Privacy Act 1988 Part VI - Public Interest Determination No. 13A
Disclosure and collection of personal information to improve outcomes for children and young people at risk of serious harm 
Relevant National Privacy Principles:      National Privacy Principles 2.1 and  10.1
Effective:                                                   16 February 2012 to 15 February 2017 inclusive

Under s 72(4) of the Privacy Act 1988 (the Privacy Act), I, Timothy Pilgrim, Privacy Commissioner, make the following generalising determination:
(1)   No organisation that has implemented and complied with the Information Sharing Guidelines for promoting the safety and wellbeing of children, young people and their families (Government of South Australia 2008) (the ISG) is taken to contravene s 16A of the Privacy Act while Public Interest Determination No. 13 (PID 13) is in force, if the organisation does an act, or engages in a practice, that is the subject of PID 13.
Implementation of the ISG includes the completion of an organisation specific appendix outlining the organisation’s protocols for sharing information in accordance with the requirements of the ISG.
My reasons for making this determination are attached. 
Timothy Pilgrim
Privacy Commissioner
7 February 2012
 
 
 
 
 
 
Attachment
Statement of Reasons for Public Interest Determination No. 13A
Disclosure and collection of personal information to improve outcomes for children and young people at risk of serious harm 
Privacy Act 1988 (Cth), s 79(3)

Background
UnitingCare Wesley’s application
On 7 October 2011, UnitingCare Wesley Adelaide (the applicant) made an application under s73 of the Privacy Act 1988 (Cth)[1] (the Privacy Act) for a public interest determination (PID) to be issued under s72 of the Privacy Act.[2] The applicant is an ‘organisation’ for the purposes of s 6C of the Privacy Act.
The application has been sought to enable implementation of the South Australian Information Sharing Guidelines for Promoting the Safety and Wellbeing of Children (SA Government 2008) (the ISG). These guidelines aim to improve early intervention outcomes by providing a consistent and structured framework for service coordination.
The application indicates a concern that, in the absence of a PID, the applicant will be unable to share personal information without consent in accordance with the ISG where children and young people are at risk of significant harm.
The National Privacy Principles (NPP) are contained in schedule 3 of the Privacy Act and apply to organisations. Two NPPs were raised in the application: NPP 2.1 and NPP 10.1.
·                NPP 2.1 governs the use and disclosure of personal information and states that an organisation may only use or disclose personal information for the purpose for which it was collected unless a prescribed exception applies. 
·                NPP 10.1 concerns the collection of ‘sensitive information’. Sensitive information is defined in s 6 of the Privacy Act to include ‘health information’. NPP 10.1 prohibits organisations from collecting sensitive information unless a prescribed exception applies.
In applying for a PID, the applicant submitted that the potential of the ISG to impact on effective early intervention is significant, where effective intervention relies on improved service coordination and collaboration between government agencies and non-government organisations. Service coordination is necessary as the services required to address the complex needs of high risk families rarely fall within the scope of a single provider. A complete understanding of co-existing issues is necessary to respond effectively and reduce the risk of harm to children and young people.
The applicant further submitted that it is not possible to undertake effective early intervention work if organisations are required to wait for a serious risk of harm to be imminent before information can be shared. Early intervention is considered by the applicant to reduce the risk and extent of harm that may be experience by children or young people. Information sharing as part of an effective early intervention response is therefore in the public interest and is likely to reduce social and financial costs.
In addition, the application more broadly highlights the importance of coordination between relevant government agencies and organisations for effective early intervention. I have therefore considered the application on the basis that these issues apply to all organisations that have implemented and comply with the ISG in South Australia.
Consultation process
Publication of the application and invitation of submissions
The Office of the Australian Information Commissioner (the OAIC) invited submissions on UnitingCare Wesley Adelaide’s application between 21 October and 25 November 2011.
On 21 October 2011, the OAIC published a consultation paper inviting comments about the issues raised in the application, including any comments on the scope and nature of a PID. The OAIC also sought comment on the appropriateness of making a determination that gives general effect to the PID. That is, to allow other organisations that have implemented and complied with the ISG to perform the permitted act or practice in the same circumstances as the applicant.
 
The consultation paper was available on the OAIC website over the five week consultation period. All material was published in accessible and downloadable formats, and was available in hard copy on request.
The application and consultation were publicised:
·         by notation on the OAIC’s website
·         on the OAIC’s Twitter feed
·         through OAICnet, the OAIC’s email subscriber list
·         through the OAIC’s RDF Site Summary (RSS) feed
·         on the Australian Government online forum, GovDex, and
·         through the South Australian Council for Social Service fortnightly e-Bulletin.
In addition, on 24 October 2011, the OAIC also directly contacted the following stakeholders by email to inform them that the consultation was taking place, and to invite submissions:
·         the members of the OAIC’s Privacy Advisory Committee
·         the members of the Privacy Authorities Australia network, and
·         31 key privacy, government and non-government community service organisations.
Submissions received
The following individuals and entities made written submissions regarding UnitingCare Wesley Adelaide’s application and the proposed PIDs:
·         Anglicare SA
·         Department for Communities and Social Inclusion (South Australia)
·         Lifeline South East SA
·         Megan Mitchell, NSW Commissioner for Children and Young People on behalf of Australian Children’s Commissioners and Guardians:
o   Aileen Ashford, Commissioner for Children (Tasmania)
o   Howard Bath, Children’s Commissioner (Northern Territory)
o   Kerryn Boland, Children’s Guardian (NSW)
o   Elizabeth Fraser, Commissioner for Children and Young People and Child Guardian (Queensland)
o   Bernie Geary, Child Safety Commissioner (Victoria)
o   Alasdair Roy, Children and Young People Commissioner (ACT)
o   Michelle Scott, Commissioner for Children and Young People (Western Australia)
o   Pam Simmons, Guardian for Children and Young People (South Australia)
·         SA Health
·         Pam Simmons, Guardian for Children and Young People (South Australia)
·         South Australian Association of Major Community Organisations on behalf of:
o   Centacare Catholic Family Services
o   Southern Junction Community Services
o   Mission Australia SA
o   UnitingCare Wesley Port Adelaide
o   Australian Salvation Army SA
o   Baptist Care SA
·         South Australian Council of Social Service (SACOSS)
·         Southern Junction Community Services Inc.
All nine submissions were highly supportive of UnitingCare Wesley Adelaide’s application and the proposed PID. Additionally, all nine submissions supported the generalising of the determination and stressed the importance of it applying to similar organisations.
Requirements of s72 of the Privacy Act
Under s72(2) of the Privacy Act, I am empowered to make a written determination where I am satisfied that:
(a)               an act or practice of an organisation breaches, or may breach… a National Privacy Principle that binds the organisation; but
(b)               the public interest in the organisation doing the act, or engaging in the practice, substantially outweighs the public interest in adhering to that… Principle.
Under s72(3) of the Privacy Act, the effect of such a determination is that the act or practice of the organisation will be taken not to contravene s 16A of the Privacy Act.  That is, the act or practice will not be regarded as an act or practice that breaches an NPP.
Breach of National Privacy Principle 2.1
The applicant has sought an exemption from complying with NPP 2.1 and more specifically, NPP 2.1(e).
Under NPP 2.1, an organisation must not use or disclose personal information about an individual for a purpose other than the primary purpose of collection, unless the individual (whom the information is about) has consented or a listed exception applies.
There may be some limited circumstances in which the applicant would be unable to rely on the exceptions to NPP 2.1 to disclose information in accordance with the information sharing arrangements outlined in the ISG.
In particular, I have considered the application of NPP 2.1(e). That principle provides that personal information can be disclosed without consent under NPP 2.1(e) where:
‘the organisation reasonably believes that the use or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health or safety;’ [emphasis added]
The applicant has identified that they are unable to rely on NPP 2.1(e) to make disclosures under the ISG where there is a serious, but not imminent, threat to a person’s life, health or safety. Insofar as the word ‘imminent’ is generally understood to mean ‘immediate’.
The main inconsistency between the circumstances in which information can be disclosed under the ISG and NPP 2.1(e), is that the ISG does not require serious threats to an individual to be imminent before a disclosure is made without consent, whilst NPP 2.1(e) requires that this threat must also be imminent.
The applicant has submitted that while a child or young person may not be at risk of immediate harm, it may be clear from the circumstances that there are reasonable grounds to believe that they are at risk of serious harm. The pattern of family interactions, behaviour of parents or guardians, peer relations or the social or physical situation of a child or young person, may put their future life, health or safety at risk of serious harm. The applicant considers that information sharing in these circumstances is necessary to enable effective and appropriate early intervention to occur to alleviate the potential for the serious harm to occur and reduce the seriousness of the threat. I accept the applicant’s view that in these circumstances, personal information cannot be disclosed under NPP 2.1(e).
NPP 2.1(b) enables personal information to be used or disclosed where the ‘individual has consented to the use or disclosure’. While the ISG approaches information sharing from the general position that informed consent should be sought, the applicant submits that gaining consent to the disclosure may increase the risk of harm to a child or young person or is not possible in all circumstances. In these circumstances, the applicant would be unable to rely on NPP 2.1(b) to disclose the information under the ISG.
I have also considered the application of NPP 2.1(a). That principle provides that ‘sensitive information’[3], including ‘health information’, may be used or disclosed for a related secondary purpose if:
·         the secondary purpose is ‘directly related to the primary purpose of collection’, and
·         the person to whom the information relates would ‘reasonably expect the organisation to use or disclose the information for the secondary purpose’.
The primary purpose of collecting sensitive information from an individual should be interpreted narrowly, such as to assist an individual with a particular situation or to treat a particular condition. The context in which an individual gives information to an organisation will determine the primary purpose of collection and it should be recognised that individuals may want to access services in particular and limited ways.
A directly related purpose is one which is closely associated with the original purpose. Where the information to be disclosed constitutes sensitive information there needs to be a direct relationship with the original purpose for which it was collected. I consider that in certain circumstances, such as where information is collected for the purpose of assisting an individual, but disclosed for the purpose of assisting another individual, that the applicant may not be able to rely on NPP 2.1(a).
Further, while an individual may expect a human service organisation to provide them with information about other services that may be beneficial to them or their family, it may be beyond the individual’s reasonable expectations for sensitive information to be disclosed to another organisation without their consent for the purposes of providing services to a child or young person in their care.
As required by s 72(1)(a) of the Privacy Act, I am satisfied that the proposed disclosure may breach NPP 2.1.
Pending law reform
Following its review of Australian privacy law, the Australian Law Reform Commission (the ALRC) released its report ‘For your Information: Australian Privacy Law and Practice’ in August 2008 (Report 108).[4]  In Report 108, the ALRC recommended that a new use and disclosure principle should include an exception permitting to the use and disclose of personal information where agencies or organisations reasonably believe that the use or disclosure is necessary to lessen or prevent a serious threat to an individual’s life, health or safety. [5] The ALRC considered that the ‘current requirement that the requisite threats to an individual be imminent as well as serious sets a disproportionately high bar to the use and disclosure of personal information.’[6]
The Australian Government in its First Stage Response to Report 108 (the Response) has indicated that it will remove the requirement for ‘imminence’ in relation to disclosures as part of the major reform to the Privacy Act.[7] The Response proposes that agencies and organisations should be permitted to use or disclose personal information where necessary to lessen or prevent a serious threat to an individual’s life, health or safety only after consent has first been sought, where that is reasonable and practicable.
The proposed amendments to the Privacy Act are yet to be made.
Breach of National Privacy Principle 10.1
As set out in the application, the acts or practices that are the subject of PIDs 13 and 13A involve the collection of certain types of sensitive information where seeking consent to the collection would place a child or young person at risk of serious harm.
Under NPP 10.1, an organisation must not collect ‘sensitive information’ about an individual unless the individual has consented or a listed exception applies. For the purposes of the Privacy Act, ‘sensitive information’ includes health information (s 6, Privacy Act).
As part of participating in the information sharing arrangements under the ISG, it may be necessary for the applicant to collect sensitive information without consent where it has been disclosed without consent. It is suggested that where it is inappropriate to seek consent to the disclosure of the personal information as to do so would place a child or young person at risk of harm, it would also be inappropriate to seek consent to the collection of this information.
It does not appear that the circumstances detailed in the application would allow the applicant to rely on any other exception to enable sensitive personal information to be collected where it has been disclosed without consent in accordance with the ISG.
I am satisfied that the proposed collection may breach NPP 10.1.
Assessing the Public Interest
In determining the public interest test set out in s 72(2)(b) of the Privacy Act, I have relied on the information in the current application and the submissions received in relation to that application.
I have also made reference to the factors discussed below, which are taken from the OAIC’s Public Interest Determination Procedure Guidelines.[8]
The central public interest objective being served by this determination is the provision of coordinated human services to facilitate early intervention and ultimately, improved child protection outcomes.
The right to privacy is not absolute and in some circumstances, privacy rights will necessarily give way where there is a compelling public interest reason to do so. In these instances, it is necessary to ensure that the solution implemented minimises the intrusion to the fullest extent possible in the circumstances. In making the determination it is important to get the balance right between protecting individual privacy and providing effective health, safety and welfare services to all Australians.
The nature of the public interest objectives served by the proposed interference with privacy
A key determinant of public interest in this decision is that permitting the relevant disclosure and collection will enable the provision of coordinated human services and, ultimately, improved child protection outcomes through effective early intervention.
In particular, the applicant noted that disclosure and collection of this type of information is used to improve service coordination and inform effective early intervention. Human services organisations support a number of essential aspects of life such as education, family support, housing and health. Information held by one of these organisations may hold significant importance for the work of another and a full picture of the circumstances of the child or young person and the adults they relate to may only emerge if these organisations can collect, use and disclose relevant personal information. This view is shared by the Guardian for Children and Young People (South Australia) who submitted that ‘when faced with co−existing issues like homelessness, mental illness, family violence, drug and alcohol abuse or gambling, an informed interagency and multi−disciplinary response is required.’
All the submitters identified that there is clear public interest in assisting families at risk through early intervention strategies to avoid circumstances deteriorating to a crisis situation. Anglicare SA noted in its submission that ‘identifying and responding to at risk children and their families, reduces the risk of harm to children and their possible entry into the state's child protection system.’ Similarly, SACOSS submitted that ‘effective early intervention can help prevent homelessness, family violence, crime, abuse and neglect, poverty and promote social inclusion.’
The Australian Children’s Commissioners and Guardians, the Guardian for Children and Young People (South Australia) and SA Health pointed to a number of recent inquires and reviews of child protection systems that have consistently recommended improved information sharing to allow for earlier intervention when a child is at risk of harm. Submitters agreed that a stronger focus on prevention of harm at an early stage and improved collaboration between service organisations is necessary.
The extent to which the proposed act or practice is inconsistent with an individual’s reasonable expectation of privacy
Child abuse and neglect and serious family difficulties remain significant issues for the Australian community. The safety and wellbeing of children is a concern for all levels of government. This is reflected in initiatives such as the Protecting Children is Everyone's Business: National framework for protecting Australia's children (the National Framework) endorsed by the Council of Australian Governments in 2009, which is aimed at reducing child abuse and neglect in Australia over time. The National Framework takes the approach that the protection of children is not simply a matter for the statutory child protection systems.
With regard to initiatives such as the National Framework, I consider that the community places a high value on protecting children and young people. Further, there is an expectation across the community that necessary steps will be taken to prevent the circumstances in which child abuse and neglect may arise. Equally, in taking such steps to protect children or young people from serious threats to their life, health or safety, there is an expectation that privacy rights will necessarily give way.
I am satisfied that the proposed act or practice is consistent with an individuals’ reasonable expectation of privacy.
The potential for the proposed act or practice to harm the interests of individuals
Generally, an individual’s right to be informed as to the handling of their personal information, especially information that is sensitive, and to have some measure of control over how their information is collected, used and disclosed is regulated by NPPs 1, 2 and 10.  There is potential for harm to an individual’s interests if their sensitive information is handled without their consent or knowledge.
In making a disclosure under this determination the applicant must reasonably believe that disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of a child or young person up to the age of 18 years. The applicant will need to have reasonable grounds for its belief that the disclosure is necessary and that the threat is ‘serious’ according to the ordinary meaning of the word and in the context of any vulnerabilities of the individual concerned.
The removal of the imminence requirement will not impact on the need to assess whether a threat is likely to eventuate. Any analysis of whether a threat is ‘serious’ must involve consideration of the gravity of the potential outcome as well as the relative likelihood. The applicant will also need to have reasonable grounds for its belief that the proposed disclosure is essential to lessening or preventing the threat, and not merely helpful or convenient. Such considerations provide an important safeguard and will assist in ensuring that the potential for the proposed act or practice to harm the interests of individuals is minimised.
The applicant and submitters strongly identified that the framework provided by the ISG also provides a number of important safeguards to protect the interests of the individuals concerned.
In particular, organisations implementing the ISG are required to develop an appendix detailing how the ISG will be applied in their organisation. Appendices form an attachment to the ISG and contain information about the organisation, case studies and resources to ensure employees and volunteers understand how to appropriately share information under the ISG in the context of their own work environment. The Office of the Guardian for Children and Young People (South Australia) has produced guidance to assist organisations in drafting an appendix. [9] That office may provide assistance to organisations in developing an appendix and an Information Sharing Advisor position has been established to provide support and monitor implementation.
SACOSS considered that the development of an ISG appendix ensures that attention is given to seeking informed consent, keeping appropriate records, exchanging information in a secure manner and the promotion of privacy. SA Health identified that the procedures built into the ISG ‘encourage service providers to work with children, young people and their families by seeking their consent in a proactive way.’ Whilst Anglicare SA noted that the ‘ISG promotes privacy and client consent while at the same time facilitates inter-agency information sharing in an appropriate manner within a client centred approach.’ 
In regards to the operation of the ISG to date, the Guardian for Children and Young People (South Australia) has been advised by relevant South Australian Government agencies, that ‘the vast majority of information sharing occurs with the client's consent and client records are accurate and secure.’
I note that the ISG does not require disclosure of personal information without consent, but provides the framework for such disclosure to occur in appropriate circumstances. Organisations are not compelled to share information where consent has not been given if they do not consider that there is a legitimate purpose for information sharing or if they disagree with the assessment of risk.
When properly implemented and complied with, the ISG is designed to preserve and promote the interests of all individuals concerned, and particularly vulnerable individuals such as children and young people. I consider that the risks to individuals are adequately addressed by the context in which the information will be collected, disclosed and used.
The need to balance the competing interests contained in s 29 of the Privacy Act
Under s 29 of the Privacy Act, in performing their functions or exercising their powers, the Commissioner must, amongst other things:
(a)             have due regard for the protection of important human rights and social interests that compete with privacy…
Australia is a party to seven core international human rights treaties. The rights of parents and children are contained in the United Nations Convention on the Rights of the Child (CRC) and in the International Covenant on Civil and Political Rights (ICCPR).
The Preamble to the Privacy Act makes clear that the legislation was intended to implement, at least in part, Australia’s obligations relating to privacy under the ICCPR. Specifically, article 17 of the ICCPR prohibits unlawful or arbitrary interferences with a person's privacy, family, home and correspondence. However, the right to privacy is not absolute and there may be circumstances in which the guarantees in article 17 can be outweighed by other primary considerations.
With respect to children, article 24 of the ICCPR provides that:
Every child shall have, without any discrimination as to race, colour, sex, language, religion, national or social origin, property or birth, the right to such measures of protection as are required by his status as a minor, on the part of his family, society and the State.
In addition to the rights enjoyed by all persons under the ICCPR, the CRC sets out child-specific needs and rights. The CRC encompasses civil, political, economic, social and cultural rights for children as well as provisions regarding their care and protection. A number of articles of the CRC are of particular relevance in the context of a consideration of measures that aim to improve outcomes for children through effective early intervention. Relevantly, the CRC recognises that children everywhere are entitled to the right:
to survival[10]
to develop to the fullest[11] to protection from harmful influences, abuse and exploitation,[12] and to participate fully in family, cultural and social life.[13]
Under the CRC, the best interests of children must be the primary concern in making decisions that may affect them.[14] The principle of the best interests of the child applies to all actions concerning children and requires active measures to protect their rights and promote their survival, growth, and well-being.
Privacy is a right that must be appropriately balanced against other competing rights, including the rights of children and families. I consider that the proposed acts or practices advance the protection of human rights and the rights of children. To the extent that they may also limit human rights, those limitations are reasonable and proportionate.
The impact on the public interest if the proposed act or practice is not permitted
Based on the examples presented by the applicant and the written submissions the OAIC received, I am of the view that the life, health or safety of children and young people could be compromised if the proposed disclosure and collection of personal information is not permitted. 
The applicant further indicates that the costs of failing to intervene early to support individuals and families at risk are substantial. This view that successful early intervention has long term benefits, both for individuals and the broader community is also reflected in the written submissions received.
Effective early intervention for at risk families can help to prevent issues like homelessness, mental illness, family violence, crime, neglect, poverty, social isolation, drug and alcohol abuse or gambling. It was also suggested that there will be financial costs and increased demands on acute service systems and the child protection system if the act or practice is not permitted.   
Conclusions regarding the public interest
On balance, having taken all of the above factors into consideration and, in consultation with relevant stakeholders, I have found that the public interest in permitting the relevant acts or practices substantially outweighs adherence to NPP 2.1 and NPP 10.1 in the relevant circumstances.  
I am of the view that the central public interest objective being served by this determination is the provision of coordinated human services to facilitate early intervention and ultimately, improved child protection outcomes.
I am satisfied that the sharing of personal information for the purposes of lessening or preventing a serious threat to the life, health or safety of a child or young person facilitates effective early intervention.
Continuing application of the National Privacy Principles to information collected under these determinations
Further, I note that the privacy protection standards in NPPs 1 to 9 and 10.2 to 10.3 will continue to apply to protect the third party’s information once collected.
In particular, NPPs 1.1 and 1.2 ensure that information that is collected should be confined to that necessary to an organisation’s functions or activities and be collected only by lawful and fair means and in a way that is not unreasonably intrusive. Further, NPP 3 provides that an ‘organisation must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date’.
Security of personal information is an important element of privacy practice. NPP 4.1 provides that an organisation ‘must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure’.
For all of these reasons I am satisfied that the public interest in allowing the applicant to disclose and collect the information in question, in the circumstances set out in PID 13, substantially outweighs the public interest in adhering to NPPs 2.1 and 10.1.
Generalising the effect of the determination
In addition to applying for a determination with regards to the acts or practices of UnitingCare Wesley Adelaide, the application more broadly highlights the importance of coordination between relevant government agencies and organisations for effective early intervention. Each of the submitters addressed this issue and requested that a determination be made with general application to all relevant organisations.
The Guardian for Children and Young People (South Australia) considered a determination with broader application to be in the public interest and identified that a generalising determination will enable:
·         enhanced protection of, and support for, vulnerable members of the community
·         consistency of privacy practice and language across professional groups, and
·         the ISG to be fully implemented across the non−government sector in South Australia.
My reasoning above has been developed on the basis that these issues apply to all organisations that have implemented and comply with the ISG in South Australia and accordingly I have made a separate determination (PID 13A) under s 72(4) of the Privacy Act, giving general effect to PID 13.
Organisations to which PID 13A applies
PID 13A applies to all organisations in South Australia that have implemented and comply with the ISG, where those organisations use, disclose and collect information in the limited circumstances referred to under PID 13, in relation to UnitingCare Wesley Adelaide.
Implementation of the ISG includes the completion of an organisation specific appendix outlining the organisation’s protocols for sharing information in accordance with the requirements of the ISG.

[1] http://www.comlaw.gov.au/Series/C2004A03712
[2]http://www.oaic.gov.au/news/consultations/PID_UnitingCare_Wesley/PID_application_unitingcare_wesley_adelaide.html
[3] Sensitive information is a subset of personal information. Sensitive information is defined in s 6 of the Privacy Act and includes information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health information about an individual.
[4] ALRC Report 108 is available at: www.alrc.gov.au/publications/report-108
[5]     ALRC Report 108, Recommendation 25-3.
[6]     ALRC Report 108, paragraph 25.83.
[7]     See Recommendation 25-3 of ‘Enhancing National Privacy Protection’, Australian Government First State Response to the Australian Law Reform Commission Report 108 For Your Information: Australian Privacy Law and Practice, October 2009. Available at: www.dpmc.gov.au/privacy/alrc_docs/stage1_aus_govt_response.doc.
[8]     www.privacy.gov.au/materials/types/download/8806/6606
[9] See A guide to writing an ISG appendix (SA Government 2010) available at www.gcyp.sa.gov.au/information-sharing-guidelines/
[10] Convention on the Rights of the Child, 20 November 1989, [1991] ATS 4, (entered into force generally on 2 September 1990), article 6
[11] Ibid, article 6
[12] Ibid, article 19
[13] Ibid, articles 9, 16, 17, 27, 28
[14] Ibid, article 3