28.07.2010
15.53 A common theme of this Inquiry is the personal nature of secrecy obligations. Individual compliance, however, depends upon the practices and processes of Australian Government agencies. For example, one of the risk factors identified by the CMC for the unauthorised disclosure of information by individuals is a failure by the employing agency consistently to condemn such disclosures. Agency culture may also play a role in determining which breaches are discovered, investigated and enforced at the administrative level, or referred for prosecution.
15.54 Just as importantly, agency culture can prevent information from being disclosed in situations where disclosure would be lawful and appropriate. As has been commented on extensively in the context of FOI, there are compelling drivers for agencies to sacrifice the goals of openness and accountability because of a real or perceived need for non-disclosure. Such a ‘culture of secrecy’ was criticised by the ALRC and the ARC in ALRC 77.[54] In 2008, the Independent Review Panel examining the Freedom of Information Act 1992 (Qld) discussed the tensions in information management:
Inherent at an organisational level, the urgency of the everyday imperatives in modern government can pull the public sector’s information culture towards information protection in the interests of issues management, at the expense of the important but less urgent information goals for transparency in government. …
Culture brings a more complex setting. Access to government information reaches to the core of political and bureaucratic interests and operates beyond purely legal considerations and dispassionate calculations on the public interest.[55]
15.55 In its submission in response to IP 34, the Australian Government Attorney-General’s Department (AGD) noted that a number of reviews have considered the impact of secrecy laws on information sharing and indicated that cultures of secrecy within some agencies pose a greater barrier to information sharing than legislative restrictions.[56]
15.56 The final section of this chapter discusses the information-handling culture at the level of Australian Government agencies, including strategies to shift agencies towards a culture of increased openness and transparency. In particular, the ALRC discusses the role and limitations of current oversight agencies and recommends an increased role for the proposed Information Commissioner in monitoring the compliance by Australian Government agencies of secrecy laws and other information-handling responsibilities.
Oversight of information handling in the Australian Government
15.57 The roles of a number of Australian Government office-holders may encompass the oversight and monitoring of secrecy and other information-handling practices in the Australian Government, or in particular Australian Government agencies. The functions and powers of these offices are outlined below.
Commonwealth Ombudsman
15.58 The Commonwealth Ombudsman is an independent statutory officer with the function of investigating the administrative actions of Australian Government officers and agencies, either on receipt of a complaint or on the Ombudsman’s own motion.[57] This potentially includes a range of practices regarding Commonwealth information—for instance, a decision by an agency or officer to disclose, or not disclose, information to a third party.[58]
15.59 After completing an investigation, the Ombudsman must make a report to the agency or authority investigated, including recommendations for change, where he or she is of the opinion:
(a) that the action:
- appears to have been contrary to law;
- was unreasonable, unjust, oppressive or improperly discriminatory;
- was in accordance with a rule of law, a provision of an enactment or a practice but the rule, provision or practice is or may be unreasonable, unjust, oppressive or improperly discriminatory;
- was based either wholly or partly on a mistake of law or of fact; or
- was otherwise, in all the circumstances, wrong;
(b) that, in the course of the taking of the action, a discretionary power had been exercised for an improper purpose or on irrelevant grounds; or
(c) in a case where the action comprised or included a decision to exercise a discretionary power in a particular manner or to refuse to exercise such a power:
- that irrelevant considerations were taken into account, or that there was a failure to take relevant considerations into account, in the course of reaching the decision to exercise the power in that manner or to refuse to exercise the power, as the case may be; or
- that the complainant in respect of the investigation or some other person should have been furnished, but was not furnished, with particulars of the reasons for deciding to exercise the power in that manner or to refuse to exercise the power, as the case may be.[59]
15.60 The Ombudsman has no power to implement the conclusions of an investigation. However, if appropriate action is not taken, the Ombudsman can make a further report to the Prime Minister.[60] The Ombudsman must also file annual reports that are tabled in both Houses of Parliament.[61]
15.61 The Commonwealth Ombudsman has an additional role in relation to particular sectors of the Australian Government. As Law Enforcement Ombudsman, the Ombudsman must undertake an annual review of the administration of Australian Federal Police conduct and practices,[62] a copy of which must be provided to both the President of the Senate and the Speaker of the House of Representatives for tabling.[63]
15.62 Another office of the Commonwealth Ombudsman is the Defence Force Ombudsman (DFO), which investigates administrative actions related to or arising out of a person’s service in the Australian Defence Force (ADF), either following receipt of a complaint or on the DFO’s own motion.[64] In general, before the DFO will investigate a complaint from an ADF member, the member must first have exhausted internal grievance mechanisms. The DFO is not authorised to investigate disciplinary action taken against an ADF member.[65]
Australian Public Service and Merit Protection Commissioners
15.63 The Public Service Act establishes the role of the APS Commissioner, whose functions include evaluating the extent to which agencies incorporate and uphold the APS Values; and the adequacy of systems and procedures in agencies for ensuring compliance with the APS Code of Conduct.[66]
15.64 Under s 44 of the Act, the APS Commissioner is required to prepare a report to the Prime Minister, for presentation to the Parliament, on the state of the APS during each financial year.[67] Every year the Commissioner sends a questionnaire to each agency seeking information to inform the report. In addition, the Commissioner reports annually to Parliament on information collected by the Ethics Advisory Service call centre, including on emerging ethical issues and any action that might be needed to strengthen understanding of the APS Values and Code of Conduct.[68]
15.65 The Public Service Act also establishes the role of the Merit Protection Commissioner (MPC).[69] The functions of the MPC include reviewing APS actions that relate to the employment of an APS employee and reporting on the results of such inquiries.[70] Recommendations made by the MPC are not legally binding. However, if the MPC is not satisfied with an agency’s response to recommendations, he or she may, after consulting with the responsible minister, give a report to the minister responsible for the agency and to either or both the Prime Minister and the Presiding Officers, for presentation to the Parliament.[71] The responsible minister also may request that the MPC conduct an inquiry into an action by an agency head or another APS employee in relation to an APS employee’s employment.[72]
Auditor-General
15.66 Under the Auditor-General Act 1997 (Cth), the Auditor-General, supported by the Australian National Audit Office (ANAO), is responsible for providing auditing services to the Parliament and public sector entities. The ANAO provides the Parliament with an independent assessment of selected areas of public administration, and assurance about public sector financial reporting, administration, risk management and accountability. This function is primarily fulfilled by conducting performance and financial statement audits.[73] The ANAO has conducted a series of audits of the policies and practices used by Commonwealth agencies to protect their resources, including Commonwealth information.[74]
Privacy Commissioner
15.67 The Privacy Commissioner is an independent statutory office-holder established by the Privacy Act 1988 (Cth). The Privacy Commissioner, supported by the Office of the Privacy Commissioner, is responsible for overseeing the Privacy Act and monitoring compliance with that Act. In the report For Your Information: Australian Privacy Law and Practice (ALRC 108), the ALRC made a number of recommendations directed towards clarifying and enhancing the powers of the Privacy Commissioner including, for example, introduction of a power to direct an agency to provide a Privacy Impact Assessment in relation to a new project or development that the Privacy Commissioner considers may have a significant impact on the handling of personal information.[75] The Australian Government has largely supported these recommendations.[76]
Law Enforcement Integrity Commissioner
15.68 The Law Enforcement Integrity Commissioner has responsibilities in relation to the prevention, detection and investigation of serious and systemic corruption issues in the Australian Federal Police and the ACC.[77] The jurisdiction of the Integrity Commissioner could be invoked, for example, where unauthorised handling of Commonwealth information is associated with financial gain on the part of an officer.
15.69 In February 2009, the Parliamentary Joint Committee on the Australian Commission for Law Enforcement Integrity (ACLEI) reported on its inquiry into law enforcement integrity models. The Committee considered whether ACLEI’s jurisdiction should be extended beyond Commonwealth agencies with a law enforcement function, and expressed the view that, in the long term, all Commonwealth agencies with law enforcement functions should be subject to external scrutiny. The Committee suggested that further work should be done to determine a ‘systematic and workable process’ for extending ACLEI’s jurisdiction to these other agencies.[78]
Inspector-General of Intelligence and Security
15.70 The Inspector-General of Intelligence and Security (IGIS) is an independent statutory office-holder who reviews the activities of the agencies collectively comprising the Australian Intelligence Community (AIC).[79] The IGIS provides independent assurance that the AIC agencies:
- conduct their activities within the law;
- behave with propriety;
- comply with ministerial guidelines and directives; and
- have regard to human rights.[80]
15.71 The IGIS considers complaints or requests from ministers in relation to the actions of AIC agencies. Investigations can also be initiated on the IGIS’s own motion. In undertaking inquiries, the IGIS has investigative powers similar to those of a Royal Commission. Once an inquiry is completed, the IGIS must provide a report, including any conclusions and recommendations, to the head of the relevant agency and to the responsible minister.[81] The agency head must advise the IGIS of any action taken in response to the inquiry. Where the IGIS is of the view that such action is inadequate or inappropriate, he or she may discuss the matter with the responsible minister and prepare a report, a copy of which is provided to the Prime Minister.[82]
15.72 Additional oversight of the AIC is provided by the Parliamentary Joint Committee on Intelligence and Security, which conducts an annual review of the administration, expenditure and financial statements of the AIC.[83]
Inspector-General of the ADF
15.73 The Inspector-General of the ADF (IGADF) is a statutory position introduced in 2005 to oversee the ADF military justice system.[84] The principal functions of the IGADF are:
inquiring into complaints about the military justice system that cannot be dealt with through the usual channels, conducting an ongoing scrutiny of the effectiveness of the system through a program of rolling audits of military justice arrangements at unit level, and analysing a broad spectrum of military justice statistical data.[85]
15.74 The IGADF does not have the power to implement measures arising out of investigations. Rather, the IGADF may report the outcome of inquiries to the Chief of the ADF, an official in the Department of Defence, a member of the ADF or another person affected by the inquiry.[86] The Department of Defence’s annual report also includes a section on the operation of the Office of the IGADF.
Inspector-General of Taxation
15.75 The Inspector-General of Taxation is an independent statutory office-holder who reviews systemic tax administration issues. Section 7 of the Inspector-General of Taxation Act 2003 (Cth) sets out the functions of the Inspector–General as being:
(a) to review:
- systems established by the Australian Taxation Office to administer the tax laws, including systems for dealing or communicating with the public generally, or with particular people or organisations, in relation to the administration of the tax laws; and
- systems established by tax laws, but only to the extent that the systems deal with administrative matters; and
(b) to report on those reviews, setting out:
- the subject and outcome of the review; and
- any recommendations that the Inspector–General thinks appropriate concerning how the system reviewed could be improved.
15.76 Where the Inspector-General, in the course of a review, forms the opinion that a tax official has engaged in misconduct, the Inspector-General must report the evidence to the Commissioner of Taxation.[87]
Information Commissioner
15.77 Although many oversight offices are potentially relevant to information-handling practices in Australian Government agencies, none of them has information handling as their primary responsibility.
15.78 As part of its anticipated reforms to FOI laws and practices, the Australian Government has proposed to establish an Office of the Information Commissioner. The proposed functions of the Information Commissioner include:
to report to the Minister on any matter that relates to the Commonwealth Government’s policy and practice with respect to:
(i) the collection, use, disclosure, management, administration or storage of, or accessibility to, information held by the Government; and
(ii) the systems used, or proposed to be used, for the activities covered by subparagraph (i).[88]
15.79 The Companion Guide to the FOI reform package notes that one of the roles for the Information Commissioner is that he or she
will act as an independent monitor for FOI and will be entrusted with a broad range of functions designed to make the Office of the Information Commissioner both a clearing house for FOI matters and a hub for the promotion of the objects of the Act.[89]
15.80 The proposed Information Commissioner will be supported by the Privacy Commissioner and a new FOI Commissioner.
15.81 In his report for the Department of the Prime Minister and Cabinet on information policy and e-governance in the Australian Government, Dr Ian Reinecke considered the potential roles and responsibilities of the Information Commissioner. Reinecke advised that the Information Commissioner should ‘provide cross-government oversight of information policy and management and undertake a strong public advocacy role to promote open access to public sector information’.[90] The Commissioner may also have a role in reviewing, and reporting to Parliament on, agency publication schemes.[91]
15.82 In its Issues Paper, Towards Government 2.0, the Government 2.0 Taskforce noted that some aspects of Government information could fall within the purview of the proposed Information Commissioner, including information management standards, policies and guidelines, and information technology system issues. The Taskforce asked whether there were practical recommendations that it could make about how the Information Commissioner could best fulfil its functions in relation to optimising the dissemination of Government information.[92]
Submissions and consultations
15.83 Some stakeholders in this Inquiry expressed strong views about the need for independent oversight of the manner in which Australian Government agencies discharge their information-handling responsibilities. For example, Whistleblowers Australia commented on the futility of the ALRC’s recommendation about information handling in the absence of formal accountability measures:
The ALRC has made praiseworthy recommendations about information handling, awareness and understanding of secrecy obligations, and the shift towards pro-disclosure, with improved agency practices aimed at consistency, clarity and a better balance of the public interest in play.
However over the last 20 years those same forms of recommendations have been made repeatedly, directions have been issued, guidelines promulgated and training courses have even been held, all to no avail. Agencies are free to administer their obligations under the FOI Act as they see fit. Similarly they may do the same in relation to whistleblowing or secrecy provisions. If one is an employee, there is simply no agency to which one can go to complain about an agency’s failure to implement guidelines or legislation let alone to complain about abuses of office or other forms of maladministration. It is possible to take an agency to the [Administrative Appeals Tribunal] or the Federal Court in pursuit of some accountability but that course is totally beyond the resources of most Commonwealth employees.
The bottom line is that another proposal to upgrade practices is just another round of proposals to upgrade practices. They don’t actually achieve anything.[93]
15.84 Whistleblowers Australia suggested that all Commonwealth secrecy provisions, including their administration, management and enforcement, should be subject to review and investigation by ACLEI, arguing that the APSC has been ineffective in this oversight role.[94]
15.85 The Australian Press Council submitted that the process of assigning security classification levels to material should be subject to ‘regular monitoring and review by an independent body’.[95] The Australia’s Right to Know coalition endorsed the establishment of an Information Commissioner, as proposed by the Australian Government.[96]
15.86 The AGD noted that monitoring and overseeing the application of secrecy laws is not the primary role of bodies such as the Ombudsman and the APS Commissioner, although they may be able to consider particular matters following specific complaints.[97]
15.87 In comparison, several Australian Government agencies made submissions in support of the current oversight mechanisms. The AIC submitted that there are extensive oversight mechanisms in place relating to the intelligence agencies—in particular, the IGIS.[98] The Australian Prudential Regulatory Authority advised that its mechanisms were ‘as effective as is practicable’.[99] The Australian Securities and Investments Commission agreed that, in its ‘limited experience’, oversight mechanisms appear effective.[100]
ALRC’s view
15.88 The effectiveness of the administrative reforms recommended in this report will depend on strong and independent oversight of the manner in which Australian Government agencies discharge their information-handling responsibilities.
15.89 Existing oversight mechanisms have a potential role in this context. For example, the Commonwealth Ombudsman could investigate the systemic leaking of information by Commonwealth officers in a particular agency. The APS Commissioner could report on an APS agency’s administrative disciplinary system, where its operation, for example, was inadequate to promote compliance by employees with their secrecy obligations under the APS Code of Conduct. However, none of these offices has a primary role in monitoring and overseeing information-handling practices. In the ALRC’s view, an Information Commissioner—such as that proposed in the Exposure Draft Information Commissioner Bill—is an important initiative to supplement current oversight of information handling by Australian Government agencies.
15.90 The ALRC recommends that the Information Commissioner’s role include reviewing and reporting to the responsible minister on Australian Government agencies’ information-handling policies and any directions issued to employees.[101] The ALRC considers these functions to be consistent with the functions set out in the Exposure Draft Information Commissioner Bill and Reinecke’s report on information policy and e-governance.
Recommendation 15–4 The Information Commissioner should review and report to the Minister on the information-handling policies developed by Australian Government agencies in accordance with Recommendation 14–1 and any relevant employee directions.
[54] Australian Law Reform Commission and Administrative Review Council, Open Government: A Review of the Federal Freedom of Information Act 1982, ALRC 77 (1995), Ch 4.
[55] Freedom of Information Review Panel, Enhancing Open and Accountable Government, Discussion Paper (2008), 90–91.
[56] Attorney-General’s Department, Submission SR 36, 6 March 2009.
[57]Ombudsman Act 1976 (Cth) s 5. As discussed below, the Ombudsman has additional responsibilities in his or her associated role as the Defence Force Ombudsman; Law Enforcement Ombudsman; Immigration Ombudsman; Postal Industry Ombudsman; and Taxation Ombudsman.
[58] Ibid s 5(2)(d), however, expressly prevents the Ombudsman from investigating employment actions (for example, a penalty for a determined breach of the APS Code of Conduct) taken in respect of APS employees.
[59] Ibid s 15(1).
[60] Ibid s 16.
[61] Ibid s 19.
[62]Australian Federal Police Act 1979 (Cth) pt V div 7.
[63] Ibid s 40XD.
[64]Ombudsman Act 1976 (Cth) s 19C(2), (3).
[65] Ibid s 19C(5)(d).
[66]Public Service Act 1999 (Cth) s 41(1)(a), (b).
[67] Ibid s 44(3).
[68] J Faulkner (Cabinet Secretary and Special Minister of State), Launch of the Public Service Ethics Advisory Service: 6 May 2009 (2009) <www.smos.gov.au/speeches> at 6 December 2009. In exceptional cases, the APS Commissioner may also refer issues to the agency head or—where claims of a serious nature or involving imminent risk are identified—to the Australian Federal Police: Australian Public Service Commission, Ethics Advisory Service Client Service Charter (2009) <www.apsc.gov.au> at 6 December 2009.
[69]Public Service Act 1999 (Cth) pt 6.
[70] Ibid s 33.
[71] Ibid s 33(5), (6).
[72] Ibid s 50.
[73] Australian National Audit Office, About Us (2006) <www.anao.gov.au/director/aboutus.cfm> at 5 September 2008.
[74] See, eg, Australian National Audit Office, Managing Security Issues in Procurement and Contracting, Audit Report 43 (2007); Australian National Audit Office, Administration of Security Incidents, Including the Conduct of Security Investigations, Audit Report 41 (2005); Australian National Audit Office, Management of Protective Security, Audit Report 55 (2004); Australian National Audit Office, Personnel Security—Management of Security Clearances, Audit Report 22 (2001); Australian National Audit Office, Operation of the Classification System for Protecting Sensitive Information, Audit Report 7 (1999); Australian National Audit Office, Protective Security, Audit Report 21 (1997).
[75] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108 (2008), Rec 47–4 and see generally Chs 45–51.
[76] Australian Government, Enhancing National Privacy Protection—Australian Government First Stage Response to the Australian Law Reform Commission Report 108 For Your Information: Australian Privacy Law and Practice (2009).
[77]Law Enforcement Integrity Commissioner Act 2006 (Cth) s 3.
[78] Parliament of Australia—Parliamentary Joint Committee on the Australian Commission for Law Enforcement Integrity, Inquiry into Law Enforcement Integrity Models (2009), [5.24].
[79] Agencies of the AIC are the Australian Security Intelligence Organisation; the Australian Secret Intelligence Service; the Office of National Assessments; the Defence Intelligence Organisation; the Defence Imagery and Geospatial Organisation; and the Defence Signals Directorate.
[80] Inspector-General of Intelligence and Security, About IGIS (2008) <www.igis.gov.au/about.cfm> at 7 October 2008.
[81]Inspector-General of Intelligence and Security Act 1986 (Cth) s 22.
[82] Ibid s 24.
[83] The annual review is required under s 29(1)(a) of the Intelligence Services Act 2001 (Cth).
[84]Defence Act 1903 (Cth) pt VIIIB. The position of the IGADF was introduced in the Defence Legislation Amendment Act (No 2) 2005 (Cth).
[85] Australian Government Department of Defence, Annual Report 2006–07, 156.
[86]Defence (Inquiry) Regulations 1985 (Cth) reg 102(3).
[87]Inspector-General of Taxation Act 2003 (Cth) s 38. Where the Inspector-General suspects misconduct on the part of the Commissioner of Taxation, the matter is reported to the Minister: s 38(c).
[88] Exposure Draft, Information Commissioner Bill 2009 (Cth) cl 9(a).
[89] J Faulkner (Cabinet Secretary and Special Minister of State), Freedom of Information (FOI) Reform: Companion Guide (2009), 8.
[90] I Reinecke, Information Policy and E-governance in the Australian Government (2009) Department of the Prime Minister and Cabinet, 34.
[91] Ibid, 35.
[92] Government 2.0 Taskforce, Towards Government 2.0: An Issues Paper (2009), Question 35. Government 2.0 and the Taskforce is explained in Ch 2.
[93] Whistleblowers Australia, Submission SR 74, 17 August 2009.
[94] Whistleblowers Australia, Submission SR 40, 10 March 2009.
[95] Australian Press Council, Submission SR 62, 12 August 2009.
[96] Australia’s Right to Know, Submission SR 72, 17 August 2009.
[97] Attorney-General’s Department, Submission SR 36, 6 March 2009.
[98] Australian Intelligence Community, Submission SR 37, 6 March 2009.
[99] Australian Prudential Regulation Authority, Submission SR 12, 13 February 2009.
[100] Australian Securities & Investments Commission, Submission SR 41, 17 March 2009.
[101] The ALRC recommends that Australian Government agencies develop and implement information-handling policies: Rec 14–1.