The protection of personal and confidential information was the focus for Queensland Law Society at a public hearing at Parliament House yesterday.
The Society shared its concerns about the Queensland Productivity Commission Bill 2024, when it appeared before the Governance, Energy and Finance Committee.
The Society was represented by Senior Policy Solicitor Kerryn Sampson, Legal Policy Manager Wendy Devine, and QLS Privacy, Data, Technology and IP Law Committee Chair Anna Sharpe.
The bill, which was introduced to Parliament on 28 November, seeks to establish the Queensland Productivity Commission, which would conduct formal public inquiries, reviews and investigations into complex economic and social issues, regulatory matters and/or legislation.
Kerryn told the committee that QLS was generally supportive of the bill but there needed to be adequate protection of personal and confidential information which the commission would request from government agencies.
“The threshold question must be whether it is necessary or reasonable to share the information,” she said.
“The moment such information is shared, there is an elevated risk of inappropriate disclosure of personal and confidential information.
“As we have seen from recent high-profile data breaches, this can have a devastating flow-on impact to individuals, entities and collecting agencies sharing such information.
“It is important to remember that government agencies collect personal information for specified purposes. An individual providing personal information consents to that particular purpose.
“It is concerning that the bill would require an agency to provide personal information to the commission where the affected individual did not contemplate or consent to that information being shared for that purpose.”
Anna said the bill’s definition of “related information” was broad, and she suggested that the bill be amended to allow an entity to refuse to comply with a request for information.
“Mechanisms to preserve anonymity and to provide de-identified information should also be considered,” she said.
“We also recommend working with the Office of the Information Commissioner to develop guidelines for agencies when responding to requests for data sets from the commission.
“This is particularly important where personal information was disclosed to an agency for another purpose such as provision of a government service.
“It is critical that legislation dealing with data-sharing powers also responds appropriately to the challenges of increased digitisation and data risk. Any time information is shared electronically, there is a heightened risk of inappropriate and unintentional disclosure.”
The committee is to provide its report by 31 January 2025.
Share this article