Bushfires Disaster Emergency Declaration – Privacy Act

Key Points
  • On 20 January 2020, the Attorney-General made the Privacy (Australian Bushfires Disaster) Emergency Declaration (No. 1) 2020.
  • This declaration permits entities that are subject to the Privacy Act 1988 (Cth) to handle personal information of those affected by bushfires for specific purposes.
Background
 
In response to recent bushfires, on 20 January 2020 the Attorney-General made the Privacy (Australian Bushfires Disaster) Emergency Declaration (No. 1) 2020 (“Declaration”).
 
This Declaration was made under section 80J of the Privacy Act 1988 (Cth) (“Privacy Act”). This section allows the Australian government to make a declaration when an emergency or a disaster of national significance affecting Australians has occurred.
 
Handling personal information under the Declaration
 
Once a declaration is made, special provisions under the Privacy Act apply which regulate how entities that are subject to the Privacy Act may handle personal information in a declared emergency or disaster. These provisions also permit such entities to exchange information that is not otherwise allowed under the Privacy Act or the Australian Privacy Principles (“APPs”) in normal circumstances.
 
In order for an entity to rely on these provisions to collect, use or disclose personal information, the following conditions must be satisfied:
  1. the entity reasonably believes that the individual (to which the personal information relates to) is involved in the bushfire; and
  2. the collection, use, or disclosure of the personal information is for a “permitted purpose” in relation to the bushfire.
Permitted purposes under the Declaration
 
Section 80H of the Privacy Act defines a “permitted purpose” as a “purpose that directly relates to the Commonwealth’s response to an emergency or disaster in respect of which an emergency declaration is in force”. In the context of the current Declaration, examples of a “permitted purpose” where an entity subject to the Privacy Act may disclose personal information of affected individuals include:
  • identifying individuals who are or may be injured, missing or dead as a result of the bushfires (for example to assist the NSW State Emergency Service in conducting search and rescue missions);
  • assisting individuals involved in the bushfire to obtain medical treatment, financial assistance, or health services (for example to assist Services Australia in issuing Australian Government Disaster Recovery Payments to affected individuals)
  • assisting with law enforcement in relation to the bushfires;
  • coordination or management of the bushfires (for example to assist the NSW Rural Fire Service’s evacuation efforts in bushfire-affected regions and areas);
  • ensuring that responsible persons for individuals who are, or may be, involved in the bushfire are appropriately informed about the individual and the emergency response to the individual (for example to assist a hospital in notifying relatives of individuals injured by bushfires of their treatment statuses).
The Declaration does not permit disclosures of personal information to media organisations.
 
Duration of the Declaration
 
The Declaration expires on 20 January 2021.
 
Entities subject to the Privacy Act should note that while the Declaration is in effect, all other obligations under Privacy Act still apply, for example APP 5 in relation to notification of the collection of personal information.
 
Key takeaways
 
The Australian government recognises that the parameters surrounding the safeguards and protections of an individual’s privacy under the Privacy Act and APPs may need to change in times of emergencies or disasters.
 
The separate regime for the collection, use and disclosure of personal information in circumstances of declared emergencies or disasters enhances information sharing between government agencies and entities. This allows such agencies and entities to respond to and manage emergencies or disasters effectively, while at the same time ensuring that the personal information of those affected are adequately protected.
 
More information about the current Declaration can be accessed via the Office of the Australian Information Commissioner’s published guidance note for the Declaration.

Post by John Kell and Michael Fong

Most Popular Articles

Blog

Service of Notices by Registered Post

Where service of a notice is authorised or required by post, unless the contrary intention appears, service will be deemed to be effected at the time when the notice would be delivered in the ordinary course of post: see the various Acts Interpretation acts of the States and Commonwealth.
Blog

Abandonment of employment – some best practice tips

We are regularly asked to advise employers in relation to whether certain circumstances amount to abandonment of employment and, if so, what are the employer’s rights and obligations.
  • 1 Mar 2017

Blog

Abolition of Duties – 1 July 2016

On 1 July 2016, mortgage duty, certain business asset duties and marketable duties (shares and units) are being abolished in New South Wales. 

Subscribe to Our Blog

Keeping you connected, Hicksons regularly publishes articles to keep you up to date on the latest developments. To receive these updates via email, please subscribe below and indicate which areas of law you would like to receive information on.

Top