Embedding the APS Values: Case studies and other supporting material

Please note: These documents are for reference purposes only and are no longer considered by the APS Commission to be current. They may contain good practice advice and/or advice on the transitional arrangements between the 1922 and 1999 Public Service Acts.

globe Useful references

Case study 33:
Centrelink:
Privacy and confidentiality

Background

In conducting its business Centrelink collects a large amount of sensitive personal information about its customers. Centrelink therefore developed a strong privacy culture to protect customer interests and to ensure that the community has confidence that its personal information is safe.

The foundation of this privacy culture is Centrelink's legal obligation to comply with the Privacy Act 1988 and the confidentiality provisions contained in the various legislation it administers, for example, the Social Security (Administration) Act 1999. In addition Centrelink developed privacy guidelines that were approved by the Board of Management.

The guidelines' objectives are about achieving customer service aims without compromising privacy, and strengthening the privacy protections already provided by the relevant legislation. They cover information-handling practices, information flows and privacy assessments for new functions and technologies.

Description

In the face of new and emerging technologies and the provision of more convenient services through various service delivery channels, it is vital to maintain public confidence in Centrelink's ability to protect individual privacy. Employees must have a good understanding of the application of both privacy and confidentiality legislation in their daily work.

Centrelink ensures that all employees are aware of their obligations and responsibilities in relation to privacy and confidentiality by:

Requiring all new employees to sign a Declaration of Privacy/Confidentiality-at this time, employees are also provided with the booklet Declaration of Confidentiality, which details privacy, confidentiality and security obligations
Maintaining an electronic Privacy Awareness Kit, which incorporates detailed guidelines on privacy and confidentiality issues for Centrelink employees-the kit is featured in the Centrelink National Induction Program, as well as in job-ready training for new employees, to ensure they are aware of their responsibilities in this area, especially when dealing with customers
Implementing an extensive privacy network which includes having at least one privacy office in each of its area offices to provide a privacy helpdesk function, as well as investigate and prepare reports about all privacy incidents.
The Privacy and Information Access team in Centrelink's National Support Office provides direction and support for these officers and other external stakeholders including the Office of the Federal Privacy Commissioner
Reminding employees regularly of privacy and confidentiality requirements by conducting ongoing privacy awareness sessions with all employees, sending out privacy advices, distributing privacy job aids, privacy training module and videos, and using screensavers and other screen based messages to promote key privacy issues
Implementing a privacy compliance regime to ensure that employees and Centrelink procedures continue to comply with privacy and confidentially legislation. Access to both the customer and employee database is logged. New initiatives and technologies are assessed to ensure privacy enhancing practices and technologies are implemented
Including the requirement to maintain the privacy and confidentiality of customer information in the Centrelink Customer Charter.

Key APS Value

The APS has the highest ethical standards. (s. 10(1)(d) of the PS Act)

For more information please contact:

JASON SHIMITRAS
PHONE 02 6212 0456
jason.shimitras@centrelink.gov.au