Privacy Policy

Our Privacy Policy explains how we handle your personal information. We’ll update this policy when our information handling practices change.

We refer to Services Australia as ‘we’ or ‘us’ in this Privacy Policy.

The Privacy Act 1988 requires us to have a privacy policy.

Our Privacy Policy outlines what kinds of personal and sensitive information we collect, why we collect this information, and how we handle it.

Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable.

Sensitive information is a subset of personal information and includes information or an opinion about your:

  • racial or ethnic origin
  • political opinions
  • religious beliefs or affiliations
  • philosophical beliefs
  • sexual orientation
  • criminal record
  • health information
  • genetic information.

What information we collect

We may collect personal information about you when it’s reasonably necessary for, or directly related to, our functions or activities.

We may collect sensitive information about you:

  • where you consent
  • when the collection is authorised or required by law
  • when the collection is otherwise allowed under the Privacy Act.

The kinds of personal information we may collect includes all of the following.

Information about you, such as your:

  • name
  • address
  • gender
  • date of birth
  • contact details.

Information about your circumstances, such as your:

  • employment status and history
  • education status
  • financial situation
  • cultural and linguistic background
  • citizenship and visa status
  • passport and travel movements
  • health and welfare
  • disabilities
  • family circumstances.

Information about your family and other related persons, such as any:

  • partners
  • children
  • dependants
  • carers
  • nominees or authorised representatives.

Information about your interactions with us, such as:

  • applications and claims you’ve made
  • payments or services we provide you
  • feedback and complaints
  • any other special service arrangements.

We may also collect information about you to help us establish and verify your identity and administer records, including:

  • departmental reference numbers
  • Department of Veterans’ Affairs (DVA) file numbers
  • tax file numbers
  • healthcare identifiers
  • biometric information such as your Voice Biometrics voiceprint.

We may also collect information about how you use our online services and applications, such as:

  • pages you visit
  • online forms you fill in
  • your interactions
  • your chats with our virtual assistants
  • your language preferences
  • searches you make.

You can read more about the collection of personal information.

How we collect information

We collect your personal information through a variety of channels. This includes paper forms or notices, search warrants, online portals, mobile applications, correspondence, face to face or over the telephone.

We may also collect your personal information from third parties including other government agencies:

  • as a result of a tip-off
  • when undertaking data matching
  • through administering legislation
  • in the lodgement of a complaint
  • in the context of enforcement activities
  • when administering whole-of-government online services.

When your personal information is collected from a third party, we take steps to inform you. This may occur through this Privacy Policy, application forms, notices or discussions with our staff.

Social networking services

We use social networking services such as Facebook, X, YouTube, Instagram and Yammer to talk with the public and our staff. When you talk with us using these services we may collect your personal information to communicate with you and the public.

The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.

Data exchanges

We exchange data with other agencies through technical pathways such as the digital gateway. We do this under relevant legislation to collect accurate and up-to-date information about customers. We can also assist other agencies to exchange data using the same pathways.

Data matching

Data matching is where we compare income information collected from you with information held by other organisations, such as the Australian Taxation Office (ATO). We do this to help deliver the payments and services you’re eligible for.

We prepare Programme Protocols for our data matching programs, in accordance with guidelines issued by the Office of the Australian Information Commissioner (OAIC). Read about Centrelink program data matching activities.

Why we collect information

We collect personal information about you where it is reasonably necessary for, or directly related to, one or more of our functions or activities.

To deliver payments and services

We may collect your personal information when it is reasonably necessary for delivering payments or services. For example, we may collect your personal information to:

  • confirm your identity
  • communicate with you, including by SMS or email
  • provide advice about available support
  • ensure correct payments are made
  • verify data provided in relation to claims and reviews with third parties
  • investigate fraud, including internal fraud and the assessment of payment eligibility
  • manage complaints and feedback
  • participate in merits and judicial review matters
  • manage and respond to requests for information
  • administer and provide online services, including myGov
  • act as an accredited entity, specifically the Identity Exchange Provider and as an attribute service provider within the Australian Government’s Digital ID system
  • act as an accredited participant, operate the Digital Identity exchange and perform administrative and oversight functions within the Australian Government’s Digital ID System as part of the Interim Oversight Authority.

The reasons we collect your personal information will depend on the payments and services you access or are seeking. Read why we collect your personal information for:

To improve our services

We may use your personal information to conduct statistical analysis and research to improve service delivery. We'll contact you or a trusted research company will on our behalf. Our contracts with each research company contain legal binding provisions to protect your privacy.

We only give contracted research companies the details they need to contact you when they need it for their research. Your information stays confidential and is:

  • not used for any purpose except for the specific research activity
  • not given to anyone else
  • destroyed or returned to us when the research is over.

Read about how we use research and surveys to improve our services.

For employment and recruitment

We collect personal information to establish and maintain records for the employment and recruitment of staff. You can read about the information we collect for employment purposes.

To work better across the agency

Your personal information may be shared across our Centrelink, Child Support and Medicare service areas if you have given your consent or the sharing of your information is authorised or required by law.

To make dealing with government easier for you

We administer platforms such as myGov and Digital Identity exchange to deliver more convenient, accessible and efficient services. In doing so, we work with other Australian Government agencies, state and territory agencies and third parties. Your personal information may be shared for the purposes of developing and administering these platforms if either:

  • you have given your consent
  • the sharing of your information is authorised or required by law.

We operate the following Trusted Digital Identity Framework (TDIF) accredited entities within the Australian Government’s Digital ID system:

  • Digital Identity exchange, which supports the connection of the relying parties with accredited entities.
  • Attribute service providers, which are myGov LinkID attributes.

There are strict rules that manage what we can do as an attribute service provider. The federated Digital ID system is underpinned by the TDIF. TDIF accredited participants must undergo a series of strict assurance evaluations. These include but aren’t limited to:

  • accessibility and usability
  • privacy protection
  • security and fraud control
  • risk management
  • technical integrity.

The TDIF role requirements for myGov do not replace, remove or change existing obligations followed through other policies, legislation or regulations, or by any other means. Instead, these TDIF role requirements add to existing obligations.

We manage your personal information in performing our role as an accredited Identity Exchange Provider within the Australian Government’s Digital ID system. To find out more about how we do this, read the privacy information on the Digital Identity exchange website:

To understand more about how myGov manages your personal information, read the myGov privacy notice.

Only when required with third parties

We may disclose your information to Australian Government agencies, state and territory agencies and third parties. The disclosure of your personal information will depend on the payments or services to which the information relates.

To help our community in a time of emergency or disaster

In some circumstances, we may share information to support people who have been affected by a disaster or emergency. This could include sharing information with agencies and organisations as part of the emergency response or recovery effort. We may, for example, share information to help affected individuals to access financial or other assistance from charities, as well as from Australian government agencies.

Read who we can share your personal information with.

To provide you with a more personalised experience

We may use information about your online experience to help us improve our services.

We may need to share your personal information if we’re authorised or required by law to do so.

Read our privacy notice about data analytics and service improvement.

How we store personal information

We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

  • storing paper records securely as per Australian government security guidelines
  • only accessing personal information on a need-to-know basis and by authorised personnel
  • monitoring system access which can only be accessed by authenticated credentials
  • ensuring our buildings are secure
  • regularly updating and auditing our storage and data security systems.

When no longer required, we destroy or archive personal information in a secure manner.

Data hosted for other agencies

We gather and store personal information on behalf of other agencies including in our data lake storage repository.

We do this in a similar way to a cloud service provider. We keep the hosted data separate from our own data and protect it with strict access controls. This means we don’t have control over the hosted data.

Send requests or complaints about hosted data to the agency the personal information belongs to. If we get a request or complaint about hosted data, we’ll send it to the agency it belongs to.

Secrecy

In addition, our staff are bound by secrecy provisions that regulate information we collect for social security, family assistance, health, child support and redress law. These secrecy provisions restrict the access, use and communication of protected information, including within the agency.

How we share information outside Australia

We may disclose your personal information overseas, such as to a foreign government or agency, where:

  • the disclosure is required or authorised by law, or
  • international information sharing arrangements are in place.

This may be more likely if you, your partner or dependants, or the other party to your Child Support case, live or have lived overseas, or are travelling overseas.

Under international information sharing arrangements we can either:

  • collect and disclose information about you where it is requested by an overseas authority
  • request information about you from an overseas authority.

While these arrangements differ, overseas authorities may have agreed to only use information for the purposes of the arrangements, and in accordance with relevant privacy obligations.

Read about the countries which have international information sharing arrangements in place:

How to access and correct information about you

You have the right to both ask:

  • for access to personal information that we hold about you
  • that we correct personal information we hold about you.

If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.

We will notify you in writing, and explain our reasons if we refuse to give you access to, or correct, your personal information.

You can access and correct most of your details online using self service.

If you can’t use self service, read how to:

Updating information about you

To ensure you are only accessing payments and services you are eligible for it’s important to tell us if your circumstances change.

You can do this yourself using self service.

What we do with your Tax File Number (TFN)

We adhere to the Privacy (Tax File Number) Rule 2015 for the collection, storage, use, disclosure, security and disposal of TFN information.

Specific purposes why we may request your TFN

We may request your TFN to:

  • administer various payments, and
  • comply with legislation referred to in section 8WA(1AA) of the Taxation Administration Act 1953.

You do not have to give us your TFN. However, if you don’t provide it, or authorise us to access it from the Australian Taxation Office, there may be financial consequences.

If you give us your TFN, we will only use it where you consent, or where the use is authorised or required by law.

Prohibitions and penalties for unauthorised collection and use of TFN information

Under the Privacy (Tax File Number) Rule 2015 and the Taxation Administration Act 1953 it is an offence if we either:

  • require, request or collect TFN information for unauthorised purposes
  • record, use or disclose TFN information unless permitted under taxation, personal assistance or superannuation law.

A breach of the Privacy (Tax File Number) Rule 2015 is considered an interference with privacy under the Privacy Act. Where a breach of privacy is very serious, the Australian Information Commissioner may seek a civil penalty under the Privacy Act.

A breach of the Taxation Administration Act 1953 may result in maximum penalty of a $21,000 fine (100 penalty units), 2 years imprisonment or both.

There may also be other penalties under taxation, superannuation or personal assistance laws.

If you think your TFN information has been mishandled, you can make a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC is independent to us.

Further details about the TFN rules

Read the Privacy (Tax File Number) Rule 2015 and the Taxation Administration Act 1953 on the federal register of legislation website.

The OAIC has made the following information available to you to protect your TFN information:

How to make a complaint about privacy

If you wish to complain about how we’ve handled your personal information, first try to resolve the issue with the person you’ve been dealing with. If you’re not satisfied, you can ask to speak to their supervisor.

Read how to make a complaint or give feedback.

How we deal with your complaint

We will always respond to your feedback.

We will use the information from your feedback to investigate and resolve individual issues. We will also use the information to provide feedback to staff or our business areas. Your information will be stored and used to assist us to improve the delivery of our services.

If we do not resolve your complaint to your satisfaction, you can contact OAIC. The OAIC is independent to us.

Page last updated: 30 September 2024.
QC 24196