1.4.2 Privacy & confidentiality
Introduction
This topic explains the differences between confidentiality and privacy.
Confidentiality under FA law
The FA(Admin)Act sets out the circumstances in which protected information (1.1.P.140) can be obtained, recorded, disclosed and otherwise used. Services Australia staff can only deal with protected information in a manner consistent with the law.
'Protected information' is defined in the FA(Admin)Act to include information about a person that is or was held in the records of Services Australia.
Protected information can be obtained, recorded, used and disclosed for certain purposes as authorised under FA law.
It is a criminal offence to disclose protected information without authorisation. A breach of protected information is punishable by a maximum of 2 years imprisonment.
Explanation: Confidentiality provisions govern the actions of all people accessing or using information covered by the FA(Admin)Act, including Services Australia staff.
Act reference: FA(Admin)Act Part 6 Division 2—Confidentiality
Policy reference: FA Guide 5.1.3 Protection of Information
Privacy law
The Privacy Act 1988 (Privacy Act) governs the manner in which 'personal information' is handled by Commonwealth agencies and businesses. It also provides safeguards for the collection and use of TFNs.
Personal information is defined in the Privacy Act to mean information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
Services Australia is required to comply with the 13 Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act, including those relating to the collection, storage, access, use and disclosure of personal information. The APPs are grouped as follows:
- consideration of personal information privacy (APPs 1 and 2)
- collection of personal information (APPs 3, 4 and 5)
- dealing with personal information (APPs 6, 7, 8 and 9)
- integrity of personal information (APPs 10 and 11), and
- access to, and correction of, personal information (APPs 12 and 13).
Services Australia staff must comply with the APPs when dealing with personal information. Unauthorised collection, access, use or disclosure of personal information is a breach of the Privacy Act.
Explanation: Privacy provisions govern the practices of Government agencies and businesses.
Privacy (Tax File Number Rule) 2015
The Privacy (Tax File Number) Rule 2015 (TFN Rule), made under the Privacy Act section 17, regulates the collection, storage, use, disclosure, security and disposal of individuals' TFN information.
A breach of the TFN Rule is an interference with privacy under the Privacy Act. Individuals who consider their TFN information has been mishandled may make a complaint to the Information Commissioner. Where a breach is very serious, the Information Commissioner may seek to impose a civil penalty.
As well as constituting a breach of the TFN Rule, unauthorised use or disclosure of TFNs can be an offence under the Taxation Administration Act 1953 and attract penalties including imprisonment and monetary fines.
Services Australia is an authorised recipient of TFN information for the purposes set out in the FAAct and the FA(Admin)Act.
More information about privacy and the TFN Rule is available at the OAIC's website, and TFN queries or enquiries can be directed to the DSS Feedback and Complaints team using the following contact details:
- Email: complaints@dss.gov.au
- Telephone: 1800 634 035
- Post: DSS Feedback, GPO Box 9820, Canberra ACT 2601
- Online: Online Complaints Form
Act reference: Privacy Act 1988 section 17 Rules relating to tax file number information
Taxation Administration Act 1953 section 8WA Unauthorised requirement etc. that tax file number be quoted, section 8WB Unauthorised recording etc. of tax file number