CUSTOMER RECORDS AND PERSONAL INFORMATION

To protect the privacy of customers and staff, the department has comprehensive processes to protect personal information. The department’s privacy framework is guided by the Operational Privacy Policy, with which all staff must comply. The policy requires:

• all staff to acknowledge their privacy and confidentiality responsibilities every year
• reporting of privacy incidents as soon as they are identified.

Personal information related to the administration of the department’s programs and services is protected by the Privacy Act 1988 and the secrecy provisions in the various laws under which the department delivers its services, such as the Social Security (Administration) Act 1999. The department considers requests for personal information under the Privacy Act 1988 and relevant secrecy provisions.

PRIVACY IMPACT ASSESSMENTS

As the department develops new projects and program improvements, it considers the potential impact on privacy. Under the Operational Privacy Policy, the department undertakes privacy impact assessments to:

• minimise privacy risks and impacts
• ensure compliance with statutory obligations
• meet the department’s commitment to safeguarding customer privacy.

PRIVACY INCIDENTS

The department investigates all privacy complaints and uses escalation and reporting processes to minimise the effects of any privacy incident. In 2017–18 the total number of substantiated privacy incidents was 98.