Rules to Protect the Privacy of Australians
I, Richard Marles, Minister for Defence, being the Minister responsible for DIO, make these rules in accordance with section 41C of the Intelligence Services Act 2001. The Attorney-General, the Inspector-General of Intelligence and Security and the Director of DIO were consulted in preparing these rules and a copy of the rules was provided to the Attorney-General and Inspector-General of Intelligence and Security.
Dated this 30th day of September 2022
The purpose of these rules is to ensure that the Defence Intelligence Organisation (DIO) preserves the privacy of Australian persons while ensuring the organisation is appropriately enabled to perform its intelligence functions as specified in the DIO Mandate.
These rules are made under section 41C of the Intelligence Services Act 2001 (the Act) regulating communication and retention of intelligence information concerning Australian persons by DIO.
1. Rule 1: Protecting the privacy of Australian persons – presumptions
1.1 These rules regulate the communication and retention of intelligence information concerning Australian persons.
1.2 Where it is not clear whether a person is an Australian person, including where this information cannot be inferred from the context in which the information was collected or from the content of the information:
- a person within Australia is to be presumed to be an Australian person, and
- a person outside Australia is to be presumed not to be an Australian person
unless there is evidence to the contrary.
2. Rule 2: Retention and handling of intelligence information identifying Australian persons
2.1. DIO may retain intelligence information concerning Australian persons only where it is necessary to do so for the proper performance of DIO’s functions or the retention is authorised or required by or under another Act.
2.2. Where DIO retains intelligence information concerning Australian persons, DIO must ensure that:
- the information is protected by such security safeguards as are reasonable in the circumstances against loss, unauthorised access, use, modification or disclosure, and against other misuse or interference, and
- access to the information is only provided to persons who require such access for the proper performance of a DIO function.
3. Rule 3: Communication of intelligence information concerning Australian persons
3.1 DIO may communicate intelligence information concerning Australian persons only where it is necessary to do so for the proper performance of DIO’s functions, or where such communication is authorised or required by or under another Act. In addition, the following specific rules apply.
Specific rules for the communication of intelligence information concerning Australian persons
3.2 DIO may communicate intelligence information concerning Australian persons where:
- the subject of the information has consented, either expressly or impliedly, to the communication of that information for use for intelligence purposes, or in the performance of DIO’s functions, or
- the information is publicly available, or
- the information concerns activities of an Australian person in respect of which the Australian person is a representative of the Commonwealth or a State or Territory in the normal course of official duties, or
- omission of that part of the information concerning the Australian person would significantly diminish the utility of the information for the purposes of:
- maintaining Australia's national security
- maintaining Australia's national economic well-being
- promoting Australia's foreign relations
- preventing or investigating the commission of a serious crime
- responding to an apparent threat or to the safety of a person
- the information relates to Australian persons who are, or are likely to be:
- acting for, or on behalf of, a foreign power
- involved in activities related to the proliferation of weapons of mass destruction or the movement of goods listed from time to time in the Defence and Strategic Goods List
- involved in activities related to a contravention, or an alleged contravention, by a person of a UN sanction enforcement law.
4. Rule 4: Accuracy of information
4.1 DIO is to take reasonable steps to ensure the intelligence information that DIO retains or communicates concerning Australian persons is recorded or reported in a fair and reasonable manner.
5. Rule 5: Oversight by the IGIS
5.1 To facilitate the oversight role of the IGIS, DIO is to take the following measures:
- the IGIS is to have access to all intelligence information held by DIO concerning Australian persons
- the IGIS is to be consulted about the processes and procedures applied by DIO to the communication and retention of information concerning Australian persons
- where the presumption under Rule 1.2 has been incorrectly applied to a person overseas who is later determined to be an Australian person, DIO is to advise the IGIS of the incident and measures taken by DIO to protect the privacy of the individual
- in any case, where a breach of these rules is identified, DIO is to advise the IGIS of the incident and the measures taken by DIO to protect the privacy of any affected Australian or of Australian persons generally.
6. Rule 6: Public access to the Privacy Rules
6.1 DIO is to ensure that a copy of these rules is publicly available on the DIO website.