This audit would assess the effectiveness of Services Australia’s compliance with the requirements to balance the collection, storage and sharing of customer data with the appropriate protection of customer privacy.

As a result of Services Australia’s responsibility for delivering Medicare, Centrelink, pension payments and other services, it holds data relating to most Australians. Maintaining confidence in Services Australia’s ability to protect the private information of customers is a key risk that requires active and ongoing management.

Services Australia has protocols for managing customer information held by Services Australia or exchanged with third parties. In addition, Services Australia engages with the Office of the Australian Information Commissioner on how to handle, use and manage personal information under the Australian Privacy Principles contained in the Privacy Act 1988. The audit would focus on whether Services Australia’s practices, procedures and systems are robust and effective.