PrivacyAs reported in the SMH on 23 August 2006 in an article titled Centrelink breach worries Smartcard boss. Centrelink released a statement that there were a total of 19 staff were sacked and 92 resigned after 790 cases of inappropriate access by about 600 Centrelink staff were uncovered. Staff had been found to have browsed the records of Centrelink clients that they were not authorised to accessed. In the most serious cases, staff members changed client details without authorisation as they spied on sensitive information. Most of the staff looked up ex-spouses, relatives etc. Since Centrelink supposed to be very concerned about client privacy, this is probably the reason that there was so much publicity about these offenses. At this point it must be stated that Centrelink staff are prevented by law from:
- Disclosing client information to any not authorised to receive it. This includes debt collectors, private investigators, police, criminals, stalkers, anyone with a grudge etc. Some Centrelink staff have lost their job and been prosecuted in the past for selling this information.
- "Browsing" clients records. Browsing occurs if a staff member decides to "unofficially" check the record of a person that they have just met, was in the news or owes them money etc. to find out about them (address, phone number etc.) for themselves or someone else (private investigator, debt collector).
As shown from the article above virtually any Centrelink staff member can access virtually any file (officially and unofficially). Anyone concerned that unauthorised Centrelink staff members are able to access their file (to give to debt collectors, private investigators, police, criminals, Identity Theft etc.) can request that their file be marked as "sensitive". This means that before a staff member can access their computer file they have to place a phone call to Canberra and have temporary/permanent access granted to the file. Every attempt to access a "sensitive" record as well as every screen accessed is logged and linked to the User-ID used. Even though anyone can request that their file be marked as "Sensitive" it is usually reserved for those clients in witness protection, hiding from violent spouses/stalkers, or those just concerned about the security of their personal information.
It also means that their personal paper file should be placed in a secure/locked cabinet in the office of the manager instead of the normal off-site warehouse. Even without marking a file being marked as sensitive computers keep a record of what a particular user is typing (key trace/recording) and are able to re-create details of records accessed by that User-ID. The drawback of this is that is mainly of use after a person has accessed a file (equivalent to shutting the door after the horse has bolted) not before, whereas marking a file as "sensitive" actually prevents access. Even though anyone can request that their file be marked as "sensitive" Centrelink does not actively encourage it. The most probable reason is because it would severely interfere with the functioning of both Call-Centre and Centrelink office operations due to the fact that staff would be continually obtaining clearance from Canberra to access files to do their job. Also, many Centrelink offices have limited on-site storage for paper files (and probably even less in the managers office). If you want to read some more articles on this subject then you may want to try clicking on the following links Eyeing Big Brother, Noid.net - ID In The News or go to www.privacy.gov.au for specific privacy information.