Services Australia was recently fined for breaching the privacy of a vulnerable customer, writes ZDNet journalist Asha Barbaschow. A notice has been issued by the Australian Information Commissioner to pay the customer AU$19,890 as compensation for breaching her privacy.

centrelink australia services breach heimdal security

Image Source: The Guardian

The woman was in receipt of Centrelink benefits and services administered by the Department of Human Services, now Services Australia.

In June 2016 Centrelink was notified that a domestic violence victim had separated from her partner. The victim even provided the agency with a copy of an apprehended violence order (AVO) issued against the man. The partner was imprisoned for violating the order.

Centrelink did not register the separation until January 2017.

Australian Information Commissioner and Privacy Commissioner Angelene Falk has ruled that the agency breached the Privacy Act 1988 when it failed to separate the woman’s records from her former partner’s, then updated his online account with her new address.

The woman became aware of the privacy breach in 2017, when her ex-partner posted a screenshot of her new house from Google Maps to Facebook, with the comment “Change your MyGov”.

She had moved hundreds of miles away to escape the abusive relationship and avoided telling anyone where she was going to ensure her safety. Because of the breach, within months, her ex had relocated near her new home.

Services Australia general manager Hank Jongen declared that

Services Australia acknowledges its processes failed to protect the privacy of this customer. We apologise deeply and unreservedly to the complainant for the stress and pain caused.


Services Australia has been asked to pay the victim AU$10,000 for non-economic loss, AU$8,000 for reasonably incurred legal expenses, and AU$1,980 for reasonably incurred expenses in preparing a medical report.

“I consider that more rigorous steps were required to ensure that individuals fearing domestic violence do not have their updated addresses disclosed to their former partner”, commissioner Falk said.

The agency accepted all the commissioner’s declarations promising to implement them as soon as possible. Services Australia has now updated its form to provide more protection from potential domestic violence situations.

Hank Jongen further declared that

We have changed our process to require that we de-link a customer’s Centrelink record from their partner’s as soon as they tell us they’ve separated, without the need for paperwork.


The agency was declared engaged in conduct constituting an interference with the privacy of the complainant and was warned not to repeat that conduct.

Privacy-Focused Browsers Oppose Google’s FLoC Technology

How To Start Taking Control Of Your Data – Essential Privacy Tools

700+ Million Email Addresses Leaked and Why it Matters to You

Leave a Reply

Your email address will not be published. Required fields are marked *