Hansard Search

12 March 1991 - Current

 
Children Legislation Amendment (Information Sharing) Bill 2017
Page 4371
13 December 2017
ASSEMBLY Statement of compatibility MARTIN FOLEY

Mr FOLEY (Minister for Housing, Disability and Ageing) tabled following statement in accordance with Charter of Human Rights and Responsibilities Act 2006:

In accordance with section 28 of the Charter of Human Rights and Responsibilities Act 2006 (the charter), I make this statement of compatibility with respect to the Children Legislation Amendment (Information Sharing) Bill 2017 (the bill).

In my opinion, the bill, as introduced to the Legislative Assembly, is compatible with human rights as set out in the charter. I base my opinion on the reasons outlined in this statement.

Overview

The bill amends the Child Wellbeing and Safety Act 2005 (the principal act) to establish an information-sharing scheme to enable prescribed entities to share confidential information in order to promote the wellbeing and safety of children. The bill also establishes a register of all children born or participating in specified services in Victoria to improve child wellbeing and safety outcomes for those children, and to monitor and support their participation in government-funded programs and services. Further, the bill makes a range of amendments to the Children, Youth and Families Act 2005, the Health Records Act 2001, the Privacy and Data Protection Act 2014, the Health Services Act 1988, the Education and Training Reform Act 2006 and the Freedom of Information Act 1982 to support the operation of the new information-sharing scheme.

In making these amendments, the bill seeks to address the issues raised in numerous recent independent reviews, which have recommended reform to Victoria's information-sharing arrangements to improve wellbeing and safety outcomes for children. These include reviews undertaken by the Victorian Auditor-General, the Coroners Court of Victoria, the Commission for Children and Young People and the Protecting Victoria's Vulnerable Children Inquiry, some of which relate to the deaths of children. A key theme of these reviews has been that, with the benefit of hindsight, the risk of harm to children could have been avoided or significantly reduced if relevant agencies and service providers had been empowered to take a proactive approach to information exchange and a more collaborative, integrated approach to service provision for children and families.

The bill addresses these issues and recommendations by establishing a scheme designed to improve the ability of relevant agencies and service providers to exchange certain information about a child or group of children, with a focus on early intervention. It does so by inserting a new part 6A into the principal act to provide for the sharing of confidential information between specified persons and bodies for the purpose of promoting the wellbeing or safety of children, in circumstances which include but extend beyond where a child is already at risk.

The bill also inserts a new part 7A into the principal act to establish a platform called Child Link, to enable systematic sharing between specified entities of limited factual information regarding a child's enrolment and participation in services and to enable government to create longitudinal datasets to inform policy development and service design.

Human rights issues

In my opinion, the human rights under the charter that are relevant to the bill are:

the protection of families and children under section 17 of the charter;

the right to privacy as protected by section 13 of the charter;

the right to freedom of expression under section 15(2) of the charter; and

the presumption of innocence in relation to criminal offences under section 25(1) of the charter.

For the reasons outlined below, I am of the view that the bill is compatible with each of these human rights.

Importantly, by establishing a scheme with the overarching purpose of promoting the wellbeing and safety of children and facilitating early intervention in relation to potential risks, the bill promotes the right of children in section 17(2) of the charter to such protection as is in their best interests.

Protection of children

Section 17(2) of the charter provides that every child has the right to such protection as is in their best interests and is needed by them by reason of being a child. This provision acknowledges that children are vulnerable because of their age and are entitled to special protection.

The bill promotes the rights of children by having as its fundamental purpose the promotion of wellbeing and safety of children and by providing that confidential information may only be disclosed for that purpose. While the right of children to consent to their information being collected and disclosed and to be updated on its use is limited by the bill, such limitations reflect and recognise the particular vulnerabilities of children and that they may not always be willing or able to disclose information critical to their safety and wellbeing.

The principles in new section 41U and the associated guidelines under new section 41ZA (as discussed below under the heading of 'Privacy') provide guidance to information-sharing entities when collecting, using and disclosing confidential information to seek and take into account the views of the child wherever appropriate, safe and reasonable to do so; to preserve positive relationships between the child and people significant to the child; and to have regard to the child's identity, vulnerability and cultural rights. The bill enables the state to take appropriate measures to protect children from harm while supporting their agency and autonomy to the greatest extent possible. As such, to the extent that any rights under section 17(2) are limited, any such limitation is reasonable and necessary to give effect to the legitimate aim of promoting children's wellbeing.

Protection of families

Section 17(1) of the charter provides that families are the fundamental group unit of society and are entitled to be protected by society and the state. This section recognises that the relationship between a parent and child is an integral part of family life and protects the rights of parents to exercise parental authority in relation to the care and upbringing of children. When taking measures to protect a child's wellbeing, the state is obliged to take into account the rights and duties of parents.

A number of principles set out in new section 41U (as discussed below under the heading of 'Privacy') promote the protection of families by guiding information-sharing entities when collecting, using and disclosing confidential information to seek and take into account the views of relevant family members where appropriate, safe and reasonable to do so; to preserve and promote positive relationships between the child and their family; and to promote and recognise the familial connections of Aboriginal and Torres Strait Islander children. The principles also note that the information-sharing entity should take all reasonable steps to plan for the safety of any family members who are believed to be at risk from family violence. Further, the bill may protect families by assisting parents to secure the safety and wellbeing of their children.

However, the bill also limits the right in section 17(1) by enabling confidential information about a child or family member to be shared without the consent or knowledge of their parents, as outlined above. The sharing of information about a child or family member in this way may undermine parental authority and could have ongoing impacts on the family unit and their engagement with services.

In my view, any limitation of the right in section 17(1) is justified in light of the important overarching objective of the new information-sharing provisions to promote the safety and wellbeing of children and the fact that obtaining the consent of a child's parent may often be impractical or inappropriate, particularly in the face of significant harms. Both the principles and guidelines will guide information-sharing entities to consider family relationships and the views of relevant family members when sharing confidential information, whilst prioritising the safety and wellbeing of the child.

Privacy

Section 13(a) of the charter provides that a person has the right not to have their privacy, family, home or correspondence unlawfully or arbitrarily interfered with. An interference will be lawful if it is permitted by a law which is precise and appropriately circumscribed, and will be arbitrary only if it is capricious, unpredictable, unjust or unreasonable, in the sense of being disproportionate to the legitimate aim sought.

The bill permits and, in some cases, requires the disclosure of confidential information between specified entities for the purpose of promoting the wellbeing or safety of children. Several provisions of the bill therefore interfere with the right to privacy. However, for the reasons set out below, it is my view that these interferences are neither unlawful nor arbitrary and as such do not constitute a limit on the right to privacy.

Information sharing between prescribed entities

Clause 8 of the bill inserts a new part 6A into the principal act to provide for the sharing of confidential information between specified persons and bodies for the purpose of promoting the wellbeing or safety of children. The scheme will apply to a confined list of 'information-sharing entities' to be prescribed by regulation (new sections 41R and 46ZC) and may include, for example, nurses, psychologists and other medical practitioners, police officers, teachers, principals of a registered school, state-funded community service organisations, and education and care services. Some entities may be prescribed as 'restricted information-sharing entities', with more limited authorisation to share or obtain confidential information, which will be specifically set out in the regulations.

Specifically, within new part 6A of the principal act, section 41V provides that an information-sharing entity may, on its own initiative, disclose confidential information (other than excluded information) to another information-sharing entity if the disclosure is made for the purpose of promoting the wellbeing or safety of a child or group of children, and the disclosing entity reasonably believes that the disclosure may assist the receiving entity to make decisions, assessments or plans, initiate or conduct an investigation, or provide a service or manage a risk, in relation to a child or group of children. Further, new section 41W provides that an information-sharing entity may request another information-sharing entity to disclose confidential information (other than excluded information) for the same overarching purpose, and the responding entity must comply with that request if it reasonably believes that disclosure may achieve the same outcomes as those identified above with respect to new section 41V.

'Confidential information' is defined in clause 5 of the bill (amending section 3(1) of the principal act) to mean health information (within the meaning of the Health Records Act 2001), personal information (within the meaning of the Privacy and Data Protection Act 2014), sensitive information and unique identifiers (within the meaning of the Privacy and Data Protection Act 2014), and identifiers (within the meaning of the Health Records Act 2001).

'Excluded information' is defined in clause 8 of the bill (new section 41Q) to mean confidential information the collection, use or disclosure of which could be reasonably expected to endanger a person's life or result in physical injury; prejudice an investigation, inquest or fair trial; breach legal privilege; contravene a court order or provision of the principal act; or be contrary to the public interest.

New section 41U sets out the principles that information-sharing entities (and, where relevant, restricted information-sharing entities) should refer to for guidance when collecting, using or disclosing confidential information in accordance with new part 6A. These principles apply in addition to the overarching purpose of promoting the wellbeing or safety of children being met (in all cases) and the reasonable belief that the disclosure may assist other entities in their dealings with children. These principles include that entities should:

give precedence to the wellbeing and safety of a child or children over the right to privacy;

only share confidential information to the extent necessary to promote the wellbeing or safety of a child or group of children, consistent with the best interests of that child or children;

work collaboratively with other entities in a manner that respects their functions and expertise;

seek and take into account the views of the child and relevant family members wherever appropriate, safe and reasonable to do so;

seek to preserve and promote positive relationships between the child, their family and other people significant to the child;

be respectful and have regard to a child's social, individual and cultural identity, their strengths and abilities and any vulnerability relevant to the child's wellbeing or safety;

take all reasonable steps to plan for the safety of all family members believed to be at risk of family violence;

promote the cultural safety and recognise the cultural rights and familial and community connections of children who are Aboriginal, Torres Strait Islander or both; and

seek to maintain constructive and respectful engagement with children and their families.

The application of these principles, which will be supported by detailed guidelines that the minister must make and publish after extensive and compulsory consultation, will ensure that information-sharing entities and restricted information-sharing entities only share confidential information to the extent that it is appropriate to do so in all the circumstances. New section 41ZA(2)(b) provides that the guidelines must address how the principles are to be applied in practice when collecting, using or disclosing confidential information and how an information-sharing entity or a restricted information-sharing entity may demonstrate its capacity to handle confidential information responsibly and appropriately. For example, in relation to the principle of taking all reasonable steps to plan for the safety of family members believed to be at risk of family violence, the guidelines will contain detailed guidance on using family violence risk management frameworks. In relation to the principle of seeking and taking into account the views of children and relevant family members, the factors that are relevant to when and whether consent should be obtained will be discussed throughout the guidelines. Information-sharing entities and restricted information-sharing entities must comply with the guidelines (new section 41ZA(5)). Although non-compliance alone is not an offence (new section 41ZK(5) and 41ZL(4)), it will be relevant to complaints made under the Privacy and Data Protection Act 2014, Health Records Act 2001 or Privacy Act 1988 of the commonwealth (Privacy Act), and may lead to a person or body ceasing to be prescribed as an information-sharing entity.

New section 41ZG extends the operation of the Privacy and Data Protection Act 2014 to any information-sharing entity that is not already covered by that act. The Information Privacy Principles (IPPs) in schedule 1 to that act will therefore apply so as to provide an appropriate level of further regulation and accountability. For example, under IPP 1.1, an entity must only collect personal information that is necessary for one or more of its functions or activities, and under IPP 2.1, an entity must not use or disclose personal information for a purpose other than the primary purpose for which it was collected (save for in specified and limited circumstances). This means that, generally, entities that receive confidential information under new part 6A will only be able to use that information for the purposes for which it was exchanged (except, pursuant to new section 41X, if otherwise required or permitted under another act or law).

However, the bill displaces certain IPPs in order to ensure that the objectives of new part 6A are not unduly compromised. Specifically, clause 30 provides that nothing in IPPs 1.4, 1.5, or 10.1 applies to the collection of personal or sensitive information by information-sharing entities. The effect of clause 30 is that when acting in accordance with new part 6A of the principal act, information-sharing entities need not collect personal information directly from the individual it relates to (IPP 1.4). It also means that where an information-sharing entity has collected personal information about an individual from someone else, where compliance would be contrary to the promotion of the wellbeing and safety of a relevant child, the entity need not take reasonable steps to ensure that the individual is aware of matters such as the identity of the entity that has collected the information, the fact that the individual can access the information, the purposes for which it has been collected, and to whom the entity will disclose the information (IPP 1.5). Further, the circumstances in which entities are empowered to collect sensitive information are not limited to those in which the individual has either consented; the collection is required under law; the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of an individual; or the collection relates to the establishment, exercise or defence of legal claims (IPP 10.1). More broadly, division 4 of part 3 of the bill provides that nothing in any IPP applies to the collection, use or disclosure of personal or sensitive information under part 6A to the extent that it requires the consent of the relevant person. Additionally, division 3 of part 3 makes similar amendments as outlined above to the Health Records Act 2001, with respect to the corresponding health privacy principles contained in that act.

The consequential amendments to the Children, Youth and Families Act 2005 in division 1 of part 3 of the bill repeal a number of prohibitions on disclosure under that act. This includes provisions that prohibit protective interveners, including the Secretary to the Department of Health and Human Services, from disclosing any information or record arising from an investigation under part 4.6 of that act to anyone other than specified people or bodies, and provisions that prohibit a person who prepares, receives or otherwise has access to certain reports (such as protection reports and therapeutic treatment reports) from disclosing information contained in that report without consent. While the repeal of these provisions may permit such information to be shared more broadly than was previously authorised, any disclosure of personal information must still be made in accordance with the Privacy and Data Protection Act 2014 and the requirements under new part 6A (if sharing confidential information under that part). Further, the repeal of provisions that may impose conflicting obligations on information-sharing entities ensures greater clarity and consistency around information sharing, and persons who give information in confidence in the course of an investigation will continue to be protected by confidentiality provisions in part 4.6 of the Children, Youth and Families Act 2005.

The bill empowers information-sharing entities to share a range of confidential information about individuals in circumstances in which that information may not previously have been able to be shared, and the scheme represents a recalibration of rights to give precedence to the wellbeing and safety of children over the right to privacy of those children and other persons. However, in my view, the circumstances in which confidential information may be shared are sufficiently precise, confined, and proportionate to the legislative purpose sought to be achieved. The information-sharing provisions outlined above are therefore neither unlawful nor arbitrary and as such, do not limit the right to privacy under the charter.

The bill aims to shift an entrenched, risk-averse culture around information sharing to promote an approach to information exchange that is proactive, collaborative and appropriately balanced. The threshold purpose of 'wellbeing or safety' enables prevention, early risk assessment and intervention before harm occurs or statutory intervention is required. The factors that contribute to 'wellbeing' form the basis of the principles that are set out in new section 41U for relevant entities to consider and, as outlined above, these principles (as well the factors relevant in determining 'wellbeing' in the context of the legislation) will be reflected and expanded in guidelines which must be made by the minister and which will bind relevant entities. Further, by carving out certain categories of 'excluded information' from the information-sharing provisions, the bill ensures that confidential information that could give rise to an unacceptable risk of harm cannot be shared.

The bill also contains a broad regulation-making power in new section 46ZC of the principal act, to provide further certainty as to the operation of the new information-sharing scheme. In addition to prescribing the confined list of entities which will be empowered to exchange confidential information under the bill, the regulations may prohibit or regulate the type of information that may be used, disclosed, handled, requested or received by an entity, further prescribe the purposes for which confidential information may be used or disclosed, and prescribe the information to be recorded by an entity for the purpose of its record-keeping requirements under new section 41ZC. Offence provisions relating to unauthorised use and disclosure of confidential information without consent (new sections 41ZK and 41ZL), and false claims to be or represent a prescribed information-sharing entity (new section 41ZM) provide further safeguards, as do the mandatory two and five-year independent review provisions in new sections 41ZN and 41ZO.

To the extent that the information-sharing provisions displace some of the otherwise applicable requirements contained in the Privacy and Data Protection Act 2014 and Health Records Act 2001, in my view, this is crucial in order to achieve the objectives of the bill. This approach is consistent with the approach taken in the Family Violence Protection Amendment (Information Sharing) Act 2017, which displaced IPPs 1.4, 1.5 and 1.10 in relation to persons of concern. A requirement that entities obtain consent from relevant individuals and make them aware of various matters relating to confidential information collected would seriously undermine the capacity of those entities to exchange information in the proactive, efficient and collaborative manner envisaged by the bill. Obtaining the consent of children raises complex issues; moreover, it may place a significant and inappropriate burden of responsibility on children for their own safety and wellbeing, which would be inconsistent with the best interests of those children. Further, requiring entities to obtain consent prior to sharing confidential information would create significant uncertainty about when confidential information can be shared and could encourage unnecessary risk aversion. However, this does not mean that children's agency and privacy is not important. It is. As such, in keeping with the principles, the guidelines will state that entities should have regard to the views of a child (and their relevant family members) where appropriate, safe and reasonable to do so. Further, the principle that an information-sharing entity should only override a person's right to privacy to the extent necessary to promote wellbeing or safety ensures a proportionate approach to information sharing.

I note that in The Christian Institute & Ors v. The Lord Advocate (Scotland) [2016] UKSC 51, the UK Supreme Court held an information-sharing scheme to be incompatible with the right to respect for private and family life under the European Convention on Human Rights. In comparison, the information-sharing scheme under this bill provides for detailed principles to be considered by information-sharing entities when sharing information. This essential aspect of the bill will be reflected and expanded in the mandatory ministerial guidelines, with which information-sharing entities must comply. The extension of obligations contained in privacy legislation (save for some limited exclusions) to information-sharing entities under this bill also ensures clarity and proportionality in the approach taken to information exchange. Therefore, in my view, these features are sufficiently different to distinguish the two schemes.

Information sharing with other persons

Within division 2 of part 6A of the principal act, new section 41Y provides that an information-sharing entity may disclose confidential information (other than excluded information) to a child, a person who has parental responsibility for the child or a person with whom the child is living, for the purposes of managing a risk to the child's safety. The person to whom the information is disclosed must only use or disclose it for the purpose of managing that risk.

The circumstances in which confidential information may be disclosed by an entity to a person other than another entity under these provisions are appropriately limited. Information may only be shared where there is a risk to a child's safety and it may only be shared for the purpose of managing that risk. 'Excluded information' cannot be shared. Further, many of the safeguards that apply to the sharing of confidential information between prescribed entities will also apply in this context. For example, in determining whether an entity should share information under new section 41Y, the entity will need to consider the principles set out section 41U and comply with the ministerial guidelines issued under new section 41ZA.

In my view, section 41Y is therefore sufficiently precise and proportionate so as not to limit the right to privacy under the charter.

Division 1 of part 3 of the bill makes consequential amendments to the Children, Youth and Families Act 2005 that enable the sharing of certain information to occur between particular bodies in the context of that act. Clause 17 inserts a provision that allows the Secretary to the Department of Health and Human Services and protective interveners to request, disclose and receive information from certain bodies or individuals if they believe on reasonable grounds that it is required for the performance of the duties or functions of the secretary or protective intervener under that act. This information may include personal information. The information may be received from, or disclosed to, the Secretary to the Department of Health and Human Services, another protective intervener, an information holder, a service agency, a person in charge of, or employed in, a registered community service or another individual. Clause 18 substitutes section 193 to permit community-based child and family services, upon receiving a referral from a person who has a significant concern for the wellbeing of a child, to consult with certain services for the purpose of assessing a risk to a child or to determine which service is an appropriate body to provide assistance. In the course of such a consultation, the community-based child and family service may receive or disclose information about the child or family.

These amendments reflect a more permissive approach to information sharing to enable service agencies and community services to better perform their functions and duties. Such amendments do not unreasonably limit the right to privacy because they restrict information sharing to specific categories of people in certain, prescribed circumstances.

Establishment of the Child Link scheme

Clause 10 of the bill inserts a new part 7A into the principal act to provide for the establishment of a Child Link Register.

Under new sections 46B and 46Y, the secretary to the Department of Education and Training is required to establish and maintain the register in relation to each child who is born in Victoria; accesses, enrols in, registers with or otherwise engages with a relevant service (for example, a Maternal and Child Health service, supported playgroup, and registered school); registers for homeschooling; or is the subject of a child protection order.

The particulars to be included on the register will be extracted and regularly updated (through an automated process) from a number of existing databases. To facilitate this, new section 46I authorises certain persons to collect confidential information and disclose it to the secretary to enable the secretary to establish and maintain the register. The secretary may amend an entry on the register to reflect the most accurate information available to the secretary, and may collect, use or disclose confidential information about a child or other person for the purposes of establishing and maintaining the register without the consent of that person.

The particulars that may be included in the register are set out in new section 46D and include the child's full name, date and place of birth, and sex; full names of each person who has or has had parental responsibility for, or day-to-day care of, the child; siblings' names; whether the child is Aboriginal, Torres Strait Islander, or both; information about any child protection orders made in relation to the child; and whether the child is a participant in the national disability insurance scheme. The register will also include specified information in relation to the relevant services that the child has accessed, enrolled in or been referred to. The specified information is set out in new section 46D(3) and includes the name and contact details of the service, the dates of the child's participation in the service, a description of the child's participation in the service, dates of registration and cancellation in relation to homeschooling and any other prescribed information that is considered necessary.

Only people designated as Child Link users may access the register and use confidential information contained in the register. A list of Child Link users is contained in new section 46K and includes specified persons employed or engaged to provide education or health and welfare services at a school or an approved education and care service; nurses employed or engaged in the provision of maternal and child health programs; persons employed or engaged by a council or the Victorian Aboriginal Health Service Co-operative Limited in relation to childhood services implementation or policy; and persons employed or engaged by the Secretary to the Department of Health and Human Services under part 3 of the Public Administration Act 2004. Also included as Child Link users are persons employed or otherwise engaged by the Secretary to the Department of Education and Training under part 3 of the Public Administration Act 2004 for one or more specified purposes (such as, to identify children who are not participating in services for which they may be eligible, or for systems administration purposes) and persons employed by the Commission for Children and Young People or the Disability Services Commissioner. Each person (except for the relevant secretaries and commissioners) must have written authorisation from a relevant authority, usually the secretary, chief executive officer of the council or principal.

Under new section 46M, a Child Link user may only access the register and use confidential information in the register for the purposes specified in new schedule 6 in relation to that particular category of user. For example, in general terms, service providers may access and use confidential information in the register to provide care and services to children attending that service. Persons employed in relation to childhood services may use confidential information in the register to identify children who are not participating in services for which they may be eligible and to assist in the provision of education, care and services to those children.

A Child Link user may only disclose confidential information contained in the register to another person in the user's workplace for a purpose specified in new schedule 6 in relation to that Child Link user and in accordance with part 6A (if applicable). External disclosures of confidential information obtained from the register will be governed by the scheme in new part 6A, as all Child Link users (other than the secretary and systems administrators) will be information-sharing entities under new section 41R. Therefore, when sharing confidential information from the register with other information-sharing entities, Child Link users may only do so for the overarching purpose of promoting the wellbeing or safety of children and with the reasonable belief that the disclosure may assist other entities in their dealings with children. Further, the principles outlined in new section 41U and the ministerial guidelines will apply to external disclosures made by Child Link users.

Confidential information in the register may also be used or disclosed in specified, confined circumstances set out in new section 46V(3). This includes the use or disclosure of such information with the consent of the person to whom the information relates; if the information relates to a person who is incapable of giving consent, with the consent of the person's authorised representative (who, by definition, must not be a person of concern); to a court or tribunal in the course of legal proceedings; to enable the investigation or enforcement of a relevant law; or as required or authorised by or under any other act.

The bill contains a number of safeguards that limit the access to confidential information in the register. Under new section 46E, the secretary may for any reason determine that information about a child or a person with parental responsibility for, or day-to-day care of, the child is not to be recorded on the register. Under new section 46F, an entry in the register must not be accessed if the child has died; or once the child has turned 18 or is no longer attending school or if homeschooling has ceased or been cancelled by the Victorian Registration and Qualifications Authority (whichever is later), except to access de-identified data for the purposes of developing, planning and review of policies and programs under section 46O.

There are also a number of limitations on who may access the register. As noted above, persons accessing the register (apart from relevant secretaries and commissioners) must first be authorised in writing. There are also limitations in new section 46K on the number of people in particular services who may be authorised at one time. If a person who has been authorised no longer requires access to the register, the person who gave the authorisation must revoke it. Further, a person who granted an authorisation to a person under new section 46K(1) must notify the secretary if they reasonably believe that the person authorised has ceased to be a registered teacher or to hold a current working with children assessment notice.

The secretary may place restrictions on access to the register in certain circumstances. Under new section 46N, if the secretary is satisfied that continued access would pose an unacceptable risk of harm to a person or would be otherwise inappropriate in all the circumstances, the secretary may remove access to a particular child's entry, or part of an entry, for all Child Link users, or may remove a particular Child Link user's access to the register or to an entry, or part of an entry, in the register. The secretary may also issue guidelines under new section 46S addressing matters such as the manner in which information is to be collected for the purposes of the register, the authorisation of Child Link users, the removal of access to the register or to an entry or part of an entry in the register, and systems security and integrity measures. The operation of new part 7A will be subject to a review within two years of commencement, which must include consideration of any adverse effects.

The bill also contains a number of offence provisions in new division 6 of part 7A. It will be an offence for an unauthorised person to access the register, for a person to access the register for an unauthorised purpose and for a person to use or disclose confidential information from the register other than in accordance with part 7A. However, a defence exists if the person used or disclosed the information in good faith and with reasonable care. The offences in division 5 of new part 6A will also apply to external disclosures made by Child Link users.

A further safeguard is provided by the application of privacy laws, as new section 46R provides that the Privacy and Data Protection Act 2014 applies to the handling of personal information or unique identifiers by Child Link users under part 7A. This privacy legislation imposes a range of requirements on relevant organisations in the way they collect, use and disclose personal information.

However, consistent with the approach towards information-sharing entities, the bill also displaces certain IPPs in order to ensure that the objectives of new part 7A are not unduly compromised. Clause 30, discussed above, provides that nothing in IPPs 1.4, 1.5, or 10.1 applies to the collection of personal or sensitive information by Child Link users (as well as information-sharing entities), and nothing in any IPP applies to the collection, use or disclosure of personal or sensitive information under part 7A to the extent that it requires the consent of the relevant person.

The Child Link Register engages the right to privacy by enabling specified people to access limited factual confidential information about children and their engagement with services without consent. However, this interference with the right to privacy is appropriately circumscribed by the safeguards described above. Any such interference with this right is also proportionate to the legitimate aim of improving child wellbeing and safety outcomes. The register will improve child wellbeing and safety outcomes by linking confined, factual information across specified government-funded services to create an aggregate picture of potential and actual risk in relation to all children. Making this information more readily available to a range of service providers ensures that intervention and support by professionals is possible at an early stage.

Presumption of innocence

Section 25(1) of the charter provides that any person charged with a criminal offence has the right to be presumed innocent until proved guilty according to law. The right in section 25(1) of the charter is relevant where a statutory provision shifts the burden of proof onto an accused in a criminal proceeding, so that the accused is required to prove matters to establish, or raise evidence to suggest, that he or she is not guilty of an offence. A number of provisions in the bill engage the right to be presumed innocent.

New section 41ZK makes it an offence for a person to use or disclose confidential information disclosed to the person under new part 6A except in accordance with that part, unless the person used or disclosed the confidential information in good faith and with reasonable care. Similarly, new section 46V makes it an offence for an authorised person to use or disclose a Child Link identifier or confidential information contained in the register other than in accordance with part 7A, unless the person did so in good faith and with reasonable care.

By creating a defence for confidential information used or disclosed in good faith and with reasonable care, new sections 41ZK and 46V may be viewed as placing an evidential burden on the accused. However, in doing so, these provisions do not transfer the legal burden of proof. The provisions provide a defence for an accused to escape liability where he or she has taken reasonable steps to ensure compliance, once the prosecution proves the essential elements of the offence. I do not consider that an evidential onus such as that contained in these provisions limits the right to be presumed innocent, and courts in other jurisdictions have taken this approach.

The bill also inserts new section 46ZB to impose accessorial criminal liability on officers of bodies corporate that commit certain offences. However, an officer of a body corporate may also rely on the defences in those provisions. As discussed above, because these defences require the accused to present or point to evidence that suggests that the unauthorised use or disclosure was done in good faith and with reasonable care, they impose an evidentiary burden on an accused.

In the case of officers of a body corporate, the offences will only apply to officers that have a specific role and possess significant authority and influence over the body corporate. Moreover, whether a person or an officer of a body corporate has acted in good faith and with reasonable care, notwithstanding the fact they have disclosed confidential information beyond what is authorised by the bill, is a matter peculiarly within the knowledge of that person. Such persons are best placed to provide evidence as to whether they acted in good faith and exercised reasonable care.

The bill also contains other protections for individuals or entities that use or disclose confidential information under the scheme. In particular, new section 41ZB provides strong protections for individuals by providing protection from liability or professional consequences for good faith uses or disclosures of confidential information made with reasonable care.

For these reasons, in my opinion, new sections 41ZK, 46V and 46ZB do not limit the right to be presumed innocent.

Freedom of expression

Section 15(2) of the charter provides that a person has the right to freedom of expression, including the freedom to seek, receive and impart information and ideas. This right is, however, subject to internal qualifications set out in section 15, which provides for lawful restrictions reasonably necessary to respect the rights and reputation of other persons, or for the protection of national security, public order, public health or public morality.

The right to receive and impart information and ideas potentially includes the right not to impart such information and ideas. It is therefore relevant to new section 41W, which obliges information-sharing entities to share confidential information in specified circumstances. In my opinion, this potential restriction on freedom of expression fits within the internal qualifications set out in section 15, in that it is reasonably necessary to respect the rights of children under section 17(2). In particular, an entity is only required to make a disclosure if it is for the purpose of promoting the wellbeing and safety of a child or group of a children, and it reasonably believes that the disclosure may assist the requesting entity to carry out specified activities.

The right under section 15(2) of the charter has also been held to create a positive obligation on government to give access to government-held documents.

This right is also relevant to provisions of the bill which limit access to information under other acts, such as the Freedom of Information Act 1982 (the FOI act). Relevantly:

new sections 41ZF and 46P of the principal act states that an information-sharing entity under part 6A, or the Secretary to the Department of Education and Training under part 7A, may refuse to provide access to confidential information under relevant privacy laws, such as HPP 6, IPP 6 or the Privacy Act, if this would increase a risk to the wellbeing or safety of a child or group of children;

new section 33(2AC) of the FOI act requires that, in deciding whether the disclosure of a document would involve the unreasonable disclosure of information relating to the personal affairs of a person, an agency or minister must take into account whether the disclosure would increase the risk to the safety of a child or group of children; and

new sections 27(2)(ac), 49P(3B) and 56(5B) of the FOI act provide that, in certain circumstances, agencies, ministers, the information commissioner or the Victorian Civil and Administrative Tribunal, in making decisions under that act, need not confirm or deny the existence of a document if doing so would increase the risk to the safety of a child or group of children.

In my opinion, these provisions appropriately circumscribe the rights of people to access information under the relevant acts, in circumstances where granting access, or confirming or denying the existence of a document, would increase the risk to the safety of a child or group of children. I am satisfied that this is an appropriate and justified circumstance in which a person's right to access information should be circumscribed. The provisions therefore fit within the internal qualifications set out in section 15, in that they are reasonably necessary to respect of the rights of children under section 17(2).

For these reasons, I am satisfied that the amendments to the principal act and the FOI act contained in the bill are compatible with the right in section 15 of the charter.

The Honourable Martin Foley, MP
Minister for Housing, Disability and Ageing