Information sharing and privacy

15.32 The ALRC is directed by the Terms of Reference to consider whether the extent of sharing of information across Commonwealth, state and territory agencies is appropriate to protect the safety of those experiencing family violence.^[18]

15.33 The primary focus of this chapter is the Commonwealth jurisdiction, including agencies such as DEEWR, Centrelink, the Department of Human Services (DHS), and JSA, DES and IEP providers. Information sharing between each of these agencies and providers is vital to ensuring the JSA and DES systems effectively identify and respond to family violence where it may affect a job seeker’s capacity for work, or their barriers to employment. The sharing of information is also central to ensuring steps taken in a pre-employment context are based on all the relevant information and that information is shared appropriately to ensure, as far as possible, the safety of job seekers experiencing family violence.

15.34 In many cases, Centrelink is the first point of contact for a job seeker. A job seeker may not differentiate between various government agencies, or between Centrelink and their JSA or DES provider, and may assume that family violence has been disclosed, and there is no need to inform another person or agency.

15.35 In light of this, information sharing between these agencies is linked to broader information-sharing issues and questions raised in Chapter 4. For example, the ALRC makes a range of proposals with respect to:

• the placement of a safety concern flag on a customer’s file when safety concerns are raised; and
• inter-agency information sharing protocols.^[19]

15.36 In the context of the pre-employment system, job seekers may disclose family violence to Centrelink staff, JSA, DES and IEP provider staff, or to an ESAt or JCA assessor, in a range of circumstances, including:

• in the course of a JSCI, ESAt or JCA;
• in the course of developing an EPP;
• to seek particular assistance, or by way of explanation for certain work preferences; or
• because of safety concerns.

15.37 The ALRC understands that there are information-sharing protocols and arrangements already in place between some of these agencies and providers and that, in addition, some information-sharing systems under the Human Services portfolio are being integrated as part of the Service Delivery Reform.^[20]

15.38 The Employment Services Deed also contains information on the control of personal and protected information and specifies that providers must carry out and discharge the obligations contained under the Privacy Act, as if they were an agency.^[21]

15.39 However, in considering the sharing of personal information about job seekers between agencies and providers, there is a need to ensure information is shared where it will assist the job seeker and that privacy concerns associated with the sharing of information are addressed. For example, where sensitive personal information, such as family violence, is disclosed, this may raise issues of consent.

15.40 General privacy issues arising from disclosure that may arise in the context of the pre-employment phase are dealt with in Chapter 14. However, to the extent that privacy issues arise specifically with respect to information sharing arrangements, they will be discussed separately in this chapter.

Submissions and consultations

15.41 In Family Violence—Employment and Superannuation Law, ALRC Issues Paper 36 (2011) (Employment Law Issues Paper), the ALRC did not ask a specific question with respect to information sharing between Centrelink, DEEWR, JSA, DES or IEP providers, or ESAt or JCA assessors. However, in two other Issues Papers, the ALRC asked whether information about family violence should be shared between government agencies such as Centrelink and the CSA.^[22] Accordingly, it is consistent with the approach taken throughout this Inquiry, and as a precursor to other proposals made in relation to the JSA system, to consider the issue in the pre-employment context.

15.42 In response to the other Issues Papers, stakeholders suggested that information sharing could be improved between agency officers and different services agencies, to avoid the need to re-disclose family violence and to allow agencies to share information. However, stakeholders emphasised that any information sharing should only be done with express and informed consent. In suggesting information sharing, stakeholders emphasised the need for the protection of information and compliance with obligations under the Privacy Act.^[23]

15.43 For example, in submissions and consultations in response to the Employment Law Issues Paper, stakeholders expressed particular concern about ensuring the confidentiality of job seeker information. Stakeholders submitted that in their experience,

[t]here have been reports of instances where perpetrators have rung JSPs and successfully obtained personal information by tricks such as ‘my sister Judith has an appointment there today and asked me to pick her up when she finished but I forgot the time she told me and I don’t have her mobile number, can you tell me when her appointment is or give me her phone number so I can call her?’^[24]

15.44 Similar to the ‘safety concern flag’ proposed by the ALRC in Chapter 4, WEAVE suggested the introduction of:

A high privacy flag on personal information held about the victim which is only accessible to a case worker with personal responsibility for the client and a clear understanding that there is a safety risk for the person if information is accessible to others.^[25]

ALRC’s views

15.45 A balance must be struck between ensuring information is shared where it will assist the job seeker and avoiding job seekers having to re-disclose family violence, with privacy concerns associated with the sharing of personal information. Inter-agency protocols already exist between some of these key agencies and bodies. Some information sharing matters are also already dealt with in the Employment Services Deed.

15.46 In order to inform the direction of reforms in this area, the ALRC seeks stakeholder feedback on the sharing of information between Centrelink, DEEWR, DHS and JSA, DES and IEP providers. In particular, the ALRC is interested in stakeholder comment on:

• how is, or how would, personal information about individual job seekers be shared between Centrelink, DEEWR, JSA/DES/IEP providers and DHS; and
• how the existence of a Centrelink Deny Access Facility—which restricts access to the file—or any other similar safety measure, such as a ‘safety concern flag’, may affect what job seeker information DEEWR and JSA and DES providers can access.^[26]

15.47 While the ALRC is seeking further information on how information is shared between these agencies and providers in practice, and how any new arrangements may operate, the ALRC considers that it is appropriate to make two key proposals in this area.

15.48 First, information sharing between each of these agencies and providers is vital to ensuring the JSA and DES systems effectively identify and respond to family violence where it may affect a job seeker’s capacity for work, or amounts to a barrier to employment. The sharing of information is also central to ensuring steps taken in a pre-employment context are based on all the relevant information and that information is shared appropriately to ensure the safety of job seekers experiencing family violence.

15.49 The ALRC does not intend to specify the exact content or type of the information-sharing arrangements that should exist. However, the ALRC has formed the view that it is necessary and appropriate for Centrelink, DEEWR, JSA, DES, IEP providers and ESAt and assessors—through DHS—to consider issues arising with respect to the personal information of individual job seekers who have disclosed family violence in the context of their information-sharing arrangements and to make any changes that may be necessary or appropriate. The ALRC also notes that the information-sharing arrangements between DEEWR, Centrelink, DHS, FaHCSIA, the Family Assistance Office and the Child Support Agency, referred to in Chapter 4, will have a bearing on the arrangements made or developed in this context.

15.50 Secondly, in sharing information between these agencies and providers, there is a need to ensure the confidentiality of that information and adherence to obligations under the Privacy Act 1988 (Cth) as well as any associated requirements under Employment Services Deeds. In particular, the ALRC emphasises the need to consider the privacy issues arising from the sharing of any ‘safety concern flag’ and to ensure that issues of a job seeker’s consent are considered. As a result, the ALRC proposes that, in developing or reviewing information sharing arrangements to allow the sharing of information between Centrelink, DEEWR, JSA, DES and IEP providers and ESAt and JCA assessors (through DHS), appropriate privacy safeguards are in place.