The minister responsible for the National Disability Insurance Scheme Linda Reynolds has apologised after a breach was committed against a woman who had experienced domestic violence.
It was reported Friday morning that the National Disability Insurance Agency (NDIA) gave the private details of the woman and her children to the perpetrator who was recently released from jail.
As detailed during Senate Estimates, the information included the location of the children's school and the names of professionals working with one of the children.
"The first thing I'd say is I unreservedly apologise for that, it should not have happened," Reynolds said. "I've asked the NDIA for a full report on that. My first priority, and the NDIA's first priority, is the safety and the privacy of the woman and the family concerned, and then also to work out how this happened and to make sure that it doesn't happen again."
Also offering an apology to the victim was NDIA CEO Martin Hoffman, who said the investigation into what happened was already underway.
"I can confirm that alerts were properly placed on the CRM record of this participant, the child, with the mother, in terms of the contact arrangements that should be in place. I can also confirm that the father had properly been removed from the child representative field, which is a field that drives the automated mail out of plan materials," he explained.
"I can also confirm that the information supplied was not the actual address of the family, but … did include location details, basically the suburb, and other material.
"I've asked for a very rapid and thorough review as to what happened in this case, given that the actions in the CRM of the alert and the removal of the father from the child representative field had been done at the appropriate time."
Hoffman said he was alerted to the breach on Wednesday; Reynolds said she became aware on Friday morning.
NDIA officials were probed on how they became aware of the incident, specifically, if it was in response to a media enquiry.
"I didn't get it through that channel, there was one at the same time, but we also had it escalated through the national contact centre," Hoffman said.
Labor Senator Jenny McAllister quoted the victim as saying in the initial media report that her pleas to the NDIA "fell on deaf ears", as she was asked to send an email after calling to report the incident. She asked Hoffman if he was satisfied with the actions of his agency in the aftermath.
"I'm clearly not satisfied that the communication, through the mail out of plan materials, included information that should not have been provided to the father, absolutely," he said. "I am satisfied that the agency has very actively engaged repeatedly with the mother and the family in terms of rapid plan variations, additional support, engagement with other agencies in Victoria, to ensure the coordination of support, be it housing or safety, etc.
"That activity has been extensive and ongoing, and is continuing today.
"All I know, is that we're proceeding to, as I said, understand fully the systems issues here, noting, as I said, that the right alerts and the right removal from the child rep field were done at the appropriate time."
Hoffman also said the NDIA has "very clear" approaches in terms of the identification and approval requirements for people to gain access to information about participants and their plans, through both the national contact centre and in-branch.
"This is a very complicated area, there are often disputes, claims and counterclaims are made, timing of receipt of court orders, intervention orders, etc goes to this," he said. "But this is an area that we do have policy and process to try and maintain the security of that information."
The apology from Reynolds comes merely 24 hours after Minister for Families and Social Services Anne Ruston apologised to a survivor who had their personal information breached when the details of their application to the National Redress Scheme were uploaded directly to another person's myGov account.
Services Australia penalised for breaching privacy of a vulnerable customer
The agency's process for updating personal information in a domestic violence situation was not only alarming, but was found to be a breach of privacy by the Information Commissioner, too.
Services Australia reported 20 security incidents to the ACSC in 2019-20
Across Social Services, the NDIS, Veteran's Affairs, and its own operations, Services Australia says no breach of Australian citizen data has occurred.
Minister apologises for myGov breach of Redress Scheme survivor's information
Minister Anne Ruston has apologised to a survivor who had her application to Australia's National Redress Scheme shared with another survivor via the government's myGov portal.