Under section 11 of the Social Security Act, MSD has powers to collect any information about a person on a benefit in order to assess their entitlements.
MSD is first required to seek information from a beneficiary client directly before seeking it from a third party, as per the Privacy Act and MSD's Code of Conduct, unless doing so would prejudice the maintenance of the law.
However, in 2012, MSD advised its fraud investigation staff they could bypass the requirements due to an amendment to the Code.
Following its inquiry, the Office of the Privacy Commissioner recommended MSD cease its blanket application of the prejudice of the maintenance of the law exception.
Following the inquiry, MSD deputy chief executive for service delivery Viv Rickard said the organisation accepted the recommendations.
"The small number of cases we investigate using this measure are at the high end of the spectrum where there are serious, often multiple, allegations of fraud over a significant period of time, usually involving large sums of money," Rickard said.
"The allegations often relate to people who, on the face of it, have set out to deliberately mislead in order to receive benefits they're not entitled to.
"We recognise we have to balance clients' privacy rights alongside our responsibility to taxpayers to investigate serious fraud in a timely way, and to establish the facts."
Changes the MSD made in line with the OPC's current views:
• Amending processes to make sure staff make a case-by-case decision on whether to first go to the client, or to a third party and to make sure the right amount of information is collected.
• Suspending all requests for information to telecommunications companies and police, pending review of the Code of Conduct.
• A commitment to review the Code of Conduct that applies to the section and continuing to work with the Office of the Privacy Commissioner.
• Commissioning an independent assessment of fraud practices and policies.
