Guidelines for data matching by Commonwealth government agencies were issued in February 1998 under s 27(1)(e) of the Privacy Act 1988 (Cth). They are not legally binding but are very persuasive particularly when considering an agency's obligations under the Australian Privacy Principles. The guidelines apply to any agency involved in larger computerised comparisons of two or more databases containing information on more that 5000 individuals, and relate to such requirements including to:
- publish information about the data match including the objectives and categories of information involved
- inform people whose information is likely to be used
- comply with strict technical standards of operation
- publish data matching program protocols
- notify individuals of any match giving at least 14 days to comment
- destroy unmatched material within 90 days and matched material which is not to be proceeded upon within 14 days after decision not to proceed.
Data matching is carried out regularly and frequently in an overnight 'data dump' by the following major Commonwealth agencies: Centrelink, Australian Tax Office, Department of Veterans Affairs, Department of Immigration and Multicultural Affairs and Department of Education, Training and Youth Affairs. Any match found may lead to investigation of fraud or overpayment, or of breaches of immigration laws such as overstaying an entry permit.
The content of the Law Handbook is made available as a public service for information purposes only and should not be relied upon as a substitute for legal advice. See Disclaimer for details. For free and confidential legal advice in South Australia call 1300 366 424.