Download Document Here


As reported in the SMH on 23 August 2006 in an article titled Centrelink breach worries Smartcard boss. Centrelink released a statement that there were a total of 19 staff were sacked and 92 resigned after 790 cases of inappropriate access by about 600 Centrelink staff were uncovered. Staff had been found to have browsed the records of Centrelink clients that they were not authorised to accessed. In the most serious cases, staff members changed client details without authorisation as they spied on sensitive information. Most of the staff looked up ex-spouses, relatives etc. Since Centrelink supposed to be very concerned about client privacy, this is probably the reason that there was so much publicity about these offenses. At this point it must be stated that Centrelink staff are prevented by law from:
  • Disclosing client information to any not authorised to receive it. This includes debt collectors, private investigators, police, criminals, stalkers, anyone with a grudge etc. Some Centrelink staff have lost their job and been prosecuted in the past for selling this information.
  • "Browsing" clients records. Browsing occurs if a staff member decides to "unofficially" check the record of a person that they have just met, was in the news or owes them money etc. to find out about them (address, phone number etc.) for themselves or someone else (private investigator, debt collector).
It is also an offense for members of the public to attempt to obtain information from Centrelink that cannot be legally give to them (this includes attempting to bribe Centrelink staff members to access records and pass along information). Anyone concerned about the possibility of unauthorised people outside of Centrelink obtaining information from their file can request a password be placed on it. This means that whenever their computer record is accessed an "urgent" message pops up advising that the password is to be requested from anyone calling about this record. It also usually states the reason (eg. stalkers, violent ex-spouse, someone impersonating them to get information).

As shown from the article above virtually any Centrelink staff member can access virtually any file (officially and unofficially). Anyone concerned that unauthorised Centrelink staff members are able to access their file (to give to debt collectors, private investigators, police, criminals, Identity Theft etc.) can request that their file be marked as "sensitive". This means that before a staff member can access their computer file they have to place a phone call to Canberra and have temporary/permanent access granted to the file. Every attempt to access a "sensitive" record as well as every screen accessed is logged and linked to the User-ID used. Even though anyone can request that their file be marked as "Sensitive" it is usually reserved for those clients in witness protection, hiding from violent spouses/stalkers, or those just concerned about the security of their personal information.

It also means that their personal paper file should be placed in a secure/locked cabinet in the office of the manager instead of the normal off-site warehouse. Even without marking a file being marked as sensitive computers keep a record of what a particular user is typing (key trace/recording) and are able to re-create details of records accessed by that User-ID. The drawback of this is that is mainly of use after a person has accessed a file (equivalent to shutting the door after the horse has bolted) not before, whereas marking a file as "sensitive" actually prevents access. Even though anyone can request that their file be marked as "sensitive" Centrelink does not actively encourage it. The most probable reason is because it would severely interfere with the functioning of both Call-Centre and Centrelink office operations due to the fact that staff would be continually obtaining clearance from Canberra to access files to do their job. Also, many Centrelink offices have limited on-site storage for paper files (and probably even less in the managers office). If you want to read some more articles on this subject then you may want to try clicking on the following links Eyeing Big Brother, - ID In The News or go to for specific privacy information.

Articles on privacy breaches in Centrelink

Centrelink breach worries Smartcard boss Investigation into the administration of social security breach penalties
One privacy breach a day at Centrelink Social security breaches: penalising the most disadvantaged
The Office Of The Privacy Commissioner