An inquiry by the commissioner's office found cases where individual privacy had been infringed.
Issues included MSD failing to ask beneficiaries for information before seeking it from a third party, meaning they made "inaccurate assessments of the information", "disproportionate and inappropriate requests" for information, in some cases stretching to every text message sent and received by a person over a lengthy period, and "overly broad" requests for information.
The latter led to MSD collection unnecessary and sensitive information on clients, including one woman's birthing records.
MSD has powers under section 11 of the Social Security Act (as regulated by a Code of Conduct) to collect "any information" about a person on a benefit in order to assess their entitlements – including retrospectively, as in the case with fraud investigations.
As well as the Privacy Act, MSD's Code of Conduct requires MSD to first seek information from a beneficiary client directly before seeking it from a third party, unless to do so would prejudice the maintenance of the law.
But in 2012, MSD advised its fraud investigation staff they could bypass the requirement to seek information directly from a beneficiary and instead go direct to third parties. MSD believed that an amendment to the Code enabled this.
The change resulted in staff collecting "large amounts of highly sensitive information", including text messages, domestic violence and other police records, banking information and billing records.
Edwards said there were likely thousands of beneficiaries affected by the practice change.
In court today, the woman's lawyer, Natalie Wham, said the documents MSD had requested from third parties while investigating her client created a "significant intrusion" on her privacy.
"Just because someone signs up for Government assistance doesn't mean they give away their total right to privacy," she said.
Co-counsel Kerry Cook pointed to evidence from the investigating MSD officer, who said she could not remember her thought process when deciding to go straight to the third parties for the information, but that it was "normal business practice" to do so for all high level fraud cases.
She said she had never obtained the information directly from the beneficiary before, always going straight to the third parties.
The beneficiary had two previous instances of dishonesty, but no history of tampering with evidence, Cook said.
He argued there was no reason to believe asking the beneficiary directly for the information would prejudice the maintenance of the law.
But deputy Solicitor General Charlotte Brook, who represented MSD, said the woman's previous dishonesty incidents spoke directly to her ability to provide accurate information when asked to.
"[She] has demonstrated quite conclusively that she couldn't be relied upon," Brook said.
One of those incidents included failing to report to MSD that she was receiving undeclared income.
Brook also said it was not unusual for the investigating officer to say she had never gone directly to a beneficiary for information, as she exclusively worked on "high risk" cases.
Meetra Wong, who also represented MSD, told the court if there was a privacy breach, it was "low level".
She said no specific medical information was gathered, only administration paperwork such as admission and discharge papers.
The court has reserved its decision.
