Promoting people's rights and civil liberties. It is non-party political and independent of other organisations.
Privacy forsaken as agencies merge

Privacy forsaken as agencies merge

Two giant federal agencies – Centrelink and Medicare – are merging without proper examination of the privacy ramifications, which are immense. The Australian Privacy Foundation is calling for the government to abide by supposedly mandatory rules to conduct a Privacy Impact Assessment.

Statement by the Australian Privacy Foundation
The Proposed Merger of Centrelink, Medicare
and the Department of Human Services

23 March 2011

The Human Services Legislation Amendment Bill 2010 would merge two very large government agencies (Centrelink and Medicare) into a portfolio agency (the Department of Human Services – DHS).  Centrelink and Medicare (previously the Health Insurance Commission) have long been responsible for the delivery of services of a very particular and highly privacy-sensitive nature, whereas DHS is a pure policy agency.  The proposal to break down the boundaries among agencies is highly threatening both to the quality of the services provided to citizens and to their privacy.

Senior government executives have been trying to achieve merger among agencies through a long succession of Governments and Ministers.  This latest attempt has been carried out in a manner that has flouted the Government’s nominal commitment to openness and to enhancement of privacy protections, at the same time as blatantly compromising the office of the Privacy Commissioner.

The Matter of a PIA

  1. Government policy requires that a Privacy Impact Assessment (PIA) be conducted prior to undertaking a project that has potentially significant privacy implications.
  2. As far as the APF was aware, no PIA had been conducted.
  3. DHS then claimed verbally on 22 March that a PIA was conducted, but:
    • it was conducted either by or in close association with the Privacy Commissioner
    • the assessment appears to have been conducted in secret
    • the country’s primary privacy advocacy organisation was excluded
    • the APF is not aware of any other public interest advocacy organisations being invited to participate either
    • no report was published
    • no information was provided to the Parliament

    The Role of the Privacy Commissioner

  4. DHS claims to have been ‘working closely’ with the Office of the Australian Information Commissioner (OAIC).  But ‘working closely’ with the OAIC is not a substitute for public consultation, because the OAIC is in no sense an advocate for the public interest in privacy.
    OAIC merely administers a statute that contains highly deficient privacy mechanisms and facilitates the processes of other government agencies and business by making sure that privacy doesn’t get in their way.
  5. It has emerged that the Privacy Commissioner has operated as a paid consultant for DHS, receiving over $400,000 during the year preceding the Parliament’s consideration of the Bill.
    In most people’s understanding, the combination of a regulatory role with revenue must inevitably result in a conflict of interest.  In this case, the resolution of that conflict has clearly been to the detriment of the privacy interest.
  6. The Privacy Commissioner therefore:
    • was compromised in his ability to provide independent advice
    • failed to convince DHS to conduct consultations with the affected public
    • failed to itself conduct consultations
    • failed to convince DHS to publish the PIA report

    The Senate Committee

  7. A Senate Committee Inquiry is not a substitute for a PIA.
    It is a last-ditch review of legislation, after the Government has made a full commitment to achieving passage of the Bill.
  8. The timetable of the Senate Committee Inquiry was as follows:
    • 10 Feb – referral of the Bill to a Senate Committee
    • 21 Feb – invitation by the Committee to the APF to make a submission
    • 1 Mar – the deadline for submissions
    • 22 Mar – the deadline for the Committee to report
  9. It beggars belief that a government that pretends to be open, in developing a proposal that has enormous propensity to have negative impacts on privacy:
    • avoided any public scrutiny during the development of the legislation
    • permitted the Senate an extraordinarily short period in which to consider it
    • restricted to 5 working days the public’s opportunity to prepare submissions
    • precluded any public hearings on the matter
  10. The Minister’s spokesman, in a letter submitted for publication in the national press, implied that APF is disqualified from making any comment on the Bill because it failed to make a submission to the Senate Committee.  The suggestion is repugnant to democracy.

    The Minister

  11. Tanya Plibersek was prepared to stand up against abuse of power by DHS when she was in Opposition.
  12. As the Department’s Minister, however, she has quietly folded her principles.
    She is now the sponsor of DHS’s plans for the creation of a single social control agency, with the capacity to merge data streams now, and databases later.

Roger Clarke
Chair, Australian Privacy Foundation
(and member of Civil Liberties Australia)

Leave a Reply

Translate »