• Legal database
Legal database

ABRS 2021/1 - Explanatory statement

Corporations Act 2001

Explanatory Statement

General Outline of Instrument

1. This data standard is made under section 1270G of the Corporations Act 2001 (Corporations Act), which provides that the Registrar may make data standards on matters relating to the performance of the Registrar's functions and the exercise of the Registrar's powers.

2. The Registrar must perform its functions and exercise its powers under Part 9.1A of the Corporations Act in accordance with the data standard/s made under section 1270G of the Corporations Act.

3. An application for a Director Identification Number (director ID) must meet any requirements of this data standard.

4. This data standard provides for the following:

(a)
what information may be requested and collected for the purposes of the performance of the Registrar's functions and the exercise of the Registrar's powers;
(b)
how such information may be collected;
(c)
how an application is to be made;
(d)
when information is to be given to the Registrar;
(e)
how the Registrar uses information to authenticate, verify or validate information;
(f)
how information held by the Registrar is to be recorded and stored;
(g)
correction of information held by the Registrar; and
(h)
the manner and form of communication between the Registrar and persons who give information to the Registrar or seek to access information held by the Registrar.

5. In accordance with section 5C of the Corporations Act, the relevant version of the Acts Interpretation Act 1901 that applies to the Corporations Act is the version as at 1 November 2005. Under section 33(3) of the Acts Interpretation Act 1901 where an Act confers a power to make, grant or issue any instrument (including rules, regulations or by-laws) the power shall, unless the contrary intention appears, be construed as including a power exercisable in the like manner and subject to the like conditions (if any) to repeal, rescind, revoke, amend, or vary any such instrument.

Date of effect

6. This instrument commences on the later of:

(a)
the day after it is registered on the Federal Register of Legislation; and
(b)
the day on which Part 9.1A of the Corporations Act commences.

7. By way of clarity, this data standard applies from the day after the Registrar is appointed to perform functions and powers in connection with Part 9.1A of the Corporations Act.

Background

8. The introduction of a director ID requirement is one of the Commonwealth Government initiatives to facilitate confidence, promote good corporate conduct, and to deter and penalise illegal phoenixing in order to protect those who are negatively affected by such fraudulent behaviour.

9. Illegal phoenixing occurs when the controllers of a company deliberately avoid paying liabilities by shutting down an indebted company and transferring its assets to another company. This impacts on creditors who fail to receive payments for goods and services, employees through lost wages and/or superannuation entitlements and the general public through lost revenue to the Government. The total cost of illegal phoenixing to the Australian economy is estimated to be between $2.9 billion and $5.1 billion annually.[1]

10. The new director ID regime will also offer benefits beyond combating illegal phoenixing. For instance, it is important for shareholders, employees, creditors and consumers to be confident they know who the directors of a company are. The director ID regime offers a simpler more effective tracking of directors and their corporate history will reduce time and cost for administrators and liquidators, thereby improving the efficiency of the insolvency process. In addition, the new regime will improve data integrity and security.

11. The director ID will require all directors to confirm their identity and it will be a unique identifier for each individual who consents to being appointed a director. The individual will keep that unique identifier permanently, even if they cease to be a director. An individual's director ID will not be re-issued to someone else and generally only one director ID will be issued to an individual.

12. The director ID will provide traceability of a director's relationships across companies, enabling better tracking of directors and preventing the use of fictitious identities. This will assist regulators and external administrators to investigate a director's involvement in what may be repeated unlawful activity including illegal phoenix activity.

13. This data standard applies to individuals applying for a director ID under the Corporations Act. Note that the Corporations (Aboriginal and Torres Strait Islander) Act 2006 may also require that an individual has a director ID. A separate data standard will detail the requirements for an application for a director ID for an applicant under that Act. If an individual already has applied for or received a director ID under one Act, that individual must not apply for a second director ID under the other Act.

What information may be requested and collected in an application for a director ID

14. The Registrar is required to give a person who has applied under section 1272A of the Corporations Act a director ID if the Registrar is satisfied that the person's identity has been established.

15. For the purposes of establishing an individual's identity and providing the individual with a director ID or to update that individual's details, the Registrar may require and collect an individual's names and former names, addresses and former addresses, contact details, and date and place of birth. The Registrar may request, but not compel, the individual's tax file number to establish the individual's identity.

16. For the purpose of establishing a person's identity the Registrar may request and collect identity documents or information evidencing the individual's identity.

17. If the Registrar is unable to identify an individual with sufficient certainty from the information provided by the individual using this information, section 6 of the data standard clarifies that the Registrar may request and collect from the individual other information necessary to establish the individual's identity.

18. There may be considerable variation in the circumstances of each applicant, and the information required to uniquely identify an individual can vary.

19. In order to ensure sufficient flexibility in allowing individuals to confirm their identity, it is not possible to provide an exhaustive list of identity information that may be requested by the Registrar.

20. A key objective of the registries system is flexibility, and the Registrar is provided with powers to administer the director ID requirement including how directors are to establish their identity. Having the ability to request alternative documents to enable an individual to be identified provides that flexibility to the benefit of both the individual and the Registrar.

21. Data collected through an accredited digital identity provider will be used to authenticate the details provided by the individual.

How the Registrar may collect information

22. The director ID will be a unique identifier for each individual who applies for a director ID. An individual can have only one director ID.

23. Individuals applying through the electronic platform will be required to verify their identity digitally, this will require a digital identity credential. Individuals will need to provide documents to apply for a digital identity credential (if they do not already have one) in order to confirm their identity.

24. Currently, individuals applying for a digital identity credential are required to prove their identity using key Australian identity documents.

25. The preferred means of applying for a director ID is electronically. If an individual is unable to apply electronically, the Registrar may consider accepting a paper or other form of application. Foreign directors or directors unable to obtain a digital identity credential will follow the existing ATO proof-of-identity process, which is predominantly paper-based and may include certified copies of identity documents, assistance through Shop Fronts, use of an apostille and Australian Consulates.

26. An individual who wishes to apply for a director ID will visit the proposed website (or link to it from another Government site, such as the ATO website). When they click on the button to apply for a director ID, they will be directed to an accredited digital identity provider for authentication.

27. If the individual does not have a digital identity credential, they can apply at this stage, and prove their identity using key Australian identity documents. The currently accepted documents are a driver's licence or learner's permit, passport, birth certificate, Australian visa, and Medicare card. Additional documents may be accepted sometime in the future.

28. The accredited digital identity provider will collect and verify some personal information (such as name, date of birth and email address), and this will be passed to the Registrar's secure platform. This information will be displayed to the individual to indicate that this information has been collected/shared from their digital identity.

29. Individuals will be informed about the collection of their personal information through a privacy notification at the time of application.

How to apply for a director ID

30. An application for a director ID must be made in the form approved by the Registrar. The form will usually be an electronic form, unless the individual cannot use the electronic form.

31. For digital application an accredited digital identity provider will be the main proof-of-identity solution used for director IDs. Currently, individuals applying for a digital identity credential are required to prove their identity using key Australian identity documents. Individuals may apply for a digital identity through myGovID at no cost to the individual

32. Individuals are responsible for completing the director ID application form themselves, and an agent or other third party cannot apply for a director ID on behalf of a director unless the Registrar is satisfied that an exception applies. Exceptions to this requirement include situations where an applicant may require assistance to apply for a director ID if they are unable to prepare the application themselves (for example, due to disability, injury or illiteracy). The Registrar will assess an individual's circumstances on a case by case basis.

33. An accredited digital identity provider will be the main proof-of-identity solution used for director IDs. Currently, individuals applying for a digital identity credential are required to prove their identity using key Australian identity documents.

When information is to be given to the Registrar

34. Individuals are required to apply for a director ID prior to being appointed as a director. Although the transitional arrangements provide that during the first year an individual has 28 days from the date the individual is appointed director to apply for a director ID, individuals can apply to the Registrar to extend this period to whatever period the Registrar considers reasonable.

35. The Minister, by legislative instrument, will specify the transitional application period for individuals that were already appointed director at the time the director ID law commences. Until this instrument is made there is no requirement for these individuals to apply for a director ID. After this transitional application period has ended an individual will have to apply for a director ID before being appointed as a director.

36. If an individual anticipates that they will become an eligible officer within the next 12 months, they may apply for a director ID.

37. The Registrar can direct an individual who is a director to apply for a director ID whether or not that individual already has a director ID.

38. For the purposes of giving an individual a director ID an individual is required to provide to the Registrar the information requested under section 6 of the instrument.

39. An individual who has a director ID may request the Registrar to update any of their details listed in section 6 of the instrument (this may include requests through authorised agents). Directors also have an obligation under section 205C of the Corporations Act to provide any company of which they are a director with any changes in personal details. Subsection 205C(3) of the Corporation Act makes non-compliance with this requirement an offence.

How the Registrar uses the information

40. The Registrar may use the director ID information collected under sections 6 and 9 of the instrument to establish the identity of an individual for the purpose of giving the individual a director ID and maintaining the accuracy of director ID information.

41. If the Registrar is not satisfied as to the identity of an individual, the Registrar will not provide an individual with a director ID until the individual supplies additional information which will enable the Registrar to identity the individual.

42. The Registrar may make a record of information collected or generated in the course of processing the individual's director ID application, including any updates or corrections of director ID information.

43. Information collected under the data standard is protected information within the meaning of section 8 of the Corporations Act and is subject to the secrecy and disclosure provisions in Part 9.1 of the Corporations Act.

44. Where possible the Registrar will validate information provided by the director in real-time, such as email, mobile and addresses using data validation software (for example, does the email meet the email format, that is, have an "@" symbol and have valid characters, and does a phone number contain the correct number of characters). If the information provided is not validated, the form will prompt the individual to re-enter the correct information in the field. If information is not validated, the form cannot be submitted.

45. Where an individual submits a paper form of application, and the Registrar is unable to validate the individual's identity, the Registrar will be unable to provide a director ID until the individual provides further information.

46. The Registrar will also verify information provided by an individual to ensure it is correct by comparing that information with information from other sources. For example, the Registrar may check the information provided by an individual against Australian driver's license information.

47. The Registrar may also authenticate the information provided by an individual to link the individual to an ATO client record. This will facilitate the use of ATO enterprise systems and shared services and provide additional certainty around the individual's identity.

48. Where relevant, the Registrar will cross-check information received from Australian Securities and Investments Commission (ASIC) registries to aid in ensuring integrity of the data received.

49. By way of example, the Registrar may authenticate the information provided in an application for a director ID using an accredited digital identity provider, and may perform proof of record ownership by checking the individual's address against ATO records.

50. The information the Registrar obtains is protected information. The Registrar may disclose protected information to other government agencies and may make a disclosure framework relating to disclosing protected information to entities other than government agencies.

51. The Registrar may provide a Tax File Number (TFN) to the Commissioner of Taxation for verification purposes. Upon receipt of a TFN, the Commissioner may confirm the TFN is correct, or provide the relevant individual's correct TFN, or inform the Registrar that the relevant individual does not have a TFN. The Registrar may also request from the Commissioner the TFN of an individual who has applied for a director ID for the purposes of verifying the identity of the individual.

How the Registrar must record and store information

52. The Registrar must record and store information given to, or otherwise obtained or generated by, the Registrar. The data from the director ID application will be stored in a secure platform controlled and maintained by the Registrar.

53. The Registrar will take steps to protect the information held about individuals against loss, unauthorised access, use, modification or disclosure and other misuse. The Registrar will apply industry-best security methods, including information technology and physical security audits, penetration testing and industry best practice risk management and system security technologies to protect the personal information held.

54. The National Archives of Australia publishes Records Authorities which are developed in accordance with the Archives Act 1983. The Registrar will maintain records according to Records Authorities to manage the retention and disposal of Commonwealth Agency records. Records Authorities are available to be accessed at naa.gov.au.

How the Registrar may correct information held by the Registrar

55. The Registrar may update the director ID information of an individual if the Registrar reasonably believes the information (including any personal information) is incorrect, for example a company informs the Registrar of changed details for a director(s).

56. An individual will be able to request updates to their details electronically. Although the online method is the preferred approach, a paper and/or telephone option may also be provided. It should be noted that name and date of birth are linked to the individual's digital identity, so changes to these items will have to be made via an accredited digital identity provider. These updates will be synchronised with the secure platform and previous details will be retained for historical registry purposes.

57. In accordance with Australian Privacy Principles (APPs) under the Privacy Act 1988, an APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure. The Registrar is complying with obligations under APP 10 (Quality of personal information). This aligns with the policy intent of the legislation, which is to gain greater certainty as to the identity of the individuals operating as directors in our community.

Communication

58. The Registrar anticipates that the number of directors who will be required to have a director ID is approximately 10% of the Australian population. To ensure that communications with a group of this size are faster, more cost effective and more convenient, the Registrar will communicate with holders and applicants for a director ID electronically unless the individual's circumstances prevent electronic communication.

59. An individual may be contacted by other means such as a letter or phone call if they are not able to be contacted via electronic means.

60. An individual may be contacted and asked additional questions about their director ID or their application, to be provided with a director ID, to be informed that their director ID has been compromised or cancelled, or to be directed to apply or apply again for a director ID. An individual may also be contacted where the Registrar suspects that an individual has provided false or misleading information or has applied for more than one director ID.

61. An individual who has applied for a director ID can access information provided to the Registrar in relation to their director ID. Other persons (for example government bodies) who are permitted by law to access information in relation to a director ID must access this information electronically.

Declaration

62. An applicant for a director ID will be required to complete a declaration confirming that:

(a)
the individual is the applicant identified in the application;
(b)
any information provided in the application is true and correct,
(c)
they meet the requirements to apply for a director ID, that is:

(i)
they are an eligible officer or they intend to become an eligible officer within 12 months after they have applied; and
(ii)
they do not already have a director ID or have been directed by the Registrar to apply or apply again.

63. In the electronic application this declaration will be made by way of the individual confirming their declaration.

64. If an applicant does not make the declaration (for example, because they have been banned from being a director due to fraud and, as such, cannot be an eligible officer or intend to be an eligible officer), the application will not progress further.

65. A declaration for an application made via paper form will be confirmed by way of the individual signing the form to confirm the declaration.

66. If an applicant makes the declaration, and the Registrar is satisfied that the individual's identity has been confirmed, then the individual will be provided with a director ID.

Review of certain decisions

67. An individual adversely affected by a decision within the meaning of the Administrative Appeals Tribunal Act 1975 made under this data standard may apply for review of a decision in accordance with section 1317B of the Corporations Act.

Compliance Cost Impact

68. Compliance cost impact: The instrument is minor or machinery in nature. It implements certain procedural elements of a decision that has already been made by Government. No further Regulation Impact Statement is needed for this instrument.

Consultation

69. Subsection 17(1) of the Legislation Act 2003 requires that the rule-maker undertake an appropriate level of consultation that is reasonably practicable to undertake before making a legislative instrument.

70. For this instrument, broad consultation was undertaken for a period of 3 weeks commencing on 12 March 2021. The draft instrument and draft explanatory statement were published on the Treasury website.

71. Targeted consultation was also undertaken with the Modernising Business Registers Business Advisory Group (MBR BAG). The MBR BAG is a large committee with Government and Industry stakeholders, which provides an ongoing means of direct consultation with the MBR stakeholder community, including providing an advisory role. The members of the MBR BAG can be found on the Australian Taxation Office (ATO) website.

72. In addition to these targeted consultations, there were 17 written submissions received, including 1 commercial in-confidence submission. Feedback was received from:

SM Solvency Accountants
Peppernell Consulting
Superannuation Warehouse
illion
Australian Small Business and Family Enterprise Ombudsman
Transparency International Australia
Chartered Accountants Australia and New Zealand
CPA Australia
Australian Institute of Company Directors
Governance Institute of Australia
BGL
Australian Business Software Industry Association
Law Council of Australia
Mr Philip Argy
Institute of Certified Bookkeepers
Tax Justice Network Australia
An 'in confidence' submission.

73. Comments were supportive of the instrument and director ID initiative, with suggestions for minor edits to provide further clarity. Submissions also discussed Government policy and implementation issues that were out of scope of this instrument. It is noted that further detailed guidance will generally be made available on the Registrar's website to provide further assistance on how and when to apply for a director ID and other process related issue.

Statement of compatibility with Human Rights

This Statement is prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Corporations Director Identification Number Data Standard 202x

This Legislative Instrument is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Overview of the Legislative Instrument

This disallowable data standard sets out the information the Registrar will require in order to be able to give a Director Identification Number (director ID) to an individual who has applied for a director ID under the Corporations Act 2001 (Corporations Act). This data standard addresses the following:

(a)
what information may be requested and collected;
(b)
how the Registrar may collect information;
(c)
how an individual is to apply;
(d)
when information is to be given to the Registrar;
(e)
how the Registrar uses the information;
(f)
how the Registrar must record and store information;
(g)
how the Registrar may correct information held by the Registrar;
(h)
communication;
(i)
declaration; and
(j)
review of certain decisions.

Human rights implications

The data standard may engage two applicable rights or freedoms - to presumption of innocence, and to privacy and reputation. This data standard does not engage any other applicable rights or freedoms. The Treasury Laws Amendment (Registries Modernisation and Other Measures) Act 2020 provides for the director ID regime by amending the Corporations Act, and the offences in relation to a director ID.

The director ID requirement promotes good corporate conduct and deters and penalises illegal phoenixing in order to protect those who are negatively affected by such fraudulent behaviour. Illegal phoenixing occurs when the controllers of a company deliberately avoid paying liabilities by shutting down an indebted company and transferring its assets to another company. This impacts on creditors who fail to receive payments for goods and services, employees through lost wages and/or superannuation entitlements and the general public through lost revenue to the Government. The total cost of illegal phoenixing to the Australian economy is estimated to be between $2.9 billion and $5.1 billion annually.

The new director ID regime will also offer benefits beyond combating illegal phoenixing. For instance, it will improve data integrity and security, and the simpler more effective tracking of directors and their corporate history will reduce time and cost for administrators and liquidators thereby improving the efficiency of the insolvency process.

Engagement of the presumption of innocence

The new director ID requirement engages the presumption of innocence because it creates several new strict liability offences.

The presumption of innocence is contained in article 14 of the International Covenant on Civil and Political Rights. Paragraph 2 of Article 14 protects the right of an individual charged with a criminal offence to be presumed innocent until proven guilty according to law. The presumption of innocence is not an absolute right. It generally requires the prosecution to prove each element of a criminal offence beyond reasonable doubt. An offence provision that requires a defendant to carry an evidential burden may be considered to engage the right to the presumption of innocence.

The following offences contain offence specific defences for which the defendant carries an evidential burden:

(i)
requirement to have a director ID; and
(ii)
applying for an additional director ID.

There are two defences in relation to the requirement to have a director ID:

(i)
The individual applied for a director ID: before appointment; within a period specified in regulations (if such regulations are made); or within a period allowed by the Registrar.
(ii)
The individual was appointed as an eligible officer (which triggers the requirement to have a director ID) without their knowledge.

There are two defences in relation to applying for additional director IDs:

(i)
The individual was directed by the Registrar to make the application.
(ii)
The individual made an application under Part 6-7A of the Corporations (Aboriginal and Torres Strait Islander) Act 2006.

The evidential burden for the above defences has been reversed because the subject matter of the defence is:

(i)
peculiarly within the knowledge of the defendant (for example, when the individual applied for a director ID, when the individual was appointed director, the fact that the individual became an eligible officer without their knowledge, the details of being directed by the Registrar to apply for a director ID); and
(ii)
significantly more difficult and costly for the prosecution to disprove than for the defendant to establish.

The offences are critical to the operation of the regime. The imposition of an evidential burden for the defences achieves a legitimate object because it ensures that the offences are prosecutable, thereby allowing effective enforcement of the new regime. The strict liability nature of the offences is also consistent with existing offences in the Corporations Act and Corporations (Aboriginal and Torres Strait Islander) Act 2006.

The offences are directed at proving the identity of directors to assist regulators to better detect, deter and disrupt illegal phoenixing and improve the integrity of corporate data maintained by the Registrar. The limitations on the presumption of innocence afforded by these offences can be considered rational and necessary because they enhance the effectiveness of the enforcement regime in deterring avoidance of the director ID requirement and ensure the integrity of information about companies and their officers.

The burden of proof on the defendant is an evidential burden. The effect of the imposition is therefore that the defendant must merely adduce or point to evidence of the defence. Once this is done, the prosecution bears the burden of proof. Because of the low evidential burden on the defendant, to the extent that imposing that burden is a limitation on the right to be presumed innocent, it is proportionate and reasonable in the circumstances.

In relation to the director ID requirement, the strict liability offences above relating to failure to apply for a director ID might be considered to engage the right to a fair and public hearing because they are subject to the infringement notice regime under the Regulatory Powers (Standard Provisions) Act 2014.

The Registrar does have the power to issue infringement notices if a person fails to comply with director ID provisions. Infringement notices can be issued when an infringement officer reasonably believes that the offence provisions have been contravened and give the option of paying a stated penalty as an alternative to court proceedings.

Because the obligations to apply for a director ID involve timeframes and apply to a large number of people, minor breaches may be expected to occur with some frequency. Infringement notices are an efficient way of dealing with minor breaches, as they avoid the significant delays and costs associated with court action.

Although infringement notices may be intrusive, they are necessary to ensure a level playing field for all directors. Without these, some directors may choose not to comply with the obligation to apply for a director ID, knowing there will be no serious consequences for doing so.

Engagement of the right to privacy

Article 17 of the International Covenant on Civil and Political Rights provides that no one shall be subjected to arbitrary or unlawful interference with their privacy, family, home or correspondence, nor to unlawful attacks on their honour and reputation. The right to privacy is not an absolute right. In some circumstances, it must be weighed against the equally justified right of others and against matters that benefit society as whole.

The introduction of a director ID requirement is one of the Commonwealth Government initiatives to promote good corporate conduct, and to deter and penalise illegal phoenix activity in order to protect those who are negatively affected by such fraudulent behaviour. The new director ID regime will also offer benefits beyond combating illegal phoenixing. For instance, simpler more effective tracking of individuals and their corporate history will reduce time and cost for administrators and liquidators, thereby improving the efficiency of the insolvency process. In addition, the new regime will improve data integrity and security. For example, it would be possible to allow individuals to be identified by a number rather than by other more personally identifiable information.

The director ID requirement will engage the right to privacy because it provides for the collection and disclosure of information including personal information within the meaning of the Privacy Act 1988. The director ID regime requires the provision of information including name information, address information, contact information, and the applicant's date of birth. The Registrar can also request, but not compel, the individual to provide their tax file number. The Registrar may also disclose protected information to other government agencies and may make a disclosure framework relating to disclosing protected information to entities other than government agencies. The data standard in relation to the director ID requires personal information be given for the purposes of authenticating, validating and verifying an individual's identity.

To any extent to which the provision of this information constitutes a limitation on the individual's right to be protected from interference with their privacy, the limitation is justified because the provision of information is in pursuit of the legitimate objective identified and is rationally connected and proportionate to the objective sought, as the information is required to establish identity, provide assurances and to ensure that the director ID regime is administered according to the intent of the legislation and community expectations. The data standard only requires personal information to the extent required for authenticating, validating and verifying an individual's identity, so that the director ID regime can be effectively administered.

Further, providing greater certainty as to the identity of the individuals operating as directors in our community involves a positive privacy change, noting that the APPs in the Privacy Act 1988 requires an APP entity to take reasonable steps to ensure the personal information it collects is accurate, up to date and complete and to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

The new regime will improve data integrity and security. For example, it would be possible to allow individuals to be identified by a number rather than by other more personally identifiable information. The introduction of a director ID aims to deter and penalise illegal phoenix activity and provide for a single, efficient platform providing traceability, addressing registry fragmentation and reducing the regulatory burden of having to provide the same information more than once.

Handling of information

Information given to, or otherwise obtained or generated by the Registrar as a result of a director ID application may be stored in a secure platform controlled and maintained by the Registrar. The Registrar will take steps to protect the personal information held about individuals against loss, unauthorised access, use, modification or disclosure and other misuse. The Registrar will apply industry-best security methods, including information technology and physical security audits, penetration testing and industry best practice risk management and system security technologies to protect the personal information held.

To the extent that information collected is personal information there are safeguards to protect an individual's right to privacy. In particular, the Registrar is complying with obligations under the Australian Privacy Principles under the Privacy Act 1988, Records authorities issued by the National Archives of Australia and a privacy impact assessment has been conducted in accordance with the Privacy (Australian Government Agencies - Governance) Australian Privacy Principles Code 2017 to ensure legislative requirements and community expectations regarding privacy are met.

The data standard itself will be a disallowable instrument and therefore subject to proper Parliamentary oversight and the consultation requirements contained in the Legislation Act 2003.

For these reasons, the data standard does not unnecessarily and unreasonably restrict an individual's right to privacy. Information is only collected and disclosed to the extent required to achieve the legitimate objective of administering the director ID requirement, with the limitation reasonable, necessary and proportionate.

Review of certain decisions

An individual adversely affected by a decision within the meaning of the Administrative Appeals Tribunal Act 1975 made under this data standard may apply for review of a decision in accordance with section 1317B of the Corporations Act. A decision by the Registrar to correct information held by the Registrar is not subject to review by the Administrative Appeals Tribunal (see section 1317C of the Corporations Act).

Conclusion

This Legislative Instrument is compatible with human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Accordingly, while the presumption of innocence and the right to privacy are engaged, the limitations are:

(a)
aimed at achieving a legitimate objective;
(b)
rationally connected with the objective; and
(c)
reasonable, necessary and proportionate.

The objective of introducing a director ID requirement is to promote good corporate conduct, and to deter and penalise illegal phoenixing. The Registrar must provide an eligible officer with a director ID if the Registrar is satisfied that the individual can be uniquely identified. The Registrar requires certain information from the eligible officer to uniquely identify that individual in accordance with this objective. Therefore, this request for information represents a lawful interference with an individual's human rights that is rationally connected with the objective. This interference is justified from the viewpoint of being reasonable, necessary and proportionate to provide the assurance for administering the director ID regime.

Footnotes

Explanatory Memorandum to the Treasury Laws Amendment (Combating Illegal Phoenixing) Bill 2019, at paragraph 1.4.


15 April 2021

Chris Jordan
Registrar

Legislative References:
Acts Interpretation Act 1901
The Act

Administrative Appeals Tribunal Act 1975
The Act

Archives Act (1983)
The Act

Commonwealth Registers Act 2020
The Act

Corporations (Aboriginal and Torres Strait Islander) Act 2006
The Act

Corporations Act 2001
The Act

Human Rights (Parliamentary Scrutiny) Act 2011
The Act

Income Tax Assessment Act 1936
The Act

Legislation Act 2003
The Act

Privacy Act 1988
The Act

Regulatory Powers (Standard Provisions) Act 2014
The Act

Taxation Administration Act 1953
The Act

Treasury Laws Amendment (Registries Modernisation and Other Measures) Act 2020
The Act

Related Legislative Determinations:
ABRS 2021/1

Back to top