The A New Tax System (Family Assistance) (Administration) Act 1999 (FA(Admin)Act) sets out the circumstances in which protected information can be obtained, recorded, disclosed and otherwise used. Centrelink staff can only deal with protected information in a manner consistent with the law.
Protected information means 'information about a person that is or was in the records of the department or agency'.
Protected information can be obtained, recorded, used and disclosed for the purpose of FA law.
In limited circumstances, the Secretary can determine that protected information can be disclosed if it is in the public interest.
It is a criminal offence to disclose protected information without authorisation. A breach of protected information is punishable by a maximum of 2 years imprisonment.
Explanation: Confidentiality provisions govern the actions of individual staff.
The Privacy Act 1988 (Privacy Act) governs the manner in which 'personal information' is handled by Commonwealth agencies.
The department is required to observe the 11 IPPs contained in the Privacy Act, including the collection, storage, access, use and disclosure of personal information.
Personal information is 'information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion'.
Centrelink staff must apply the IPPs when dealing with the individual or staff personal information. Unauthorised collection, access, use or disclosure of personal information is regarded as a breach of the Privacy Act.
Explanation: Privacy provisions govern the practices of Government agencies.
Act reference: FA(Admin)Act Part 6 Division 2 Confidentiality
When collecting personal information from the individual or staff, Centrelink staff should ensure that IPPs 1, 2 and 3 are applied.
Under IPPs 1, 2 and 3, Centrelink staff need to ensure that if personal information is collected:
IPP 4 requires Centrelink staff to take reasonable steps to ensure that the personal information is protected against unauthorised access, use, modification, disclosure or loss.
Centrelink staff should also ensure they understand and apply all applicable departmental information security policies where possible.
IPPs 5, 6 and 7 relate to the management and access to personal information being held by the department. Staff must ensure individuals:
Act reference: Freedom of Information Act 1982
IPPs 8, 9 and 10 relate to the usage of personal information by Centrelink staff.
Centrelink staff must check the accuracy of the personal information before it is used (IPP 8), and can only use personal information for a purpose for which the information is relevant (IPP 9).
Under IPP 10, Centrelink staff must not use personal information for a purpose different to the purpose that it was originally collected unless:
Under IPP 11 Centrelink staff must not disclose personal information unless:
Act reference: FA(Admin)Act Part 6 Provisions relating to information
Policy reference: FA Guide 5.1.3 Protection of Information
Last reviewed: 12 August 2013