AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 1994 >> [1994] PrivLawPRpr 4

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Clarke, Roger --- "The sad tale of the parallel data-matching program" [1994] PrivLawPRpr 4; (1994) 1(1) Privacy Law & Policy Reporter 8

The sad tale of the parallel data-matching program

Roger Clarke

The Parallel Data-Matching Program (PDMP) is authorised by the Data Matching Program (Assistance and Tax) Act 1990 (Cth). It involves the provision of personal data by multiple source agencies to the Data-Matching Agency within the Department of Social Security (DSS). DSS checks it for validity, then extracts the tax file numbers (TFNs) and provides them to the Australian Taxation Office (ATO). The ATO returns to DSS the identity and income details associated with each TFN. DSS compares the data from the five source agencies and two assistance agencies, with the aim of finding identification discrepancies, and anomalies in the patterns of benefit payments and declared income. DSS provides information about discrepancies and anomalies back to the source agencies, which investigate them.

This ''cycle' is repeated between five and nine times each year. The statistics of these cycles vary, but as an indication of their scale, each cycle involves over 10 million attempted matches, producing about 200,000 apparent discrepancies and anomalies, of which about 15,000 are selected for review. About 10,000 of these survive a preliminary examination, and about 1,500 result in action being taken.

The PDMP is an exercise in mass data surveillance. It involves vast quantities of data about vast numbers of people being arbitrarily ''trawled' through (or subjected to ''the information society's equivalent of driftnet fishing', as the Australian Privacy Commissioner has described it). The express intent of this activity is to generate suspicion. Inconsistency between the data collections of different agencies is treated as prima facie evidence that an error has occurred, or that a misdemeanour or fraud has been committed.

Data-matching is an extremely privacy-invasive procedure. The data is used by organisations which were not the original collectors, and for purposes which are very different from the original purpose of collection. The data relates to some 5 million primary individuals (beneficiaries), but also to millions of other people, particularly beneficiaries' spouses and dependents. The people involved are, by definition, in need of financial assistance. Large numbers of them have difficulties with the formalities and complexities involved in dealings with bureaucracies and their information-intensive policies, procedures and practices; and are ill-prepared to deal with aggressive inquiries, and to register and conduct disputes. At a sociological level, matching has a ''chilling effect', in that it gives people a very real impression that ''"they", "the government", know everything about me'.

In practice, the PDMP has proven cumbersome and ineffectual, as the recent report by the Auditor-General on the program's performance up to June 1993. This article reflects more up-to-date information which became public in October 1993.

The vast quantity of data from diverse sources is of varying quality, and is subject to complex and program-specific definitions in at least a dozen different statutes and seven different agencies. The scope for misunderstandings results in a low proportion of investigations surviving the initial manual examination (under 25 per cent), and an even smaller proportion resulting in action (well under 10 per cent). As a result, close to 90 per cent of the suspicions the PDMP generates prove to be unfounded or trivial, and by June 1993, about 35,000 people had been subjected to an intimidating ''notice of proposed action' process without any error or misdemeanour being discovered worthy of further action.

These operational weaknesses have a significant impact on the PDMP's financial value. Prior to the legislation being enacted, the Australian Privacy Foundation (APF) argued that the justification for the scheme was seriously flawed. Its argument has been savagely vindicated. As Table 1 shows, the benefits have been achieved much later than was predicted by DSS, and at about one-tenth of the originally predicted level (current estimates of $30-40 million per annum compared with original estimates of more than $300 million per annum). For several reasons, detailed in Clarke (1993), the author considers even the most recent DSS estimates to be over-stated.

The justification offered to Cabinet and the Parliament in 1990 contained no data about the costs of the scheme. The annual reports for 1991 and 1992, in apparent breach of the statutory requirements, failed to contain meaningful analysis of the costs and benefits. Only after the APF, the Privacy Commissioner and the ANAO had all made strong expressions of concern did DSS deign to provide an analysis. In the event, even that analysis was badly flawed.

Table 2 shows the net benefits. The first group are those claimed by DSS and the second contains figures adjusted by the author to dampen the Department's exaggeration of benefits and reflect more reasonable assumptions about opportunity costs (for details, see Clarke 1993). Table 2 also shows the cumulative net value of the adjusted figures, expressed in 1990-1991 dollars, after allowing for the time-value of money and using the standard government discount rate of 8 per cent per annum.

On the basis of the information available, plus reasonable assumptions assessed using conventional cost-benefit analysis, the program has lost the taxpayer money during its first three years, is currently operating at only break even level, and appears very unlikely to ever provide a return on the investment. In sheer economic terms, it is not worth doing. The original benefits estimates were enormously exaggerated. The Department has continued to abuse the technique of cost-benefit analysis in order to exaggerate and mislead.

The Australian Parliament authorised the scheme in 1990, subject to a sunset provision. In late 1992 and again in late 1993, that provision was extended, currently until January 1996 (see Legislation & Guidelines this issue). The DSS has inveigled the government and the Parliament into approving not only the establishment of an unjustified program, but also its continuation long after its inadequacies were well documented.

In December 1988, the government tightened the provisions relating to the TFN (a measure which, unlike its predecessor, the Australia Card proposal, enjoyed community support). The then Treasurer gave iron-clad assurances that use of the TFN would be restricted to tax purposes. Despite this, the government extended use of the TFN to all schemes providing financial benefits to citizens, and made provision of the code a condition of receiving benefits. Matching based on the nascent national identification number is but the latest measure in the government's campaign of social control based on data surveillance.


Clarke ''Matches played under Rafferty's rules: the Parallel Data-Matching Program is not only privacy-invasive but economically unjustifiable as well' (Working Paper, Department of Commerce, Australian National University, November 1993)

Roger Clarke

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback