Information sharing

4.114 Family violence is relevant in different ways for child support, family assistance and social security. As child support is inter-partes, a past history of family violence may always be relevant to a case. Similarly, historical family violence may be of continuing relevance in a family assistance context, where parties share care of children. More recent family violence is relevant to social security as it may affect a person’s qualification for, or payability of, social security payments and entitlements.

4.115 As discussed earlier, as part of the government’s Service Delivery Reform, some ICT systems in the Human Services portfolio are being integrated. The former Minister for Human Services, the Hon Chris Bowen MP, explained that ‘apart from the limited data that is already shared between agencies like Medicare and Centrelink, no more information will be shared, unless the individual concerned asks us to share the information for their convenience’^[146] and the individual databases of each agency will not be merged.

4.116 The Privacy Act 1988 (Cth) regulates the handling of personal information by the Australian Government—to which 11 Information Privacy Principles apply.^[147] In line with the Information Privacy Principles, the DHS has stated that it will ‘not use customer information collected for the purposes of one program for another program, unless the use of information in this way is authorised by law and already occurs or, alternatively, the customer gives informed consent to the additional use’,^[148] explaining that the idea is to bring information technology platforms together, not information.^[149]

4.117 In addition, the DHS has stated that it has conducted preliminary Privacy Impact Assessments and, to ensure that information is appropriately managed and shared, a consent model is being put in place to enable ‘the sharing of customer information across programs’ and emphasise ‘adequate levels of notice, control and choice for individuals’.^[150]

Submissions and consultations

4.118 In the Social Security Issues Paper and the Child Support and Family Assistance Issues Paper, the ALRC asked whether information about family violence should be shared between government agencies, such as Centrelink and the CSA.^[151]

4.119 Some stakeholders recommended that information sharing could be improved both between agency officers themselves and between different service agencies, so that victims of family violence would only have to tell their story to one officer in one agency, and to allow both agencies to have the same information.^[152]

4.120 The ADFVC raised concerns that ‘[w]omen could not understand the reason for having to retell their story as they expected that the information would already be on file, accessible to the officer they were meeting with’.

Every time I go in there I end up crying, especially if they’re in any way abrupt. You don’t want to go around telling your story all the time. It’s not a story that you really… I didn’t live it for thirty-two years to go and tell people.^[153]

4.121 The ADFVC considered it appropriate that some assurances be given to a victim of family violence that once a person disclosed family violence to either Centrelink or the CSA, they would not have to repeat their story when that information is already on their file. The ADFVC considered that the assignment of a case worker, discussed above, to the applicant would ensure greater sensitivity in dealing with these issues.^[154]

4.122 The Commonwealth Ombudsman raised concerns that

many people assume that Commonwealth agencies share more information about their circumstances than is actually the case. In particular, people who are customers of Centrelink and the Child Support Agency often assume that those agencies automatically share information about their circumstances. In some cases, people have relied to their detriment on that assumption, and have failed to disclose the same information to other agencies, believing that their contact with one agency will suffice.^[155]

4.123 The Ombudsman considered that the integration of the various agencies within the Human Services portfolio ‘will further encourage people to assume that relevant information will be shared between Centrelink and the Child Support Agency’.^[156]

4.124 The Ombudsman considered that both Centrelink and the CSA ‘should also be careful to explain to these customers that information about their family violence situation is not automatically shared, and that they should consider contacting the other agency directly to discuss how this might affect the payments or services they receive’.^[157]

4.125 Most stakeholders who responded to these questions considered that any sharing of information between government agencies such as Centrelink and the CSA should only be done with the express consent of the person concerned,^[158] to enable individuals to ‘exercise choice and control over the way their information is handled’.^[159]

4.126 The Welfare Rights Centre Inc Queensland added that, even where informed consent has been given, ‘policy and practice needs to allow for the understanding that vulnerable people may give consent without real knowledge of the possible negative consequences of such an act’.^[160]

4.127 Some stakeholders considered that information should also be able to be shared in circumstances where there are genuine concerns about risk to children.^[161] In cases where there are concerns about risks to children, the Welfare Rights Centre Inc Queensland submitted that where the staff member genuinely believes that there are risks to the children, a report to the local child protection agency should be made.^[162]

Privacy protocols

4.128 In considering information sharing between agencies, stakeholders submitted that there should be ‘information sharing protocols to ensure information about family violence and risk can be shared ethically and legally to improve safety of victims’.^[163] In particular, stakeholders considered it was important that:

• protections were developed to ensure that this information, or any other, is not further relayed to the perpetrator;^[164] and

• any information sharing should be in line with the Privacy Act 1988 (Cth) and the National Privacy Principles.^[165]

4.129 On the other hand, the Sole Parents’ Union submitted that protecting children at risk of harm should override other privacy considerations and therefore, where there are concerns about violence or child protection, this information should be shared across agencies.^[166]

ALRC’s views

4.130 The ALRC understands that, in many cases, Centrelink may be the first point of contact a person has with the social welfare system. A person eligible for child support, for example, may contact Centrelink before being referred to the CSA. In addition, people may not differentiate between various government agencies and assume that once they have informed one agency about family violence—such as Centrelink—there is no need to inform another. As a result, victims of family violence may not be informed about all their rights and entitlements across the Human Services portfolio. The ALRC acknowledges that this confusion may increase in the future due to the government’s move to ‘one-stop-shops’ and a single portal for a customer’s access to Centrelink and the CSA.

4.131 The ALRC considers that if a ‘safety concern flag’ is developed
(Proposal 4–11), and placed on a customer’s file, the existence of this flag could be shared between agencies, with the informed consent of the customer. This could ensure that victims of family violence do not have to repeat their story to different agencies.

4.132 In order to ensure that privacy concerns are addressed with such a proposal, the ALRC considers that customers who have disclosed family violence should be notified that a ‘safety concern flag’ will be placed on their file. This is in contrast to the ‘sensitive issue indicator’ and ‘vulnerability indicator’, in which the ALRC understands that customers are not informed about its existence. This safety concern flag is only to identify that family violence or safety concerns have been raised, not the truth of such a claim.

4.133 Customers should be informed of the effect of the ‘safety concern flag’—in particular, that neither the ‘safety concern flag’, nor the customer’s disclosure of family violence, will automatically be shared with other agencies such as Centrelink, the CSA and the FAO, however, that they have the option to provide informed consent to the sharing of the ‘safety concern flag’ with other agency staff. There must also be procedures in place for the revocation of consent. Provision for informed consent should take into consideration an individual customer’s cultural background and ability to understand and make informed decisions.

Privacy

4.134 The ALRC considers that, in sharing information between agencies there is a need to ensure the confidentiality of that information and adherence to obligations under the Privacy Act.

4.135 The ALRC understands that different government agencies and departments may be able to access the database of other government agencies. For example, where Centrelink receives information about family violence from DEEWR (whether from DEEWR itself, through DEEWR from Job Services Australia providers, or from CRS Australia) or DEEWR holds such information, there is a need to ensure that information is not subsequently shared with the CSA and the FAO.

4.136 The ALRC considers that the current access arrangements between these agencies and departments needs to be taken into consideration in the sharing of any ‘safety concern flag’ to ensure that any information-sharing arrangement is in accordance with the Privacy Act and the Information Privacy Principles. The ALRC considers, therefore, that a Privacy Impact Assessment may be necessary.