In this final bulletin for 2022, we provide a timely reminder to government agencies of the considerations that should be given to the collection, storage and retention of personal information following the Optus and Medibank data breaches. We also discuss the impact of the recent changes to the Industrial Relations Act 2016 (Qld) on government agencies, and wrap-up our Queensland Government lawyers series for the year. Click below to jump to the following sections:
- With great data comes great responsibility: How government agencies can mitigate data breach risks
- Changes to workplace sexual harassment protections in Queensland’s Industrial Relations Act
- Queensland Government Lawyers series 2022: Final webinar
- News, cases and other developments
With great data comes great responsibility: How government agencies can mitigate data breach risks
Government agencies collect and hold significant amounts of personal information, including home addresses; phone numbers; driver licence, Medicare and passport numbers; health records; photographs; criminal records; and credit card details.
While it is accepted that agencies may collect and hold this information, the public expects that the information they provide to government agencies will be protected from misuse by third parties.
Following the recent Optus and Medibank data breaches, information privacy and protection has become a fundamental issue for Queenslanders looking to maintain their personal information from corruption, compromise or loss.
As a result, government agencies should consider their personal information holdings and assess how they continue to collect, retain and dispose of personal information.
Queensland’s data protection regime
Queensland’s data protection and retention regime is set out across two Acts. First, government agencies in Queensland must comply with the Information Privacy Principles (IPPs) set out in the Information Privacy Act 2009 (Qld) (IP Act). The IPPs provide for the fair collection and handling (in the public sector environment) of personal information by placing strict obligations on an agency when it collects, stores, provides access to, amends, uses and discloses personal information.
Additionally, government agencies are required to adhere to the Public Records Act 2002 (Qld) (PR Act) which governs how the state’s public records are made, managed, kept and, if appropriate, preserved.
What information can be collected?
Under the IPPs, a government agency may request personal information from an individual, provided the following criteria are met:
- the specific personal information required will fulfil a lawful purpose that is directly related to the function of the agency
- if the information is collected directly from an individual, the agency must tell the individual what the information is going to be used for before, at the point of collection, or as soon as practicable after collection
- the agency must not collect information by unlawful or unfair means, including by trickery, deception or misleading conduct.
Once collected, personal information may become a public record per the PR Act, where it is dealt with by an agency in the in the course of their business or conduct of their affairs.
Thereby, collecting only the personal information that a government agency is entitled to under law will mitigate the risk and potential impact of a data breach.
What information should not be collected?
The question of what information should not be collected is not only relevant to whether an entity is meeting its obligations under the IP Act and the PR Act, but also represents important risk mitigation in the event of a data breach. The release of records that an agency had no entitlement to collect or store is likely to be far more problematic and receive higher levels of criticism.
Accordingly, entities need to consider whether there is an ongoing need or legal basis for their collection. There should be clear and justifiable reasons for collecting personal information, and these reasons may change (and reduce) over time.
If there is no law requiring or authorising the collection of personal information, government agencies should also review whether it is reasonably necessary for their functions or activities to continue collecting personal information.
The ‘reasonably necessary’ test is an objective test – that is, would a reasonable person who is properly informed agree that the collection is necessary?
This will require consideration of several factors such as whether there are any applicable workplace laws and contractual obligations that make the collection of personal information reasonably necessary for an agency’s functions and activities.
If there is no longer a requirement or a reason to collect personal information, then steps should be taken to ensure this information is no longer collected.
How should information be disposed of?
As with the consideration of whether entities should be collecting information in the first place, compliance with the IP Act and PR Act also require consideration of what information should be deleted from time to time. Similarly, this consideration may be a risk mitigation factor as records which ought to have been deleted, but were not, fall into a category open to greater criticism than others. For example, some former customers of Optus whose data was leaked had not been customers for, in some cases, decades.
Disposal has a specific definition under the PR Act and includes destroying, damaging, abandoning, transferring, donating, giving away or selling a record in whole or in part. Disposal of a public record without proper authorisation is a criminal offence.
Of course, disposal must be balanced with the obligation for public records to be retained for the appropriate retention periods listed in the current General Retention and Disposal Schedule.
It is recommended that agencies follow the State Archivist’s Records governance policy and plan for how and when records will be disposed of, using a risk-based approach. Records must be disposed of in a planned and authorised way by:
- using the disposal authorities issued by the State Archivist, that provide proper coverage of the specific records that are created and kept
- developing and implementing a disposal plan, which details disposal decisions and actions for the agency. The plan must, at a minimum, cover:
- disposal endorsement, including how internal endorsement is given
- disposal methods, including how records will be disposed of (physical and digital)
- disposal frequency, including specifying how often certain types of records will be disposed of
- formally documenting the disposal of records.
It is important to identify the various ways in which personal information has been collected and stored, as this may impact the destruction and de-identification process. For example, if the information is stored in a hard copy, secure disposal might include methods such as secure shredding before recycling or throwing away. In contrast, if the information is stored electronically, such as in cloud-based storage, servers, USBs or with a third-party provider, you should ensure that the digital records are permanently destroyed, including in any back-up system or offsite storage.
Regular, authorised disposal ensures that only important, useful and accurate records are kept. This is particularly relevant as IPP 8 under the IP Act in particular requires government agencies to ensure personal information they have collected is accurate, up to date, complete and not misleading.
While agencies are not required to continually check the personal information they hold, they must take reasonable steps when the information is collected to ensure that it is correct. And, where there is reason to believe that the source information may not be accurate or may have become inaccurate over time, amendment or disposal may be required.
For government agencies, the collection and storage of information is a necessary function. However, it is important that when doing so they comply with the obligations under the IP and PR Acts to better mitigate the risks of potential data breaches. In light of the Optus and Medibank data breaches, we recommend agencies reflect on the following questions:
- is the personal information the agency is collecting necessary for the function the agency is performing?
- does the agency need to collect all the information that is proposed to be collected?
- what are the security protocols that the agency has in place around the personal information that has been collected?
- is the agency required to retain the personal information that it has collected?
- if you are to use the personal information, is that personal information up to date? If not, can you dispose of the outdated personal information?
How we can help?
Our government team can assist you in understanding your collection and retention of personal information obligations and can provide training for your team to ensure they are able to comply with the above and give appropriate consideration to these matters.
Changes to workplace sexual harassment protections in Queensland’s Industrial Relations Act
The Industrial Relations and Other Legislation Amendment Act 2022 (Qld) (Amendment Act) gives effect to the Queensland Government’s response to the [email protected] Report by the Australian Human Rights Commission.
The amendments see the Industrial Relations Act 2016 (IR Act) adopt the established definitions of sexual harassment in the Anti-Discrimination Act 1991 (Qld) and Sex Discrimination Act 1984 (Cth). However, the concept of sex- or gender-based harassment is new to the Queensland statute book.
Sex- or gender-based harassment is defined as unwelcome conduct of a demeaning nature on the basis of the harassed person’s sex or gender. The conduct must be engaged in with the intention of offending, humiliating or intimidating the harassed person or in circumstances in which a reasonable person would be offended, humiliated or intimidated by the conduct.
Sexual harassment now an ‘industrial matter’
The definition of ‘industrial matter’ now includes sexual, sex- or gender-based harassment of an employee in the workplace or during the employee’s employment.
This means complaints about workplace sexual, sex-based or gender-based harassment can be made directly to the Queensland Industrial Relations Commission (Commission) as an industrial dispute. Previously, the Commission could only hear complaints of workplace sexual harassment on referral from the Queensland Human Rights Commission (QHRC), where the complaint had not been resolved through the QHRC’s conciliation process.
The Commission can now also grant injunctive relief to prevent or settle an industrial dispute involving allegations of sexual, sex-based or gender-based harassment.
Unlike other industrial disputes, the Commission can grant leave for legal representation in industrial matters that include allegations of sexual harassment or sex- or gender-based harassment.
Dismissal for sexual harassment
Section 320 of the IR Act sets out matters the Commission must consider when determining whether a dismissal was unfair, including whether the employee had been warned about the conduct and given an opportunity to respond to the claim. The section has been amended to allow the Commission to decide a dismissal was not unfair if the employee engaged in sexual, sex- or gender-based harassment.
The definition of ‘misconduct’ in section 120 of the IR Act, for the purpose of summary dismissal, has also been amended to include sexual, sex-based or gender-based harassment.
Restrictions on unregistered organisations
Amendments to the IR Act now clarify that an unregistered industrial association does not have the right to represent its members in the Commission. The right to represent members’ industrial interests is limited to employee and employer organisations that are registered, or otherwise eligible for and seeking registration, under the IR Act.
Relevant amendments include:
- additional criteria for registration as an employee or employer organisation under chapter 12, which will prevent registration of an entity declared as not eligible for registration or which has an officer subject to an ancillary order
- a new power for the Commission to declare that an entity is not eligible for registration under chapter 12 and make ancillary orders to prohibit:
- an officer, employee or agent of the entity from representing a person in a matter before the Commission
- the entity from arranging an agent to represent a person in an industrial dispute
- the entity from holding out membership on the basis of being able to provide representation in stated industrial matters.
- a new civil penalty provision for making a false or misleading representation about having the right to represent a person’s or group of persons’ industrial interests
- a restriction on who may apply to the Commission for an interpretation of an industrial instrument.
Limitations on who can represent a party as an agent
Section 529 of the IR Act has been amended to require agents (other than employees or officers of a registered employee or employer organisation) be granted leave to represent a person or party in the Commission. Agents cannot be granted leave if they receive a fee for providing representation or are acting for an unregistered employee or employer association.
The amendments address concerns about underqualified or unskilled agents appearing in the Commission whilst charging unreasonable fees and some lawyers seeking to avoid regulatory requirements by providing representation under the guise of acting as an agent.
Flexibility for evidence supporting sick or carer’s leave
An employee’s entitlement to sick leave of more than two days has been conditional on providing either a doctor’s certificate or other evidence to the employer’s satisfaction. If an employer requires evidence to support carer’s leave of more than two days, the evidence must be in the form of a doctor’s certificate or statutory declaration.
Under these amendments, employees will only be required to provide evidence to support an absence of more than two days on sick leave or carer’s leave if their employer requires it, and the evidence need only be sufficient to satisfy a reasonable person.
Other changes to the IR Act
The Amendment Act also introduces the following changes:
- parental leave provisions are aligned with prevailing federal standards. This includes flexibility in how unpaid parental leave is taken, including in cases of stillbirth and increasing the age limit for a child from 5 to 16 years old for adoption-related leave or cultural parent leave
- to promote gender pay equity in collective bargaining negotiations, a proposed agreement or bargaining instrument must include information about how equal remuneration for equal work will be achieved in practice and if it allows differential remuneration, the reasons must be stated in the accompanying affidavit
- arbitration is now available by a single Commissioner during enterprise bargaining negotiations
- unpaid wages owed to a former employee must now be paid to the Public Trustee, instead of the nearest clerk of the Magistrates Court.
Impacts for Queensland public sector and local government employers
As a result of these changes, Queensland public sector and local government employers should:
- review their employee complaints and sexual harassment policies to reflect the new avenue for complaints of workplace sexual harassment or sex- or gender-based harassment to be made directly to the Commission, as an industrial dispute
- update their personal leave policies and procedures to implement the changed evidence requirements for sick leave and carer’s leave and changes to parental leave entitlements
- on receipt of a claim made on behalf of an employee by an entity purporting to represent the employee’s industrial interests, consider whether the entity is registered under chapter 12 of the IR Act to understand the scope of the entity’s right to represent the employee’s interests
- where applicable, consider expressly identifying an employee’s conduct as sexual harassment or sex- or gender-based harassment when dismissing an employee or defending an unfair dismissal claim
- review the agency’s processes for collecting and analysing gender pay equity data, to inform enterprise bargaining negotiations.
Queensland Government Lawyers series 2022: Final webinar
Delayed completion of construction projects: Extensions of time and liquidated damage (1 December 2022)
In this session, Construction, Infrastructure & Projects partners Kirsty Smith and Stephen Burton will discuss:
- who bears the risk of delay on a project?
- consequences for the principal of delay suffered by a contractor (contractor’s entitlement to compensation).
- effective management of the Extension of Time claim process
- consequences for the contractor of delay for which they are not entitled to an Extension of Time for (principal’s entitlement to liquidated damages). Register here.
Review of Public Interest Disclosure Act 2010 commences
Following a report by Professor Coaldrake AO into the Queensland public sector, the state government had begun a review of the Public Interest Disclosure Act 2010. The Act facilitates the disclosure of information about wrongdoing in the public sector when it is in the public interest to do so, as well as providing protections for those who make disclosures (23 November 2022). More…
Action for victim-survivors of sexual violence
The Queensland Government has released its response to the Women’s Safety and Justice Taskforce report Hear her voice – Report Two – Women and girls experiences across the criminal justice system. The Taskforce’s report has shone a light on the experiences of victim-survivors of sexual violence and women and girls in the criminal justice system in the state (21 November 2022). More…
Queensland's state-run Driver Reviver sites to close
The Department of Transport and Main Roads says all 23 government-owned Driver Reviver sites will close because they no longer meet health and safety regulations following a safety assessment last year. A further 20 privately run sites will remain open (21 November 2022). More…
Container change scheme to be expanded
The Department of Environment and Science is considering an extension of the state’s Containers for Change program to include glass wine and spirit bottles. Before the Containers for Change program was introduced only 18 per cent of beverage containers were recovered and recycled, now that number has grown threefold to 65 per cent (15 November 2022). More…
Regional Queensland startup founder Julia Spicer named the state’s new Chief Entrepreneur
Successful businesswoman and Order of Australia medal recipient Julia Spicer has been appointed as Queensland’s new Chief Entrepreneur. Outgoing Chief Entrepreneur Wayne Gerard will continue to provide invaluable experience on the Brisbane 2032 Legacy Committee (9 November 2022). More…
New laws to benefit unit owners in Queensland
Reforms to Queensland’s body corporate laws were recently passed in the Queensland Parliament. The passage of the Building Units and Group Titles and Other Legislation Amendment Bill 2022 has resulted in changes to the Building Units and Group Titles Act 1980 and Mixed Use Development Act 1993 to provide more transparent and fairer body corporate arrangements in relevant developments (8 November 2022). More…
State of the Climate 2022 - Australia continues to warm, heavy rainfall becomes more intense
The State of the Climate Report 2022, released by CSIRO and the Bureau of Meteorology, has found changes to weather and climate extremes are happening at an increased pace across Australia. The report shows an increase in extreme heat events, intense heavy rainfall, longer fire seasons and sea level rise. The report draws on the latest climate monitoring, science and projection information to detail Australia’s changing climate now and into the future. Read the report here.
Report Card on $100b goal highlights the good and the bad of 2022
The National Farmers’ Federation has released its 2022 Report Card – tracking progress against the industry’s goal to be Australia’s next $100 billion industry. The latest figures show that despite significant seasonal challenges facing farmers, the industry’s performance is holding surprisingly firm. To view the Report Card, click here.
New report reveals the extent of student spending
Students living in purpose-built student accommodation (PBSA) spend almost as much per month as the average Australian, according to a new report by the Student Accommodation Council. The first-of-its-kind report also reveals more Australian students are living in PBSA than ever before, with domestic students making up almost a quarter of all PBSA residents, almost the same number as international students from China. Read more here.
Implementation and delivery of COI recommendations
On 9 August 2022, in accordance with the Commissions of Inquiry Order (No.1) 2022, the Honourable Gerald Edward (Tony) Fitzgerald AC QC and the Honourable Alan Wilson QC provided their report on the Commission of Inquiry relating to the Crime and Corruption Commission (CCC). The report included 32 recommendations. The CCC is committed to implementing the recommendations and will publicly release quarterly progress reports. Read the first of these reports here.
Managing workforce agility in the Queensland public sector
Recent crisis management experiences such as COVID-19 and natural disasters have reinforced the need for Queensland's public sector to be flexible, and to work in a more unified way. While these conditions challenged business as usual, they also presented an opportunity for the sector to build a diverse and collaborative workforce, capable of agile, flexible, and innovative working practices. Read the Queensland Audit Office’s report here.
Administrative Appeals Tribunal Bulletin
The AAT Bulletin is a fortnightly publication containing information about recently published decisions and appeals against decisions in the AAT’s General, Freedom of Information, National Disability Insurance Scheme, Security, Small Business Taxation, Taxation & Commercial and Veterans’ Appeals Divisions. Read more here.
FCFCOA rules amended from Monday
Several amendments to the Federal Circuit and Family Court of Australia (Family Law) Rules 2021 commenced on Monday 28 November. The changes include the removal of the requirement to file a Parenting Questionnaire or Financial Questionnaire with every Initiating Application seeking parenting or financial orders respectively. Read more here.
ADMINISTRATIVE LAW – ADMINISTRATIVE TRIBUNALS – QUEENSLAND CIVIL AND ADMINISTRATIVE TRIBUNAL – where the applicant filed applications to review a decision out of time – where the applicant filed applications for an extension of time – whether applications for an extension of time should be granted
ADMINISTRATIVE LAW – ADMINISTRATIVE TRIBUNALS – QUEENSLAND CIVIL AND ADMINISTRATIVE TRIBUNAL – where the applicant seeks leave to appeal an interlocutory decision of the Tribunal to dismiss an application to join the Independent Assessor as a party to the proceeding – where no formal application was made but the application was inferred from the parties submissions – where the party seeking to be joined is akin to a prosecuting agency – whether the appeal should be allowed
HUMAN RIGHTS – DISCRIMINATION – DIRECT DISCRIMINATION – INDIRECT DISCRIMINATION –GROUNDS OF DISCRIMINATION – SEX DISCRIMINATION – SEXUAL HARASSMENT – HOMOSEXUALITY – VICTIMISATION – where library patron alleged sexual harassment – whether conduct occurred as alleged or at all – whether conduct of a sexual nature – discrimination on ground of sexuality and sex – indirect discrimination – whether conduct was victimisation – where no discrimination was found – where Human Rights were considered
HUMAN RIGHTS - HUMAN RIGHTS LEGISLATION - where the applicant is accused on indictment in the District Court - where he had bail - where bail was revoked - where he brought an application in the District Court as to the lawfulness of his detention - where the application was based on his human right identified by s 29(7) of the Human Rights Act 2019 - where a judge of the District Court referred questions of law to the Supreme Court - whether the questions ought to be entertained - whether the application purportedly made pursuant to s 29(7) of the Human Rights Act 2019 was appropriately brought in the District Court
ADMINISTRATIVE LAW – ADMINISTRATIVE TRIBUNALS – QUEENSLAND CIVIL AND ADMINISTRATIVE TRIBUNAL – whether there were exceptional circumstances – where the applicant sought review of a decision by the respondent to issue a negative notice for a yellow card – where the applicant was previously a support worker for vulnerable adults – where the applicant was convicted of obtaining financial advantage – where the applicant was convicted of a serious offence – where the applicant had a gambling habit – where the tribunal held there were no exceptional circumstances
ADMINISTRATIVE LAW – JUDICIAL REVIEW – PROCEDURE AND EVIDENCE – COSTS – where the respondent, a prisoner, had their parole indefinitely suspended – where the appellant is the parole board – where the parole board appealed an order which set aside its decision – where the questions of statutory construction raised by the appeal are important – where the appellant consents to indemnify the respondent’s costs of appeal
Bills introduced by Government
Bills introduced by Private Member
Bills passed without amendment
Bills amended during passage
Acts assented to
Proclamations commencing Acts made
Subordinate legislation notified
Subordinate legislation tabled
Subordinate legislation repealed
Subordinate legislation expired