Federal Register of Legislation - Australian Government

Primary content

Guides & Guidelines as made
These Guidelines provide for monitoring of technical standards for data-matching programs by the Privacy Commissioner and establish safeguards for individuals affected by the outcomes of data-matching.
Administered by: Social Services
Registered 23 Jun 2009
Date of repeal 25 Aug 2021
Repealed by Data-matching Program (Assistance and Tax) Rules 2021
Repealing Comments Repealed on the first day on which this instrument is no longer subject to disallowance.

EXPLANATORY MEMORANDUM

DATA - MATCHING GUIDELINES - issued under Section 12 of the DATA - MATCHING PROGRAM (ASSISTANCE and TAX) ACT 1990.

Introduction

Section 12 of the Data-matching Program (Assistance and Tax) Act 1990 (the Act) requires the matching agency and source agencies to comply with guidelines the Privacy Commissioner may issue from time to time to replace any existing guidelines.

The objective of the guidelines is to ensure that the use of the privacy-intrusive technique of data-matching is based on clear and publicly known standards, and that individuals are protected by appropriate safeguards in the design and implementation of the data-matching program.

The guidelines provide for monitoring of technical standards for data-matching programs by the Privacy Commissioner and for safeguards for individuals affected by the outcomes of data-matching.  So far, monitoring by the Privacy Commissioner and an audit by the Auditor-General has indicated that agencies have complied with the privacy provisions of the Act and Guidelines.

These guidelines apply only to data-matching carried out under the Data-matching Program ("Assistance and Tax) Act 1990.

Definitions

Guideline 2 provides that definitions contained in the Act apply.  Where a term is not defined in the Act but is defined in the Privacy Act, that definition applies. Terms not defined in either of these Acts are defined in the guidelines.  Definitions that have been modified or added include "action", "dispute" and "matches undertaken".

"Action" limits the range of administrative actions an agency my take to those defined in section 10 of the Act.

"Dispute" would mean the situation where an individual disputes the accuracy of the data on which a match is based and will not retract.

"Matches Undertaken" would mean the total number of individual records the matching agency receives after they have been separated into maiden names, aliases, partners, children and parents. The figures for the matches undertaken will be greater than the number of client records an agency keeps. Because "matches undertaken" includes maiden names and aliases the total matches undertaken will be greater than the total number of records kept on individuals.

Safeguards for Individuals

Guidelines 5-7 lay down a series of requirements designed to minimise the possibility of unfairness to individuals in the use of results of data-matching programs.

The modifications have been made to 5.3, 5.5, 5.6, 6.1, 6.3 and 6.5 (iv).


Guideline 5.3 has been modified to remove the phrase "or the proposed action".  If an individual disputes the accuracy of the data which forms the basis of a match, and the agency does not concede, it must inform the individual of the rights of complaint conferred by the Privacy Act 1988. This is consistent with Information Privacy Principle 8 of the Privacy Act. Any action the agency proposed to take has to be consistent with action allowed by section 10 and it is unlikely that such action would result in a breach of privacy.

Guideline 5.5 reinforces the requirement to retain a written note on or linked to a client's file if a client responds orally to a notice issued by an agency under section 11 of the Act.

Guideline 5.6 is a new requirement to help ensure individuals are afforded the opportunity to respond to notices issued under section 11.

The modification to guideline 6.1 is of a technical nature to ensure that files from the Health Insurance Commission and the Australian Electoral Commission used to verify identities do not have to be destroyed.

Guideline 6.3 authorises the practice of referring discrepancies from one source agency to another for further investigation.

Guideline 6.5(iv) allows the ATO to retain data on discrepancies until the taxpayer's appeal period had expired. Representatives from the ATO expressed difficulty in complying with the prior requirement to destroy data before an individual's appeal period under the Income Tax Assessment Act had expired.

Guideline 9 outlines the matters on which agencies may be required to report to the Privacy Commissioner on a periodic basis.

Guideline 12 outlines the matters on which agencies must include in their reports to both Houses of Parliament. The changes modify the statistics which agencies should maintain and report.  The main change is hi the way agencies report on debts collected. They are now required to identify:

the number of cases where an overpayment was identified; the number of cases where recovery action was initiated; and the number of cases where debt was fully recovered.