Centrelink’s data centre plans spark privacy concerns

Privacy advocate Roger Clarke has raised concerns about Federal Government plans to consolidate data centres, arguing that some IT services are best kept within separate agencies.

Clarke was responding to Federal Government plans to use Centrelink's server and storage resources to process data on behalf of other agencies, as revealed on iTnews at CeBIT last week

The story was also reported in The Australian yesterday, in which it was suggested that Centrelink could become Australia's first "super agency".

In response to The Australian's article, Clarke said the Department of Human Services's (DHS) deputy secretary of IT infrastructure, John Wadeson, appeared to be "making a play to be Big Brother's CIO".

There are several layers of service that one agency could provide on behalf of others, Clarke explained.

These ranged from sharing physical facilities to reduce costs of air conditioning and networking, to sharing platforms, software and systems for more efficient procurement and deployment.

But if walls are torn down and agencies share applications, software and data, Clarke said the privacy of Australian citizens could be at risk.

"It would appear that Wadeson is proposing on behalf of Centrelink to become a service provider at the highest level," he told iTnews today.

"This is completely unacceptable; we [privacy advocates and concerned Australians] would fight that one to the nail."

Clarke is a visiting professor at the University of NSW and the Australian National University, and was awarded the 2009 Privacy Medal by the Australian Privacy Commissioner.

He also runs eBusiness consultancy Xamax, which he cited as support that "I'm very much in favour of appropriately applied technology."

While whole-of-Government IT strategies were recommended by the 2008 Gershon Review to increase efficiency and reduce cost, Clarke said a central store of all personal information could be abused.

"Once you have government agencies operating in concert like that, you have room for despots," he said of whole-of-Government data centre consolidation.

"The Gershon Report can be used as a basis to do pretty much anything. Here, it's being used as an excuse for the operator of one massive data mine to provide services to lots of other smaller data mines."

Addressing privacy concerns

Last week, DHS's Wadeson told iTnews that privacy "is an issue [the Government] always have to watch," he said. "But... we are not building a single database here. We are going to use a consent model if we share data.

"People in IT understand that you can house things on one mainframe, and there is no risk of leakage from one part of it to another," he said.

Wadeson had also pre-empted any privacy concerns with a statement a few days earlier.

"We are ensuring that the distinct customer databases held by each agency remain separate," he said. "This is key to the reforms we are delivering, in effect creating a single systems environment to deliver the business of many agencies without compromising privacy.

"This is critical work and we are engaged closely with the Office of the Privacy Commissioner to ensure privacy safeguards are built in from the beginning.

"Customers who choose to tick a box to 'Tell Us Once' can allow their information to be shared across agencies, which means they don't need to fill in a whole new form when they go from Centrelink to Medicare to the Child Support Agency.

"But customers who prefer not to have their information shared can simply fill in the individual forms for each different agency.

"This way those who choose to can have greater convenience, and those who prefer to keep their records separate can do so."

 Clarke said he and the Australian Privacy Foundation would continue to lobby the Federal Government on Healthcare Identifiers and information sharing.