The former Department of Human Services (DHS), now rebadged as Services Australia, will be forced to release key risk management documents for its controversial "robo-debt" program following a decision [PDF] by the Australian Information Commissioner, Angelene Falk, on Thursday.
The commissioner said the simple assertion that releasing documents would create security risks, or "a substantial adverse effect on the proper and efficient conduct" of an agency is not enough to prevent their release.
The Employment Income Matching (EIM) project, which matches Australian Taxation Office (ATO) income data to welfare recipients' Centrelink records, has been widely criticised for generating false claims of overpaid welfare benefits.
The four documents to be released are the result of a freedom of information request by Justin Warren, founder and chief analyst at PivotNine, made in February 2017.
The documents have been described by DHS as:
- a risk management plan for the EIM project, which details potential risks for the project and strategies for mitigation;
- an 'Open Issues Summary', which details identified issues, the action taken to address each issue, and the subsequent results;
- a second, similar issues summary document; and
- an ICT progress report, which details progress against milestones and deliverables.
The DHS had claimed, among other things, that releasing risk-related information on its compliance programs and computer systems would create security risks.
"This would result in the relevant departmental staff framing their advice in more guarded or careful terms, [maybe] so carefully that the quality and comprehensiveness of the risk assessment may be compromised," the department wrote.
The DHS also said that disclosing the risks could prejudice its ability to collect information from income support recipients, as well as potentially make them reluctant to provide information online if they do not believe the computer systems are sufficiently robust and secure.
The commissioner disagreed, ruling that the DHS had not shown how the adverse outcomes would, or could reasonably be expected to, occur.
"I am not satisfied that the Department has established that disclosure of the information in the documents would result in 'security risks' or 'external threats' regarding the Department's compliance programs and ICT systems as claimed," she wrote.
"An agency cannot merely assert that an effect would occur following disclosure."
The commissioner also noted that "many of the risks identified in the documents relate to whether the Department was able to appropriately prioritise and execute tasks within the timeframes set for the implementation of the system".
"Based on the information before me, it is unclear how such information could be used to exploit the EIM program as the Department contends."
The commissioner has ordered the DHS to hand over the documents within 28 days, which is by July 4.
These documents are bound to increase the pressure on Human Services and its ministers, already under fire for the poor management of its bungled child support IT project.
That project went AU$33.4 million over its budget of AU$103 million, but rather than delivering a full replacement system, it only resulted in a new interface over the legacy mainframe system.
The new department is also tasked with government IT procurement.
The Department of Human Services blew AU$135 million on a bad and functionally incomplete system. Now we know just how bad it is.
The department has also recovered a little over AU$326 million through the online compliance intervention program.
Centrelink is the first target, of course.
AU$193 million was spent on the controversial data-matching project in 2017-18.