Welcome to the summer edition of NSW Government Bulletin - your essential holiday season reading!
In this special edition of our fortnightly publication, we take a magnifying glass to the issues and reforms that emerged over 2018 in key areas affecting government. We also cast forward to examine the expected major trends and developments for 2019.
Our authors will also be presenting at our upcoming NSW Government Lawyers day on Friday 22 February 2019. You can view the program and find further information about the day by clicking here.
Summer Government Bulletin index:
By general counsel Lyn Nicholson
2018 was a monumental year for data privacy and protection - globally and in New South Wales.
On a global scale, the introduction of the EU General Data Protection Regulation (GDPR), the Facebook-Cambridge Analytica data scandal, and Equifax’s record £500,000 fine (and US$287,000,000 remediation costs) for a 2017 security breach has brought data privacy and protection to the forefront of both government and business considerations.
On a local scale, data privacy and protection continues to make headlines.
In this article, we recap the big events (and breaches) that have shaped the data and privacy landscape in NSW this year, stemming from the overreach of data using technology.
In March, a NSW resident successfully challenged Transport for NSW’s collection of personal data through the Opal card ticketing system. The complainant argued against the mandatory registration of pensioner and concession Opal cards, which tracked the public transport movements of an identifiable user. The NSW Civil and Administrative Tribunal ruled in favour of the complainant, finding that there was little basis for the collection of the travel information for the stated purpose of enforcement of entitlement to the concession/pensioner travel card. However, the Tribunal has since overturned the decision, allowing an appeal by Transport for NSW in August.
In August, more than 1,000 confidential medical records were found in a derelict former aged care facility near Helensburgh. NSW Health responded to the data breach by stating that the building had been illegally accessed. Photos from the aged care facility indicate that the site had been illegally accessed since 2015, meaning that NSW Health had failed to take action to secure the records for up to three years. The NSW Government announced an audit of the archived medical records and apologised to the families of those whose records had been exposed to the breach. Following the findings from the audit by NSW Health, the incident may constitute a breach of the Health Records and Information Privacy Act 2002 (NSW) and Health Privacy Principle 5, which requires an organisation holding health information to protect against unauthorised access, use and misuse.
At the other end of the spectrum, moving from privacy, the NSW Government’s push towards open data continues with ongoing releases of data by Government agencies and continued investment and co-operation by NSW Government agencies responsible for open data including the NSW Information and Privacy Commissioner who, during May, launched a number of online learning resources to further assist the open data process in NSW. At the time of writing, it appears that NSW open data has been successful in the period that it has been running and unlike a range of media reports that have plagued Federal Government agencies misuse of data, it seems that the NSW move towards open data is continuing and continuing to succeed.
Further, the implementation of the EU’s GDPR in May of this year has had a trickle-down effect on the privacy and data considerations of NSW businesses and public sector agencies. The GDPR has extraterritorial reach, applying to all organisations that handle the personal information of EU residents. If a NSW business or government agency has an establishment in the EU, or offers goods or services, or monitors the behaviour of individuals in the EU, it will now need to comply with GDPR requirements. This includes the implementation of measures that ensure compliance with a prescribed set of privacy principles, with the aim of promoting the transparent handling of personal information. So ubiquitous has the GDPR become that the IPC has provided guidance for NSW agencies on the topic on its website.
By partner Christine Jones
The District Court of NSW’s Strategic Plan for 2018-2021 recognised the integral role of technology in the Court’s operations and processes. The Court’s expressed goal was to implement a system for the earliest, most effective and efficient resolution of disputes, making use of innovating and efficient technology where possible.
In furtherance of the Strategic Plan, the Online Court (the OLC) commenced for use in the District Court Judicial Registrar’s General List at Sydney on 31 October 2018. The OLC is said to be a virtual court room that is designed to minimise the cost and inconvenience of in-person in Court appearances by enabling parties to make online requests for orders.
In essence it is a portal through which a represented party can make requests for directions, other parties can respond and the Court can communicate the orders made, with all communications available to all parties.
The OLC is available to all legal practitioners who have an Online Registry account, accordingly it is not available for self-represented parties.
Below is an overview of the OLC procedure:
Brave new world?
We all may have imagined a virtual courtroom making use of Skype or other video technology to avoid the dash down Castlereagh Street or the (pre-Civil Liability Act) crush for the lifts or the (pre-September 11) sprint up the fire stairs. But it was not to be, for the OLC is not ground breaking in its technology. It is significant more in terms of what it takes away and its transfer of administrative effort.
The practical draw back of the OLC is the restriction of the communication to a request from one party and reply(s) from the other(s). Beyond that, there is little capacity in the interface to seek to be heard at the time of decision making on the miscommunications/misapprehensions of/by the responding party or indeed of the decision maker.
It can be time consuming and costly to address these matters after orders are made. Consider the position where the limitations of the OLC availability calendar results in a hearing date being allocated on an unavailable date. This is unlikely to happen in-person-in-Court but has happened in the OLC. Strictly, a motion would be required to vacate the hearing date.
It also transfers the data entry of orders away from the Registry and into the hands of the solicitors on the record.
Undoubtedly, legal practitioners will become more adept at anticipating and avoiding the traps as their use of the system matures and perhaps in time parties may achieve savings in time or cost, but what of the tangential or non-matter benefits of in-person-in-Court, such as:
The Court will also be running information sessions this year, perhaps to facilitate just the type of question and answer interaction that the OLC removes. Those sessions are being conducted in person at John Maddison Tower.
By partner Angela Flannery
The Productivity Commission (PC) released the report from its inquiry into public and private sector data in May 2017. As part of its response to that report, the Australian Government announced in May 2018 that it would create a National Data Commissioner to oversee a new data access framework and pass new legislation to remove red tape inhibiting access to data for research and growth (while at the same time ensuring that privacy and data security are protected). This article looks at the current status of those initiatives and the implications for governments generally from sharing a wide range of public data sets.
Productivity Commission recommendations
In its May 2017 report, the PC argued that fundamental change is needed, noting the current regulatory frameworks governing data availability and use, based as they are on risk aversion and avoidance, are not appropriate and inhibit Australian governments, businesses and not-for-profits from taking advantage of the benefits that would arise from greater exploitation of data.
Amongst other recommendations, the PC proposed a new Data Sharing and Release Act. Under the proposed legislative framework for data sharing and release, a National Data Custodian would have overall responsibility for the implementation of data management policy in consultation with all levels of government. The Custodian would accredit the processes and capabilities of Accredited Release Authorities. Those Authorities were intended to be sectoral hubs of expertise and would be tasked with taking steps to ensure that as many datasets as possible were made available either to trusted users or more widely, where appropriate risk mitigations were in place. Trusted users would be third parties (from both the public and private sectors) with appropriate governance structures and processes in place to address risks associated with data use or release.
Under this proposed framework, all Australian governments would release non-sensitive publicly funded datasets and, on completion of risk assessments, release other more sensitive datasets (either generally or to trusted users). The PC also recommended that “National Interest Datasets” of particularly important public sector data should be designated. For those National Interest Datasets, new access and use arrangements would apply to the exclusion of any existing regulatory regime (whether at a Commonwealth or State/Territory level).
On 1 May 2018, the Australian Government announced that it would partially implement the PC’s recommendations and would:
National Data Commissioner
An interim National Data Commissioner has been appointed and has been consulting on the proposed draft data legislation, as discussed further below. Information has also been released on the National Data Advisory Council, with the publication of the draft terms of reference. The Council is intended to comprise up to 10 members, including the Commissioner. It is proposed that its first task would be to advise on the development of the draft legislation.
Consultation on draft legislation
The Australian Government released a consultation paper on the proposed Data Sharing and Release Bill in mid 2018. The Bill is proposed to apply to data collected by all Commonwealth entities and Commonwealth companies, with exceptions for national security/law enforcement and contractual arrangements for purchased data sets. At a very high level, the Bill is to deal with the following matters:
The data safeguards should be able to be flexibly applied, depending on the relevant data, and would be based on the “Five-Safes” disclosure risk management framework, that is:
The following accredited bodies would be put in place:
The draft legislation is not expected to be introduced to Parliament before the next Federal election and therefore there is some doubt as to the timing for its implementation and whether changes may be made based on feedback from the consultation process and also potentially a different approach adopted by a future Government.
Data is not only important for government policy and decision making but has the potential to unlock many productivity benefits across the Australian economy more broadly.
The fact that the Australian Government is now proposing a new comprehensive regime does not mean that Australian governments do not currently make public data available. For example, data.gov.au provides public access to many thousands of anonymised public data sets published by federal, State, Territory and local governments. There is also legislation at a State level that provides for data sharing, for example, in New South Wales, the Data Sharing (Government Sector) Act 2015 facilitates data sharing between the Data Analytics Centre and other government agencies. South Australia has in place the Public Sector (Data Sharing) Act 2016 and Victoria has the Victorian Data Sharing Act 2017. But these existing data sharing arrangements are not as extensive as they could be.
As noted in the PC’s report, and the consultation paper on the proposed new legislation, there have been many reasons why governments have not in the past provided greater access to the valuable data that they hold. Risk aversion (particularly in relation to data that relates to individuals) and significant amounts of regulation (not all of which is entirely consistent) are the main barriers. A lack of a consistent approach has also been cited as a factor.
The Australian Government’s new regime is intended to address these issues. As such, if the proposed framework is implemented, it could assist in ensuring that significantly more data sets are available both across the public sector and for private sector use. The regime could be extended in due course, with the co-operation of State and Territory governments, to assist in greater use of the valuable data sets that are held across all levels of government.
However, feedback on the proposed framework has not been uniformly positive. For example, there has been particular concern expressed as to how the framework will interact with other existing regulation, particularly the Privacy Act 1988 (Cth). There is also concern as to what remedies will be available where data is misused and how compliance will be able to be enforced. These, and other issues raised by stakeholders, are important issues for consideration and should be addressed in the draft legislation to ensure the new framework achieves its ambitious aims.
By partner Scott Alden & Victoria Gordon
Two significant developments in procurement in 2018 will have huge impacts for the procurement space this year.
Last year, we saw the enactment of both Commonwealth and NSW state modern slavery legislation in Australia, reflecting a growing awareness for the need to address modern slavery both domestically and internationally.
The Modern Slavery Act 2018 (Cth) (the Modern Slavery Act) passed both houses of parliament late last year and was assented to on 10 December 2018. The key operative provisions of the Modern Slavery Act will commence on a date to be fixed by proclamation (yet to be stated) or six months from the assent date if no proclamation date is fixed earlier.
The Modern Slavery Act will require entities in Australia that have an annual consolidated revenue of more than $100 million to report annually on the risks of modern slavery in their operations and supply chains, and describe their actions to address those risks.
NSW also introduced similar legislation in June 2018 to combat this issue, although there are some interesting differences between the two regimes which we expect to see further fleshed out this year.
The other significant change in procurement in 2018 which will have significant impacts this year is the passing of the Government Procurement (Judicial Review) Act 2018 (Cth) (Government Procurement Act) which will provide suppliers with a statutory platform to challenge a government procurement process in the Federal Court of Australia or Federal Circuit Court of Australia for a breach of the Commonwealth Procurement Rules. Similar to the Modern Slavery Act, the Government Procurement Act will commence on a date to be fixed by proclamation (yet to be stated) or six months from the assent date (19 October 2018) if no proclamation date is fixed earlier.
This is the first time in Australia that tenderers will have a statutory avenue to challenge government procurement; no longer having to rely on existing remedies for breach of process contract, misleading and deceptive conduct or judicial review under administrative law.
As well as these significant legislative changes there is also increased pressure on business and government to conduct procurement using sustainable processes, especially since the world’s first International Standard for sustainable procurement - ISO 20400 - was published in late 2017.
Looking forward in 2019, both public and private organisations must now be more acutely aware of the consequences of choices they make regarding what to buy, how to buy it and who to buy it from.
2018 marked the commencement of significant changes to the Environmental Planning and Assessment Act 1979 (EP&A Act). While the changes came into force from 1 March 2018, in practice a number of the key reforms did not immediately take effect and many will be implemented in stages over the coming years, including during the course of 2019.
Notably, 2018 saw the commencement of the following reforms:
Clause 4.6 written requests
Turning to the Courts, in late 2018, we saw a number of Land and Environment Court decisions relating to clause 4.6 of the Standard Instrument (Local Environmental Plan) (which replaces the previous SEPP 1 objections to development standards). These decisions have highlighted the importance of adhering to the requirements of clause 4.6 for consent authorities and developers alike. For more information, see here. As a result, we expect to see heightened scrutiny of clause 4.6 requests by both the Court and consent authorities over the course of 2019.
Sydney Planning Summit
The Sydney Planning, Environment & Sustainability team had the benefit of attending the Sydney Planning Summit in 2018, with special counsel Peter Holt delivering a presentation on the EP&A Act reforms. Key highlights of the Summit included:
A snapshot of these issues clearly indicates there are both long and short term pressures on planning and development in Sydney that will continue to face planners, lawyers and government authorities alike. We will continue to monitor each of these areas and provide updates as new developments arise.
As we predicted in our 2017 Year in Review, the effects of the biodiversity conservation reforms were felt in 2018, especially the impact of extensive savings and transitional provisions. Other than a small number of local government areas (LGAs) still being Interim Designated Areas, the requirements of the Biodiversity Conservation Act 2016 (BC Act) now apply to the majority of LGAs, including the new Biodiversity Offset Scheme (BOS).
2018 also saw the tightening of a number of environmental offence provisions, including:
With an election in March 2019, it remains to be seen whether we can expect further changes to the NSW planning system, with opposition leader Michael Daley MP pledging to "fix the planning system in NSW" should he be elected premier.
Further roll out of planning reforms
Notwithstanding this, during the course of 2019, we will see a further roll out of the EP&A Act reforms, including:
We have also yet to see the commencement of number of new State Environmental Planning Policies (SEPPs) as part of the NSW Government’s review program for SEPPs. This includes:
We may also see the implementation of further reforms, particularly in relation to local planning panels, following the recommendations of the Kaldas report released in December 2018, entitled Review of Governance in the NSW Planning System. Nick Kaldas APM was appointed in July 2018 to conduct an independent review of the governance of decision-making within the NSW planning system. Some of the key recommendations of the report include:
We also anticipate further reforms arising out of the recent Opal Tower incident, including possible additional changes to building and certification provisions.
On the environmental front, developers and consent authorities alike will need to grapple with the requirements of the BC Act and the impact of the BOS on development proposals and decision making.
Unsurprisingly, waste also continues to be high on the EPA’s agenda with continued compliance activity and the proposed introduction during the course of 2019 of the:
We will continue to monitor these developments.
 Camden, City of Campbelltown, City of Fairfield, City of Hawkesbury, City of Liverpool, City of Penrith and Wollondilly. See https://www.environment.nsw.gov.au/biodiversity/transitional.htm for further information
Christine Jones, Partner - Construction & Infrastructure (Dispute Resolution)
T: +61 2 8083 0477
Lyn Nicholson, General Counsel - Data & Privacy
T: +61 2 8083 0463
Angela Flannery, Partner - Technology, Media & Communications
T: +61 2 8083 0488
Scott Alden, Partner - Procurement
T: +61 2 8083 0419
Breellen Warry, Partner - Planning & Environment
T: +61 2 8083 0420
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources.