Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable.
Sensitive information is a subset of personal information and includes information or an opinion about your:
- racial or ethnic origin
- political opinions
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation
- criminal record
- health information
- genetic information.
What we collect
We may collect personal information about you when it’s reasonably necessary for, or directly related to, our functions or activities.
We may collect sensitive information about you:
- where you consent
- when the collection is authorised or required by law
- the collection is otherwise allowed under the Privacy Act.
The kinds of personal information we may collect includes all of the following.
Information about you, such as your:
- date of birth
- contact details.
Information about your circumstances, such as your:
- employment status and history
- education status
- financial situation
- cultural and linguistic background
- citizenship and visa status
- passport and travel movements
- health and welfare
- family circumstances.
Information about your family and other related persons, such as any:
- nominees or authorised representatives.
Information about your interactions with us, such as:
- applications and claims you’ve made
- payments or services we provide you
- feedback and complaints
- any other special service arrangements.
We may also collect information about you to help us establish and verify your identity and administer records, including:
- departmental reference numbers
- Department of Veterans’ Affairs (DVA) file numbers
- tax file numbers
- healthcare identifiers
- biometric information such as your Voice Biometrics voiceprint.
We may also collect information about how you use our online services and applications, such as:
- pages you visit
- online forms you fill in
- your interactions
- your chats with our virtual assistants
- your language preferences
- searches you make.
You can read more about the collection of personal information.
We collect your personal information through a variety of channels. This includes paper forms or notices, search warrants, online portals, mobile applications, correspondence, face to face or over the telephone.
We may also collect your personal information from third parties including other government agencies:
- as a result of a tip off
- when undertaking data matching
- through administering legislation
- in the lodgement of a complaint
- in the context of enforcement activities
- when administering whole-of-government online services.
Social networking services
We use social networking services such as Facebook, Twitter, Google+, YouTube, Instagram and Yammer to talk with the public and our staff. When you talk with us using these services we may collect your personal information to communicate with you and the public.
The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.
We exchange data with other agencies through technical pathways such as the digital gateway. We do this under relevant legislation to collect accurate and up-to-date information about customers. We can also assist other agencies to exchange data using the same pathways.
Data matching is where we compare income information collected from you with information held by the Australian Taxation Office (ATO). We do this to ensure you’re only accessing payments and services you’re eligible for.
We prepare Programme Protocols for our data matching programs, in accordance with guidelines issued by the Office of the Australian Information Commissioner (OAIC). Read about Centrelink program data matching activities.
Why we collect information
We collect personal information about you where it is reasonably necessary for, or directly related to, one or more of our functions or activities.
To deliver payments and services
We may collect your personal information when it is reasonably necessary for delivering payments or services. For example, we may collect your personal information to:
- confirm your identity
- communicate with you, including by SMS or email
- provide advice about available support
- ensure correct payments are made
- verify data provided in relation to claims and reviews with third parties
- investigate fraud, including internal fraud and the assessment of payment eligibility
- manage complaints and feedback
- participate in merits and judicial review matters
- manage and respond to requests for information
- administer and provide online services, including myGov
- act as an accredited participant and perform administrative and oversight functions in the Digital Identity system.
The reasons we collect your personal information will depend on the payments and services you access or are seeking. Read why we collect your personal information for:
For employment and recruitment
We collect personal information to establish and maintain records for the employment and recruitment of staff. You can read about the information we collect for employment purposes.
For market research
We may share your personal information to conduct statistical analysis and market research to improve service delivery. We may engage external companies to conduct this research on our behalf.
Read how we use market research, including how to opt out.
To work better across the agency
Your personal information may be shared across our Centrelink, Child Support and Medicare service areas if you have given your consent or the sharing of your information is authorised or required by law.
To make dealing with government easier for you
We administer platforms such as myGov and Digital Identity to deliver more convenient, accessible and efficient services. In doing so, we work with other Australian Government agencies, state and territory agencies and third parties. Your personal information may be shared for the purposes of developing and administering these platforms if either:
- you have given your consent
- the sharing of your information is authorised or required by law.
Only when required with third parties
We may disclose your information to Australian Government agencies, state and territory agencies and third parties. The disclosure of your personal information will depend on the payments or services to which the information relates.
To help our community in a time of emergency or disaster
In some circumstances, we may share information to support people who have been affected by a disaster or emergency. This could include sharing information with agencies and organisations as part of the emergency response or recovery effort. We may, for example, share information to help affected individuals to access financial or other assistance from charities, as well as from Australian government agencies.
To provide you with a more personalised experience
We may use information about your online experience to help us improve our services.
We may need to share your personal information if we’re authorised or required by law to do so.
Read our privacy notice about data analytics and service improvement.
How we store personal information
We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:
- storing paper records securely as per Australian government security guidelines
- only accessing personal information on a need-to-know basis and by authorised personnel
- monitoring system access which can only be accessed by authenticated credentials
- ensuring our buildings are secure
- regularly updating and auditing our storage and data security systems.
When no longer required, we destroy or archive personal information in a secure manner.
Data hosted for other agencies
We gather and store personal information on behalf of other agencies including in our data lake storage repository.
We do this in a similar way to a cloud service provider. We keep the hosted data separate from our own data and protect it with strict access controls. This means we don’t have control over the hosted data.
Send requests or complaints about hosted data to the agency the personal information belongs to. If we get a request or complaint about hosted data, we’ll send it to the agency it belongs to.
In addition, our staff are bound by secrecy provisions that regulate information we collect for social security, family assistance, health, child support and redress law. These secrecy provisions restrict the access, use and communication of protected information, including within the agency.
How we share information outside Australia
We may disclose your personal information overseas, such as to a foreign government or agency, where:
- the disclosure is required or authorised by law, or
- international information sharing arrangements are in place.
This may be more likely if you, your partner or dependants, or the other party to your Child Support case, live or have lived overseas, or are travelling overseas.
Under international information sharing arrangements we can either:
- collect and disclose information about you where it is requested by an overseas authority
- request information about you from an overseas authority.
While these arrangements differ, overseas authorities may have agreed to only use information for the purposes of the arrangements, and in accordance with relevant privacy obligations.
Read about the countries which have international information sharing arrangements in place:
- Reciprocal Health Care Agreement
- Reciprocating Jurisdictions and Residency for Child Support
- International Social Security Agreements.
You have the right to both ask:
- for access to personal information that we hold about you
- that we correct personal information we hold about you.
If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will notify you in writing, and explain our reasons if we refuse to give you access to, or correct, your personal information.
Updating information about you
What we do with your Tax File Number (TFN)
We adhere to the Privacy (Tax File Number) Rule 2015 for the collection, storage, use, disclosure, security and disposal of TFN information.
Specific purposes why we may request your TFN
We may request your TFN to:
- administer various payments, and
- comply with legislation referred to in section 8WA(1AA) of the Taxation Administration Act 1953.
You do not have to give us your TFN. However, if you don’t provide it, or authorise us to access it from the Australian Taxation Office, there may be financial consequences.
If you give us your TFN, we will only use it where you consent, or where the use is authorised or required by law.
Prohibitions and penalties for unauthorised collection and use of TFN information
Under the Privacy (Tax File Number) Rule 2015 and the Taxation Administration Act 1953 it is an offence if we either:
- require, request or collect TFN information for unauthorised purposes
- record, use or disclose TFN information unless permitted under taxation, personal assistance or superannuation law.
A breach of the Privacy (Tax File Number) Rule 2015 is considered an interference with privacy under the Privacy Act. Where a breach of privacy is very serious, the Australian Information Commissioner may seek a civil penalty under the Privacy Act.
A breach of the Taxation Administration Act 1953 may result in maximum penalty of a $21,000 fine (100 penalty units), 2 years imprisonment or both.
There may also be other penalties under taxation, superannuation or personal assistance laws.
If you think your TFN information has been mishandled, you may contact the Office of the Australian Information Commissioner (OAIC) to make a complaint.
Further details about the TFN rules
The OAIC has made the following information available to you to protect your TFN information:
- Protecting your tax file number information
- Privacy business resource 12: The Privacy (Tax File Number) Rule 2015 and the protection of tax file number information.
How to make a complaint about privacy
If you wish to complain about how we’ve handled your personal information, first try to resolve the issue with the person you’ve been dealing with. If you’re not satisfied, you can ask to speak to their supervisor.
Read how to make a complaint or give feedback.
How we deal with your complaint
We will always respond to your feedback.
We will use the information from your feedback to investigate and resolve individual issues. We will also use the information to provide feedback to staff or our business areas. Your information will be stored and used to assist us to improve the delivery of our services.
If we do not resolve your complaint to your satisfaction, you can contact OAIC. The OAIC is independent to us.
Centrelink data matching activities
Matching data is one of the key controls we use to manage the risk of fraud and non-compliance.
Child Care Personnel and Provider Digital Access (PRODA) privacy notice
This privacy notice outlines how we manage personal information for Child Care Personnel and Provider Digital Access (PRODA).
Child Care Subsidy privacy notice for customers
This privacy notice outlines how we manage personal information in relation to Child Care Subsidy.
COVID-19 digital certificate privacy notice
This privacy notice outlines how we manage personal information for the COVID-19 digital certificate.
COVID-19 Disaster Payment privacy notice
This privacy notice outlines how we manage personal information for the COVID-19 Disaster Payment.
Data analytics and service improvement privacy notice
Digital Identity Interim Oversight Authority privacy notice
This privacy notice outlines how we manage personal information for Digital Identity when performing functions of the Interim Oversight Authority.
Disaster Recovery Payment and Disaster Recovery Allowance privacy notice
The privacy and security of your personal information is important to us and is protected by law.
International COVID-19 Vaccination Certificate privacy notice
This privacy notice outlines how we collect, use and disclose your personal information for the International COVID-19 Vaccination Certificate.
National Redress Scheme privacy notice
This privacy notice outlines how we manage personal information for the National Redress Scheme.
Students and associated travellers privacy notice
This privacy notice outlines how we use personal information when we arrange travel for students and associated travellers.