PROGRAM PROTOCOL - CENTRELINK
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
PROGRAM PROTOCOL
Data matching under the
Data-matching Program (Assistance and Tax) Act 1990
Updated By
Compliance Data Matching and Review Section
Business Integrity Performance Branch
CENTRELINK
July 2008CONTENTS
PRELIMINARY MATTERS ...................................................................................... 4
BACKGROUND .......................................................................................................... 4
IMPLEMENTATION OF THE NEW MEASURES................................................ 4
1 THE MATCHING AGENCY AND SOURCE AGENCIES ............................ 7
1.2 THE SOURCE AGENCIES .................................................................................. 7
1.3 ASSISTANCE AGENCIES ................................................................................... 7
2 LEGAL BASIS FOR ANY COLLECTION, USE OR DISCLOSURE OF
INFORMATION INVOLVED IN THE PROGRAM ..................................... 8
2.1 COLLECTION OF DATA .................................................................................... 8
2.2 USE OF DATA .................................................................................................. 8
2.3 CONFIDENTIALITY – DISCLOSURE OF INFORMATION ....................................... 9
3 OBJECTIVES OF THE PROGRAM AND RELATED MATTERS ........... 10
3.1 OBJECTIVES OF AND JUSTIFICATION FOR THE PROGRAM ............................... 10
3.2 PROCEDURES TO BE EMPLOYED .................................................................... 11
3.3 NATURE AND FREQUENCY OF MATCHING ..................................................... 12
3.4 ORIGINAL JUSTIFICATION FOR THE DATA-MATCHING PROGRAM - 1991........ 14
4 ALTERNATIVE METHODS ........................................................................... 16
5 COST/BENEFIT ANALYSIS - ORIGINAL ................................................... 17
6 OUTLINE OF TECHNICAL CONTROLS TO ENSURE DATA
QUALITY, INTEGRITY AND SECURITY .................................................. 20
6.1 DATA QUALITY ............................................................................................. 20
6.2 DATA INTEGRITY .......................................................................................... 20
6.3 SECURITY ...................................................................................................... 20
7 USE OF IDENTIFICATION NUMBERS (INCLUDING TAX FILE
NUMBERS) ....................................................................................................... 21
8 OUTLINE OF ACTION ARISING FROM THE DATA-MATCHING
PROGRAM ....................................................................................................... 22
8.1 ASSISTANCE AGENCIES ................................................................................. 22
8.2 CUSTOMER HAS 28 DAYS TO RESPOND .......................................................... 22
8.3 DEBT DUE TO THE COMMONWEALTH ............................................................ 23
8.4 CUSTOMER DISPUTES INFORMATION ............................................................. 23
8.5 WHEN SECTION 11 LETTERS ARE NOT ISSUED ............................................... 23
8.6 ADMINISTRATIVE ERROR .............................................................................. 23
8.7 PRIVACY ....................................................................................................... 23
8.8 DECEASED CUSTOMERS ................................................................................. 24
8.9 THE AUSTRALIAN TAXATION OFFICE ........................................................... 24
9 NOTICES TO INDIVIDUALS ABOUT EXISTENCE OF THE DATA-
MATCHING PROGRAM................................................................................ 25
10 TIME LIMITS ON THE CONDUCT OF PROGRAM ................................. 26
10.1 LENGTH OF DATA MATCHING CYCLE ........................................................... 26
10.2 DESTRUCTION OF DATA ................................................................................ 26
2APPENDIX 1 .............................................................................................................. 27
CENTRELINK LISTING & COPIES OF SECTION 11 LETTERS ........................................ 27
APPENDIX 2 .............................................................................................................. 33
DVA LISTING & COPIES OF SECTION 11 LETTERS ................................................... 33
3PRELIMINARY MATTERS
'Data matching' is the comparison of two or more sets of data to identify similarities
or dissimilarities. In the context of the Protocol, the term is used to denote the use of
computer techniques to compare data found in two or more computer files to identify
cases where there is risk of incorrect payment of personal financial assistance or of
tax evasion.
The Data-matching Program (DMP) is the system of data matching as defined in
Section 6 of the Data-matching Program (Assistance and Tax) Act 1990 (the DMP
Act).
The most recent copy of the DMP Act can be located on the Attorney-General’s
Departmental website, or by following the link: ComLaw Acts - Data-matching
Program (Assistance and Tax) Amendment Act 1998 (111)
BACKGROUND
In the 1990/91 Budget the Government announced new measures to detect incorrect
payments in the income-support system. These involved;
v the use of Tax File Numbers (TFNs) to assist in the verification with the Australian
Taxation Office (ATO) of income information supplied by customers seeking
government income-support payments; and
v increased use of data matching between various government agencies making
financial assistance payments, especially the Departments of:
- Social Security (DSS) now Centrelink;
- Employment, Education and Training (DEET); and
- Department of Veterans' Affairs (DVA);
to detect "dual payments" - i.e. instances in which people collect more than one
payment, usually from different agencies, where no entitlement exists to one or more
of the payments.
The rationale for the new measures adopted by the Government was that further major
savings in financial assistance payments could be made if computer technology was
employed which facilitated the automatic checking of data across Agencies.
These savings cannot be achieved using labour intensive, manual checking
techniques.
IMPLEMENTATION OF THE NEW MEASURES
The decision announced in the 1990/91 Budget to extend the requirement to provide
TFNs and the subsequent matching of data is embodied in four pieces of legislation:
v Social Security and Veterans' Affairs Legislation Amendment Act (No. 2) 1990;
v Social Security Legislation Amendment Act 1990;
4v Student Assistance Amendment Bill 1991; and
v Data-matching Program (Assistance and Tax) Act 1990 (the DMP Act).
The Social Security and Veterans' Affairs Legislation Amendment Act (No. 2) 1990
and the Social Security Legislation Amendment Act 1990 received Royal Assent on 28
December 1990 and 8 January 1991 respectively. They extended the requirement to
provide a TFN, which previously applied to certain DSS and DEET customers, to
virtually all customers receiving personal financial assistance payments under the:
v Social Security Act 1947
v Veterans' Entitlement Act 1986; and
v Seamen's War Pensions and Allowances Act 1940.
The Student Assistance Amendment Bill 1991, proposed similar extensions of TFN
requirements in respect of payments under the Student Assistance Act 1973 (Austudy
and Abstudy).
Where specified in the legislation, TFNs must be provided in respect of partners and
parents as their incomes may have a bearing on the eligibility of a customer to a
particular payment or on the level of payment he or she is entitled to receive.
THE PROGRAM PROTOCOL
The Data-matching Program (Assistance and Tax) Act 1990 (the DMP Act), which
received Royal Assent on 23 January 1991 provided the authority for the matching of
certain data held by the Australian Taxation Office (ATO), Department of Social
Security (DSS), Department of Employment Education and Training (DEET),
Department of Veteran’ Affairs (DVA) and Department of Community Services and
Health (DCS&H). Subsequent Ministry of Government changes have altered the
agencies involved in this data-matching; and this is reflected in the current DMP Act
and in the following pages.
The Schedule to the Act requires that a Program Protocol be prepared by the Data-
Matching Agency (DMA) in consultation with the Source Agencies. The purpose of
this document is to:
i. identify the Matching Agency and the Source Agencies;
ii. in the case of each source agency, set out the legal basis for any collection, use
or disclosure of personal information involved in the program;
iii. outline the objectives of the program, the procedures to be employed, the
nature and frequency of the matching covered by the program, and the
justifications for the program;
iv. explain what methods other than data matching were available and why they
were rejected;
v. detail any cost/benefit analysis or other measures of effectiveness which were
taken into account in deciding to initiate the program;
5vi. outline the technical controls proposed to ensure data quality, integrity and
security in the conduct of the program;
vii. provide an explanation for any use of identification numbers and, in particular,
the tax file numbers;
viii. outline the nature of the action proposed to be taken in relation to the result of
the program including the proformas of any letters to be used by source
agencies when providing notice under section 11 of the Act;
ix. indicate what form of notice, if any, of the proposed activities in relation to
their personal information has been given or is intended to be given to affected
individuals; and
x. specify any time limits on the conduct of the program.
The Program Protocol must be filed with the Privacy Commissioner and be made
available for public inspection unless the Privacy Commissioner is satisfied that its
availability would be or would be likely to be contrary to the public interest (e.g. by
prejudicing the integrity of legitimate investigative methods).
The Program Protocol for the Data-matching Program was listed in the
Commonwealth Government Gazette of 1991. Since this time, a number of changes
have been made to the matching program. This document has been updated to reflect
these changes.
Agencies involved in data matching undertaken under the authority of the Act must
observe privacy principles. Part 2 of the Act sets out the provisions for data matching,
the use of the results and includes privacy and confidentiality provisions. People who
consider that an agency has interfered with their privacy by a breach of Part 2 of the
Act may complain to the Privacy Commissioner.
61 THE MATCHING AGENCY AND SOURCE AGENCIES
1.1 The Data-Matching Agency (DMA)
Section 4 of the Act provides for the establishment of a DMA to match data supplied
to it by Source Agencies. Under the DMP Act, the Chief Executive Officer of
Centrelink is to ensure that there are officers of the Agency who are responsible for:
v receiving data from the government departments involved in the Program (source
agencies);
v validating identity data;
v matching income and payment data;
v returning information about possible discrepancies; and
v destroying any data that does not result in a possible discrepancy at the end of the
matching cycle.
While operating as part of the DMA, these officers do not have access to customer
information other than that provided to the DMA by Source Agencies. The
confidentiality and security provisions that apply to the DMA operations are discussed
further in Sections 3 and 8 of this document.
1.2 The Source Agencies
Source Agencies supply customer data to the DMA for the purposes of data matching
under the DMP Act. These source agencies are:
v Centrelink;
v the Department of Veterans' Affairs (DVA); and
v the Australian Taxation Office (ATO).
1.3 Assistance Agencies
The Department of Veterans' Affairs and Centrelink are also known as Assistance
Agencies.
72 LEGAL BASIS FOR ANY COLLECTION, USE OR DISCLOSURE OF
INFORMATION INVOLVED IN THE PROGRAM
The DMP Act provides the authority for:
v the establishment of a Matching Agency;
v the matching of specified data held by Source Agencies;
v the nature and frequency of matching that can be undertaken by the DMA;
v the steps in a matching cycle;
v the major procedural steps Source Agencies must undertake to conduct reviews;
and
v strict requirements for the handling and destruction of DMP information.
2.1 Collection of Data
Section 3 of the DMP Act details the data that can be matched under the DMP. This
includes 'basic data' which in relation to a person means:
- the person's family identity data; or
- the person's income data; or
- the person's TFN data.
Section 3 of the Act also provides definitions for 'family identity data', 'income data'
and 'tax data'.
2.2 Use of Data
Section 6 of the DMP Act provides the legal basis for the matching of data. It
specifically approves:
v the transfer of data between Source Agencies and the DMA;
v the matching of data within processes defined in the Act by the DMA or the ATO;
and
v the provision of the results of matching to the Source Agencies.
Section 10 of the Act provides the legal basis for Source Agencies to use the results of
the data matching process, details what action can be taken and the timeframes for
completing any action taken.
82.3 Confidentiality – Disclosure of Information
Section 15 of the DMP Act prohibits an officer of the DMA or Source Agencies from
recording or disclosing information available to them because of their duties under the
DMP Act except if the information is recorded or disclosed:
v in the course of carrying out functions or duties under the Act; or
v with the consent of the person to whom the information relates.
For the purposes of data matching, it is this disclosure provision that applies, rather
than the disclosure provisions of other Acts governing the Agencies. The penalty for
breaching this confidentiality provision is 2 years imprisonment.
93 OBJECTIVES OF THE PROGRAM AND RELATED MATTERS
This section outlines what the DMP is designed to achieve and explains why these
measures are a vital addition to incorrect payment detection work already carried out
by income support Agencies.
3.1 Objectives of and Justification for the Program
The overall objectives of the DMP are to:
v detect instances where people are possibly receiving incorrect payments from an
income support agency;
v verify with the ATO the accuracy of individual customer, partner and parental
income and identity information disclosed to agencies which make income support
payments;
v encourage voluntary compliance – this includes deterring people from attempting
to claim payments to which they are not entitled, the voluntary surrender of
payments to which people may not be entitled and the voluntary disclosure of
changes in circumstances which affect rates of payment;
v identify debtors who have resumed receiving an income support payment; and
v detect fictitious or assumed identities.
The DMP is designed to identify:
v 'dual payments' - that is, instances in which people collect more than one payment
where no entitlement exists to one or more of the payments;
v fictitious or assumed identities used by individuals to obtain payments to which
they are not entitled;
v non-disclosure of correct income for the purposes of obtaining or continuing to
receive an income-support payment or an incorrect level of payment;
v non-disclosure of changes of circumstances;
v inconsistent personal identity data for Assistance Agency and ATO records where
the TFN is the same;
v opportunities for re-raising overpayments of Government income-support so they
can be recovered; and
v tax evasion.
103.2 Procedures Employed
The DMA on behalf of Centrelink, DVA and the ATO undertakes matching under the
DMP.
The DMA comprises officers of Centrelink who have been directed to be responsible
for the matching of data under the Act.
Officers of the DMA notify Source Agencies when a cycle of matching is to begin
and ask Source Agencies to prepare files of their data in a particular format for
inclusion in the data-matching process. Those files are delivered to the DMA on a
specified day under strict security conditions.
The steps which comprise a matching cycle are set out in detail in Section 7 of the
DMP Act. The DMA and the ATO follow these steps in conducting the data-
matching for which they are responsible.
As the various steps in the data matching cycle are completed, cases of possible
incorrect TFNs, identities or payments are identified. The DMA refers these
discrepant cases back to the relevant Source Agency for examination. The Source
Agencies make an assessment of the information provided and decide whether or not
further investigation is warranted.
When all the data matching procedures in a cycle have been completed the DMA
destroys all the data provided which has not led to the identification of a discrepancy.
For each subsequent cycle new data is sought from the Source Agencies.
Privacy safeguards
The main safeguards associated with the DMP ensure that:
v Source Agency data are not held by the DMA for any longer than is necessary;
v Source Agencies cannot link or merge the information used in the DMP to create a
new separate, permanent database of information;
v the Source Agency data that are used are as up to date as possible;
v the data received and generated by the DMA are protected by strict physical and
system security arrangements;
v Source Agencies must establish reasonable procedures for confirming the validity
of results;
v customers have been advised of the existence of the DMP and its use of their
information within it;
v customers are contacted only when the discrepancy cannot be explained following
an examination of the Source Agency's records; and
v information no longer required is destroyed.
113.3 Nature and Frequency of Matching
Section 9 of the DMP Act specifies that a data matching cycle must be completed
within two months of its commencement and that no more than nine cycles may be
conducted each year. A new cycle cannot commence until the previous one has
finished.
A full data matching cycle has six steps. Each step is described in detail below. A
cycle that includes income matching takes approximately six weeks to complete.
Where the cycle involves only payment matching, the length of the cycle can be
reduced to about two weeks and only contains steps 1, 5 and 6.
Section 7 of the DMP Act details the steps involved in a data matching cycle. These
are summarised below. There are six steps in each full data matching cycle:
v Step 1
The DMA checks the validity of the records given to it by the Assistance Agencies.
Records with errors in them, including invalid TFNs, are then referred back to the
relevant Assistance Agencies, and these do not continue through to income
matching in step 5.
v Step 2
Records containing valid TFNs are extracted from the data provided to the DMA,
together with the Assistance Agency Identification Number, which are the numbers
that the Assistance Agency assigns to each record, and these are then sent to the
ATO.
v Step 3
The ATO extracts taxable income and personal identity data from its records for
each person who has a TFN. It then passes this information back to the DMA.
v Step 4
The DMA compares the identity information (e.g. name, sex etc) given to it by the
ATO with identity information for the same customer provided to it by the
Assistance Agencies. The purpose of identity matching is to verify that the TFN
provided to the Assistance Agency belongs to that customer.
Any cases that fail the identity matching process are referred back to the relevant
Source Agency to follow up. These cases do not proceed to income matching in
Step 5.
12v Step 5
The DMA undertakes payment matching and income matching.
In the payment matching process, data provided to the DMA by Assistance
Agencies is compared to establish if people are receiving inconsistent payments at
the same time, for example, Age Pension and Service Pension.
In the income matching process the DMA compares income details of Assistance
Agency customers (and partners and parents where applicable) provided to
Assistance Agencies with taxable income details recorded by the ATO for the
same people. The purpose of this matching is to identify cases in which customers
have misinformed one or more agencies about their or their partner's or parents'
income and so may be receiving incorrect Assistance Agency payments.
In step 5, details of debts owing to the Commonwealth are also included for the
purpose of identifying whether people may now be in receipt of assistance from
another agency that can be withheld to repay the debt.
The DMP Act specifies that step 5 must not take longer than seven days.
v Step 6
In step 6 the DMA gives the raw output to the Source Agencies. Under section 9
(3) of the DMP Act, the DMA must do this within seven days after the completion
of step 5.
Personal information used in a data matching cycle that does not indicate a
discrepancy is destroyed by the DMA at the completion of the cycle.
A comprehensive report on the outcome of each cycle is provided to the
Assistance/Source Agencies and the Privacy Commissioner.
Agency follow-up procedures – Centrelink and Department of Veterans’ Affairs
Upon receipt of the output from the DMA, both Centrelink and the Department of
Veterans’ Affairs undertake refinements before releasing the cases for review. This
process is critical for ensuring that only those cases where there is a likelihood of
incorrect payment are examined further and unnecessary contact with customers is
avoided.
Staff conducting the reviews adhere to established clerical procedures, which were
developed in consultation with the Privacy Commissioner.
13The customer's computer record and, if necessary, the paper file are examined to
ensure that the information provided by the DMA does relate to the customer in
question. The file is also examined to see if the discrepancy has already been
actioned; for example, the customer may have advised of a change in circumstances
after the start of the data matching cycle. If additional information is required to
conduct the review a formal approach is made to the other agency, which is a party to
the match, in writing.
Following these checks, if there still appears to be a discrepancy, a letter under
Section 11 of the DMP Act is sent to the customer. The customer then has 28 days in
which to respond.
3.4 Original justification for the Data-matching Program - 1991
Successive governments have been concerned to uphold the integrity of the financial
assistance programs administered through government agencies and to ensure that the
agencies are properly accountable for the funds they distribute. Assistance Agencies
have control measures in place to help them ensure that the payments they make are at
the correct level and are made only to persons entitled to receive them.
Existing control measures, particularly some of the technical measures introduced in
recent years, have been very effective. Nonetheless, opportunities remain for some
people to receive payments to which they are not entitled. It is important that the
funds available for financial assistance programs be directed to those entitled to them.
If this is to be achieved, the integrity of financial assistance payment systems must be
raised to the highest possible level.
Incorrect payments may arise either through people not advising assistance agencies
of changes in their employment, income or living circumstances or through deliberate
fraud. Many millions of Australians receive forms of financial assistance from
government agencies. The cost of undertaking regular manual reviews of the
circumstances of all these clients is prohibitive. For that reason, most Assistance
Agencies have adopted a risk based approach in their review work so that efforts are
directed at customers with a higher than average chance of being incorrectly paid.
Most agencies have introduced some form of computer based data matching, which
permits the checking of customer circumstances with a rapidity and efficiency, which
cannot be matched by labour intensive manual methods. This has been made possible
through the development in recent years of new computer technologies, which permit
high speed matching of very high volumes of information.
The Government has decided to close remaining loopholes in the control systems used
by agencies paying financial assistance by:
v extending requirements for the clients of Assistance Agencies to provide TFNs;
and
v taking advantage of the data-matching technologies now available.
14The provision of TFNs will allow income information provided by customers to
Assistance Agencies to be checked against income records held by the ATO. This
cross checking of income information will greatly strengthen the income test
arrangements, which apply to most financial assistance payments. Without this cross
checking it is possible for people to declare one level of income to one agency and
another level of income to another agency. Second, the use of new high speed
matching technologies will allow the matching of customer information held by the
various Assistance Agencies to be undertaken with a degree of efficiency and
effectiveness not previously available.
This will greatly assist in the identification of cases where customers may be
receiving payments to which they are not entitled from one or more agencies. These
cases cannot be identified without the cross matching of data held by different
agencies. The cases would not exist, of course, if all customers met their obligations
to inform agencies about their true circumstances at grant of payment and to report
promptly to agencies any subsequent change in their circumstances.
The check of income information with the ATO could not be achieved as efficiently
and effectively without the use of TFNs. Matching using other identity keys such as
name, address and date of birth is possible, but experience has shown that it is a
technique fraught with imperfections. That is not to say that it cannot be cost
effective in the absence of more reliable bases for matching.
Use of TFNs for income matching purposes will produce a high degree of confidence
in the results. In the system proposed, TFNs and other customer information will be
revealed to far fewer Agency staff than would be the case if less accurate matching
systems requiring more manual scrutiny of customer records were to be employed.
The Privacy Commissioner has been fully briefed on this aspect, as has the Senate
Standing Committee on Legal and Constitutional Affairs, which recommended to the
Senate that the enabling legislation be approved.
The matching arrangements are to be implemented in a way, which will protect
confidentiality of customer information and will protect the rights of individuals who
may be contacted by Assistance Agencies as a result of the data matching. The
legislation authorising the new matching arrangements contains strict privacy
safeguards and these, together with the monitoring role to be adopted by the Privacy
Commissioner, offer the community strong guarantees against the adoption of
insensitive approaches by the agencies involved with the new measures.
154 ALTERNATIVE METHODS
In the late 1980’s, it was known as a result of a DSS sample survey of Family
Allowance payments and through earlier experiences of matching selected data
between agencies that, despite the various control measures employed within
agencies, there was a residual level of incorrect payments which remained undetected.
Risk based control measures employed by most agencies aim to achieve the most cost
effective and productive control arrangements by concentrating the efforts of
available resources on reviewing the entitlements of customers considered to be most
at risk of being incorrectly paid. Implicit in this approach is the less frequent
reviewing of customers not in the categories considered to be at higher risk. It is
among these customers (the majority) that the residual cases of incorrect payment
reside.
To identify the residual cases it was considered necessary to review very large
numbers of customers rather than just a sample of customers. Given (in the late
1980’s):
v the many customers serviced by the Assistance Agencies (about 5.5 million
customers for Centrelink, about 0.5 million customers for DVA; and
v the even larger customer base of the ATO (about 10 million), and the size of
reference data files which may need to be consulted (e.g. the Australian Electoral
Commission file (about 10 million records) and the Health Insurance Commission
file (about 20 million records));
the task of manually reviewing the bulk of Assistance Agency customers on an
individual basis and making the necessary checks against the various agency records
would clearly be impossible. It was considered the task would be so logistically
complex and would consume the efforts of so many thousands of staff that it was not
subject to detailed costing.
If a comprehensive review of Assistance Agency customers was to be undertaken to
identify residual overpayments, there was considered no option but to employ modern
technology to match automatically the data held by various agencies. The amounts of
data involved and the complexity of the review processes proposed effectively meant
that if the task was to be undertaken at all, then it had to employ modern computing
techniques. There was simply not a range of other viable options for completing the
task.
It would be possible to undertake the matching proposed without using TFNs, but as
has been noted elsewhere, matching on keys such as name, date of birth and address is
much less reliable than matching which can be based on unique identifiers such as
TFNs. The more reliable the matching of income details can be made, the more
effective it will be in achieving savings and the less likely it will be that incorrect
matches lead agencies to contact their customers unnecessarily.
165 COST/BENEFIT ANALYSIS - ORIGINAL
This section discusses in more detail the costs and benefits taken into account in the
deliberations leading to the decision to introduce the DMP in 1991.
Financial Considerations
Income support agencies use risk analysis techniques to detect incorrect payments,
which occur as a result of customers failing to disclose changes of circumstances. For
the DSS, the results of that work are set out in the Department's Annual Report.
In the 1989-90 financial year, the DSS undertook:
v 472,100 reviews of Unemployment Benefit customers and cancelled 51,600
payments i.e. 10.9% of the cases reviewed;
v 149,900 reviews of Sole Parent Pension customers and cancelled 18,600 payments
i.e. 12.4% of the cases reviewed;
v 873,100 reviews of Age, Invalid and other Pension customers and varied
fortnightly payment rates downwards for 111,500 cases i.e. 12.8% of the cases
reviewed, and
v 232,000 reviews of Family Allowance recipients and cancelled 30,400 payments
i.e. 13.1% of the cases reviewed.
The incorrect payments listed above were detected by targeting cases where it was
believed there was a higher than average risk of incorrect payment.
If the Department focused solely on 'the higher than average risk' population it would
not detect residual incorrect payments distributed throughout the remainder of the
population. For that reason, the Department ensures that, in addition to risk-based
review activity, residual parts of its customer populations are sampled and subject to
review as well.
In the 1989-90 financial year, DSS undertook a random sample survey of the
correctness of payments to the Family Allowance population. The survey indicated
that 2.3 per cent of the samples were being incorrectly paid because parental income
exceeded allowable limits.
Based on the findings of the survey, the Department believed that the proportion of
residual incorrect payments in the income support payment populations would be in
the order of 2 per cent. While this is a low percentage, the size of the overall
populations is very large, standing at present at approximately four and a half million
customers.
The Department could not contemplate using manual systems to identify and correct
these residual cases. The staffing costs involved were considered prohibitive. The
Government concluded that the only effective strategy for identifying and correcting
the residual incorrect payments would be to employ computer data matching
techniques. The Department was aware that the technology was available to permit
high speed matching of very large volumes of data.
17It was estimated that these efforts could produce savings in DSS outlays in the order
of $300m in a full financial year. A detailed dissection of the estimated savings by
program type is provided at the end of this Section.
There are potential savings in the outlays of other agencies. For example, it was
estimated that introduction of the new matching program could produce savings in the
order of $30m in a full financial year in DVA outlays. Potential savings were also
acknowledged but not actually estimated in the case of DEET outlays, Department of
Community Services and Health outlays and increased revenue to the ATO flowing
from the identification of cases of income tax evasion.
It was estimated that through the adoption of computer matching techniques some
60,000 to 70,000 customers/claimants would have:
v their existing payments cancelled and reductions in fortnightly rates of payment
made for a further 40,000. These estimates were considered conservative. It
meant that approximately:
(a) two per cent of current Unemployment, Sickness and Special Benefit payments
would be cancelled;
(b) two per cent of Sole Parent Pension payments would be cancelled;
(c) one per cent of Age and Invalid Pensions would be cancelled (and a further two
and a half per cent would be subject to downward variations in rates of payment),
and
(d) two per cent of Family Allowance payments would be cancelled.
No account was taken of Family Allowance Supplement payments since these were
already checked manually using taxation information.
Against these projected savings, implementation costs were estimated to be relatively
low. The major cost involved the acquisition of new high speed computer matching
equipment for the DSS. For estimate purposes this was set at $4.5m. As it was
known that the lead time for acquisition of the equipment would be significant,
allowance was also made for the purchase of additional processing power and disks
for the Department's existing Canberra Mainframe so that some matching could occur
and savings be made before the installation of the new equipment. The estimated cost
of this upgrade was $2.5m.
Within the Social Security portfolio other net costs identified were $1.25m for
publicity associated with changes in the requirements for customers to provide TFNs,
$2m as a share of ATO costs associated with collection of TFNs and $100,000
supplementation for the Privacy Commissioner's Office so suitably qualified staff
could be recruited. It was estimated that other implementation costs would be offset
by savings made available through the new matching program. Three major areas of
saving were identified:
v staff savings flowing from the reduction in customer populations as customers
voluntarily surrendered payments or had their payments cancelled;
18v savings in postage as the new matching program removed the need for a substantial
portion of current mail reviews of customers' circumstances; and
v savings in clerical effort associated with some reviews which would no longer
need to be done after the introduction of the new matching arrangements.
The identified costs taken into account for the ATO were $4.5m and were shared by
DSS as mentioned above.
Identified costs for the DVA were $0.9m in running costs in 1990/91 and 1991/92 and
$0.lm in 1992/93 and 1993/94.
The estimated savings in program expenditure far exceed implementation and on
going costs.
Social Considerations
There were two key social issues associated with the initiative. One was the desire of
most taxpayers for the welfare system to be secure from cheating and fraud. The
other was the concern to protect the individual right to privacy.
Allied to the concerns most people have to see a welfare system with a high degree of
financial integrity is a concern for social justice. In particular, there was strong
support in the community for a welfare system which directed available funds to those
most in need of assistance. The new measures helped to achieve that in several ways.
First, by strengthening controls in financial assistance payment systems it
significantly reduced the leakage of funds from those systems. This provided funds
for Government to direct to other priorities. Second, the existence of effective
controls in payment systems soon became evident to the community and rapidly
increased voluntary compliance. When people realised that there was a high
probability of incorrect payments being detected they were much more likely to meet
their obligations under the law.
Suitable safeguards against unreasonable intrusion into people's privacy were built
into the data-matching arrangements. To this end, in addition to normal safeguards,
the Privacy Commissioner was consulted about the arrangements and as
implementation proceeded. The Commissioner monitored the implementation of the
initiative and continues to be consulted on all major aspects of the Program.
Financial Benefits
When the Government decided in the 1990/91 Budget, to proceed with data matching
arrangements, it took into account that there was a Social Security income support
population of over 4 million people with average annual individual amounts of
payment ranging from around $800 for Family Allowance to $7,900 for Special
Benefit. There was a belief that a randomly distributed incorrect payment rate of
around 2 per cent existed throughout that population.
196 OUTLINE OF TECHNICAL CONTROLS TO ENSURE DATA
QUALITY, INTEGRITY AND SECURITY
6.1 Data Quality
Data quality is a term, which refers to the accuracy and currency of data.
Poor quality data is of limited value, so most agencies take considerable measures to
ensure their data is of high quality.
The DMA checks the validity of the records given to it by the Assistance Agencies.
Records with errors in them, including invalid TFNs, are then referred back to the
relevant Assistance Agencies.
6.2 Data Integrity
Data integrity is a term, which refers to the consistency and completeness of data
records. Measures which can be taken to maintain integrity levels include designing
systems which will not accept records which are incomplete, and identifying and
correcting records which appear to be inadequate or corrupt.
6.3 Security
The DMA conducts its business in accordance with the DMP Act and guidelines set
by the Privacy Commissioner. It has responsibility for protecting both the data it
receives from other sources and the data it generates while that data remains under its
control. Arrangements are made for data to be stored in a safe and secure
environment and, where required, to be destroyed in accordance with standard
destruction procedures within the time constraints imposed by the legislation. These
safeguards ensure that individual privacy is protected by keeping customer details
used for the purpose of data-matching secure and accessible only to authorised
persons.
The DMA operates in the National Support Office environment of Centrelink. Its
staff are subject to all the security controls already in place in that administration and
are also subject to the confidentiality provisions of the Social Security Act 1991
(Section 1312 - 1321A) as well as to the confidentiality provisions of Section 15 of
the DMP Act.
The Privacy Commissioner and or staff, and other Assistance Agencies and elsewhere
may attend the premises of the DMA as observers during a data matching cycle.
Centrelink staff have access to DMA data only while they are acting as members of
the DMA.
While acting as DMA staff, Centrelink officers do not have access to any Centrelink
data additional to that provided by the Department as a Source Agency.
All data held in printed form by the DMA is stored in a locked, secured area while not
in use.7 USE OF IDENTIFICATION NUMBERS INCLUDING TAX FILE
NUMBERS
Section 7 of the DMP Act clearly defines the use of identification numbers, including
TFNs, in the various steps of a matching cycle.
The first step of the matching cycle specifies that Assistance Agencies supply to the
DMA basic data about their customers. This information includes the customer's TFN
and the customer's unique Assistance Agency Identification Number.
The unique Assistance Agency Identification Numbers are important because they are
the means by which agencies identify customer records. They can be likened to a key
to a particular customer record. Both the key and the record are unique, so
information about one customer cannot be confused with information about another.
Such confusion could easily occur if customer records were identified by name only.
Government agencies deal with very large numbers of customers and the incidence of
common or very similar names is high. The use of unique identification numbers
gives agency records an integrity they would otherwise lack and protects the privacy
of customers by guarding against the mistaken use of information they provide to
agencies.
Provision of the Assistance Agency Identification Number to the DMA helps ensure
that information about different customers is not confused during the various
matching routines to be performed. It also allows the DMA to clearly identify clients
when returning information on discrepancies to the assistance agencies.
TFNs are the unique identifiers used by the ATO to identify taxpayers. As part of the
matching process, the ATO extracts specified data from its records and provides that
data to the DMA. It is important that these extraction processes be as accurate as
possible to protect the integrity of subsequent steps in the matching process.
Matching with tax records could not be nearly as precise without the use of TFNs.
This is the key reason they are used in the matching process.
Where the matching of family identity data given by Assistance Agencies in Step 1
cannot identify a person for the purposes of paragraph 12, the DMA matches TFN
data given to it in Step 1 with the data being matched under that paragraph.
218 OUTLINE OF ACTION ARISING FROM THE DATA-MATCHING
PROGRAM
Section 10(2) of the DMP Act requires that, Assistant Agencies supplied with
information from Steps 1, 4 or 6 of a data matching cycle must make a decision to
undertake an investigation of that information within 90 days of its receipt.
Section 11 of the DMP Act specifies that before an agency takes review action to
cancel, suspend, reject or vary a person's claim or commence recovery of an
overpayment, a DMP Act Section 11 letter must be sent to the customer. The letter
should give particulars of the information held by the Assistance Agency and details
of the proposed action. The letter must be sent to the most recent address of the
customer known to the Assistance Agency (the customer need not be informed if
doing so would prejudice the effectiveness of an investigation into the possible
commission of an offence).
8.1 Assistance Agencies
Standard letters have been developed and are available as On Line Advices (OLA). A
sample of these letters is contained in Appendix 1.
DMP Act Section 11 letter requirements also apply to partners/parents of customers
whose entitlement is being reviewed.
Once a DMP Act Section 11 letter has been sent, this action is then recorded on
Centrelink’s Integrated Review System (IRS). A message is also recorded on the On
Line Document Recording (ODR) facility, indicating that the customer has been
issued with a DMP Act Section 11 letter. The message states that no change to the
customer's payment status or rate should be made before 28 days have elapsed or the
customer has responded, without first consulting the DMP Assessor.
8.2 Customer has 28 days to respond
Section 11(1) of the DMP Act gives the customer 28 days in which to show cause
why the action should not be taken. The customer may respond either orally or in
writing. If the customer responds orally, the person receiving the oral response must
make a written and dated record and place this on file, or the response may be
recorded on the On-line Document Recording (ODR) system.
In all cases, except where the detected discrepancy was caused solely by an
administrative error by the Assistance Agency, no action must commence until either
the Customer has responded or until 28 days have elapsed. In cases of administrative
error, the DMP Act Section 11 letter must still be sent to the Customer but the
Assistance Agency does not have to wait before taking the action.
228.3 Debt due to the Commonwealth
If a customer does not respond to a DMP Act Section 11 letter, any Benefit, Pension
or Allowance overpaid during the 28 day period is a debt due to the Commonwealth
as per Section 11(6) of the DMP Act, Section 1224(c) of the Social Security Act 1991
and section 205 (1) of the Veterans’ Entitlements Act 1986.
8.4 Customer disputes information
A DMP Act Section 11 letter is disputed when the customer questions the accuracy of
the information and continues to insist that their view is correct.
When a customer disputes the information provided in the DMP Act Section 11 letter
and the Assistance Agency still considers it is appropriate to take action, the customer
must be advised of:
the normal rights of appeal provided by Social Security Act 1991 and the
Veterans’ Entitlement Act 1986; and
the rights of complaint under the Privacy Act 1988.
8.5 When DMP Act Section 11 letters are not issued
Section 11(4) of the DMP Act states that a DMP Act Section 11 letter need not be sent
to the customer if 'issuing a notice would prejudice the effectiveness of an
investigation into the possible commission of an offence'. There are no other
circumstances in which an exemption from issuing a DMP Act Section 11 letter may
be applied.
8.6 Administrative Error
If a discrepancy has occurred because of an Assistance Agency error (e.g. the
customer notified of a change in their circumstances and their payment was not
adjusted), action is taken to correct the payment immediately. A DMP Act Section 11
letter designed for this situation must be sent to the customer as soon as practicable.
8.7 Privacy
Section 14(2) of the DMP Act states that any person who believes that an act or
practice has occurred which has interfered with their privacy may make a complaint to
the Privacy Commissioner. This complaint must be in writing, specify the nature of
the complaint and cite Centrelink or Department of Veterans’ Affairs as the
respondent.
238.8 Deceased customers
It is a requirement to issue a DMP Act Section 11 letter to a person (as defined in the
DMP Act a ‘person’ means an individual whether alive or dead). Prior to proceeding
with any action in the case of a deceased customer, notice of such action is given to a
surviving family member or the estate of the deceased customer. These cases are
referred to a Social Worker prior to contact being made.
8.9 The Australian Taxation Office (ATO)
No case selection has been undertaken by the ATO using DMP data in the last few
years. If and when the ATO does take action based on DMP data, the ATO will
follow the guidelines and procedures set out in the DMP Act and related documents
provided by the Privacy Commissioner to ensure the security, privacy and protection
for any individuals selected for investigation.
Due to the low level of DMP action undertaken by the ATO, the ATO does not have
any standard letters for use in its roles in the DMP.
249 NOTICES TO INDIVIDUALS ABOUT EXISTENCE OF THE DATA-
MATCHING PROGRAM
The Schedule to the Data-matching Program (Assistance and Tax) Guidelines requires
that Source Agencies inform their customers in writing of the fact that the information
they have supplied to the Source Agencies may be used in data matching. The notice
may be given either before information is first used in data matching or as soon as
practicable after the information is used.
In the case of the Tax Agency, agreement has been reached that other Source
Agencies when writing to their customers will mention that information the customers
have provided to the ATO may also be used in data matching.
Claim forms, letters and Information Booklets contain advice that the DMP may be
used to check any information provided to Centrelink/DVA with information held by
the ATO and other Government Departments.
2510 TIME LIMITS ON THE CONDUCT OF PROGRAM
10.1 Length of Data Matching Cycle
In accordance with the DMP Act the following time limits apply;
DMP Act Section 6
(2) states ‘there are to be no more than 9 data matching cycles in any one year’.
(3) states ‘only one data matching cycle is to be in progress at any one time’.
DMP Act Section 9
(1) states ‘a data matching cycle is to completed no later than 2 months after it began’
10.2 Destruction of Data
Section 10(3) of the DMP Act requires that action under section 10(1) must be
commenced within 12 months of step 6 of each data matching cycle taking place.
DMA data is used to create individual data matching reports for customers selected
for review. In addition, selected data (not including the TFN) is kept for DMP Act
Section 11 letter infill data.
All source data from the DMA is destroyed within 90 days leaving only report and
letter data for the selected customers.
Match data screen printouts are not held on file and are destroyed following the
completion of any administrative action against the customer. Any remaining details
of customers who were selected for review, but the review was not commenced or
finalised within 12 months, are destroyed at the 12 month anniversary of the receipt of
data from the DMA. The only exception is where the CEO grants an extension of
time to investigate cases where exceptional circumstances warrant. Section 10(3B)
renders this power incapable of delegation.
Any information collected during the course of an investigation (e.g. liaison forms) is
kept on file and is not affected by Section 6.3 of the Schedule to the DMP Act
Guidelines. A copy of the DMP Act Section 11 letters issued to the customer and
documented response (if any) are also recorded on the customers file (e.g. paper or
electronic).
Letter infill data is destroyed at the 12 month anniversary of its receipt from the
DMA.
The timeliness of destruction of data is subject to regular audits by the Privacy
Commissioner.
26APPENDIX 1
Centrelink Listing & Sample Of DMP Act Section 11 Letters
Letter Income, Payment Type Letter Description
Number Payment or
Debtor Match
Q081 Income YAL (only) ATO Income Vs Centrelink dependent
Youth Allowance customer - Letter to
Customer.
Q082 Income YAL (can only be ATO Income Vs dependent Youth
used in conjunction Allowance customer - Letter to Parent(s).
with Q081)
Q110 Debtor All Centrelink Debtor now receiving
payments from another agency.
Q308 Income PPP, NSS, PEN Centrelink Customer (Pension, Newstart
& Parenting) Vs ATO income.
Q338 Income All Centrelink Invalid TFN, or TFN for
another person.
Q436 Income & All Centrelink action taken but DMP Act
Payment Section 11 letter not issued.
Q437 Income & All Centrelink Customer provided
Payment information in response to a DMP Act
Section 11 letter, courtesy letter advising
them that no further action will be taken.
Q444 Income & All Administrative Error - Centrelink
Payment Customer previously provided
information, but it was not acted upon.
Q448 Income & All Centrelink Customer has disputed the
Payment information contained in the original
DMP Act Section 11 letter. This letter
advises customer of their rights.
Q520 Income YAL Centrelink Family Actual Means Test
letter to Youth Allowance customers.
Q521 Income Parents of YAL Centrelink Family Actual Means Test
customers letter to mother/father of Youth
Allowance customer.
Q652 Payment All Centrelink customer in receipt of dual
payments.
All All Data-matching Program Information
(attachment to DMP Act Section 11
Letters)
27Customer Contact Letter - Q308
DMP - Centrelink Income Details Match with ATO
{Centrelink Office Postal Address}
{Centrelink Office Street Address}
{Centrelink Fax}
Please quote: {Customer Reference Number}
Telephone: {Centrelink Phone Number}
Office Hours: {Regional Office Hours}
{Customer Name}
{Customer Postal Address}
Dear {Customer Title and Surname}
This letter is about your {BENEFIT.TYPE}.
We need to make sure you are getting the right amount of {BENEFIT.TYPE}. One
way of doing this is to compare the records of other Government agencies with our
records
The Data-matching Program (Assistance and Tax) Act 1990 allows us to do this, and I
am writing to you under section 11 of that Act. I have enclosed information about the
Program with this letter.
Using the Data-matching Program, we looked at records from the Australian Tax
Office (ATO). They gave us the following results:
ATO records show your partner’s income (other than your partner’s Centrelink
income)
was ${PARTNER’S INCOME}. ATO records show that ${AMOUNT} of your
partner’s income came from salary.
As you can see, at {DATE} there was a difference between our records of your
partner's income for {FIN YEAR} financial year and those of the ATO. However, this
information may no longer be correct or you may have already given us new
information about your partner’s income. If the ATO records are correct, we might
need to adjust the amount of {BENEFIT.TYPE} you received.
If you think the information from the ATO is wrong, would you please give us details
of your partner's income during {FIN YEAR} financial year, including where and
when you received this income. Payslips, group certificates, profit and loss
statements, balance sheets, bank books, bank statements and tax returns would give us
the information we need to check our records. We may need to check details about
your partner's income with the ATO or other third parties such as employers or
financial institutions, but we will only do this if we have to.
28IT IS IMPORTANT THAT YOU CONTACT ME BEFORE {DATE}. Otherwise,
your payment could be changed. Please post this information or bring it into the
office. The address and phone number are at the top of this letter. Once we have this
information we will compare all the details and check your rate of payment. We will
write to you again if there is any change to your payment.
If you need more information, please phone me, {CONTACT NAME}, on
{PHONE}. You can reverse the charges if you live outside the local call area.
Yours sincerely
{Centrelink Officer In Charge Name}
{Officer in Charge Title}
{PRINT.DATE}
29Customer Contact Letter - Q652
DMP - Payment Match between Centrelink and other Commonwealth Agencies
{Centrelink Office Postal Address}
{Centrelink Office Street Address}
{Centrelink Fax}
Please quote: {Customer Reference Number
Telephone: {Centrelink Phone Number
Office Hours: {Regional Office Hours}
{Customer Name}
{Customer Postal Address}
Dear {Customer Title and Surname}
This letter is about your {BENEFIT.TYPE}.
Centrelink regularly checks its payment information under a program called the Data-
matching Program. This program is authorised by an Act of Parliament, the Data-
Matching Program (Assistance and Tax) Act 1990. I am writing to you under the
provisions of section 11 of that Act.
Recent matching with the {DEPARTMENT OR AGENCY} shows that
granted {PAYMENT TYPE} from {DATE OF GRANT}. It appears that
{BENEFIT.TYPE} and {PAYMENT TYPE} have both been paid for the period
{START DATE} to {END DATE}. You should have receivedIf you would like to talk about this letter, please phone me on {PHONE.NUMBER}.
If you are outside the local call area, you can call and reverse the charges.
Yours sincerely
{Centrelink Officer In Charge Name}
{Officer in Charge Title}
{PRINT.DATE}
31DATA-MATCHING PROGRAM INFORMATION
(attachment to Centrelink DMP Act Section 11 Letters)
Under the Data-matching Program (Assistance and Tax) Act 1990, Centrelink
matches records with the:
Department of Veterans’ Affairs; and
The Australian Taxation Office.
This lets us know whether people who are paid social security payments are getting
the correct amount.
Centrelink has prepared a Program Protocol, which gives details of the Data-matching
Program. The Privacy Commissioner has this document and it is available for people
to read. The role of the Privacy Commissioner is to make sure privacy is protected.
The Commissioner can investigate complaints about the Program or abuse of a
person’s privacy. Heavy penalties apply if information held by Centrelink is misused
or wrongfully released.
If you do not agree with this decision, please contact us and we will explain it. We
will reconsider your case and change the decision if appropriate. If you still do not
agree, we will advise you of further avenues of review, which may be available to you
and how you can apply for them.
32You can also read
