Australian Government

Federal Register of Legislation

Data-matching Program (Assistance and Tax) Rules 2021

In force

Administered by

Department of Social Services

This item is authorised by the following title:

Data-matching Program (Assistance and Tax) Act 1990

Latest version

F2021L00712

08 June 2021

Table of contents

Name
Commencement
Authority
Repeal
Definitions
- where it is not defined in the Data-matching Act but is defined in the Privacy Act — that meaning.
- In this instrument:
Scope of Operation
Matching agency must maintain a program protocol
- The matching agency must maintain a program protocol in relation to the program.
- The matching agency must develop the program protocol in consultation with the source agencies.
- The program protocol must set out the following information:
- The program protocol must explain the reasons for deciding to conduct the program, including:
Public inspection of program protocols
- The matching agency must provide a copy of the program protocol to the Information Commissioner.
- The matching agency must publish the program protocol and cause a notice to be published in the Gazette unless the Information Commissioner is satisfied that its availability would be or would be likely to be contrary to the public interest (e.g. by prejudicing the integrity of legitimate investigative methods).
Compliance with program protocol
Amendments to program protocol
- Any amendments to the program protocol must be approved by the Information Commissioner, filed with him or her and made available for public inspection.
Matching agency must maintain a technical standards report
- Prior to commencing a program, the matching agency must prepare a technical standards report dealing with the matters set out in subsection (2).
- The matching agency must:
Compliance with technical standards report
Variation of the technical standards report
- The Information Commissioner may require the contents of the technical standards report to be varied.
- Agencies must comply with any variation to the technical standards report.
- A failure to comply with a technical standards report as varied will be taken to be a contravention of this instrument and may be investigated by the Information Commissioner pursuant to section 13(2) of the Data-matching Act.
Confirming validity of matches
Notifying individuals
- If a source agency proposes to confirm the validity of a match only by checking the data with the individual instead of checking the results against the source data, the source agency must give the individual concerned:
- If there is a dispute as to the accuracy of the data, but the agency considers that administrative action is still warranted, it should inform the individual of their right to lodge a complaint under the Privacy Act.
- Unless required or authorised by law, an agency must not take administrative action that interferes with the individual’s opportunity to exercise any rights of appeal or review.
- If:
- Written records made in accordance with section 11(5A) of the Data-matching Act must be retained on or linked to the individual's file.
Destruction of data where no discrepancy produced
- If personal information from source agencies is used in a data matching cycle and does not produce a discrepancy, the matching agency must destroy the personal information as soon as practicable after commencing Step 5 in the data matching cycle.
- Destruction of personal information referred to in subsection (1) is to be completed no later than 24 hours after the completion of Step 5 of the data matching cycle, unless additional time is required because of a computer malfunction or industrial action.
Management and destruction of data where discrepancy produced
- In cases where a discrepancy occurs as a result of Steps 1, 4 and 5 in a data matching cycle, the results must be supplied to the relevant source agency within 7 days of completion of the relevant step.
- Source agencies must deal with the results in accordance with section 10 of the Data-matching Act.
- If the source agency decides to take no further action in relation to the discrepancy, the information must be destroyed within 14 days where it is reasonably practicable to do so.
- In the case of a discrepancy:
- If a source agency receives information from the matching agency or another source agency giving rise to an action within the meaning of section 10(1) of the Data-matching Act, the source agency must destroy that information on final completion of the action.
- For the purposes of subsection (5), ‘final completion of the action’ means:
No new registers, data sets or databases to be created
- Subsection (1) does not prevent a source agency from maintaining a register of individuals in respect of whom further inquiries are warranted following a decision made under section 10 of the Data-matching Act.
- If action is taken in relation to an individual in accordance with section 10 of the Data-matching Act, after completing the action the source agency must delete any information that relates to that action from any register described in subsection (2).
- Subsection (1) does not prevent the creation of a register for the purpose of excluding individuals from being selected for investigation.
- Any register made under subsection (4) must contain only the minimum amount of information required.
Information Commissioner to monitor compliance
- The Information Commissioner is to be responsible for monitoring compliance with this instrument and for providing advice to the relevant matching agencies and source agencies in relation to their responsibilities under this instrument.
Agencies to report to Information Commissioner
- The matching and source agencies must report to the Information Commissioner on a periodic basis as agreed with the Information Commissioner. The Information Commissioner may require an agency to report on any relevant matter, including any of the following matters:
Agencies to report to Parliament
- Reports prepared for the purposes of section 12(4) and section 12(5) of the Data-matching Act must deal with all of the following matters:
Operation of this instrument