38356 myGov Enhancement - search tasks and payment features Privacy Impact Assessment
Dear Services Australia,
I request the Privacy Impact Assessment:
Reference Number: 38356
Title: myGov Enhancement - search tasks and payment features
Yours faithfully,
Rex Banner
Thank you for contacting the Freedom of Information (FOI) team in Services
Australia (the Agency).
This email acknowledges your correspondence and provides some general
information in relation to FOI.
Charges
The Agency will advise you if a charge is payable to process your request
and the amount of any such charge as soon as practicable. No charge is
payable for providing a person with their own personal information.
Your address
The FOI Act requires you to provide us with an address which we can send
notices to. We will send correspondence and notices to your email address.
Please advise us as soon as possible if you wish correspondence to be sent
to another address or if your email address changes.
Administrative release of documents
The Agency has administrative access arrangements in place for the release
of certain documents without the need for a formal FOI request. These
arrangements do not extend to information or material of third parties.
Exclusion of staff details
The Agency is working towards ensuring all staff have a choice about
whether they provide their full name, personal logon identifiers and
direct contact details in response to FOI requests. Where such details are
included in documents they will be redacted. If you request staff details
as part of your FOI application, this may add to processing time and
applicable charges as it will be necessary to consider whether these
details are exempt under the FOI Act.
Dear Mr Banner
Please find attached an acknowledgement letter from Services Australia
dated 31.01.2023.
Kind Regards,
Elizabeth
Freedom of Information Practitioner
Information Access Branch
LEGAL SERVICES DIVISION
[1]cid:image003.jpg@01D6C26A.B2D8C180
Email: [2][email address]
Please note: This email and any attachments may contain information
subject to legal professional privilege or information that is otherwise
sensitive or confidential. If you are not the intended recipient of this
email, you are prohibited from using or disseminating this communication.
If you have received this communication in error please notify the sender
immediately and permanently delete this email.
References
Visible links
2. mailto:[email address]
Dear Mr Banner
Please find attached the decision letter relating to your request for
access to documents held by Services Australia, under the Freedom of
Information Act 1982.
If you are unable to open the attachments please contact me by replying to
this email.
Kind Regards,
Elizabeth
Freedom of Information Practitioner
Freedom of Information and Ombudsman Branch
LEGAL SERVICES DIVISION
[1]cid:image003.jpg@01D6C26A.B2D8C180
Email: [2][email address]
Please note: This email and any attachments may contain information
subject to legal professional privilege or information that is otherwise
sensitive or confidential. If you are not the intended recipient of this
email, you are prohibited from using or disseminating this communication.
If you have received this communication in error please notify the sender
immediately and permanently delete this email.
References
Visible links
2. mailto:[email address]
Dear Services Australia,
Please pass this on to the person who conducts Freedom of Information reviews.
I am writing to request an internal review of Services Australia's handling of my FOI request '38356 myGov Enhancement - search tasks and payment features Privacy Impact Assessment'.
> I have applied the exemption in section 42 of the FOI Act to Document 1 in its entirety.
There is no way the entire document is subject to LPP, it's a privacy impact assessment, we know what for, tenders show who it's from, so we know that the title page can't be subject to LPP.
> Further, I am satisfied the Agency’s ability to obtain legal advice on issues would be
substantially prejudiced if this document were to be made publicly available through FOI
processes. In my view, real harm is likely to result from release of the document as doing so
would waive privilege and disclose the particular legal provider’s approach to the
interpretation, analysis and application of legislation, systems and processes administered by
the Agency.
This is not real harm, a simple Google search will show plenty of PIAs that have been either published after a FOI request or proactively published.
https://www.digitalidentity.gov.au/sites...
https://www.digitalhealth.gov.au/sites/d...
https://www.digitalhealth.gov.au/sites/d...
https://www.righttoknow.org.au/request/5...
None of them have ever been marked as LPP or confidential.
>The document identifies privacy and secrecy compliance risks
for the Agency and includes recommendations for managing or eliminating identified risks
and maximising opportunities for enhancing privacy protection.
[...]
>. However, I also consider disclosure could reasonably be
expected to prejudice the Agency’s ability to obtain comprehensive legal advice in the future
and would destroy or diminish the commercial value of the provider’s PIA methodology and
approach, ultimately impede the full and frank disclosure between a lawyer and client to the
benefit of the effective administration of justice.
See above, this doesn't make sense if other PIAs (including a mygov one) have been released. The MyGov PIA appears to have been proactively been released.
>The document identifies privacy and secrecy compliance risks
for the Agency and includes recommendations for managing or eliminating identified risks
and maximising opportunities for enhancing privacy protection. I am also satisfied the
document is not operational information or purely factual information
Furthermore, a PIA contains purely factual information, that is discussing the state of such a project and privacy and secrecy compliance risks for the Agency and includes recommendations for managing or eliminating identified risks and maximising opportunities for enhancing privacy protection.
In addition, whilst PIAs can be conducted for any project, a PIA is required for high risk projects. Service Australia is required to do a PIA for projects that involve a significant change to how they manage personal information, or,
might have a significant impact on the privacy of individuals; or if directed to by OAIC.
Unless Services Australia has done the PIA on their on accord, this is a high risk project or (OAIC has determined that a PIA is required) and this is a project that the Australian public uses, a high risk project for all Australians sounds like it would be in the public interest that the public knows any privacy and secrecy compliance risks for the Agency and includes recommendations for managing or eliminating identified risks and maximising opportunities for enhancing privacy protection.
Lastly, I request Services Australia proactively release the document as it is in the public interest to do so.
A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/3...
Yours faithfully,
Rex Banner
Thank you for contacting the Freedom of Information (FOI) team in Services
Australia (the Agency).
This email acknowledges your correspondence and provides some general
information in relation to FOI.
Charges
The Agency will advise you if a charge is payable to process your request
and the amount of any such charge as soon as practicable. No charge is
payable for providing a person with their own personal information.
Your address
The FOI Act requires you to provide us with an address which we can send
notices to. We will send correspondence and notices to your email address.
Please advise us as soon as possible if you wish correspondence to be sent
to another address or if your email address changes.
Administrative release of documents
The Agency has administrative access arrangements in place for the release
of certain documents without the need for a formal FOI request. These
arrangements do not extend to information or material of third parties.
Exclusion of staff details
The Agency is working towards ensuring all staff have a choice about
whether they provide their full name, personal logon identifiers and
direct contact details in response to FOI requests. Where such details are
included in documents they will be redacted. If you request staff details
as part of your FOI application, this may add to processing time and
applicable charges as it will be necessary to consider whether these
details are exempt under the FOI Act.
Dear Mr Banner
Please find attached correspondence in relation to your request for
internal review of the Freedom of Information decision made on 20 February
2023.
Kind regards
Verity
Authorised FOI Decision Maker
FOI and Ombudsman Branch
LEGAL SERVICES DIVISION
[1]cid:image001.jpg@01D6B8DA.3399D830
References
Visible links
Dear Mr Banner
Please find attached an internal review decision from Services Australia
dated 16 March 2023 in relation to your request for internal review made
under the Freedom of Information Act 1982.
Yours sincerely
Verity, Authorised FOI Decision Maker
FOI & Ombudsman Branch
LEGAL SERVICES DIVISION
[1]Title: Services Australia branding - Description: Services Australia
servicesaustralia.gov.au
Services Australia acknowledges the Traditional Owners of the land now
called Australia. We pay our respect to all Elders, past and present, of
all Aboriginal and Torres Strait Islander nations.
Please note: This email and any attachments may contain information
subject to legal professional privilege or information that is otherwise
sensitive or confidential. If you are not the intended recipient of this
email, you are prohibited from using or disseminating this communication.
If you have received this communication in error please notify the sender
immediately and permanently delete this email.
References
Visible links