We deal with various IT clients. One client provides software for the Aged Care sector.
That client has received 2 rather unusual requests from the Royal Commission into Aged Care, which required some legal advice, because the Commission was considering ordering my client to produce various documents.
I advised my client that one request, which was for a meaningful description of all the data fields in the software, of which there are about 8,000, could not be enforced, because the Commission only has power to force the production of documents that exist.
Data in a database can be considered to be documents and the Commission was also seeking details of my client’s clients and any of my client’s clients’ patient records that might be under the control of my client via cloud-based services. This request ended up being academic, because the e-mails I drafted for my client to send back to the Commission pointed out a few problems and raised some difficult questions, of privacy, and whether the Royal Commission Act of 1903 trumps the later Privacy Act of 1988.
While we identified the issues, luckily we did not have to do anything about it, because it may have been expensive for my client, on top of the cost of having to comply with various quite unreasonable requests from the Commission.
The couple of e-mails I drafted for the client, seem to have got the Commission to back off.