A new Australian Public Service (APS) Privacy Code covering the data citizens give to the federal government will be in place by 2018, prompted by the outcry over Centrelink robo debt and data matching.
Today’s [Thursday] joint announcement by the Department of Prime Minister and Cabinet (PM&C) and the Office of the Australian Information Commissioner (OAIC) said the two would work collaboratively on the new code, which aims to ensure a balance between data protection and privacy and data innovation and its use by Commonwealth agencies.
Australian Information and Privacy Commissioner Timothy Pilgrim told the Senate Community Affairs References Committee, which is conducting a public hearing into the Department of Human Services’ Online Compliance Initiative (OCI) in Canberra today, that the code would cover how data should be ‘respected, protected’ and regulated into the future, consistent with community expectations.
Mr Pilgrim said the code would be binding and failure to comply would be a breach of the Privacy Act. The current guidelines are voluntary.
He said penalties could range from asking for a written undertaking that an organisation would change their processes and comply – ultimately enforceable in the federal court – to civil penalties in a federal court which could reach up to $1.8 million for serious breaches.
The OAIC will lead on the code’s development due to the organisation’s specific privacy expertise and the code will be implemented APS-wide. All agencies will also need to have a privacy management plan in place under the new code.
The Department and the OAIC said the code was vital to maximise the value of publicly held data.
“The code can therefore be a catalyst to transform the Australian government’s data performance – increasing both internal capacity and external transparency to stakeholders,” they said.
Commissioner Pilgrim said the code would ‘support government data innovation that integrates personal data protection’ while giving the APS the ‘skills and capabilities’ it needed to manage personal information.
A storm over data privacy occurred after Fairfax published a piece by blogger Andie Fox in February which was highly critical of the DHS’ automated debt recovery drive, designed to claw back more than $1.5 billion over five years. In her article, Ms Fox claimed she had been pursued and ‘terrorised’ by DHS for money she did not owe after a relationship breakdown.
In response, DHS disputed Ms Fox’s account and leaked some of her personal information to a journalist, including her Family Tax Benefit claims and relationship details.
The government later defended itself arguing that it was allowed to release personal information to correct inaccurate public statements under social security legislation.
Federal Labor MP Linda Burney later referred the matter to the Australian Federal Police but the AFP concluded that Human Services Minister Alan Tudge had not breached Commonwealth legislation.
The government said the new privacy code would be developed in close collaboration with the APS and data stakeholders and it would apply to all Australian Government entities subject to the Australian Privacy Act 1988.