The Guide
CSA's plain English law & policy guide

Community Services Directory
Access 2,300 support services for separated families

Stay informed
Subscribe to
receive CSA media releases.

Resources

Estimator
Self-help tools
Objections process
Services
Forms
Publications
Fact sheets
Newsletters

Privacy

Released: 26 July 2007

This media backgrounder on Privacy is intended to assist journalists understand service delivery options available to separated parents.

Privacy

The Child Support Agency (CSA) collects information from customers to ensure that child support assessments are correct and to make sure that payments are collected and transferred. Child support legislation gives the CSA specific powers to do this. Some of this information is sensitive and the CSA places great emphasis on protecting customer privacy.

When the CSA collects personal information it must take reasonable steps to ensure the customer understands why the information is required and if the collection of the information is required by law. If CSA usually gives the information to another person or organisation, the customer must be advised of this at the time the information is collected or as soon as possible afterwards.

Legislation

Privacy Act – The CSA is bound by the Privacy Act 1988, which contains 11 Information Privacy Principles (IPPs). These regulate the treatment of personal information. They set out the standards for information collection, storage, security, correction, use, disclosure and access.

Secrecy Provisions – The CSA is also bound by the secrecy provisions in the Child Support (Assessment) Act 1989 and the Child Support (Registration and Collection) Act 1988. These provisions restrict the recording and communication of customers' protected information and specify when and to whom the CSA can lawfully release this information. These secrecy provisions are stricter than the IPPs and all staff members are required to sign a secrecy declaration.

The child support legislation also authorises the CSA to obtain information about customers from the Australian Taxation Office (ATO), including tax file numbers.

Who can CSA pass information onto?

The CSA may be required by law to pass specific information to the other parent, such as information used to calculate child support payments. This is done so that the other parent understands how the amount has been calculated. Information such as contact details are not passed on.

The CSA may provide information to other government agencies, including but not limited to:

Centrelink;
Australian Taxation Office;
the Social Security Appeals Tribunal;
the Department of Families, Community Services and Indigenous Affairs;
the Attorney-General's Department;
law enforcement agencies; and
Commonwealth investigation or auditing agencies, such as the Ombudsman, the Privacy Commissioner or the Australian National Audit Office.

By law, CSA may also disclose information to third parties on legal notices when seeking information or enforcing the law.

What if CSA has breached customer Privacy?

If a customer believes the CSA has handled their information incorrectly they should contact their case officer to discuss it. If a customer is still unsatisfied they can ask to speak to the Privacy Contact Officer in their state. The CSA also has a National Privacy Team based in its National Office who will work with customers to resolve privacy incidents. All privacy incidents are reported back to the business to ensure the CSA is continually improving its privacy environment.

If a customer is still dissatisfied with the CSA's resolution they may take their complaint to the Office of the Privacy Commissioner by calling 1300 363 992.

Privacy breaches are rare and unintentional and in some cases arise from errors such as the wrong letter being placed in an envelope or miskeying. This is a very different issue to intentional unauthorised accessing of customer files.

Where mistakes that lead to a privacy breach do occur, feedback and training is provided to the specific staff member. Though the majority of breaches are unintentional, where it has been deliberate the CSA will take disciplinary action. In some instances this can lead to dismissal and prosecution.

Restricted access

The CSA also has a Restricted Access Customer system (RACS) which provides additional security for high profile/high risk clients. Access to these records is tightly controlled and monitored, with regular proactive investigation of staff accesses.

Aulich Report

In 2005 the CSA commissioned a privacy audit by Aulich and Co. to examine the CSA's privacy environment and make recommendations for improvement. The Aulich Report rated the CSA's privacy environment as above average.

Following the report the CSA commenced work on three major initiatives to improve customer privacy, these were:

a national privacy training plan;
privacy impact assessments; and
regular audits.

Comprehensive privacy training is now compulsory for all staff both upon induction and then after six months. The CSA also runs a refresher course that all staff are required to attend every 18 months and a comprehensive on-line privacy manual is being developed. The CSA's National Privacy Team is also responsible for co-ordinating privacy campaigns across the CSA to ensure that privacy awareness is an integral component of all CSA's operations

Privacy Impact Assessments ensure that privacy considerations are an integral part of any business development. Since the CSA has commenced undertaking Privacy Impact Assessments, the general level of consultation with privacy officers has significantly increased.

The CSA has enhanced its ability to conduct proactive searches for unauthorised access to customer data and randomly audits staff access to customer information. Any reported instances of inappropriate access are investigated.

Quotes from the General Manager, Matt Miller

"Customers put enormous trust in the CSA, so their confidence in our privacy environment is paramount.

"In 2005, the CSA commissioned the Aulich Report to examine the CSA's privacy environment and make recommendations for improvement.

"While the Aulich report rated the CSA's privacy environment as 'above average' it made recommendations to refine and formalise a centrally driven, system-wide model which included National Privacy Training Plan, Privacy Impact Assessments, and regular audits.

"Those recommendations have been adopted and the CSA's privacy practices have been significantly enhanced as a result.

"All CSA staff receive training to carry out their work in accordance with strict privacy protocols. Employees are trained, reminded and updated on privacy throughout their employment and have the utmost respect for customer confidentiality.

"The CSA audits staff access to customer information and investigates all reported instances of inappropriate access."

Further information on Privacy

The Guide – Chapter 6.3, Legal section of CSA's website: www.csa.gov.au/guide/6_3_1.htm
Privacy Commissioner's website – Privacy Act 1988: www.privacy.gov.au

Media enquiries

Call: 0434 605 144
Email: media@csa.gov.au

Print this page

Top of page