Home | Databases | WorldLII | Search | Feedback Australian Parliamentary Joint Committee on Human Rights

National Disability Insurance Scheme Amendment (Strengthening Banning Orders) Bill 2020 [2020] AUPJCHR 110 (1 July 2020)

National Disability Insurance Scheme Amendment (Strengthening Banning Orders) Bill 2020^[1]

Publication of personal information on NDIS Provider Register

2.12 The National Disability Insurance Scheme Act 2013 (NDIS Act) currently provides that the National Disability Insurance Scheme Quality and Safeguards Commissioner (Commissioner) can make a banning order prohibiting or restricting specified activities by National Disability Insurance Scheme (NDIS) providers and persons currently employed or engaged by a NDIS provider.

2.13 This bill seeks to broaden the circumstances in which the Commissioner may make a banning order, so as to allow an order to be made:

• in relation to a person no longer employed or engaged by an NDIS provider,^[2] and to provide that the banning order will remain in force despite a person ceasing to deliver NDIS services;^[3] and

• proactively by the Commissioner where the person has not previously been employed or otherwise engaged by an NDIS provider, or not been an NDIS provider themselves, and the Commissioner reasonably believes that the person is not suitable to be so involved.^[4]

2.14 In addition, the NDIS Act currently provides that the NDIS Provider Register (Register) must include the name of persons who are, or were, NDIS providers and sets out any information about banning orders made against such persons. The bill proposes expanding this to allow the Register to include information in relation to individual employees of NDIS providers who have had banning orders made against them. The information included may include the person’s name, their Australian Business Number (if any), information about the banning order and any other matter prescribed by the NDIS Rules.^[5]

Preliminary international human rights legal advice

Rights of persons with disabilities and right to privacy

2.15 As this legislation is designed to expand the NDIS Commissioner’s powers to allow a banning order to be made against a person who may pose a risk of harm to people with disabilities, to prevent them from entering or re-entering the NDIS sector, it appears to promote the rights of persons with disabilities. The right to be free from all forms of violence, abuse and exploitation is enshrined in article 16 of the Convention on the Rights of Persons with Disabilities, which requires that State parties shall take all appropriate legislative, administrative, social, educational and other measures to protect persons with disabilities, both within and outside the home, from all forms of exploitation, violence and abuse.^[6] Further, '[i]n order to prevent the occurrence of all forms of exploitation, violence and abuse, States Parties shall ensure that all facilities and programmes designed to serve persons with disabilities are effectively monitored by independent authorities.' The statement of compatibility explains that enabling the Commissioner to proactively ban someone from working in the NDIS sector, will mean that a person who has had action taken against them in another field, such as aged care or child care, can be banned from working with people with disability before they commence in the NDIS sector.^[7] As the statement of compatibility notes, this recognises that some NDIS participants are amongst the most vulnerable people in the community, and these changes could promote the rights of such people with disability to live free from abuse, violence, neglect and exploitation.^[8]

2.16 However, publishing on a public website the personal details of employees who are subject to a banning order is also likely to limit the right to privacy, as such data contains personal reputational information that may affect an individual's ability to get employment in other, unrelated sectors. The right to privacy protects against arbitrary and unlawful interferences with an individual's privacy and attacks on reputation. It includes respect for informational privacy, including the right to respect for private and confidential information, particularly the storing, use and sharing of such information. It also includes the right to control the dissemination of information about one's private life.^[9]

2.17 The right to privacy may be subject to permissible limitations where the limitation pursues a legitimate objective, is rationally connected to that objective and is a proportionate means of achieving that objective.

2.18 The statement of compatibility recognises that making personal information publicly available about persons who have had a banning order issued against them, engages and limits the right to privacy. However, it argues that the limitation is permissible as it is reasonable 'in relation to preventing exploitation, violence and abuse in the disability sector'.^[10] It states:

The register will be generally publically available to allow people with disability and their representatives to search to help ensure that providers they are using are appropriately registered and not subject to any banning order. This is consistent with the objective to ensure that information about whether a person who works, or seeks to work, with people with disability poses a risk to such people, is current, accurate, and available to all States and Territories, and to employers engaging workers in the NDIS.
...
The range of information that will be shared with persons or bodies will be proportionate and necessary for the objective of minimising the risk of banned persons delivering NDIS supports and services to people with disability under the NDIS.

2.19 Minimising the risk of banned individuals from working with people with disability is a legitimate objective for the purposes of international human rights law, and making such information publicly accessible is likely to be effective to achieve (that is, rationally connected to) that objective. However, it is not clear that the inclusion of this personal information on a public website would be a proportionate means of achieving that objective.

2.20 The statement of compatibility states that the range of information to be contained on the Register is limited and it will not contain 'detailed information of the circumstances leading to the banning order, highly sensitive information relied on to support the banning decision, or information about a person's sexual identity or preferences'.^[11] This is relevant in considering the proportionality of the measure. However, it is noted that the bill provides that the Register may include 'information about the banning order', which does not itself provide for any restriction on what level of detail this may be.

2.21 A relevant consideration in determining the proportionality of the measure is whether there are other less rights restrictive ways to achieve the same aim. The changes proposed by this bill would mean any person who is, or was, employed by a NDIS provider and who is, or has been, subject to a banning order could have their name and information about the banning order publicly listed on the Register. It is not clear why it is necessary to include all of this information on a public website, and whether the aim of ensuring banned persons are not able to work in the NDIS sector could not be achieved in a less rights restrictive way. There may be other methods by which an employer or person with disability could determine whether a person is subject to a banning order, rather than publishing those details on a public website. For example, it would appear that it may be possible for the Register to be available on request by individuals (including people with disabilities and their supports) or potential employers, rather than being publicly available by default. In relation to equivalent sectors such as the aged care or child care sectors, it is noted that it does not appear that there is an equivalent process to search for the names of employees who have been subject to sanctions in those industries.^[12]

2.22 Further, in considering the proportionality of any limitation on the right to privacy, it is also important to consider any relevant safeguards with respect to how an individual's name is placed on the Register. It is unclear, for example, how soon the banning order is listed on the Register and whether the banning order is published before any review processes have been exhausted. The NDIS Act provides that a banning order takes effect from the day specified in the notice^[13] and the bill only states that the Register will include the information in relation to a person against whom a banning order 'is made'.^[14] A decision to make a banning order is a reviewable decision, with both internal review and review by the Administrative Appeals Tribunal (AAT) available.^[15] It would seem that the decision stays in place until and unless another decision is made,^[16] and it would appear that once a request for a review is lodged, it may take many months before an internal decision or review by the AAT is finalised, during which time the details of a banning order made against an individual may be publicly accessible.^[17] This may mean that a person may be listed on a public website as being banned from working within the NDIS on the basis of an administrative decision that is later overturned (noting that once information is included on a public website that information can sometimes remain available indefinitely in some form on the internet).

2.23 As such, further information is required to assess the proportionality of the measure in relation to the right to privacy, in particular:

• why the bill allows the NDIS Provider Register to include any 'information about the banning order', without any restriction on the level of detail that will be included;

• why it is necessary to list the names of current and former employees of NDIS providers who are subject to a banning order on a public website, and whether there are other less rights-restrictive means to achieve the stated objective (for example, allowing the Register to be accessed on request); and

• when is such information included in the Register and what safeguards are in place to ensure that an individual's right to privacy is adequately protected pending any review of a banning order decision.

Committee view

2.24 The committee notes that this bill broadens the circumstances in which the NDIS Quality and Safeguards Commissioner may make a banning order against an NDIS provider or other person, and would allow the names of current and former employees of NDIS providers who are subject to a banning order to be listed on a public website.

2.25 The committee considers that the bill, which is designed to help prevent the violence, abuse, neglect and exploitation of persons with disabilities, promotes and protects the rights of persons with disabilities. However, publishing on a public website the details of employees who have been banned also engages and limits the right to privacy. However, this may be a permissible limitation if it is shown to be reasonable, necessary and proportionate.

2.26 In order to fully assess the compatibility of this measure with right to privacy, the committee seeks the minister's advice as to the matters set out at paragraph [2.23].

[1] This entry can be cited as: Parliamentary Joint Committee on Human Rights, National Disability Insurance Scheme Amendment (Strengthening Banning Orders) Bill 2020, Report 8 of 2020; [2020] AUPJCHR 110.

[2] Schedule 1, item 2.

[3] Schedule 1, item 4, proposed subsection 73ZN(5A)

[4] Schedule 1, item 3 proposed subsection 73ZN(2A).

[5] Schedule 1, item 5, proposed subsection 73ZS(5A).

[6] Convention on the Rights of Persons with Disabilities. Article 16(1).

[7] Statement of compatibility, p. 4.

[8] Statement of compatibility, p. 5.

[9] International Covenant on Civil and Political Rights, article 17.

[10] Statement of compatibility, p. 7.

[11] Statement of compatibility, p. 6.

[12] For example, sections 59 and 59A of the Aged Care Quality and Safety Commission Act 2018 provides that information about an aged care service or a Commonwealth-funded aged care service may be made publicly available (including any action taken to protect the welfare of care recipients), but this does not apply to information relating to action taken against employees of those service providers.

[13] National Disability Insurance Scheme Act 2013, subsection 73ZN(5).

[14] Schedule 1, item 5, proposed subsection 73ZS(5A).

[15] National Disability Insurance Scheme Act 2013, sections 99, 100 and 103.

[16] A reviewable decision remains in effect while an internal review is being undertaken, and a request for internal review does not affect the operation of, or prevent the NDIS Quality and Safeguards Commission from taking action to implement, the original decision, see National Disability Insurance Scheme Act 2013, section 100(7).

[17] In terms of request for review of decision, the participant has three months from the date of a decision, within which a request for review can be lodged. Subsection 100(6) of the National Disability Insurance Scheme Act 2013 states that the reviewer must make a decision in relation to a request for review of a decision 'as soon as reasonably practicable'.