Australia: Services Australia Fined for Repeated Privacy Breaches

The Australian government agency Services Australia has been fined AUD 10,000 for mishandling a customer’s personal data over several years. The Office of the Australian Information Commissioner (OAIC) announced the penalty on 30 January, 2025, following an investigation into privacy breaches.

What Happened?

A customer complained that their personal records kept getting mixed up with those of other people due to errors by Services Australia staff. This mix-up affected important records like Medicare, Centrelink, and child support accounts, causing issues with accessing government services and exposing sensitive information.

The OAIC found that this wasn’t a one-time mistake. Between April 2015 and September 2021, at least four separate incidents were reported, despite an earlier complaint being “resolved” in 2019. When the errors kept happening, the customer filed another complaint in August 2022.

Why Was Services Australia Fined?

After reviewing the case, the OAIC ruled that Services Australia violated privacy laws by:

• Failing to properly protect the customer’s personal data from being shared with others.

• Not ensuring their records were accurate and up to date.

• Sharing sensitive information without consent and without a valid reason.

These actions breached the Australian Privacy Principles (APPs), the country’s privacy laws that protect personal information.

What Happens Next?

As part of the penalty, the OAIC ordered Services Australia to:

✔️ Pay the customer AUD 10,000 for the distress caused.
✔️ Fix the record-keeping issues and report back to the OAIC.
✔️ Review and improve their policies on handling personal data.

This case highlights the importance of protecting personal information and ensuring government agencies handle customer data responsibly.

Official information has been published as a reference - here