1.4.2 Privacy & Confidentiality

Summary

This topic covers the following:

  • confidentiality under FA law,
  • collection of information,
  • storage and security,
  • recording, access and alteration,
  • use and disclosure, and
  • Privacy (Tax File Number Rule) 2015.

Confidentiality under FA law

The FA(Admin)Act sets out the circumstances in which protected information can be obtained, recorded, disclosed and otherwise used. Centrelink staff can only deal with protected information in a manner consistent with the law.

Protected information means 'information about a person that is or was in the records of the department or agency'.

Protected information can be obtained, recorded, used and disclosed for the purpose of FA law.

In limited circumstances, the Secretary can determine that protected information can be disclosed if it is in the public interest.

It is a criminal offence to disclose protected information without authorisation. A breach of protected information is punishable by a maximum of 2 years imprisonment.

Explanation: Confidentiality provisions govern the actions of individual staff.

The Privacy Act 1988 (Privacy Act) governs the manner in which 'personal information' is handled by Commonwealth agencies.

The department is required to observe the 11 Australian Privacy Principles (APPs) contained in the Privacy Act, including the collection, storage, access, use and disclosure of personal information.

Personal information is 'information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion'.

Centrelink staff must apply the APPs when dealing with the individual or staff personal information. Unauthorised collection, access, use or disclosure of personal information is regarded as a breach of the Privacy Act.

Explanation: Privacy provisions govern the practices of Government agencies.

Act reference: FA(Admin)Act Part 6 Division 2 Confidentiality

Privacy Act 1988 Schedule 1 Australian Privacy Principles

Collection of information

When collecting personal information from the individual or staff, Centrelink staff should ensure that APPs 1, 2 and 3 are applied.

Under APPs 1, 2 and 3, Centrelink staff need to ensure that if personal information is collected:

  • it is authorised under the FA(Admin)Act,
  • it is not collected by unlawful or unfair means,
  • the person who is giving the information is made aware of:
    • the purpose for which the information is being sought,
    • any law requiring the collection of the personal information, and
    • to whom the personal information is usually or likely to be disclosed.
  • relevant to the purpose for which the information is collected,
  • up-to-date and complete, and
  • that the collection of the information does not intrude unreasonably on the individual's personal affairs.

Storage & security

APP 4 requires Centrelink staff to take reasonable steps to ensure that the personal information is protected against unauthorised access, use, modification, disclosure or loss.

Centrelink staff should also ensure they understand and apply all applicable departmental information security policies where possible.

Recording, access & alteration

APPs 5, 6 and 7 relate to the management and access to personal information being held by the department. Staff must ensure individuals:

  • can find out whether the agency holds any of his or her personal information,
  • can find out the nature of the personal information, the purpose of its use and how they maintain access,
  • are allowed to access their personal information (subject to any law requiring or authorizing refusal i.e. Freedom of Information Act 1982),
  • are allowed to correct his or her personal information (subject to any law i.e. Freedom of Information Act 1982), and
  • personal information is accurate, up-to-date and not misleading.

Use & disclosure

APPs 8, 9 and 10 relate to the usage of personal information by Centrelink staff.

Centrelink staff must check the accuracy of the personal information before it is used (APP 8), and can only use personal information for a purpose for which the information is relevant (APP 9).

Under APP 10, Centrelink staff must not use personal information for a purpose different to the purpose that it was originally collected unless:

  • the individual has consented,
  • it is necessary to prevent serious and imminent threat to life or health,
  • it is required or authorised by law (e.g. the FA(Admin)Act),
  • it is reasonably necessary for law enforcement, and
  • it is directly related to the purpose that for which the personal information was collected.

Under APP 11 Centrelink staff must not disclose personal information unless:

  • the individual is aware, or likely to be aware to whom the information is usually disclosed to,
  • the individual has consented,
  • it is necessary to prevent serious and imminent threat to life or health,
  • it is required or authorised by law (e.g. FA(Admin)Act), and
  • it is reasonably necessary for law enforcement.

Act reference: FA(Admin)Act Part 6 Provisions relating to information

Privacy Act 1988 Schedule 1 Australian Privacy Principles

Policy reference: FA Guide 5.1.3 Protection of Information

Privacy (Tax File Number Rule) 2015

The Privacy (Tax File Number) Rule 2015 ('TFN Rule'), made under the Privacy Act section 17, regulates the collection, storage, use, disclosure, security and disposal of individuals' TFN information.

A breach of the TFN Rule is an interference with privacy under the Privacy Act. Individuals who consider their TFN information has been mishandled may make a complaint to the Information Commissioner. As well as constituting a breach of the TFN Rule, unauthorised use or disclosure of TFNs can be an offence under the Taxation Administration Act 1953 and attract penalties including imprisonment and monetary fines.

DHS is an authorised recipient of TFN information for the purposes set out in the FAAct and the FA(Admin)Act.

More detailed information about privacy and the TFN Rule is available at the Office of the Australian Information Commissioner's website.

Act reference: FA(Admin)Act Part 6 Division 2 Confidentiality

Privacy (Tax File Number) Rule 2015

Taxation Administration Act 1953 section 8WA Unauthorised requirement etc. that tax file number be quoted, section 8WB Unauthorised recording etc. of tax file number

Last reviewed: 8 May 2017