KEVIN PATRICK O'CONNOR Privacy Commissioner

(ii)    where it is not defined in the Act but is defined in the Privacy Act 1988, that meaning.

2.2 In addition the following terms used in these Guidelines have the following
meanings:

(b)       "Discrepancy" refers to a result of the program which warrants further
action by any relevant source agency for the purposes of giving effect to the
program;

(c)        "Action" refers to the actions set out in section 10 of the Act, and in the case
of the Tax agency includes requesting a taxpayer to lodge a return;

(d)       "Dispute" refers to any situation where an individual disputes the accuracy
of information which forms the basis of a discrepancy and continues to insist
his or her view is correct;

(e)        "Matches undertaken" refers to the total number of records received by the
matching agency from assistance agencies after they have been separated
into individual records for clients, partners, children, parents, maiden names
and aliases.

3.1 A program protocol must be maintained by the matching agency in consultation
with the source agencies and must-

(i)    identify the matching agency and the source agencies;

(ii)  in the case of each source agency, set out the legal basis for any collection, use or disclosure of personal information involved in the program;

(iii)  outline the objectives of the program, the procedures to be employed, the nature and frequency of the matching covered by the program, and the justifications for the program;

(iv)  explain what methods other than data-matching were available and why they were rejected;

(v)   detail any cost/benefit analysis or other measures of effectiveness which were taken into account in deciding to initiate the program;

(vi)  outline the technical controls proposed to ensure data quality, integrity and security in the conduct of the program;

(vii)  provide an explanation for any use of identification numbers and, in particular, the tax file numbers;

(viii) outline the nature of the action proposed to be taken in relation to the results of the program including the pro formas of any letters to be used by source agencies when providing notice under section 11 of the Act;

(ix)  indicate what form of notice, if any, of the proposed activities in relation to their personal information has been given or is intended to be given to affected individuals; and

(x)   specify any time-limits on the conduct of the program.

3.4              Assistance agencies must take all reasonable steps to ensure that their clients are
informed that a Program Protocol which outlines the nature and purposes of the data
matching program is available from the Privacy Commissioner.

4.1 Technical Standards Report: Detailed technical standards must be established and
maintained by the matching agency to govern the conduct of the program. They
should deal with the following matters:

(i)  integrity of data supplied by source agencies, referring in particular to: key terms and their definition; relevance, timeliness and completeness of data items;

(ii)  matching techniques, referring in particular to: matching algorithms, business rules, any use of identification numbers especially tax file numbers, the nature of the matters being sought to be identified by the matching process, the relevant data definitions and the procedure for recognising matches;

(iii)  controls being employed to ensure the continued integrity of the program including the procedures that have been established to confirm the validity of matching results;

(iv)  security features included within the program to minimise and audit access to personal information.

4.2              These matters should be dealt with in a Technical Standards Report to be held by
the matching agency with copies held by the source agencies and filed with the
Privacy Commissioner.  Any variations to the technical standards should be the
subject of a Variation Report developed in consultation with source agencies and
filed with the Privacy Commissioner.

4.3              The Privacy Commissioner has the power to require that the content of the
Technical Standards Report be varied.  Non-compliance with the variations will be
taken as a breach of the Guidelines and be subject to investigation in accordance
with section 13 of the Act.

5.1              The source agencies must establish reasonable procedures for confirming the
validity of results before relying on them as a basis for administrative action against
an individual, unless there are reasonable grounds to believe that such results are
not likely to be in error.  In forming that view, regard is to be had to the
consistency in content and context of data being matched.

5.2              Where such confirmation procedures do not take the form of checking the results
against the source data but instead involve direct communication with the affected
individual, the source agency shall notify the affected individual that no check has
been made against the records which formed the basis for the data supplied for the
program.  The notification must include (either in the letter or by way of an
attachment) an explanation of the procedures that are involved in the examination of
a discrepancy as well as the rights of complaint under the Privacy Act 1988.

5.3              If there is a dispute as to the accuracy of the data which the source agency does not
concede, it must inform the individual of the rights of complaint conferred by the
Privacy Act 1988.  Any further action taken by the agency must, unless otherwise
provided by law, not interfere with an individual's opportunity to exercise any
rights of appeal or review.

5.4              Wherever data supplied by a person prior to 1 January 1991, is to be used, or is
likely to be used, in a data matching program, the person who has supplied the data
shall be notified in writing by the relevant assistance agency either before the data is
first used or as soon as practicable thereafter that the data is likely to be used for
this purpose.

5.5              Written records made in accordance with section 11(5A) of the Act must be retained
on or linked to the individual's file.

6.1  No Discrepancy: Personal information from source agencies used in a matching cycle that does not lead to a discrepancy must be destroyed by the matching agency as soon as practicable after the beginning of Step 5 in the cycle. In any case, destruction of the information must not occur later than 24 hours after the end of

6.2             Discrepancy: In cases where a discrepancy occurs as a result of Steps 1, 4 and 5 in
a data matching cycle, the results must be supplied to the relevant source agency
within 7 days of completion of the relevant step.  Source agencies must deal with
the results in accordance with section 10 of the Act.  If, during the period referred
to in that section or at any later tune, a decision not to take further action is made,
wherever practicable the information must be destroyed within 14 days.

6.3             A source agency may refer a discrepancy to another source agency for action in
accordance with section 10 of the Act.  Subject to section 10(3A) of the Act the
agency receiving the discrepancy should commence any action within 12 months
from the date it received the discrepancy.

6.4             On final completion of the action commenced in accordance with section 10(1) of
the Act, all information received from the matching agency which gave rise to such
action is to be destroyed.

(i)  where the case is under the control of the Australian Federal Police and is proceeding to the satisfaction of the source agency - when all investigation action, legal proceedings and repayment of debts due to the Commonwealth are finalised;

(ii)  where the case is under the control of the Director of Public Prosecutions and is proceeding to the satisfaction of the source agency - when all legal proceedings and repayment of debts due to the Commonwealth are finalised;

(iii) where a debt due to the Commonwealth remains outstanding and action is being taken to recover it - when the debt is fully recovered, waived or written off;

(iv) where the tax agency has issued an assessment or an amended assessment -90 days after the person's rights of appeal under the Income Tax Assessment Act 1936 have expired; and

(v)  in all other situations, within twelve months from the date of commencement of action in accordance with section 10(1).

7.1              Subject to paragraph 7.2 below, source agencies must not permit the information
used in the program to be linked or merged in such a way that a new separate
permanent register (or databank) of information is created about any, or all of the
individuals whose information has been subject to the program.

7.2              Paragraph 7.1 does not prevent a source agency from maintaining a register of
individuals in respect of whom further inquiries are warranted following the
decision required by section 10 of the Act.

7.3              After the completion of the action in relation to an individual that is taken in
accordance with section 10, the source agency must delete any information that
relates to that action from any register of the type described in paragraph 7.2.

7.4              Paragraph 7.1 does not prevent the creation of a register kept for the purpose of
excluding individuals from being selected for investigation. Such a register should
contain the minimum amount of information for this purpose.

8.                  The Privacy Commissioner is to be responsible for monitoring the compliance with
these Guidelines and giving advice to the relevant matching and source agencies as
to their responsibilities under the Guidelines.

9.                  The matching and source agencies must report to the Privacy Commissioner on a
periodic basis as agreed with the Privacy Commissioner. The Commissioner may
require an agency to report on any relevant matter, including any of the following
matters:

(i)             actual costs and benefits flowing from the program;

(ii)   any non-financial factors that are considered relevant;

(iii)  difficulties in the operation of the program and how these have been overcome;

(iv)  the extent to which internal audits or other forms of assessment have been undertaken by agencies and their outcome;

(v)   examples of circumstances in which the giving of notice under section 11 would prejudice the effectiveness  of an investigation into the possible

(vi) such other matters as: the total number of matches undertaken, the number and proportion of matches that result in discrepancies, the number and proportion of discrepancies which resulted in a notice under section 11 of the Act being sent, the number and proportion of discrepancies which resulted in action being taken, the number of cases in which action proceeded despite a dispute as to the accuracy of the data, the number and the proportion of discrepancies which did not proceed to action after the individual was contacted, the number of cases where an overpayment was identified, the number of cases where recovery action was initiated and the number of cases where the debt was fully recovered.

10.1         The Privacy Commissioner must include in his annual report an assessment of the
extent of the program's compliance with the Act, these Guidelines and the Privacy
Act 1988; and to that end, may exercise any of the powers as to investigation and
audit contained in the Privacy Act 1988.

10.2         Agencies must report their data matching activities under this Act in their annual
entry for the Personal Information Digest in a form to be specified by the Privacy
Commissioner.

11.             These Guidelines are additional to provisions of the Privacy Act 1988 including the
Information Privacy Principles.

12.             As required by section 12(2A) of the Act the matching agency and each source
agency must table a comprehensive report in both Houses of Parliament.   These
reports are to include all of the following details:

(i)                 actual cost and benefits flowing from the program;

(ii) any non-financial factors that are considered relevant;

(iii) difficulties in the operation of the program and how these have been overcome;

(iv)  the extent to which internal audits or other forms of assessment have been undertaken by agencies and their outcome; and

(v)  such other matters as: the total number of matches undertaken, the number and proportion of matches that result in discrepancies, the number and proportion of discrepancies which resulted in a notice under section 11 of the Act being sent, the number and proportion of discrepancies which resulted in action being taken, the number of cases in which action