to make disclosures for integrity purposes by:
(a) the accountable authority (within the meaning of the Public Governance, Performance and Accountability Act 2013) of the entity, if it is a Commonwealth entity; or
(b) the entity or its principal executive (within the meaning of the Privacy Act 1988), if it is a Privacy Act agency other than a Commonwealth entity; or
(c) a director of the entity, if it is a wholly-owned Commonwealth company.
86F This Part does not limit other laws
To avoid doubt, this Part does not impliedly limit other laws (whether written or unwritten) that authorise collection, use or disclosure of personal information.
86G Guidelines on the operation of this Part
(1) The Secretary of the Department may publish guidelines approved by the Information Commissioner on the operation of this Part.
(2) Guidelines under subsection (1) are not a legislative instrument.