Home | Databases | WorldLII | Search | Feedback Australian Senate Standing Committee for the Scrutiny of Bills - Scrutiny Digests

Scams Prevention Framework Bill 2024 - Commentary on Ministerial Responses [2025] AUSStaCSBSD 13 (5 February 2025)

Scams Prevention Framework Bill 2024^[212]

Privacy^[213]

2.98 The bill provides that the Scams Prevention Framework (SPF) general regulator may disclose information relating to a scam (as defined in section 58AG of the bill or a scam within the ordinary meaning of that expression) to named entities.^[214] A note to the relevant provision confirms this includes personal information. The information can be disclosed by the SPF regulator to a regulated entity,^[215] a Commonwealth agency or authority involved in developing government policy relating to the SPF,^[216] a law enforcement agency of the Commonwealth or a State or Territory,^[217] and an agency of a foreign country that is a law enforcement agency or regulatory agency responsible for scam prevention.^[218] In disclosing information to an agency of a foreign country, the SPF general regulator must be satisfied that the agency has given an undertaking relating to controlling the storage, handling and use of the information, and ensuring the information will be used only for the purpose disclosed, and that it is appropriate, in all circumstances to disclose the information to the agency.^[219] Information disclosed to a Commonwealth agency or authority involved in developing government policy relating to the SPF must be de-identified, unless the SPF general regulator reasonably believes that doing so would not achieve the object of the SPF framework.^[220]

2.99 The bill further provides that the SPF rules may prescribe a scheme for authorising third parties to operate data gateways, portals or websites that give access to reports provided by regulated entities containing actionable intelligence about scams.^[221] Persons authorised under the scheme may use or disclose SPF information, including personal information, to the extent that it is reasonably necessary to achieve the objects of the SPF scheme.^[222]

2.100 In Scrutiny Digest 14 of 2024, the committee requested the Assistant Treasurer’s advice as to:

• whether the power to use or disclose personal information under sections 58BT and 58BV contains sufficient safeguards to appropriately protect the right to privacy;

• the appropriateness and necessity of providing that the SPF regulator need not notify any person (including potential victims of scams) that they have collected, used or disclosed their personal information;

• the appropriateness of amending the bill:

• to require that disclosures of SPF information containing personal information pursuant to proposed section 58BV can only be made by the SPF general regulator for specific purposes linked to the achieving the objectives of the SPF framework;

• to require that all SPF information be de-identified when shared under proposed section 58BV, unless doing so would not achieve the object of the SPF framework;

• to require regulated entities to de-identify personal information when reporting on actionable intelligence regarding scams, unless to do so would not achieve the object of the SPF framework, and/or requiring the authorised person under proposed section 58BT to specifically consider the need for de-identification; and

• to provide that notice need not be given under proposed 58EI of the collection, use or disclosure of the personal information of alleged scammers only (enabling scam victims to be notified), and provide all persons to be notified once any investigation is complete.^[223]

Assistant Treasurer’s response^[224]

2.101 The Assistant Treasurer advised that the bill, together with the obligations of the Privacy Act 1988 (Privacy Act), contain sufficient safeguards to appropriately protect the right to privacy. The Assistant Treasurer advised that this includes:

• the requirement for an authorised third party to come to a view that the use or disclosure of personal information is needed to prevent and respond to scams impacting consumers;

• that the SPF rules may be used to prescribe conditions on any authorisations and may prescribe additional safeguards relating to personal information and this has currently not been provided for in the bill as the appropriate safeguards will depend on the authorised third party; and

• that the SPF rules will be used to prescribe the kinds of information to be provided in an actionable scam intelligence report and in reports about the outcomes of investigations.

2.102 The Assistant Treasurer also advised that Australian entities receiving personal information will generally be subject to the Privacy Act, or equivalent, obligations, and that additional safeguards are included in the bill in relation to entities that may not be covered by the Privacy Act, such as a foreign agency, such as the agency having to enter into an undertaking with the SPF general regulator in relation to the storing, handling and use of information.

2.103 In relation to the lack of an obligation to notify any person about the collection, use or disclosure of personal information, the Assistant Treasurer advised that in most cases, personal information shared will related to the persons perpetrating the scam or otherwise involved in the scam. These persons cannot be notified as it would inform the perpetrator of the scam of the investigation. The Assistant Treasurer advised that it would be impractical for the SPF regulator to contact each victim of a scam in the limited circumstances where the personal information of a victim is collected, used or disclosed. The Assistant Treasurer finally advised that where it is appropriate to do so, the provision does not prevent regulated entities or SPF regulators from providing notifications where it is appropriate to do so.

2.104 In relation to whether the bill should be amended requiring that disclosure be made only for specific purposes linked to the achieving of the objectives of the SPF framework, the Assistant Treasurer advised that this would frustrate the objects of the framework as it would require an assessment of each piece of information before disclosure which may result in a delay in effectively disrupting scam activity and protecting consumers. The Assistant Treasurer noted a number of existing provisions which provide appropriate privacy protections in this context.

2.105 In relation to the de-identification of personal information, the Assistant Treasurer advised that this would require the SPF regulator to assess each piece of information prior to disclosure which would delay the disclosure of time-sensitive information with relevant entities and prevent the regulator from setting up automated intelligence sharing systems. The Assistant Treasurer advised that when sharing with law enforcement agencies or regulated entities, personal information will need to be shared quickly to enable the receiving entity to use the information to take effective disruptive action to prevent consumer loss.

2.106 Finally, in relation to providing notification to impacted persons once an investigation is completed, the Assistant Treasurer advised that in most cases, personal information being shared under the reporting obligations in the bill will be information about persons perpetrating the scam activity. Further, the Assistant Treasurer advised that there are practical challenges associated with notifying victims of scams where personal information relating to a victim is collected, used or disclosed, including the risk that scammers may be tipped off by notifications to scam victims. The Assistant Treasurer advised that this may impose a significant burden on regulators and may divert resources and focus from the objectives of the bill, and that regulated entities who may have a direct relationship with the consumer may be more appropriately placed to notify customers.

Committee comment

2.107 The committee thanks the Assistant Treasurer for this response. The committee notes this advice and acknowledges the need for timely action in this context, which may include the disclosure of personal information to law enforcement agencies and regulated entities. Based on this detailed advice, the committee now appreciates that the requirement to assess each piece of personal information prior to disclosure could frustrate the objectives of the legislation by slowing the movement of information. The committee also understands that requiring de-identification of personal information would prevent the use of automated systems and slow down activities designed to prevent and disrupt scams. The committee considers that had this information been included in the explanatory memorandum, the committee would have been assisted in its assessment of these concerns at the outset and may not have needed to correspond with the Assistant Treasurer on these matters.

2.108 However, the committee cautions that due to the breadth of the objects of the SPF and the need for rapid sharing of personal information there is the potential that more personal information may be shared than is strictly needed for the operation of this regulatory framework.

2.109 The committee acknowledges that it may be impractical for the SPF regulator to notify victims of scams in relation to the collection, use and disclosure of their personal information. However, the committee considers that affected persons still have a right to be informed of the use of their personal information, particularly noting that these individuals have already suffered intrusions to their privacy as a result of scam activity.

2.110 The committee recommends that consideration be given to amending the bill to require regulated entities to inform SPF consumers of the disclosure of their personal information on the completion of an investigation where this is reasonably practicable in the circumstances.

2.111 Noting the importance of explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation,^[225] the committee considers that the key information provided by the Assistant Treasurer should be included in the explanatory memorandum of this bill.

Incorporation of external materials as existing from time to time^[226]

2.112 The bill seeks to provide that SPF codes may make provision in relation to a matter by applying, adopting or incorporating any matter contained in an instrument or other writing as in force or existing from time to time.^[227]

2.113 In Scrutiny Digest 14 of 2024, the committee requested the Assistant Treasurer’s advice as to:

• the type of documents that it is envisaged may be applied, adopted or incorporated by reference under proposed subsection 58CC(4);

• whether documents applied, adopted or incorporated by reference under proposed subsection 58CC(4) will be made freely available to all persons interested in the law; and

• why it is necessary to apply the documents as in force or existing from time to time, rather than when the instrument is first made.^[228]

Assistant Treasurer’s response^[229]

2.114 The Assistant Treasurer advised that an SPF code may apply, adopt or incorporate by reference material contained in State or Territory legislation, instruments made by an SPF regulator, or materials published on the SPF regulators’ websites. The Assistant Treasurer also provided an example of a document that might be incorporated (namely a standard).

2.115 The Assistant Treasurer advised that generally, incorporated material will be freely accessible with no charge. However, there may be exceptional circumstances in which a fee is required for access and, where this is necessary, the Assistant Treasurer advised that affected entities may already have access to that material from the normal course of their business.

2.116 Finally, the Assistant Treasurer advised that the ability to incorporate extrinsic material from time to time is necessary and appropriate to achieve the objects of the SPF given the wide range of industries and sectors the framework applies to and the fluid nature of scam activity.

Committee comment

2.117 The committee thanks the Assistant Treasurer for this response. The committee welcomes the Assistant Treasurer’s advice that incorporated materials will generally be freely accessible and acknowledges the advice that they will need to be incorporated from time to time due to the fluid nature of scam activity.

2.118 In relation to the exceptional circumstances where it is necessary for an SPD code to refer to material that may require a fee for access, the committee notes its general position that access to all materials which form the content of the law is essential for public confidence in the operation of regulatory schemes. Documents which are incorporated into the law should be freely available not only to the entities that are directly required to comply with these measures, but also to members of the public who have an interest in oversight and understanding of the law.

2.119 The committee draws to the department’s attention its understanding that it is not uncommon for incorporated documents that may be subject to copyright to be made available by departments in other manners, such as via access through public library systems, the National Library of Australia, or at Departmental offices, for free viewing by interested parties.^[230]

2.120 Noting the importance of explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation,^[231] the committee considers that the key information provided by the Assistant Treasurer should be included in the explanatory memorandum of this bill.

Privacy
Procedural fairness^[232]

2.121 The bill provides that the SPF general regulator or the SPF regulator for a regulated sector may issue a public written notice containing a warning about the conduct of a person if the regulator:

• reasonably suspects that the person’s conduct may constitute a contravention of a specified provision of the SPF principles;^[233]

• is satisfied that one or more persons has suffered, or is likely to suffer, detriment as a result of the conduct;^[234] and

• is satisfied that it is in the public interest to issue the notice.^[235]

2.122 The public warning notice will be published on the regulator’s website.^[236]

2.123 In Scrutiny Digest 14 of 2024, the committee requested the Assistant Treasurer’s advice as to:

• the appropriateness of proposed section 58FZL enabling the SPF general regulator to issue public warning notices, with consideration provided to the impacts of such a notice on both procedural fairness and individual privacy, and how procedural fairness will be provided in practice to a person likely to be affected by a public warning notice;

• whether SPF regulators will be required to take down, within a reasonable time, any public warning notices that were issued but which, upon review, are incorrect;

• what type of matters may lead the regulator to reasonably suspect conduct may constitute a contravention of the SPF framework, and whether consideration was given to applying a higher threshold to the issuing of a public warning notice, or, if not, why not.^[237]

Assistant Treasurer’s response^[238]

2.124 The Assistant Treasurer advised that the obligations under the SPF apply to regulated entities only (which is expected to include banks, telecommunications providers and certain digital platforms), and as such any public notice issued is likely to relate to an entity rather than a natural person. The Assistant Treasurer also advised that these notices are intended to alert affected consumers, and consumers and small businesses more broadly, about the regulated entity’s alleged conduct.

2.125 The Assistant Treasurer advised that this does not seek to limit the fundamental common law right of procedural fairness or negatively impact individual privacy. The Assistant Treasurer advised it is likely that the SPF regulator will alert a regulated entity to an investigation that has commenced with respect to that entity and the proposal to issue a public warning notice. The entity may be invited to respond to the allegations, where this is appropriate, however, the Assistant Treasurer advised that there may be circumstances where there have been substantial scam losses in a short period of time and issuing a public warning notice is critical. In these cases, limited engagement with the entity may be appropriate.

2.126 The Assistant Treasurer also noted that the conditions to be met prior to issuing a public warning notice, such as the SPF regulator having reasonable grounds to suspect certain conduct has constituted a contravention of the SPF, are designed to minimise the risk of any incorrect information being provided to the public. The Assistant Treasurer also advised that entities are informally able to seek correction of any incorrect information in a notice and are able to seek judicial review of the decision to issue a notice. The Assistant Treasure advised that the bill does not include a requirement for the SPF regulator to take down a public warning notice that is later found to be incorrect.

2.127 The Assistant Treasurer advised that section 58FZL does not unnecessary constrain, via an exhaustive list, the types of matters the regulator may reasonably suspect to be conduct that constitutes a contravention of the SPF. This reflects the principles-based nature of the SPF obligations and the fluid nature of the scam activity that leads to the consumer harm intended to be mitigated by this framework and allow the regulator to consider the evolving nature of scam activity in a particular sector which may impact what is a reasonable step for the purpose of an SPF principle.

2.128 The Assistant Treasurer finally advised that the existing threshold to issue a public warning notice is sufficient and a higher threshold would require a SPF regulator to undertake a longer investigation, which would limit the effectiveness of the notices in informing customers in order to lower the risk of scams harm to the community.

Committee comment

2.129 The committee thanks the Assistant Treasurer for this response and notes the Assistant Treasurer’s advice that these public warning notices are likely to only affect regulated entities and are not intended to limit the fundamental common law right to procedural fairness.

2.130 Further, the committee notes the Assistant Treasurer’s advice that defining the types of conduct that may constitute a contravention of the SPF and applying a higher threshold to the issuing of a public warning notice would limit the effectiveness of public warning notices as an enforcement tool.

2.131 The committee reiterates that it relies on the quality of explanatory memoranda to perform its scrutiny function. The committee considers that had this information been included in the explanatory memorandum, the committee would have been assisted in its assessment of these concerns at the outset and may not have needed to correspond with the Assistant Treasurer on these matters.

2.132 The committee notes the advice that there is an informal mechanism for a regulated entity that has identified any incorrect information in a public warning notice to notify the relevant SPF regulator and this may result in the correction of that notice or revocation of that notice where appropriate. It is not clear to the committee why this cannot be included as a legislative safeguard.

2.133 The committee therefore recommends that consideration be given to amending the bill to require a SPF regulator to correct a public warning notice where the regulator is aware the notice is incorrect.

2.134 Noting the importance of explanatory materials as a point of access to understanding the law and, if needed, as extrinsic material to assist with interpretation,^[239] the committee considers that the key information provided by the Assistant Treasurer should be included in the explanatory memorandum of this bill.

Significant matters in delegated legislation
Henry VIII clause – modification of primary legislation by delegated legislation
No-invalidity clause^[240]

2.135 In Scrutiny Digest 14 of 2024, the committee raised a number of concerns in relation to the inclusion of a number of matters integral to the operation of this regulatory scheme in delegated legislation. The committee also outlined its concerns in relation to no-invalidity clauses included in the bill, where if the minister fails to meet requirements provide for in the bill prior to making an instrument, the validity of the instrument is not affected.^[241]

Assistant Treasurer’s response^[242]

2.136 The Assistant Treasurer undertook to amending the explanatory memorandum to contain further justifications in order to address both concerns. The Assistant Treasurer advised that an updated explanatory memorandum will be tabled in Parliament as soon as practicable.

Committee comment

2.137 The committee thanks the Assistant Treasurer for this response and welcomes the undertaking to amend the explanatory memorandum in response to the committee’s concerns.

^[212] This entry can be cited as: Senate Standing Committee for the Scrutiny of Bills, Scams Prevention Framework Bill 2024, Scrutiny Digest 1 of 2025; [2025] AUSStaCSBSD 13.

^[213] Schedule 1, item 1, proposed sections 58BV and 58EI. The committee draws senators’ attention to these provisions pursuant to Senate standing order 24(1)(a)(i).

^[214] Schedule 1, item 1, proposed subsection 58BV(1).

^[215] Schedule 1, item 1, proposed paragraph 58BV(2)(a).

^[216] Schedule 1, item 1, proposed paragraph 58BV(2)(b).

^[217] Schedule 1, item 1, proposed paragraph 58BV(2)(c).

^[218] Schedule 1, item 1, proposed paragraph 58BV(2)(d).

^[219] Schedule 1, item 1, proposed paragraphs 58BV(3)(a) and (b).

^[220] Schedule 1, item 1, proposed subsection 58BV(4).

^[221] Schedule 1, item 1, proposed section 58BT.

^[222] Schedule 1, item 1, proposed subsection 58BT(3).

^[223] Senate Scrutiny of Bills Committee, Scrutiny Digest 14 of 2024 (20 November 2024) pp. 41–44.

^[224] The Assistant Treasurer responded to the committee’s comments in a letter dated 20 December 2024. A copy of the letter is available on the committee’s webpage (see correspondence included with the committee’s assessment of this bill).

^[225] See Acts Interpretation Act 1901, section 15AB.

^[226] Schedule 1, item 1, proposed subsection 58CC(4). The committee draws senators’ attention to this provision pursuant to Senate standing order 24(1)(a)(v).

^[227] Schedule 1, item 1, proposed subsection 58CC(4).

^[228] Senate Scrutiny of Bills Committee, Scrutiny Digest 14 of 2024 (20 November 2024) pp. 45–46.

^[229] The Assistant Treasurer responded to the committee’s comments in a letter dated 20 December 2024. A copy of the letter is available on the committee’s webpage (see correspondence included with the committee’s assessment of this bill).

^[230] See, for example, correspondence between the Attorney-General and the Senate Standing Committee for the Scrutiny of Delegated Legislation in relation to the Disability (Access to Premises – Buildings) Amendment Standards 2020 [F2020L01245].

^[231] See Acts Interpretation Act 1901, section 15AB.

^[232] Schedule 1, item 1, proposed section 58FZL. The committee draws senators’ attention to this provision pursuant to Senate standing order 24(1)(a)(i) and (iii).

^[233] Schedule 1, item 1, proposed paragraph 58FZL(1)(a) and (2)(a).

^[234] Schedule 1, item 1, proposed paragraph 58FZL(1)(b) and (2)(b).

^[235] Schedule 1, item 1, proposed paragraph 58FZL(1)(c) and (2)(c).

^[236] Schedule 1, item 1, proposed subsection 58FZL(3).

^[237] Senate Scrutiny of Bills Committee, Scrutiny Digest 14 of 2024 (20 November 2024) pp. 45–46.

^[238] The Assistant Treasurer responded to the committee’s comments in a letter dated 20 December 2024. A copy of the letter is available on the committee’s webpage (see correspondence included with the committee’s assessment of this bill).

^[239] See Acts Interpretation Act 1901, section 15AB.

^[240] Schedule 1, item 1, proposed sections 58AC, 58CB, 58AD and 58FH, and proposed subsections 58AE(2) and 58DB(2). The committee draws senators’ attention to these provisions pursuant to Senate standing orders 24(1)(a)(iii) and (iv).

^[241] Senate Scrutiny of Bills Committee, Scrutiny Digest 14 of 2024 (20 November 2024) pp. 36–41.

^[242] The Assistant Treasurer responded to the committee’s comments in a letter dated 20 December 2024. A copy of the letter is available on the committee’s webpage (see correspondence included with the committee’s assessment of this bill).