Go to top of page

Privacy commissioner ‘making inquiries’ about Centrelink’s flexible privacy principles

28 February 2017
Stephen Easton
The Mandarin

Activists accuse the Department of Human Services of releasing private personal information about a woman in an effort to silence her criticism of its much-maligned debt recovery drive, but the department maintains it has done nothing wrong and the privacy commissioner is looking into the case.

Blogger Andie Fox first wrote about some aspects of her welfare debt recovery experience for The Canberra Times earlier this month, where she turned her flowing prose to vividly describing how she felt “terrorised” by Centrelink after trying to explain how a debt resulted from her ex-husband failing to file his tax return after the breakdown of a marriage.

Fox has taken issue with the department discussing details of her case with Paul Malone, who was also writing for the Times. Centrelink told Malone it had cancelled a portion of Fox’s debt that was “due to her partner’s non-lodgement” after she informed the agency that the marriage was over, but this deceptively simple statement belies an “arduous” 12-month process, she writes:


Fox sees Malone’s article as an invasion of her privacy and serious criticism of DHS has emerged from the online #notmydebt campaign, which has taken up her cause.

The agency has issued a standardised response to media enquiries about the matter, asserting that what it did was completely legal and that it would do it again:

Personal information obtained about a welfare recipient may be used by the department for social security law or family assistance law purposes (refer to Section 202 of the Social Security (Administration) Act 1999 and Section 162 of the A New Tax System (Family Assistance) Administration Act 1999).

This allows the department to correct the record in cases where a person makes a public statement or complaint about the department’s handling of their welfare payments that does not accord with our records, including via the media.

As such disclosures are made for the purposes of the social security law or the family assistance law, they do not need to be formally authorised by the Secretary.

Unfounded allegations unnecessarily undermine confidence and takes staff effort away from dealing with other claims. We will continue to correct the record on such occasions.

The DHS website’s page about “your right to privacy” does not include such explicit advice. It only contains generic statements about the department having unspecified “obligations” under the Privacy Act, and being bound by some kind of “strict confidentiality and secrecy provisions” that somehow limit how personal information can be used, and to whom it can be disclosed:

Your personal information will not be disclosed to any other person, body or agency unless:

  • you give us permission
  • it is authorised or required by law
  • it meets one of the other exceptions in the Australian Privacy Principles

From time to time it may be necessary to disclose your personal information to third parties. The circumstances surrounding why, who and when your information may be disclosed are outlined in our privacy policy.

Following the link to the privacy policy, a client would find no mention of the media among a list of organisations that might receive information from their file, and would have to research all the exemptions and exceptions to the Privacy Act and Australian Privacy Principles, and probably get expert guidance, to find out that is in fact the case.

Privacy commissioner Timothy Pilgrim told The Mandarin this morning he was aware of the media reports about DHS briefing Malone and said his office was “making inquiries” with the department, but the rest of his response was again a proforma affair:


Government agencies regularly use personal privacy as a reason not to disclose information to the media, and decisions on what to release often appear to be based on the potential for positive or negative interpretation. In this case, given the backlash, it’s hard to see whether the effort to “correct the record” was worth it, on balance.

The controversy has led to accusations that Centrelink executives are behaving like Mafia dons, making an example of Fox and trying to intimidate other people who might be thinking of criticising them. Fox describes it as “a disturbing experience” and the question for a lot of people watching the argument unfold is not whether it was legal for Centrelink to release a client’s personal details in response to a critical op-ed, but whether it was ethical.

Public service executives wouldn’t view their own actions in such a threatening light, of course. The relevant people in this case may have felt Fox had to accept a lowered expectation of privacy, given she had already shared some of her own personal details publicly. They surely carefully considered what specific details to give Malone and based on what was published, they seem like fairly minor additions to her own story.

Most clearly highlighted by the case however is a series of disconnections: between public perceptions about privacy and the reality of the legal framework; between the way government agencies explain that legal framework to the public, and the way they interpret it in practice. Clearly, to mandarins and members of the public, the Privacy Act means very different things.