NOTICE OF A DATA MATCHING PROGRAM – SERVICES AUSTRALIA AND QIMR BERGEHOFER CUSTOMERS AFFECTED BY THE DATATIME 2022 DATA BREACH
This notice refers to the commencement of a data matching program by Services Australia (the Agency) using information provided by the QIMR Berghofer Medical Research Institute (QIMR) about QIMR customers affected by the 2022 data breach affecting PNORS Technology Group including Datatime, a third party providing services to QIMR (Datatime Data Breach).
Where an Agency customer’s Medicare number or Centrelink Reference Number (CRN) was disclosed as part of the Datatime Data Breach, the following data, to the extent captured by the Datatime Data Breach and available to QIMR, has been provided by QIMR to the Agency:
The Agency will compare the data provided by QIMR to Medicare and Centrelink customer records held by the Agency. This will assist the agency to identify affected customers and apply proactive security measures to affected customer records.
A protocol document describing this program has been developed in consultation with the Office of the Australian Information Commissioner (OAIC). Copies of the document are available from:
https://www.servicesaustralia.gov.au/centrelink-data-matching-activities?context=1
The Agency adheres to the OAIC Guidelines on data matching in Australian Government administration which includes standards for data matching to protect the privacy of individuals. The Agency’s privacy policy is available from: