Legislation governing ONI
The Office of National Intelligence is a statutory body with functions established by the Office of National Intelligence Act 2018.
The minister responsible for ONI, the Prime Minister, makes written privacy rules on how ONI is to protect the privacy of Australians.
The Inspector-General of Intelligence and Security is responsible for overseeing ONI’s operations, including compliance with legislation. If you suspect wrongdoing, you can make a public interest disclosure to the Inspector-General.
The Parliamentary Joint Committee on Intelligence and Security functions, as described under the Intelligence Services Act, are to review the administration and expenditure of the intelligence agencies and review matters related to the intelligence agencies referred by the responsible minister or the Parliament.
Public Governance, Performance and Accountability Act 2013 and Commonwealth Risk Management Policy 2014 require ONI, as a statutory agency, to have formal governance structures/committees that maintain systems of risk oversight and internal control.
Accountability of ONI
The nature of ONI's work means that most of what we produce must remain confidential. But ONI, like the other agencies in the National Intelligence Community (NIC), is accountable at several levels to the Australian government and — through the government — to the Australian public.
Public accountability comes through publication of our Portfolio Budget Statements, review by the Inspector-General of Intelligence and Security, annual reporting to the Parliament by the Parliamentary Joint Committee on Intelligence and Security (PJCIS), and the appearance of the Director-General at the Senate Finance and Administration Legislation Committee (when required).
The Inspector-General of Intelligence and Security (IGIS) is an independent statutory office holder who reviews the activities of the Australian intelligence agencies. The IGIS provides independent assurance that Australian intelligence agencies conduct their activities within Australian law, behave with propriety, comply with ministerial guidelines and directions, and respect human rights. The IGIS has authority to conduct inspections of and inquiries into ONI’s activities and regularly reviews ONI’s compliance with our internal privacy policies, and periodic reviews of ONI’s analytic independence (http://www.igis.gov.au/).
Australian Government oversight of ONI also extends to the National Security Committee of Cabinet (NSC) — the peak ministerial decision-making body on national security matters, of which the Director-General National Intelligence is a member. The NSC focuses on major international security issues of strategic importance to Australia, border protection policy, national responses to developing situations (either domestic or international) and classified matters relating to aspects of operation and activities of the National Intelligence Community. The NSC is supported by the Secretaries Committee on National Security(SCNS), the peak officials-level committee also attended by the Director-General National Intelligence and chaired by the Secretary of the Department of Prime Minister and Cabinet. SCNS considers all major national security matters to be put before the NSC and coordinates implementation of policies and programs relevant to national security.
ONI Privacy Rules
The purpose of the Privacy Rules is to ensure that the Office of National Intelligence (ONI) preserves the privacy of Australian persons as far as is consistent with the proper performance of ONI of its functions.
Privacy rules are there to protect Australians
Like other intelligence agencies, ONI is exempt from the operation of the Privacy Act 1988, and is instead regulated by Privacy Rules that protect Australians.
Section 53(1) of the Office of National Intelligence Act 2018 (the ONI Act) provides that the Prime Minister must make rules regulating the collection of identifiable information mentioned in section 7(1)(g) and the communication, handling and retention by ONI of identifiable information generally (the Privacy Rules).
Identifiable information is defined in section 4 of the ONI Act in a similar way to personal information in the Privacy Act 1988, except, consistent with the functions of ONI, it is limited to information about Australian citizens and permanent residents.
In making the Privacy Rules, the Prime Minister must have regard to the need to ensure that the privacy of Australian citizens and permanent residents is preserved so far as is consistent with the proper performance by ONI of its functions.
What or who is a ‘permanent resident’?
A permanent resident includes Australian body corporates that are controlled by Australians as well as natural persons.
Oversight and Accountability
Before making the Privacy Rules, the Prime Minister is required to consult with the Director-General of National Intelligence, the Inspector-General of Intelligence and Security (IGIS), the Privacy Commissioner and the Attorney-General, including by providing them with a copy of the proposed rules.
Section 53(6) provides that the IGIS must brief the Parliamentary Joint Committee on Intelligence and Security on the content and effect of the Privacy Rules if required to do so by the Committee or the Privacy Rules change.
The IGIS must also include comments in the IGIS annual report on the extent of compliance by ONI with ONI's Privacy Rules. IGIS oversight of compliance with these rules will be an important accountability mechanism to ensure ONI appropriately collects, communicates, handles and retains identifiable information about Australian persons.
To further enhance transparency, ONI is required to publish its Privacy Rules on ONI website, as soon as practicable after the rules are made, except to the extent that the rules contain information that is classified.
What happens if there’s a breach of the Privacy Rules?
If a breach of ONI's Privacy Rules is identified, ONI must advise the IGIS of the incident and the measures taken by the agency to protect the privacy of the Australian person, or Australian persons more generally. Where either presumption in rule 1.1 has been found to be incorrect, ONI is to advise the IGIS of the incident and the measures taken by ONI to protect the privacy of the Australian person.
ONI is exempt from the Freedom of Information Act 1982. Access to ONI records is gained under the Archives Act 1983. ONI records are eligible for public release once they enter the open access period, subject to the exemption of any material of continuing sensitivity as prescribed by section 33 of the Archives Act. Requests to access ONI records can be made at the National Archives of Australia (NAA) and they can be located through the NAA website.