In a hyper-connected world where crimes are increasingly enabled by technology and the internet, the line between appropriate information security measures and an invasion of the public’s privacy can often be considerably blurred.
In October 2012, various rules were introduced by the Minister of State for Defence, who is the Minister responsible for the Australian Signals Directorate (ASD), regulating the communication and retention by ASD of intelligence information concerning Australian persons.
Rule 1: Presumptions in protecting the privacy of Australians
Where it is unclear as to whether a person is an Australian:
- a person within Australia is to be presumed to be an Australian; and
- a person outside Australia is to be presumed not to be an Australian;
Unless there is evidence to the contrary.
Rules 2: Retention of intelligence information concerning Australians
- ASD may only retain intelligence information concerning an Australian person where it is necessary to do so for the proper performance of its functions or where the retention is authorised or required by another Act.
- ASD is responsible for protecting the information (e.g. against unauthorised disclosure or misuse) and ensuring that access is only granted to persons who require the information to perform an ASD function.
Rule 3: Communication of intelligence information concerning Australians
ASD may communicate intelligence information concerning Australian persons only where it is necessary to do so for the proper performance of its functions or where such communication is authorised or required by or under another Act.
Additionally, intelligence information concerning an Australian person may be communicated where:
- it relates to the Australian Secret Intelligence Service (ASIS), Australian Security Intelligence Organisation (ASIO) or the Australian Geo-spatial Intelligence Organisation (AGO) for the performance of their functions.
Or it is important for a specified purpose including:
- the information is publicly available; or
- the person is a Government representative and the information relates to activities conducted in their normal course of official duties; or
- deletion of that part of the information concerning the person would significantly diminish the utility of the information in maintaining Australia’s national security or preventing/responding to a crime or threat; or
- the person is the subject of an authorisation given by the Minister under section 9 of the Intelligence Services Act 2001.
Rule 4: Communication of information not deliberately collected
- ASD may communicate intelligence information concerning an Australian person that was not deliberately collected to an authority that ASD is permitted to cooperate with.
Rule 5: Accuracy of information
- ASD is to take reasonable steps to ensure that intelligence information that it retains or communicates concerning Australian persons is recorded or reported in a fair and reasonable manner.
Rule 6: Oversight by the IGIS
To facilitate the oversight role of the Inspector-General of Intelligence and Security (IGIS), ASD is to take the following measures:
- the IGIS is to have access to all intelligence information held by ASD concerning Australian persons;
- the IGIS is to be consulted about the processes and procedures applied by ASD to the communication and retention of information concerning Australian persons; and
- where a person outside Australia is presumed not to be an Australian person, and this presumption has been found to be incorrect, ASD is to advise the IGIS of the incident and measures taken by ASD to protect the privacy of the individual; and
- in any case where a breach of these rules is identified, ASD is to advise the IGIS of the incident and the measures taken by ASD to protect the privacy of the Australian person or of Australian persons generally.
Rule 7: Public access to the rules
- ASD is to ensure that a copy of these rules is publicly available on the ASD website.