on this page
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable.
Sensitive information is a subset of personal information and includes information or an opinion about your:
- racial or ethnic origin
- political opinions
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation
- criminal record
- health information
- genetic information.
We may collect personal information about you when it’s reasonably necessary for, or directly related to, our functions or activities.
We may collect sensitive information about you:
- where you consent
- when the collection is authorised or required by law
- when the collection is otherwise allowed under the Privacy Act.
The kinds of personal information we may collect includes all of the following.
Information about you, such as your:
- date of birth
- contact details.
Information about your circumstances, such as your:
- employment status and history
- education status
- financial situation
- cultural and linguistic background
- citizenship and visa status
- passport and travel movements
- health and welfare
- family circumstances.
Information about your family and other related persons, such as any:
- nominees or authorised representatives.
Information about your interactions with us, such as:
- applications and claims you’ve made
- payments or services we provide you
- feedback and complaints
- any other special service arrangements.
We may also collect information about you to help us establish and verify your identity and administer records, including:
- departmental reference numbers
- Department of Veterans’ Affairs (DVA) file numbers
- tax file numbers
- healthcare identifiers
- biometric information such as your Voice Biometrics voiceprint.
We may also collect information about how you use our online services and applications, such as:
- pages you visit
- online forms you fill in
- your interactions
- your chats with our virtual assistants
- your language preferences
- searches you make.
You can read more about the collection of personal information.
We collect your personal information through a variety of channels. This includes paper forms or notices, search warrants, online portals, mobile applications, correspondence, face to face or over the telephone.
We may also collect your personal information from third parties including other government agencies:
- as a result of a tip-off
- when undertaking data matching
- through administering legislation
- in the lodgement of a complaint
- in the context of enforcement activities
- when administering whole-of-government online services.
Social networking services
We use social networking services such as Facebook, X, YouTube, Instagram and Yammer to talk with the public and our staff. When you talk with us using these services we may collect your personal information to communicate with you and the public.
The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.
We exchange data with other agencies through technical pathways such as the digital gateway. We do this under relevant legislation to collect accurate and up-to-date information about customers. We can also assist other agencies to exchange data using the same pathways.
Data matching is where we compare income information collected from you with information held by other organisations, such as the Australian Taxation Office (ATO). We do this to help deliver the payments and services you’re eligible for.
We prepare Programme Protocols for our data matching programs, in accordance with guidelines issued by the Office of the Australian Information Commissioner (OAIC). Read about Centrelink program data matching activities.
We collect personal information about you where it is reasonably necessary for, or directly related to, one or more of our functions or activities.
To deliver payments and services
We may collect your personal information when it is reasonably necessary for delivering payments or services. For example, we may collect your personal information to:
- confirm your identity
- communicate with you, including by SMS or email
- provide advice about available support
- ensure correct payments are made
- verify data provided in relation to claims and reviews with third parties
- investigate fraud, including internal fraud and the assessment of payment eligibility
- manage complaints and feedback
- participate in merits and judicial review matters
- manage and respond to requests for information
- administer and provide online services, including myGov
- act as an accredited participant, operate the Digital Identity exchange and perform administrative and oversight functions in the Digital Identity system.
The reasons we collect your personal information will depend on the payments and services you access or are seeking. Read why we collect your personal information for:
To improve our services
We may use your personal information to conduct statistical analysis and research to improve service delivery. We'll contact you or a trusted research company will on our behalf. Our contracts with each research company contain legal binding provisions to protect your privacy.
We only give contracted research companies personal information when necessary. Your information stays confidential and is:
- not used for any purpose except for the specific research activity
- not given to anyone else
- destroyed or returned to us when the research is over.
Read about why we engage with you to improve our services.
For employment and recruitment
We collect personal information to establish and maintain records for the employment and recruitment of staff. You can read about the information we collect for employment purposes.
To work better across the agency
Your personal information may be shared across our Centrelink, Child Support and Medicare service areas if you have given your consent or the sharing of your information is authorised or required by law.
To make dealing with government easier for you
We administer platforms such as myGov and Digital Identity exchange to deliver more convenient, accessible and efficient services. In doing so, we work with other Australian Government agencies, state and territory agencies and third parties. Your personal information may be shared for the purposes of developing and administering these platforms if either:
- you have given your consent
- the sharing of your information is authorised or required by law.
To understand how myGov manages your personal information read the myGov privacy notice.
This information includes your name, date of birth, mobile phone number and email address. We hold your identity information for up to 12 hours, and then securely destroy it.
For more information on how the Digital Identity exchange manages your personal information you can read on the Digital Identify exchange website:
Only when required with third parties
We may disclose your information to Australian Government agencies, state and territory agencies and third parties. The disclosure of your personal information will depend on the payments or services to which the information relates.
To help our community in a time of emergency or disaster
In some circumstances, we may share information to support people who have been affected by a disaster or emergency. This could include sharing information with agencies and organisations as part of the emergency response or recovery effort. We may, for example, share information to help affected individuals to access financial or other assistance from charities, as well as from Australian government agencies.
To provide you with a more personalised experience
We may use information about your online experience to help us improve our services.
We may need to share your personal information if we’re authorised or required by law to do so.
Read our privacy notice about data analytics and service improvement.
We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:
- storing paper records securely as per Australian government security guidelines
- only accessing personal information on a need-to-know basis and by authorised personnel
- monitoring system access which can only be accessed by authenticated credentials
- ensuring our buildings are secure
- regularly updating and auditing our storage and data security systems.
When no longer required, we destroy or archive personal information in a secure manner.
Data hosted for other agencies
We gather and store personal information on behalf of other agencies including in our data lake storage repository.
We do this in a similar way to a cloud service provider. We keep the hosted data separate from our own data and protect it with strict access controls. This means we don’t have control over the hosted data.
Send requests or complaints about hosted data to the agency the personal information belongs to. If we get a request or complaint about hosted data, we’ll send it to the agency it belongs to.
In addition, our staff are bound by secrecy provisions that regulate information we collect for social security, family assistance, health, child support and redress law. These secrecy provisions restrict the access, use and communication of protected information, including within the agency.
We may disclose your personal information overseas, such as to a foreign government or agency, where:
- the disclosure is required or authorised by law, or
- international information sharing arrangements are in place.
This may be more likely if you, your partner or dependants, or the other party to your Child Support case, live or have lived overseas, or are travelling overseas.
Under international information sharing arrangements we can either:
- collect and disclose information about you where it is requested by an overseas authority
- request information about you from an overseas authority.
While these arrangements differ, overseas authorities may have agreed to only use information for the purposes of the arrangements, and in accordance with relevant privacy obligations.
Read about the countries which have international information sharing arrangements in place:
- Reciprocal Health Care Agreement
- Reciprocating Jurisdictions and Residency for Child Support
- International Social Security Agreements.
You have the right to both ask:
- for access to personal information that we hold about you
- that we correct personal information we hold about you.
If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will notify you in writing, and explain our reasons if we refuse to give you access to, or correct, your personal information.
You can access and correct most of your details online using self service.
If you can’t use self service, read how to:
Updating information about you
We adhere to the Privacy (Tax File Number) Rule 2015 for the collection, storage, use, disclosure, security and disposal of TFN information.
Specific purposes why we may request your TFN
We may request your TFN to:
- administer various payments, and
- comply with legislation referred to in section 8WA(1AA) of the Taxation Administration Act 1953.
You do not have to give us your TFN. However, if you don’t provide it, or authorise us to access it from the Australian Taxation Office, there may be financial consequences.
If you give us your TFN, we will only use it where you consent, or where the use is authorised or required by law.
Prohibitions and penalties for unauthorised collection and use of TFN information
Under the Privacy (Tax File Number) Rule 2015 and the Taxation Administration Act 1953 it is an offence if we either:
- require, request or collect TFN information for unauthorised purposes
- record, use or disclose TFN information unless permitted under taxation, personal assistance or superannuation law.
A breach of the Privacy (Tax File Number) Rule 2015 is considered an interference with privacy under the Privacy Act. Where a breach of privacy is very serious, the Australian Information Commissioner may seek a civil penalty under the Privacy Act.
A breach of the Taxation Administration Act 1953 may result in maximum penalty of a $21,000 fine (100 penalty units), 2 years imprisonment or both.
There may also be other penalties under taxation, superannuation or personal assistance laws.
If you think your TFN information has been mishandled, you can make a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC is independent to us.
Further details about the TFN rules
The OAIC has made the following information available to you to protect your TFN information:
- Protecting your tax file number information
- Privacy business resource 12: The Privacy (Tax File Number) Rule 2015 and the protection of tax file number information.
If you wish to complain about how we’ve handled your personal information, first try to resolve the issue with the person you’ve been dealing with. If you’re not satisfied, you can ask to speak to their supervisor.
Read how to make a complaint or give feedback.
How we deal with your complaint
We will always respond to your feedback.
We will use the information from your feedback to investigate and resolve individual issues. We will also use the information to provide feedback to staff or our business areas. Your information will be stored and used to assist us to improve the delivery of our services.
If we do not resolve your complaint to your satisfaction, you can contact OAIC. The OAIC is independent to us.
Matching data is one of the key controls we use to manage the risk of fraud and non-compliance.
This privacy notice outlines how we manage personal information for Child Care Personnel and Provider Digital Access (PRODA).
This privacy notice outlines how we manage personal information in relation to Child Care Subsidy.
This privacy notice outlines how we manage personal information for the COVID-19 and influenza (flu) immunisation history statement.
This privacy notice outlines how we manage personal information for the COVID-19 Vaccine Claims Scheme.
Matching data is one of the key controls we use to assist customers in preventing fraud and non-compliance.
This privacy notice outlines how we manage personal information for Digital Identity when performing functions of the Interim Oversight Authority.
The privacy and security of your personal information is important to us and is protected by law.
We collect and use information to support eligible Practices, Supervisors and Registrars participating in the Australian General Practice Training Program.
This privacy notice outlines how we collect, use and disclose your personal information for the International COVID-19 Vaccination Certificate.
We collect, use and disclose information to process, assess and support applications for a Medicare Entitlement Statement.
This privacy notice outlines how we manage personal information for the National Redress Scheme.
This privacy notice outlines how we manage personal information for the Organisation Register.
This privacy notice outlines how we use personal information when we arrange travel for students and associated travellers.