Privacy Foundation calls for human intervention in Centrelink debt collection

The Australian Privacy Foundation (APF) has recommended that the Department of Human services (DHS) reform its automated debt recovery process and bring back the "human" involvement that was replaced with the new data-matching technology.

In its submission [PDF] to the Senate Community Affairs References Committee, the APF noted several serious concerns about the automatic data matching system used by Centrelink, citing problems with relying on technology as its main concern.

The APF suggests that relying on IT systems is fraught with issues, such as assuming that IT systems work accurately, noting that "IT systems often fail". Similarly, the practice in place by Centrelink assumes the data held is accurate in each database and that the data matching algorithms are also accurate, with the APF noting this often comes with at least a 20 percent failure rate, as admitted from the beginning by DHS.

APF also believes that as data sets grow, so too do the security risks.

As a result, the APF has recommended that all automatic data matching performed by DHS be checked manually to ensure there is a reasonable basis for any claim based on the data.

According to the APF, requesting additional personal information, often years old, also causes hardship and is arguably harassment.

"The current robo-debt process is procedurally unfair. It demands evidence from the Centrelink recipient to prove that a debt is 'not' owed. The individual needs to prove a negative," the foundation wrote.

"These problems can only be fixed with a complete revision of the current data matching process with a focus on ensuring the alleged debt has been verified based on a check of evidence held."

DHS announced in December it had implemented the online compliance system in July and said it was finding approximately AU$4.5 million that had gone awry each day. With this, the federal government hopes to improve the nation's Budget by AU$2.1 billion over the next four years.

The new system automatically compares the income people declare to the Australian Taxation Office against income declared to Centrelink. When it detects a disparity, Centrelink automatically issues a debt notice and that debt comes with a 10 percent recovery fee.

One large error in the Centrelink system is that it was incorrectly calculating a recipient's income, basing a recipient's fortnightly pay on their annual salary rather than taking a cumulative 26-week snapshot of what an individual was paid.

The APF believes the new process for debt collection -- one omitting human interaction -- is inherently stressful and unfair as Centrelink has failed to verify and check evidence to ensure a reasonable basis for claiming the alleged debt.

Although Australian Information and Privacy Commissioner Timothy Pilgrim announced earlier this year that his office has not opened an investigation into the Centrelink debacle, Pilgrim said in his submission to the committee [PDF] that he intends to review the report prepared by the Commonwealth Ombudsman once its investigation is complete, and determine from that if intervention from the Office of the Australian Information Commissioner (OAIC) is required.

Pilgrim highlighted that where the data used in such activities is derived from personal information entrusted to the government, it must be "respected, protected, and handled in a way that is commensurate with broader community expectations".

"Even where an agency may have this legal authority, consideration must be given to whether their use of personal information strikes an appropriate balance between achieving policy goals, and any impact on privacy," Pilgrim wrote.

"As part of this, agencies need to assess whether their handling of personal information is consistent with the community's expectations, and ensure that they have a social licence for any new uses of data."

The OAIC has oversight of government data-matching activities, and provides agencies with voluntary data-matching guidelines -- Guidelines on Datamatching in Australian Government Administration -- issued under the Privacy Act. While not legally-binding, the voluntary guidelines, used by DHS, represent the OAIC's view on best practice with respect to agencies undertaking datamatching activities.

Previously, DHS had to follow tighter rules under the Data-matching Act and the associated statutory data-matching guidelines, as both DHS and the ATO conducted their data-matching activities using a citizen's tax file number (TFN); however, its new method omits TFN's and therefore can follow a more lax approach to data protection, Pilgrim explained.

Under voluntary data-matching guidelines, agencies have a responsibility to notify the public of a data-matching program.

In the committee's first hearing, the Community and Public Sector Union (CPSU) took the opportunity to highlight the inefficiencies of the government department, with CPSU national secretary Nadine Flood commenting that DHS is unable to provide Australians with a basic level of service following the reduction of 5,000 permanent roles by governments of both stripes.

"It is not an exaggeration to say that the Department of Human Services is an agency in crisis, and it's not something I say lightly," she said.

"The department has been put in a position where it has made decisions, with the recent introduction of the automated debt recovery program, to remove or reduce the role of DHS staff in that crucial hands-on element of the work -- investigating suspected overpayments and advising on appropriate debt recovery actions."

The secretary of the union representing DHS staff continued to explain that the department's new approach -- which removes or reduces human oversight of suspected overpayments and reduces employees' roles -- has been an absolute disaster for many Centrelink users, but also for the workers charged with implementing a system that Flood said they know to be deeply flawed and unfair.

Previously, Prime Minister Malcolm Turnbull called the debt recovery system "quite appropriate" and said it boils down to the fact that the government has an obligation to ensure that Australia's "very extensive and generous" social welfare system is allocated correctly.

"Centrelink has a responsibility where it identifies a discrepancy between what the recipient has reported and what the employer has reported to seek an explanation and that is what is being done," he said.

"The letters that go out in the first instance are simply saying there is a discrepancy: 'Your employer is saying you earned this, you say you earned that, can you explain what that discrepancy is' -- and that is entirely responsible and appropriate."

In its latest submission [PDF] to the inquiry, DHS reiterates what Minister for Human Services Alan Tudge and his chief have already said at length, that the data-matching process is not new; rather it is just being performed at a larger scale.

DHS said that in 2015-16, around 105,000 manual assessments were initiated, and over 101,000 completed. As of December 2016, around 220,000 assessments were initiated with approximately 168,000 completed during the six-month period.