‘Safety concern’ flag

4.56 The ALRC recommends that DHS should consider developing and implementing a ‘safety concern flag’ to be placed on a customer’s file. Subject to the informed consent of the customer, and with appropriate privacy safeguards, the ‘flag’ should be subject to information sharing arrangements between DHS and other agencies.

Parallels with vulnerability and sensitive issues indicators

4.57 In the social security system, a ‘vulnerability indicator’ may be placed on a customer’s record—accessible by Centrelink, DEEWR and a job seeker’s job services provider—in certain circumstances. The ‘vulnerability indicator’ is used to identify those with psychiatric problems or mental illness, drug or alcohol dependence, homelessness and recent traumatic relationship breakdown (including relocation as a result of a recent family violence situation). For example, Centrelink customer service advisers are required to consider at their initial engagement with a job seeker, and at subsequent engagements, whether a ‘vulnerability indicator’ should be placed on the customer’s record.^[70] The indicator alerts job service providers and Centrelink that a job seeker may have difficulty meeting their requirements for receiving social security payments or entitlements (such as activity test or participation requirements) due to vulnerability and thus ensures that the vulnerabilities are taken into account when setting participation requirements for the job seeker and responding to failures to comply.

4.58 A similar mechanism exists in the child support system. The CSA’s Family Violence—Common Module states that when a customer advises that there is a risk of family violence, regardless of whether there is an Apprehended Violence Order (AVO) or Domestic Violence Order (DVO) in place, a ‘sensitive issue indicator’ should be placed on the customer’s file. The Module expressly states that the customer is not to be advised of the existence of the ‘sensitive issue indicator’ and that it is an internal customer management tool only.^[71] Conversations regarding family violence are also required to be documented in the CSA database.^[72]

Should a ‘safety concern flag’ be developed and implemented?

4.59 In the Discussion Paper, the ALRC proposed that when family violence is identified through the ‘screening’ process or otherwise, a ‘safety concern flag’ should be placed on the customer’s file.^[73] The ALRC considered that this reduced the need for victims of family violence to have to repeat their story to different agencies.^[74] If such a flag is shared between agencies, it may give an indication that a person is eligible for different entitlements and exemptions, which in turn may ensure an issues management response that enhances his or her safety.

4.60 While stakeholders supported the principle of the ‘safety concern flag’,^[75] there was consensus that a number of issues would need to be addressed prior to its implementation, to ensure the ‘privacy, safety and autonomy’^[76] of the customer at all times. Particular concerns were raised about how to:

• keep the ‘safety concern flag’ current, to ensure that the flag is not used for some collateral purpose;^[77]
• keep customers informed of actions arising out of having a ‘safety flag’ on their file;^[78] and
• ensure that existing infrastructure is sufficient to host a ‘safety concern flag’ without allowing unintended access by various government departments and agencies.^[79]

4.61 DHS submitted that its experience with the sensitive issues and vulnerability indicators suggests that, while ‘some benefits can manifest in terms of reduced repetition for the customer’, such benefits need to be balanced with ‘the costs of system development and associated staff training and processes’ to ensure that a customer’s record is current and that the existence of a flag is appropriate.^[80] It also considered that Centrelink experience with similar indicators suggest that ‘the flag itself is not the answer but should be suggestive that other supports may be in place or offered’.^[81]

4.62 The ALRC does not recommend implementation of a ‘safety concern flag’ until the concerns raised above have been addressed. In particular, DHS integration is in its very early stages and introducing a new ‘safety concern flag’ at this point in time may require significant resources towards ‘system development and associated staff training’.^[82]

4.63 The ALRC therefore recommends that DHS should consider developing and implementing a ‘safety concern flag’ to be placed on a customer’s file when family violence-related safety concerns are identified. The ALRC notes that DHS experience with the ‘sensitive issue’ and ‘vulnerability’ indicators will be useful in developing and implementing any ‘safety concern flag’.

Privacy and information sharing

4.64 The Privacy Act 1988 (Cth) regulates the handling of personal information by the Australian Government—to which 11 Information Privacy Principles apply.^[83] In line with the Information Privacy Principles, the DHS has stated that it will ‘not use customer information collected for the purposes of one program for another program, unless the use of information in this way is authorised by law and already occurs or, alternatively, the customer gives informed consent to the additional use’.^[84]

4.65 The Office of the Information and Privacy Commissioner also submitted that a privacy impact statement should be undertaken as part of developing protocols for the sharing of a ‘safety concern’ flag to ensure that arrangements are consistent with the Privacy Act and Information Sharing Principles. DHS has stated that it has conducted preliminary Privacy Impact Assessments and, to ensure that information is appropriately managed and shared, a consent model is being put in place to enable ‘the sharing of customer information across programs’ and emphasise ‘adequate levels of notice, control and choice for individuals’.^[85]

4.66 DHS therefore submitted that the easiest way of disclosing the existence of any ‘safety concern flag’ to other agencies is via informed customer consent:

Which means the customer will need to be advised of the ‘safety concern flag’, what it means, and who it could potentially be disclosed to. The customer may also want some assurances about what another agency might use this information for—for example State Police Services. It is also likely to lead to other agencies wanting further information.^[86]

4.67 This view was also adopted by stakeholders.^[87] National Legal Aid expressed a view that consent should ‘ideally be obtained once and early on, so that the customer need not be engaged in unnecessary interactions’.^[88] The Office of the Information and Privacy Commissioner stressed that individuals should be given the ‘opportunity to decide whether or not their personal information will be shared’, and that

improving communication with customers as part of seeking informed consent may minimise the risk of misunderstandings about information sharing, which can lead to privacy complaints. It may also promote community trust and confidence in the handling of information by Australian Government agencies.^[89]

4.68 The National Welfare Rights Network submitted that DHS should develop (in consultation with stakeholders and clients) information/scripts explaining issues such as ‘safety concern flags’ and ‘informed consent’ to ensure that individuals and groups clearly understand processes and their rights with respect to information sharing, consent and revocation thereof.^[90] The NWRN also suggested that a customer should be able to provide consent to disclosure ‘that is limited to particular agencies or limited to a particular time’.^[91]

4.69 The ALRC considers that a model of informed consent would be the most appropriate way to share information about the existence of a ‘safety concern flag’ across agencies. The ‘safety concern flag’ could be considered in light of the preliminary privacy impact statement and DHS’ current procedures around consent for information sharing generally. The ALRC also stresses that, in implementing any flag, DHS will need to ensure that its customers know about: the existence of a safety concern flag; the purpose for which the flag may be disclosed to other agencies; and how the customer can have the flag removed from their file.

4.70 The ALRC considers that, if a ‘safety concern flag’ is implemented, information about its existence could be given to customers to promote disclosure of family violence in a wide variety of formats, as recommended in Recommendation 4–1.