Services Australia collects, stores and uses the personal information of more than 27 million people to deliver services and payments. This audit provides assurance to Parliament about whether Services Australia is effectively managing the privacy of client information.

The report provides eight recommendations:

• five recommendations to Services Australia to improve risk management, data-matching practices, privacy impact assessments, complaints assessment and privacy assurance arrangements.
• three recommendations to regulators to review data-matching arrangements, share third-party data breach information and enhanced reporting on privacy. 

Key findings

• Services Australia is partly effective in managing the privacy of client information.
• There were partly appropriate arrangements to manage privacy.
• Services Australia was partly effective with implementing arrangements.
• There were deficiencies with risk management, data matching, record-keeping, privacy impact assessments, transparency and reporting.