Commonwealth of Australia Explanatory Memoranda Commonwealth of Australia Explanatory Memoranda[Index] [Search] [Download] [Bill] [Help]
2016 - 2017 - 2018
THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA
SENATE
SECURITY OF CRITICAL INFRASTRUCTURE BILL 2017
ADDENDUM TO THE EXPLANATORY MEMORANDUM
(Circulated by authority of the
Minister for Home Affairs and the Minister for Immigration and Border Protection, the
Honourable Peter Dutton MP)
Security of Critical Infrastructure Bill 2017
The purpose of this addendum is to provide additional material to the Explanatory
Memorandum to the Security of Critical Infrastructure Bill 2017. This addendum responds to
the Parliamentary Joint Committee on Intelligence and Security Advisory Report, and the
Senate Standing Committee for the Scrutiny of Bills Scrutiny Digest 1 of 2018 (7 February
2018). It also corrects minor errors in the Explanatory Memorandum to the Security of
Critical Infrastructure Bill 2017.
General Outline
After paragraph 41, insert the following paragraph:
To ensure protected information is handled appropriately, the relevant provisions
in the Bill have been developed to be consistent with the Australian Privacy
Principles. Specifically the provisions related to the Secretary's power to obtain
information or documents (Division 2) are consistent with Australian Privacy
Principle 6 which outlines the circumstances for the use or disclosure of personal
information, and Australian Privacy Principle 11 which requires active measures
to be taken to ensure the security of personal information
Clause 27 - Rules may exempt from requirement to give notice or information
After paragraph 234 on page 42, insert the following paragraph before the example box:
This clause ensures the Bill does not impose an unnecessary burden on industry
by enabling the Minister to exempt an entity from providing information required
under the Bill if, for example, that information is otherwise available to
government. This may be through open sources or other reporting mechanisms.
Importantly, the provision does not enable the Minister to increase the reporting
obligations on an entity.
Pages 44-62 - Example of Approved forms
Remove paragraphs 239 to 242 and examples of Approved Forms provided at pages 45 to 62.
Further explanation on the definition of 'direct interest holder' and associated reporting
requirements is provided in the Supplementary Explanatory Memorandum. Minor
amendments have been made to the examples of Approved Forms.
After paragraph 238, insert the following:
1
Example of Approved forms
1. A water utility known as Critical Water Corporation meets the criteria of a critical
infrastructure water asset as it operates under a licence issued by the New South Wales Government.
Critical Water Corporation is 50.5% owned by the New South Wales Government and 49.5% owned
by the private company Wet World Corporation. Wet World Corporation is beneficially held by
World of Water, a Country A incorporated entity, which itself is wholly-owned by UWater Co, a
Country B incorporated entity. Under the Bill, Critical Water Corporation is the responsible entity of
the water utility asset.
2. Critical Water Corporation operates under the authority of its licence, with the following
business specifics:
it buys bulk water from ABC Water which it then treats in its two water treatment
plants
one water treatment plant is owned and operated by Critical Water Corporation
one water treatment plant is owned, operated and transferred under a 30 year contract
with a foreign owned company 'The Desalinators', and
the bulk water it uses is under contract from ABC Water, which itself is separately the
responsible entity of a critical bulk water supplier asset.
3. Critical Water Corporation has outsourced some components of its business:
Outsourced IT service provider - 'IT Service Megacorp' is located onsite at Critical
Water Corporation's head office under a five year contract to supply IT support and
IT data management, including data storage services both offshore and onshore.
Cleaning/maintenance contracts
- A two year contract with 'Cleaners R us' for cleaning Critical Water
Corporation's head office.
- A five year contract with 'Keep Gardens Pretty' for maintenance of the grounds
of head office.
Security services provider - A three year contract with 'Service Enterprises', as the
sole service provider of security measures at head office, including management of
access control, control rooms, building management systems and CCTV, staff
screening, and guard/patrolling services.
4. In this instance, the following would be required to be registered:
A responsible entity registration by Critical Water Corporation for the water utility
known as Critical Water
A direct interest holder registration by the New South Wales Government for the
critical water utility known as Critical Water Corporation
A direct interest holder registration by Wet World Corporation for the critical water
utility known as Critical Water, and
Critical Water Corporation is not responsible for reporting ABC Water, which would
separately complete its own responsible entity and direct interest holder registrations
for the critical bulk water supplier asset.
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Clause 32 - Direction if risk prejudicial to security
Remove paragraph 271 on page 67.
Clause 39 - Retention of documents
After paragraph 316, insert the following paragraph:
Once the Secretary deems that information provided under subclause 37 is no
longer required for the purpose for which it was provided, reasonable steps will
be taken to destroy that information or ensure the information is de-identified.
The Secretary must have consideration for Australian Privacy Principle 11 in
determining if it is appropriate to retain personal information, and, accordingly, if
reasonable steps are required to be taken to destroy that information or ensure the
information is de-identified.
Clause 42 - Authorised use and disclosure - other person's functions, etc
At the end of paragraph 322, insert:
Protected information is likely to be sensitive in nature and includes commercial-
in-confidence and personal information. Given these sensitivities, when
considering whether to disclose protected information, in addition to the
requirements in this clause, the Secretary should also consider whether the
disclosure is consistent with the Objects of the Bill (clause 3), and whether the
purpose of the disclosure is proportionate to the sensitivity of the information
being disclosed.
Clause 43 - Authorised disclosure relating to law enforcement
At the end of paragraph 327, insert:
Protected information is likely to be sensitive in nature and includes commercial-
in-confidence and personal information. Given these sensitivities, when
considering whether to disclose protected information, in addition to the
requirements in this clause, the Secretary should also consider whether the
disclosure is consistent with the Objects of the Bill (clause 3), and whether the
purpose of the disclosure is proportionate to the sensitivity of the information
being disclosed.
Clause 46 - Exceptions to offence for unauthorised use or disclosure
After paragraph 336 on page 76, insert the following paragraph:
22
The reversal of the evidential burden of proof is appropriate in this circumstance
because the defendant is in the best position to know if the exceptions apply.
Importantly, the provision only shifts the evidential burden in relation to the
exception. If the defendant claims an exception, the legal burden for proving the
offence (and disproving the exception) still resides with the prosecution. This
approach is consistent with the Attorney-General's Department's Guide to
Framing Commonwealth Offences, Infringement Notices and Enforcement
Powers.
Part 6 - Declaration of assets by the Minister
Delete the second sentence in paragraph 351 on page 80, insert the following sentence in its
place (change underlined):
Subclause 9(1)(e) explicitly provides that an asset can be privately declared under
clause 51 to be a critical infrastructure asset.
Clause 61 - Rules
Delete paragraph 410 on pages 87, and insert the following in its place (changes underlined):
There are a range of provisions in the Bill that specifically provide for rules to be
made in respect of the following:
details about what is meant by interest and control information
(subclause 6(1)(i)),
details about what is meant by operational information (subclauses
7(1)(f) and 7(1)(g)),
prescribing assets, or not prescribing assets, for the purposes of the
definition of critical infrastructure asset (subclauses 9(1)(f) and 9(2)),
the requirements for an electricity generation station to be critical
(subclause 10(2)),
prescribing a port to be a critical port (subclause 11(u)),
prescribing specific gas transmission pipelines or requirements for a gas
transmission pipeline (subclause 12(2)),
providing that Division 3 of Part 2, or specified provisions of that
Division, do not apply in relation to any entity, specified classes of
entities, or specified entities either generally or in specified circumstances
(clause 27),
prescribing that clause 45 does not apply if the making of a record, or the
disclosure or use, of the information is required or authorised by or under
a law of a State or Territory prescribed by rules (subclause 46(1)(b)), and
23
prescribing provisions of the Corporations Act that do, or another law of
the Commonwealth that does not, require or authorise, the making of a
record, or the disclosure, of the fact that an asset is declared under clause
51 to be a critical infrastructure asset (subclause 46(2)).
24
Index]
[Search]
[Download]
[Bill]
[Help]