Customer records and personal information
- acknowledge their privacy and confidentiality responsibilities every year
- complete privacy training every year
- report privacy incidents as soon as they are identified.
Personal information related to the administration of the department’s programs and services is protected by the Privacy Act 1988 and the secrecy provisions in the various laws under which the department delivers its services, such as the Social Security (Administration) Act 1999. The department considers requests for personal information under the Privacy Act 1988 and relevant secrecy provisions.
Privacy impact assessments
- minimise privacy risks and impacts
- ensure compliance with statutory obligations
- meet the department’s commitment to safeguarding customer privacy.
The department investigates all privacy complaints and uses escalation and reporting processes to minimise and mitigate the effects of any privacy incident. In 2018–19, the total number of substantiated privacy incidents was 1,416.
The department emphasises the need for security as part of the department’s culture and applies the Australian Government Protective Security Policy Framework through effective security risk management, monitoring and review of security plans and policies, training, and education.
In 2018–19, the department continued to strengthen security governance arrangements through the Work Health and Safety Sub-Group and the establishment of a Chief Security Officer role.