Australian Dept. of Human Services and Centrelink sink to a new low

An automated Dept. of Human Services-Centrelink debt recovery system that launched an est. 230,000 investigations into client welfare paymentsin 2016-17, then used an error-prone “income averaging” method to decide that more than 133,000 clients had incurred a debt owed to Centrelink and sent them a bill which included a recovery fee.

If that wasn’t bad enough, around 43 per cent of these debts were immediately referred to heavy-handed private sector debt collectors working on commission.

During this entire debacle spokespersons for the Turnbull Government, the Department and Centrelink have attempted to mislead and misinform welfare clients, mainstream media and the general public.

Now we have been told that for months, perhaps years, the software program being used by Centrelink to run its access to online services portal left users vulnerable to phishing attacks which can steal their credentials including names, addresses, bank account details.

If this is yet another example of the innovative and agile government information technology Liberal and National Party MPs boast about - then gawd help us all!

Comment  on office of the Minister for Human Services, Mr Alan Tudge

By an IT consultant.......

Senate Standing Committees On Community Affairs, Inquiry Into Design, Scope, Cost-Benefit Analysis, Contracts Awarded And Implementation Associated With The Better Management Of The Social Welfare System Initiative, Excerpt from Submission 38:

That Victorian Legal Aid saw it necessary to update its advice to clients to warn them that their personal information is no longer safe with the Department is an extraordinary situation. This is not advice from tinfoil-hat-wearing conspiracy theorists. This is sober advice from legal professionals that a major part of the Australian Government cannot be trusted. I cannot stress enough how bad this is.

This behaviour from the Department has had a chilling effect, as I believe it was intended to. This chilling effect is not theoretical. I have personally spoken to individuals who have been reluctant to speak out against the Department, either to the media or to this Inquiry, because they fear repercussions from the Department as they are dependant in some way on income support.

At one point I discussed these matters with the office of the Minister for Human Services, Mr Alan Tudge, and was alarmed to discover that his office did not share my view that the Department has an asymmetric power advantage over individuals. They were of the view that if an individual is critical of the Department in the media, they become fair game.

The attitude from Mr Tudge’s office appeared to be one of a siege mentality where they were at a substantial disadvantage despite the vast array of resources at their disposal, particularly when compared to an individual reliant on income support. They felt that there had been a lot of false information being reported in the media and that it was time for them to “start fighting back.” This adversarial attitude, coupled with the astounding levels of secrecy from the Department, indicates major cultural issues in the Department and in the responsible Minister’s office.

The Department of Human Services exists to serve the humans in our society. The clue is in the name of the department. If individuals within the Department are unhappy with their role, then they should be encouraged to seek employment elsewhere.

By a Queen's Counsel.......

ABC News, 3 April 2017:

One of Australia's leading criminal barristers believes Human Services Minister Alan Tudge — or one of his staff — may have broken the law by supplying a journalist with a Centrelink client's personal information.

Robert Richter, a Queen's Counsel and former chairman of the Criminal Bar Association, believes the disclosure could lead to a prison sentence if it is tested beyond reasonable doubt in a criminal court.

Mr Tudge has dismissed the legal advice, saying the disclosure was approved by his department's lawyers and was necessary to correct misleading public statements.

"I received clearance to release the information from the Chief Legal Counsel of the Department of Human Services, who is intimately across the details of the case and the relevant laws."

Mr Richter's advice was commissioned by Labor MP Linda Burney and his findings were based on public information, rather than inquiries with Mr Tudge's office.

In his opinion, it is "reasonably clear that either the Minister or one of his office's staff had committed an offence".

"We cannot presently put it higher without knowing precisely the content of the information that was disclosed and by whom it was disclosed," Mr Richter said……

No Australia Card? Yes, Assistant Minister. Of course you are 100% believable

Hoping against hope I don’t have to eventually file this one under “How can you tell when Government is lying".

However, I suspect that the Assistant Minister for Cities and Digital Transformation is actually lying like the proverbial trooper, given the bare bones of the federated identity service and its attendent privacy & safety risks are on display at the Digital Transformation Agency.

The Register, 19 March 2017:

Australia's federal government is sticking with its plans for a federated identity service, but disruption minister Angus Taylor has moved to quell fears of a revived “Australia Card”*.

What first emerged last year looking like a “single identity” for all citizens across all Australian governments – before being dumped – isn't coming back.

Speaking at the Teach Leaders conference in the Blue Mountains on Sunday, Taylor – full title Assistant Minister for Cities and Digital Transformation – said the Digital Transformation Agency's (DTA's) identity project is now about setting standards rather than creating a single whole-of-government identity provider.

He also said the government considers it a citizen's right to have multiple digital identities for their interactions with government, if that's what they want.

Considering that last year, the then-DTA was trying to recruit state governments to its “federated identity” alpha (only getting the NSW government's support), the new direction looks like a considerable departure from the project's original ambitions.

Taylor said: “We don't see ourselves as creating a centralised solution that we'll roll out and everybody else has to come and play – that's not the answer. But we do need to agree on standards, and we do need to agree on principles as to how this will work.”

He also emphasised that the system had to be user-driven rather than top-down, and that citizens' consent is crucial to the model.

“I must be user-driven. If I want to have 45 identities across the Internet and across my applications, it should be my choice. If I want to have one, that's my choice too.”

He added that the “user-driven approach” has to extend to the citizen having a “genuine consent” about how they interact with a digital identity.

“That, to me, is essential to any solution, and the federal government won't endorse or be part of any solution that doesn't do exactly that.”

A formal announcement about the future of the federated identity project is coming “in the very, very near future.”......

*Comment: For readers unfamiliar with 1980s Australian politics – the “Australia Card” was proposed as a single ID for citizens in 1985.

Offered as an efficiency measure, it landed when “ID cards” in Nazi Germany and the Eastern Bloc were still fresh in many citizens' minds, especially for those who had arrived in Australia's first inrush of non-British immigration.

The uproar killed off the Australia Card after a two-year political battle, but not the concept: public service managers have never lost their love of tracking and identifying citizens.

From that point of view, Paul Shetler's DTO nearly achieved a huge social change by disguising it as “technological disruption”.

#NotMyDebt: it has spite writ large all over it

Despite any current or future ministerial or departmental denials, ‘explanations’ or excuses, I find it hard to believe that this 22 February 2017 end of business day release of a Centrelink client’s personal, sensitive, protected information to a journalist was accidental.

Particularly as this act was clearly repeated.

It has spite writ large all over it.

The Guardian, 2 March 2017:

The office of human services minister, Alan Tudge, mistakenly sent a journalist internal departmental briefings about a welfare recipient’s personal circumstances, which included additional detail on her relationship and tax history.

Senior departmental figures were grilled at Senate estimates on Thursday about the release of welfare recipient Andie Fox’s personal information last month.

Fox had written an opinion piece critical of Centrelink and its handling of her debt, which ran in Fairfax Media in February. The government released her personal details to Fairfax journalist Paul Malone, who subsequently published a piece attacking Fox and questioning the veracity of her claims.

Two responses were given to the journalist, one from the department of human services and the other from Tudge.

The department said its response – three dot points containing only minimal detail on Fox’s personal history – was cleared by lawyers and was lawful. The minister’s office then added two quotes from Tudge and sent its own response to Malone.

Guardian Australia can now reveal that the minister’s office also accidentally sent the journalist two internal briefing documents, marked “for official use only”, which had been prepared by the department.

Those documents contained additional information on Fox and her personal circumstances, which went beyond the dot points prepared by the department. They included further detail of her relationship history, including when she separated from her partner.

Those documents were then sent to Malone. The documents were also mistakenly sent to Guardian Australia when it raised questions about the disclosure of Fox’s personal information.

No mention of those documents was made in Senate estimates on Thursday, despite repeated questioning of what the minister had disclosed to Malone. Tudge’s office has now conceded the documents were sent to Malone in error. But the office says it was of no consequence, because all of their contents had been legally cleared by the department.

A welfare recipient’s personal details are considered protected information under social security law, and any unlawful disclosure is considered a criminal offence. Earlier, the department told estimates that social security law only allowed it to disclose the minimal amount of information needed to correct the public record. [my highlighting]

On 2 March 2017 Labor MP for Barton and Shadow Minister for Human Services, Linda Burney, wrote to the Australian Federal Police Commissioner requesting an investigation into the personal/sensitive information release by the minister and/or his staff:

Letter to Australian Federal Police Commissioner from Shadow Minister for Human Services Linda Burney MP by clarencegirl on Scribd

https://www.scribd.com/document/340678789/Letter-to-Australian-Federal-Police-Commissioner-from-Shadow-Minister-for-Human-Services-Linda-Burney-MP

BACKGROUND

DHS & Centrelink now threatening clients who expose unfair or inappropriate implementation of social security policy?

Senate Standing Committees on Community Affairs’ Inquiry into Design, scope, cost-benefit analysis, contracts awarded and implementation associated with the Better Management of the Social Welfare System initiative

http://northcoastvoices.blogspot.com.au/search?q=centrelink

SocialSecurity (Administration) Act 1999 - Sect 202

Protection of personal information

Excerpt from Department of Human Services Privacy Policy:

Our obligations under the Privacy Act 

This policy sets out how we comply with our obligations under the Privacy Act 1988 and the Australian Privacy Principles which are set out in a Schedule to that Act. 

The Australian Privacy Principles (APPs) regulate how the department, as an APP entity, must collect, use, disclose and store personal information. The APP

What personal information and sensitive information is

The terms 'personal information' and ‘sensitive information’ come from section 6 of the Privacy Act.

References to personal information throughout the Privacy Policy include sensitive information unless otherwise indicated.

‘Personal information’ means: 

Information or an opinion about an identified individual, or an individual who is reasonably identifiable:

a) whether the information or opinion is true or not; and 

b) whether the information or opinion is recorded in a material form or not.

‘Sensitive information’ means: 

a) information or an opinion about an individual’s:

i. racial or ethnic origin

ii. political opinions

iii. membership of a political association

iv. religious beliefs or affiliations v. philosophical beliefs

vi. membership of a professional or trade association

vii. membership of a trade union

viii. sexual orientation or practices

ix. criminal record. 

b) health information about an individual

c) genetic information about an individual that is not otherwise health information

d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification e) biometric templates

Sky News, 2 March 2017:

It was also confirmed Centrelink staff trawl social media for complaints about the welfare agency and may refer serious gripes to the responsible minister.

Senior bureaucrats responsible for Centrelink say their workers sift through print, broadcast and social media for individual complaints.

Deciding on whether to report grievances to the human services minister depended on the circumstances of each case.

Singing the Centrelink Blues - with lyrics straight from Looney Tunes

After more three years of an Abbott-Turnbull federal government there appears to be only a handful of ministerial portfolios which can be thought of as well managed and the Dept. of Human Services (operating Centrelink) is not amongst them......

AS IT UNFOLDED…..

Financial Review, 31 July 2016:

The Turnbull government will this week release a request for tender for one of the most significant spends on the machinery of government in years: the job of integrating the massive welfare and Australian Tax Office IT systems, as part of a $1 billion overhaul of ageing infrastructure.

The upgrading of the government's IT systems might not normally attract much wide interest, except that the question of who would run another massive payments system – for Medicare – became such a matter of political controversy in the recent federal election campaign.

But the welfare upgrade also holds the key to clearing the way for other major welfare reforms – from implementing the McClure Report recommendations to simplify the welfare system through to data matching that will produce big administration and compliance costs for both the government and its customers.

Australian Department of Human Services:

Do you owe us money?

20 December 2016

If you do, we can ask you to pay off your Centrelink debts at any time.

If you don’t have a payment arrangement set up, from 1 January 2017 you could be charged interest and stopped from travelling overseas.

To pay back the money, use Money You Owe service in your Centrelink online account through myGov, or talk to us about setting up a payment arrangement.

If you set up a payment arrangement and make your repayments, you won’t be charged interest or stopped from travelling overseas.

To help you pay off your debt faster, we will ask the Australian Taxation Office to send us your tax refund to pay your debt. This will happen even if you have a payment arrangement in place.

To avoid a debt, tell us straight away if your circumstances change, or if you think you’ve been overpaid.

Next steps

Read more:

about how your payments could be affected when you owe us money

customer news

Guide to Social Security Law Version 1.227 - Released 7 November 2016:

6.7.1.45 Ten per cent Recovery Fee on Debts from False or Non-declaration of Income from Personal Exertion

Overview

A 10% recovery fee will be imposed on a debt incurred when a person has:

refused or failed, without reasonable excuse, to provide information, or

knowingly or recklessly provided false information,

when required under a provision of the social security law, to provide information in relation to the person's income from personal exertion.

The 10% debt recovery applies only to persons of working age on a social security benefit, DSP, WP, WidB or PPS at the time the debt occurred.

The fee is only applicable to that part of the debt that arose because the person refused or failed to provide information, or knowingly or recklessly provided false or misleading information about their income from personal exertion.

Act reference: SSAct section 23(1)-'social security payment'

Factors to consider

The decision to impose a 10% recovery fee is separate from the decision to raise a debt, and must be considered discretely. However, the decision to apply the recovery fee must be made at the same time the debt is raised and cannot be applied retrospectively……

Income from personal exertion includes any income received as an employee or for any services rendered. This includes income from earnings, salaries, wages, commissions, fees, bonuses, superannuation allowances, retiring allowances and retiring gratuities, allowances and gratuities.

It also includes proceeds of any business activity carried on by the person either alone or as a partner with any other person or profit received from holding an office or from any profit making undertaking or scheme.

The Guardian, 19 December 2016:

The data-matching system Centrelink is using to detect overpayments has also been experiencing problems, according to some welfare recipients. The new system compares data held by Centrelink with data from other government agencies, including the tax office, to determine whether a person has wrongly claimed welfare.

Last week, independent Andrew Wilkie called on the government to suspend the automated compliance system while reports of errors were investigated. Other welfare recipients have since spoken to Guardian Australia about claims for debts they say have been incorrectly issued.

One man, who asked not to be named, was told he owed $2,200 because the ATO’s information did not match the income he had reported to Centrelink. He said he claimed benefits for only part of the year, and believed the ATO’s information on his annual income had been mistakenly used to suggest he worked the entire year.

“I believe no government department could be so incompetent to not recognise the glaring problems with matching data that is on completely different scales (yearly vs fortnightly),” he said. “To me this means it has been purposely done.”

The department said last week it believed the automated system was working without error. It said there had been no increase in the rate of appeals received.

The Guardian, 23 December 2016:

A Centrelink compliance officer has broken ranks to describe the government’s crackdown on welfare debts as grossly unfair, saying its new automated compliance system is flawed and overly harsh on those on sickness benefits.

The government continues to insist there are no flaws with its compliance system, which is being used to retrieve debts from hundreds of thousands of Australia’slowest paid and most vulnerable.

The system relies on an automated data-matching process to detect discrepanciesbetween fortnightly income reported to Centrelink and annual pay information held by the tax office, a comparison that has been criticised as too crude.

Once a discrepancy is detected – currently occurring at a rate of about 20,000 cases a week, compared with 20,000 a year previously – welfare recipients must prove they were entitled to the welfare benefit, or pay the debt.

The Centrelink compliance officer, who asked for anonymity, told Guardian Australia the system was error-prone but that most customers were paying debts without checking them first. The source said of the hundreds of cases they had reviewed, only about 20 (at a “generous estimate”) turned out to be genuine debts.

The worker said the system was particularly harsh on those who received Centrelink’s sickness allowance – a benefit for employees who are unable to work temporarily due to serious illness but are not paid by their employer.

“The ATO matched data will show that they worked the entire financial year and will apportion the gross payments over that financial year without taking into account their time off,” the source said. “This means the system raises a debt for the entire sickness allowance they received. For many, that’s a debt of over $1,000.

“Although we may have documented evidence of their medical issues on the system, we as [compliance officers] are not allowed to look in the system to find any of that evidence. Instead customers must obtain all their pay information for that financial year.”

When a discrepancy between Centrelink and ATO data is detected, some individuals are being asked to track down pay slips that may be several years oldor obtain letters from their employers. That is particularly difficult where past employers have gone into liquidation or no longer exist.

The Centrelink source said their team was instructed to tell those people to contact the consumer affairs watchdog in their state or territory, which could then help them track down the necessary information. Colleagues had recently learned that those state and territory agencies did not hold such information.

“[We] were told to keep telling customers this false information until another way is found,” the source said.

The Department of Human Services said in a brief statement that it remained “confident in the online compliance system and associated checking process with customers”.

The department said more than 70% of those who had received a compliance letter since September had resolved the matter online and only 2.2% were requested to supply supporting documentation such as payslips.

Frustrations with the debt recovery process have been compounded by errors with Centrelink’s online customer portal, where individuals must go to lodge a dispute. The department said the errors with its online service had affected only a small number of people and had since been resolved.

But the compliance officer said that was untrue. They said they were “stunned” when the department stated the online system was working.

“This is completely false,” the source said. “Not only do customers, especially past customers, have access issues all the time but, since the compliance system was placed online, [compliance officers] have had many access issues.

“For the past two weeks we’ve had to turn customers away because we could not access [the system] and neither could they.”

Guardian Australia and other media, including the ABC and Crikey, continue to receive reports of incorrectly issued debts, which are causing stress and anxiety just before Christmas. 

This week the independent MP Andrew Wilkie asked the commonwealth ombudsman to investigate complaints about the automated system.

The Australian Council of Social Service (Acoss) wrote to the human services minister, Alan Tudge, on Thursday, urging him to investigate complaints about the system.

@ChristineEwing7 They claimed I didn't declare the right income in 14-15. Turns out they'd listed me under a different employer.

— Jay (@J_says_) December 29, 2016

Seriously, ppl are paying back $10k alleged debts to Centrelink and aren't quite sure why pic.twitter.com/UInINBCVrl

— Asher Wolf (@Asher_Wolf) December 30, 2016

The Guardian, 30 December 2016:

The government’s automated compliance system, which began in July, has been the subject of repeated complaints, which stem from its comparison of income reported to Centrelink and information held by the Australian Taxation Office.

It has been accompanied by threats of jail for those who do not pay, a joint police-Centrelink campaign targeting geographic areas, the imposition of a 10% debt recovery fee and plans to charge interest on welfare debts and remove the six-year statutory limit on retrieving overpayments.

Legal Aid Victoria, the Australian privacy foundation, the Australian council for social service, and independent Andrew Wilkie have all raised serious concerns, urging the human services minister, Alan Tudge, to intervene. 

IT and data expert Justin Warren – who has worked for IBM, ANZ, Australia Post and Telstra, among others – said Centrelink’s system appeared to rest on the “idiotic” assumption that “big data was magic”.

“It’s not. It’s a messy, complex, statistical system that is wrong a lot,” Warren said. “All models are wrong, but some are useful. It’s the choice of how you deal with when the system is wrong that reveals how you view the world.”

The Guardian, 30 December 2016:

This week, Guardian Australia has continued to receive complaints about Centrelink’s new method of retrieving welfare debts, which relies on an automated data matching process criticised as crude and unfair.

Now, a handful of the thousands of Australians caught up in the government’s crackdown share their experience of being unfairly targeted.

Sally, Brisbane

I am the single mum of five and three year olds. I work part time and receive partial parenting payment and family tax benefits. This finances our simple lifestyle. I was shocked and dismayed to receive a letter from Centrelink Compliance department with a debt of $24,215.81 (including $2,110 debt recovery fee) to be paid by 9 January. I was able to talk with Centrelink Compliance and it appears the automated system “duplicated” my employer, so it appears I had a second undeclared job. Although this is Centrelink’s error, I need to provide two years of payslips and apply for a “manual reassessment” of my case. To stave off debt collectors, I had to start repaying my “debt” at a reduced rate.

Ryan, Melbourne

As a long-term full-time employed professional, tax payer and small business entrepreneur, I contribute to our economy in many positive and financial ways.

Centrelink have incorrectly alleged they overpaid me the government benefit Youth Allowance which financially assisted me to successfully complete a professional tertiary qualification in 2010-2011. This qualification is now used daily in my profession. This issue has been raised six years in retrospect, which appears now due to an erroneous automated computer “data match”.

Centrelink have repeatedly refused to provide written evidence of how the overpayment occurred. In addition to this, they have falsified my fortnightly income statement since I reported it in the 2010-2011 financial year. They have also requested I supply documented financial records I am not obliged to keep under ATO law. Centrelink has been grossly wasteful of my time and that of tax-funded government employed staff. My time is valuable and productive, both within full-time employment and small business development.

Throughout this ordeal, I’ve been subjected to personal distress, confusion and dismay and at a time of family grieving, my 66-year-old father passing away concurrently with receiving presumptive Centrelink letters of debt. The current data match regime appears to have a clear objective and obvious demographic: disrupt the disadvantaged, defenceless and vulnerable.

I now feel nothing more than inspired to stand up, fight for change and the protection of our basic civil liberties. We may feel small as individuals, but collectively we can stand tall and safeguard those around us, who deserve respect, dignity, equality and compassion in our free and democratic society.

James, Wollongong

A debt collector rang me on a Saturday morning and it ruined my weekend. I thought I was being scammed: they were asking for my personal details and demanding I identify myself. I had to wait until Monday to get an answer out of Centrelink, which was: I owed them $1,000 because their automated tax matching said so.

They wanted letters and payslips from employers proving I wasn’t a liar. When I did get the information, there has been no way to provide the Department of Human Services with it even after four weeks of trying. I feel as though I’ll have no choice but to pay when leaving for an overseas trip – extorted for the money I “owe” at the customs desk or miss my flight.

Dave, Sydney

I reported correctly while on youth allowance but was sent a letter from Centrelink demanding payment of a $2,500 “debt” based on alleged under reporting. The demand caused me stress and anxiety. I spent at least five hours contacting Centrelink and gathering my payslips to prove that I did not under report and that I did not owe a debt.

After phone calls and emails to and from Centrelink and a journalist from the ABC, Centrelink acknowledged that I did not owe any debt. There was no apology for the false accusation or the stress caused. I am concerned that most people would simply pay the “debt” on the assumption that Centrelink had a valid basis to their demand.

Click on image to enlarge

I spoke to a number of #Centrelink sources this week. The government knows its robo-debt algorithm is laughably inaccurate. It doesn't care.

— Ben Eltham (@beneltham) December 31, 2016

Also in my article: #Centrelink itself is in melt-down. Staff are striking, morale at rock bottom. Interview with a CPSU source: pic.twitter.com/QxFcjSj0oF

— Ben Eltham (@beneltham) December 31, 2016

EXCERPT FROM A CENTRELINK LETTER……

Kerry King

REPLY TO CENTRELINK…..

WHO IS MAKING MONEY FROM THESE FALSE DEBTS?

Following a pilot in 1994, the Department of Social Security received funding in the 1995–96 Budget for a Flexible Debt Recovery measure, which would: 'refer certain social security debts owed by non‐current customers to mercantile agents for recovery action'.  ECAs, acting as mercantile agents, have been contracted since 1996 to recover social security payment debts owing by non‐current customers. The ECAs are paid a commission on the amount recovered for each debt.

DHS currently contracts two private sector ECAs to undertake debt recovery for Centrelink payment debts: Dun & Bradstreet and Recoveries Corporation. The current arrangement is a standing offer for debt recovery services from both suppliers for the period February 2011–February 2014.

[ANAO Audit Report No.40 2012–13 Recovery of Centrelink Payment Debts by External Collection Agencies, p.27]

Two external debt collection agencies received over $13 million in commissions for recovering Centrelink debts last financial year. The debt recovery bonanza follows a previous Audit office investigation which found private debt collection agencies recovered 10 per cent of Centrelink debts, but were the subject of more than a quarter of all complaints about debt recovery practices…..

[National Welfare Rights Network, Welfare Rights Review Vol 1 No 2]

[Austender at https://www.tenders.gov.au/?event=public.SON.view&SONUUID=0161D373-B63F-12C9-8D933DCC1AB1A50E]

WHAT NOW?

Now the Minister for Human Services and Liberal MP for Aston Alan Tudge would like to deliver all Centrelink services online in the future via software programs – including acceptance or denial of applications for pensions, benefits and allowances – without any human contact between the person applying and Centrelink. 
Probably with user access only allowed via a registered national digital identity. 

What could possibly go wrong?

WANT TO TELL THE MINISTER AND SENIOR PUBLIC SERVANT RESPONSIBLE FOR THIS MESS EXACTLY HOW YOU FEEL?

Hon. Alan Trudge MP, Minister for Human Services, can be contacted at https://www.aph.gov.au/Senators_and_Members/Contact_Senator_or_Member?MPID=M2Y

Hank Jongen, Department of Human Services General Manager, can be contacted at hank@humanservices.gov.au

* A hat tip to those mainstream journalists, social media activists, statisticians and IT people who have been covering this issue, a shout out to the whistleblowers and a big thank you to those Centrelink clients who have been telling their stories online.

UPDATE

Centrelink already knew potential for false debts but went ahead raising them anyway https://t.co/S0dJrhGaU7 #notmydebt @KevinHoganMP pic.twitter.com/E2imaH5TcH

— no_filter_Yamba (@no_filter_Yamba) January 2, 2017

Big security role on offer at ADHA - what could possibly go wrong?

itNews, 18 November 2016:

One of the highest-stakes cyber security jobs in the federal government is up for grabs as the Australian Digital Health Agency looks for an executive to take on responsibility for securing the national e-health records system.

The My Health Record platform is on the cusp of becoming a fully national data store as the government prepares to make registration opt-out in a move that will create accounts for most Australians.

It means the My Health Record system, which is operated by the ADHA, will very quickly turn into one of the largest and most sensitive databases in the country - and a big target for cyber criminals looking to capitalise on the risk.

The ADHA is looking to recruit an experienced security boss to lead its cyber security centre and take on accountability for the health data of millions of Australians.

 

Full job description here: http://allegisgroupapac.com/media/252348/pd%20-%20general%20manager,%20cyber%20security%20centre%20pd_updated.pdf

Australian Privacy Commissioner grants journalist access to his own metadata withheld by Telstra in 2013

The Australian Privacy Commissioner has determined that metadata produced by journalist Ben Grubb’s mobile phone activity is personal information and ordered Telstra to allow him access to this type of data.

Unfortunately, changes* to the Commonwealth Privacy Act 1988 may mean that this determination might not support futures challenges in cases where a telecommunications company refuses access to an individual’s own metadata.

Ben Grubb and Telstra Corporation Limited [2015] AICmr 35 (1 May 2015): Determination and reasons for determination of Privacy Commissioner, Timothy Pilgrim

Background

3. On 15 June 2013 the complainant claimed a right of access under the Privacy Act to ‘all the metadata information Telstra has stored’ about him in relation to his mobile phone service, including (but not limited to) cell tower logs, inbound call and text details, duration of data sessions and telephone calls and the URLs of websites visited……..

Summary

1. Telstra Corporation Limited (Telstra) interfered with the complainant’s privacy by failing to provide the complainant with access to his personal information held by Telstra in breach of National Privacy Principle (NPP) 6.1 of the Privacy Act 1988 (Cth) (the Privacy Act).

2. To redress this matter, Telstra shall:

* within 30 business days after the making of this declaration, provide the complainant with access to his personal information held by Telstra in accordance with his request dated 15 June 2013, save that Telstra is not obliged to provide access to inbound call numbers;

* provide the complainant with access to the above information free of charge…….

13. I note from the outset that because this matter relates to events that occurred prior to reforms to the Privacy Act which commenced on 12 March 2014, the complaint has been dealt with under the legislative regime as it applied when the events occurred. The National Privacy Principles (NPPs) not the Australian Privacy Principles² therefore apply in this instance to the question of whether or not Telstra has breached the Act. The NPPs outline the standards for handling personal information that legally bind organisations.

Full transcript of this determination can be found here.

* The Privacy Act 1988 defined personal information as:

personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

* Under the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which amended the Privacy Act 1988, personal information is now defined thus:

personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

                     (a)  whether the information or opinion is true or not; and

                     (b)  whether the information or opinion is recorded in a material form or not.

BACKGROUND

The Sydney Morning Herald 4 May 2015:

Monday marks 688 days since I first asked Telstra for the metadata generated by my mobile phone - the same information it routinely gives law-enforcement and intelligence agencies without a warrant when investigating crime.

Monday also marks the start of Privacy Awareness Week 2015, which usually goes by each year without too much fuss and, to be quite frank, is a little boring. But this year's Privacy Awareness Week is different.

You see, Monday also marks the day the Office of the Australian Information Commissioner hasmade public a landmark decision in relation to my battle with Telstra for access to my metadata.

You might remember how I detailed my tussle with the telco last year, in which I explained how spies, councils, the RSPCA and others could gain access to my phone's metadata but I couldn't, as Telstra was refusing me access.

I wanted access to the data in light of the data retention laws, which recently passed parliament, so that I could show Australians exactly what metadata was, considering not even George Brandis could explain it. I wanted to put my metadata on a map like German politician Malte Spitz did after he successfully sued his telco in 2011 to show just how invasive having all of your metadata stored was in the wake of mandatory data retention in his country……