COVID-19 Immunisation Readiness Project Privacy Impact Assessment

Response to this request is delayed. By law, Services Australia should normally have responded promptly and by (details)

Dear Services Australia,

I am requesting access to the Privacy Impact Assessment (PIA) #39159 for the "COVID-19 Immunisation Readiness Project" under the Freedom of Information Act 1982 (Cth). Please send the PIA in electronic format, if possible.

Yours faithfully,

Rex Banner

FREEDOMOFINFORMATION, Services Australia

Thank you for contacting the Freedom of Information (FOI) team in Services
Australia (the Agency).

 

This email acknowledges your correspondence and provides some general
information in relation to FOI.

 

FOI – Extension of time request

Under the Freedom of Information Act 1982 (FOI Act) you have a right, with
limited exceptions, to access documents the Agency holds. The Agency has
30 days to process an FOI request. Please note this period may be extended
if we need to consult third parties or for other reasons. We will advise
you if this happens.

 

Due to the Agency’s reduced activity period over 22 December 2022 through
3 January 2023, we are seeking your agreement to extend the processing
time by an additional 15 days. If you agree to this additional time we
would appreciate if you could reply to this email with ‘I agree’.

 

Charges

The Agency will advise you if a charge is payable to process your request
and the amount of any such charge as soon as practicable. No charge is
payable for providing a person with their own personal information.

 

Your address

The FOI Act requires you to provide us with an address which we can send
notices to. We will send correspondence and notices to your email address.
Please advise us as soon as possible if you wish correspondence to be sent
to another address or if your email address changes.

 

Administrative release of documents

The Agency has administrative access arrangements in place for the release
of certain documents without the need for a formal FOI request. These
arrangements do not extend to information or material of third parties.

 

Exclusion of staff details

The Agency is working towards ensuring all staff have a choice about
whether they provide their full name, personal logon identifiers and
direct contact details in response to FOI requests. Where such details are
included in documents they will be redacted. If you request staff details
as part of your FOI application, this may add to processing time and
applicable charges as it will be necessary to consider whether these
details are exempt under the FOI Act.

            

show quoted sections

I agree

FREEDOMOFINFORMATION, Services Australia

2 Attachments

Dear Mr Banner

 

Please find attached the decision letter and document relating to your
request for access to documents held by Services Australia.

 

Kind regards,
Cherie

Information Access Branch

LEGAL SERVICES DIVISION

[1]cid:image002.jpg@01D6BC07.2D63B370

Please note: This email and any attachments may contain information
subject to legal professional privilege or information that is otherwise
sensitive or confidential. If you are not the intended recipient of this
email, you are prohibited from using or disseminating this communication.
If you have received this communication in error please notify the sender
immediately and permanently delete this email.

 

show quoted sections

References

Visible links

Dear Services Australia,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Services Australia's handling of my FOI request 'COVID-19 Immunisation Readiness Project Privacy Impact Assessment'.

If I read correctly there are two issues that are preventing the release of 1 document.

1: "I am satisfied there is a possibility of real harm resulting from release as the document contains
detailed legal analysis about the Agency’s cyber operations and environment. Disclosure of
this information creates the real risk of third party actors gaining insight into the Agency
systems and architecture, and exploiting this knowledge for malicious purposes. "

This is not real harm. This is purely hypothetical, unless, that is, Service Australia is operating such a system that purely knowing Agency systems and architecture would give a actor access; In which case Services Australia has an obligation to report this to https://www.cyber.gov.au/acsc/report

Keeping systems secret might be an argument in a time bound way to fix a problem or in the case of Trade Secrets.

Security measures are part of Privacy Impact Assessments that have been routinely disclosed. eg https://help.abc.net.au/hc/en-us/article...

"I consulted with Agency officers in the Health Programmes Division who advised me that
disclosure of the document poses a real and substantial risk of compromising the Agency’s
cybersecurity measures and exposing the Agency to greater risk of cyber-attacks"

Could you please release what the advice was?

2 Legal Privilege:
Legal Privilege is not conferred purely by labelling a document as such. There is a bar that must be met.
I obviously haven't seen the document, however I ask two related questions:

Would Services Australia release *any* of their Primacy Impact Assessments or are they considered legally privileged?

Is the entire document subject to LPP?

Was the Privacy Impact Assessment done by a lawyer?

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/c...

Yours faithfully,

Rex Banner

FREEDOMOFINFORMATION, Services Australia

Thank you for contacting the Freedom of Information (FOI) team in Services
Australia (the Agency).

 

This email acknowledges your correspondence and provides some general
information in relation to FOI.

 

Charges

The Agency will advise you if a charge is payable to process your request
and the amount of any such charge as soon as practicable. No charge is
payable for providing a person with their own personal information.

 

Your address

The FOI Act requires you to provide us with an address which we can send
notices to. We will send correspondence and notices to your email address.
Please advise us as soon as possible if you wish correspondence to be sent
to another address or if your email address changes.

 

Administrative release of documents

The Agency has administrative access arrangements in place for the release
of certain documents without the need for a formal FOI request. These
arrangements do not extend to information or material of third parties.

 

Exclusion of staff details

The Agency is working towards ensuring all staff have a choice about
whether they provide their full name, personal logon identifiers and
direct contact details in response to FOI requests. Where such details are
included in documents they will be redacted. If you request staff details
as part of your FOI application, this may add to processing time and
applicable charges as it will be necessary to consider whether these
details are exempt under the FOI Act.

            

show quoted sections