obackstores-signAs disclosed by Lindsay Murdoch in The Sydney Morning Herald and on the ABC News website recently, Outback Stores, the government owned and funded company that operates 21 remote community stores on remote Aboriginal communities in the NT subject to the Intervention, has been caught out inappropriately dealing with confidential Centrelink information on it’s income-managed customers.

As Lindsay reported:

The documents show the Centrelink account balances of many residents of Yuendumu, 293 kilometres north-west of Alice Springs, whose welfare payments have been quarantined under the federal indigenous intervention.

The discovery is likely to increase tensions in the community of about 700 where residents whose incomes are quarantined can buy goods only in the Nguru-Walalja store, operated by Outback Stores, a government-owned but independently operated company that has 27 stores across Australia.

The ABC spoke to Yuendumu resident Valerie Napaljarri Martin shortly after she had given evidence to the House of Representatives Committee currently conducting an inquiry into the operation of remote stores:

Valerie Martin said she was shocked when she was shown her name on the list of documents given to the inquiry. “Oh my god,” she said. “Look, I just seen my name written on it now. That makes me even more angry. Who do they think they are? Coming in to our community and doing that to us.”

Now I’ve got to disclose an interest here – I was engaged by the Yuendumu Social Club Store Inc (aka ‘The Big Shop‘ or the ‘Yuendumu Store‘) as a consultant to prepare and give testimony to both the current House of Representatives Standing Committee Inquiry into community stores in remote Aboriginal and Torres Strait Islander communities and the Senate Select Committee on Regional and Remote Indigenous Communities.

Both Committees have recently held Hearings in and around Alice Springs. I gave evidence at the House of Representatives Committee on Tuesday 28th April and met with the Senate Committee last night.

The major thrust of my submissions to the Parliamentary Committees related to the attempts, unsuccessful so far, to become licensed by FaHCSIA to accept income-managed funds and the related BasicsCard stored-value Card administered by Centrelink.

I also gave information to both Committees, including copies of Statutory Declaration detailing the events around the discovery of the documents at the Yuendumu dump and a copy of a letter given to Centrelink when the documents were provided to them.

I also have an involvement in the Centrelink documents story – earlier this month one of the managers of the Yuendumu Store, Mr Mark Vegera, contacted me and told me he had found some documents at the Yuendumu dump, a few kilometres outside of town. I later went to the dump and found some more of the same documents.

As Mark Vegera says in his Statutory Declaration in relation to the content of the material he found in a rubbish bag at the Yuendumu dump:

I noted that the papers in the rubbish bag appeared to be from the Nguru-Walalja store at Yuendumu which is operated by Outback Stores Pty Ltd. There were a number of cash register receipts, assorted facsimile pages and correspondence, and daily cash register totals sheets. Also included in the papers contained in the bag were loose copies of reports with the words “Income Management, End of Month Reconciliation”.

From my brief examination of the material in the bag it appeared that it was sensitive material, particularly in that it appeared to contain personal information of a private nature about a large number of residents of Yuendumu. I placed the material in a box and returned to the YSCS where I secured the material in the YSCS office under lock and key.

Later that week I examined the documents that I had found at the Yuendumu waste facility more closely. It soon became obvious to me that one particular group of documents appeared to contain information of a highly personal and private nature.

The front page of each group of documents that appeared to contain sensitive personal and private material had the words “Income Management End of Month Reconciliation” at the top of each page. Under them were the words “Organisation name: Nguru-Walalja Store (Country Store) Yuendumu”… . There were approximately 50 or 60 pages of this material. In the top right hand corner of the first sheet were the words “Page 1 of 8”.

The body of each sheet of paper consisted of six columns of words and figures under the column headings, reading from left to right, “Customer Details”, respectively “First name”, “Surname”, “Cust. CRN” “Credit”, “Debit” and “Balance”.

The 8 pages of each document consists of lists of named persons with their individual “Cust. CRN” listed against each name in that column. I understand the words “Cust. CRN” to be a shortened reference to “Customer Centrelink Reference Number”. Then follows the columns headed “Credit” and “Debit”, most of which have balances entered as “$0.00”. The last column on the right-hand side of each page was headed “Balance” and that column on each page had a variety of numbers entered as, for example, “$5.55”.

After I went to the Yuendumu dump and found more documents of the same kind I also prepared a Statutory Declaration, in which I detailed how the material located by me and Mark related to those people at Yuendumu who have their welfare income quarantined under the Federal Government’s Income Management scheme:

The total number of names and other material listed varies from about three hundred and seventy to about three hundred and ninety names.

I believed that the material found by Mark Vegera and myself was material that would be subject to the provisions of the Privacy Act 1998. I was uncertain as to how this material should be dealt with but believed that it would be appropriate that it be provided to Centrelink who would be able to take any further action. On Thursday 23 April I contacted the Office of the Privacy Commissioner in Canberra. An officer of the Privacy Commission advised me that it would be appropriate to return the material to Centrelink. They further advised me that it would be appropriate to retain a copy of the material so that it may be forwarded to the Privacy Commission to accompany a complaint to that body or to be forwarded so that the Commission may conduct an assessment as to whether an “own motion” inquiry by the Commission may be appropriate or in the event that any person or persons to whom the information contained in the material referred may wish to make a complaint to the Privacy Commission.

I came into Alice Springs on Monday 27th April to prepare for the House of Representatives and Senate Hearings.

On Monday afternoon I went to Centrelink and delivered the originals of the sensitive material found at the Yuendumu dump to Centrelink.

It is apparent that Centrelink views breaches of the Privacy Principles very seriously. As a Centrelink spokesperson told the ABC:

…the organisation has strict rules for stores about protecting privacy and the matter is being urgently investigated.

Indeed. In 2006 Centrelink ‘forced out’ or sacked over 100 staff who had inappropriately accessed information subject to privacy restrictions. As the Sydney Morning Herald reported at the time:

The government’s welfare agency has confirmed it uncovered almost 600 cases of staff wrongfully accessing client records during the last two years.

A total of 19 staff were sacked and 92 resigned when faced with accusations of privacy breaches.

More than 300 staff faced salary deductions or fines, another 46 were reprimanded, and the remainder were demoted or warned.

“What this demonstrates is that we exercise zero tolerance in this area,” Centrelink general manager Hank Jongen told ABC Radio.

“It shows our staff that we are absolutely serious about maintaining the privacy of our customers.”

And in relation to the security of Private Information held or generated by private operators, like the Outback Store at Yuendumu, Centrelink’s Terms and Conditions for BasicsCards Merchants import the provisions of the Privacy Act:

27.1 Privacy Obligations

The Merchant must not, and must ensure that any subcontractor does not, do an act or engage in a practice in relation to this agreement that would breach an Information Privacy Principle if done or engaged in by Centrelink.

27.2 Interpretation of Privacy obligations
Information Privacy Principle has the same meaning in clause 27.1 as it has in the Privacy Act

Time will tell how Centrelink will treat the inappropriate disposal of this material at the Yuendumu dump – certainly it appears to have a wide range of options of actions that it might take against Outback Stores.

Both of the Parliamentary Committees were very interested in how personal private information is being treated by the Government’s favoured provider of store services to remote communities in the NT.

And the Privacy Commission will be provided with a copy of the same material as provided to Centrelink and both of the Committees – it will be interesting to see whether the Privacy Commission decides to initiate an ‘own motion’ inquiry under the Privacy Act.

And of course there may be more than a few of the 400 or so Yuendumu residents whose personal information was in the documents dumped by Outback Stores who may want to make a complaint to the Privacy Commissioner as well.

Watch this space!