Use or disclosure for law enforcement or revenue protection

Overview

Agencies are required to comply with the Information Privacy Principles (IPPs) set out in the Information Privacy Act 2009 (Qld) (IP Act).

IPP 10 provides that personal information may only be used for the purpose for which it was obtained and not for any other purpose, unless one of the exceptions applies.

IPP 11 provides that personal information must not be disclosed outside the holding agency unless one of the exceptions applies.

One of the exceptions to both IPP 10 and IPP 11 is that the use or disclosure is necessary for law enforcement or protection of the public revenue. If an agency discloses information under IPP 11(1)(e)it must place a note of that fact with the information.

Law enforcement or revenue protection – IPP 10(1)(d) and 11(1)(e)

IPP 10

(1) An agency having control of a document containing personal information that was obtained for a particular purpose must not use the information for another purpose unless—

(d) the agency is satisfied on reasonable grounds that the use of the information for the other purpose is necessary for 1 or more of the following by or for a law enforcement agency—
(i) the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of laws imposing penalties or sanctions;
(ii) the enforcement of laws relating to the confiscation of the proceeds of crime;
(iii) the protection of the public revenue;
(iv) the prevention, detection, investigation or remedying of seriously improper conduct;
(v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.

IPP 11

(1) An agency having control of a document containing an individual's personal information must not disclose the personal information to an entity (the relevant entity), other than the individual the subject of the personal information unless—

(e) the agency is satisfied on reasonable grounds that the disclosure of the information is necessary for 1 or more of the following by or for a law enforcement agency—
(i) the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of laws imposing penalties or sanctions;
(ii) the enforcement of laws relating to the confiscation of the proceeds of crime;
(iii) the protection of the public revenue;
(iv) the prevention, detection, investigation or remedying of seriously improper conduct;
(v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.

(ea)All  of the following apply—
(i) ASIO has asked the agency to disclose the personal information;
(ii) An officer or employee of ASIO authorised in writing by the director-general of ASIO for this paragraph has certified in writing that the personal information is required in connection with the performance by ASIO of its functions;
(iii) The disclosure is made to an officer or employee of ASIO authorised in writing by the director-general of ASIO to receive the personal information.

These IPPs should only be used in exceptional circumstances, and not to justify ongoing or regular uses and disclosures of personal information.

What is a law enforcement agency?

Law enforcement agency has different meanings for IPP 10(1)(d) and IPP 11(1)(e).

Law Enforcement Agency for IPP 11(1)(e)

IPP 11(1)(e) allows an agency to disclose information to a law enforcement agency if the information is necessary for the enforcement agency’s law enforcement functions. For IPP 11(1)(e) law enforcement agency has the same meaning as enforcement body in the Privacy Act 1988 (Cth). Enforcement body includes the Australian Federal Police, Customs, and any government body of the Commonwealth or of a State or Territory (including a Queensland body) with responsibility for revenue protection or for administering, or performing a function under, a law imposing penalties or sanctions.

ASIO for IPP 11(1)(ea)

ASIO is the Australian Security Intelligence Organisation established under the Australian Security Intelligence Organisation Act 1979 (Cwlth). The director-general of ASIO is the person who has been appointed as the Director-General of Security under the Australian Security Intelligence Organisation Act 1979 (Cwlth).

Law Enforcement Agency for IPP 10(1)(d)

Under IPP 10(1)(d) a law enforcement agency is limited to specific Queensland government agencies. These include the Queensland Police Service under the Police Services Administration Act 1990 (Qld), the Crime and Misconduct Commission under the Crime and Misconduct Act 2001 (Qld), the Community Safety Department and any other agency to the extent it has responsibility for:

  • functions and activities directed to the prevention, detection, investigation, prosecution or punishment or offences and other breaches of the law attracting penalties or sanctions
  • the management of property seized or restrained under, or the enforcement of a law or of an order made under a law, a law relating to the confiscation of the proceeds of crime
  • enforcement of or implementation of an order or decision made by a court or tribunal.

What is a criminal offence?

In Queensland, criminal offences are defined in the Criminal Code Act 1899 (Qld). Section 3 states that offences are of two kinds, regulatory and criminal, with criminal offences being made up of three different kinds: crimes, misdemeanours, and simple offences. If an offence is not designated as a crime or a misdemeanour then it is a simple offence.

Many of the offences in legislation other than the Criminal Code, such as the Vegetation Management Act 1999 (Qld) or the Animal Care and Protection Act 2001 (Qld), are simple offences, and as such are criminal offences.

If there is uncertainty, the agency should request details about the offence to enable a decision to be made as to whether or not it is a criminal offence.

Law imposing a penalty

If the offence is not a criminal offence but it still imposes a monetary penalty – most likely by way of specifying a number of penalty units as the maximum payable – then it is a law imposing a penalty.

Law imposing a sanction

A law imposes a sanction if it takes away a right or privilege or allows some disadvantaging action other than the imposition of a pecuniary penalty.

Examples
  • removal of a licence or entitlement
  • disciplinary action (such as suspension, a pay cut, or dismissal)
  • the withdrawal of a benefit.

Confiscation of the proceeds of crime

IPPs 10(1)(d)(ii) and 11(1)(e)(ii) allow agencies to use or disclose personal information where it is necessary for the enforcement of laws relating to confiscation of the proceeds of crime. These laws enable enforcement bodies to trace the proceeds, benefits and property derived from criminal activity, and provide for the forfeiture of property used in connection with the commission of criminal offences.

There are two confiscation schemes in operation in Queensland:

  • Conviction based confiscation: administered by the Office of the Director of Public Prosecutions, this occurs when a direct link can be established between a crime of which someone has been convicted and an asset.
  • Confiscation without conviction (civil confiscation): this is administered by the Crime and Misconduct Commission under the Criminal Proceeds Confiscation Act 2002 (Qld) and allows property to be restrained on the basis of reasonable suspicion of serious crime-related activity.

Both of these schemes fall within IPPs 10(1)(d)(ii) and 11(1)(e)(ii), as will similar schemes operating in other jurisdictions.

Hint

The term ‘enforcement’ encompasses the whole of the activity, from initial inquiries to the hearing of a matter in a court or presentation to a decision maker or non-judicial member. It also includes gathering intelligence to support the investigation function of enforcement bodies, or providing information to the relevant enforcement body.

Protection of the public revenue

The public revenue includes levies, taxes, rates and royalties charged on a regular basis. It does not include occasional charges, such as fines, or the recovery of the occasional overpayment by an agency.

Protection of the public revenue includes the activities of agencies and bodies intended to ensure that lawful obligations are met by those subject to the charges, such as routine collection, audits, investigatory and debt recovery actions. Prosecution for failure to pay the charge would fall under the criminal law exception.

Activities intended to identify and eliminate inefficient but lawful spending of public money will not fall within these IPPs.

Seriously improper conduct

Seriously improper conduct refers to serious breaches of standards of conduct associated with a person’s duties, and includes:

  • corruption
  • abuse of power
  • dereliction of duty
  • breach of obligations that would warrant the taking of enforcement action against the person
  • any other seriously reprehensible behaviour.

In the Queensland public service, seriously improper conduct can be identified by reference to:

  • the Public Sector Ethics Act 1994 (Qld)
  • the Public Service Act 2008 (Qld)
  • the Crime and Misconduct Act 2001 (Qld).

Misconduct of this type may also be set out in specific statutes applying only to certain agencies.  Examples of misconduct may include:

  • misconduct under the Police Service Administration Act 1990 (Qld)
  • official misconduct under the Crime and Misconduct Act 2001 (Qld)
  • misconduct under the Public Service Act 2008 (Qld)
  • other conduct under section 187 of the Public Service Act 2008 (Qld) where it is serious and improper
  • a breach of the Public Sector Ethics Act 1994 (Qld) or of a Code of Conduct under that Act
  • a criminal offence.

Conduct of proceedings

IPPs 10(1)(d)(v) and 11(1)(e)(v) allow an agency to use or disclose personal information for the preparation or conduct of proceedings before any court or tribunal by, or on behalf of, an enforcement body.

IPPs 10(1)(d)(v) and 11(1)(e)(v) also enable an agency to use or disclose information to implement orders issued by the court or tribunal, although where the use or disclosure is necessary for an agency to satisfy the order, it would also fall under the IPPs permitting use or disclosure based on a legal authority.

There needs to be a clear link between the order that is being enforced and the information that is being disclosed, and any disclosure should be limited only to what is necessary and relevant.

Satisfied on reasonable grounds that the use or disclosure is necessary

An agency must be satisfied on reasonable grounds that the personal information is necessary for one or more of the purposes listed in these IPPs. This requires the agency to consider whether the use or disclosure will actually assist in one of the purposes listed in IPPs 10(1)(d) and 11(1)(e).

These IPPs do not authorise agencies to simply hand over or use the information. A judgement must be made as to whether the use or disclosure is necessary in the circumstances.

Generally the agency must:

  • be satisfied that there is a link between the proposed use or disclosure and the enforcement or protection activities
  • establish that the link is sufficient to make the use or disclosure of the personal information reasonably necessary

The personal information need not be essential or critical to the activity, but it must be more than just helpful or expedient.

The agency must be satisfied on reasonable grounds. This means the agency must consider the circumstances, the offence and the information in question to decide whether the use or disclosure is necessary.

Relevant considerations are:

  • whether the requesting officer has been identified as a legitimate officer, and has provided their details, including work unit and supervisor
  • the reason for the request – the agency should establish what is being investigated, at least in broad terms, and why the information is necessary
  • whether the agency has the contact details of a senior officer, who can verify that the investigation is legitimate, especially where the request involves a large amount of personal information or personal information of a sensitive nature
  • whether it is more appropriate, given the amount and sensitivity of the personal information, to wait for a warrant or other legal authority to be produced.

By or on behalf of a law enforcement agency

Law enforcement agency is defined in schedule 5 of the IP Act. If an agency fits the definition then it will fall within these IPPs.  An agency will be using or disclosing information on behalf of a law enforcement agency if:

  • it is doing something on behalf of the agency, or to assist the agency, in its law enforcement functions
  • it is making inquiries or carrying out a function on its behalf.

Disclosure to ASIO – IPP 11(1)(ea)

IPP 11(1)(ea) permits an agency to disclose personal information to the Australian Security Intelligence Organisation (ASIO) in specific circumstances.

ASIO must request its disclosure, an ASIO officer or employee appropriately authorised by the director-general of ASIO must certify that the information is required in connection with ASIO's functions, and the agency must only disclose the information to an ASIO officer or employee appropriately authorised in writing to receive it.

Current as at: June 5, 2017