myGov Privacy Impact Assessment
Dear Department of Human Services,
I note that in order to deal with Medicare electronically, I am forced
to sign up for an account with myGov.
I am very concerned about my data and my identities being linked
across services.
I have read the Privacy Statement at:
The Privacy Statement says that "You may opt out of any further use of
myGov in which case you can contact Member Services directly".
On the other hand, the Medicare page says that I can't login *except*
by means of a myGov account. How can it be meaningful to say I can
'opt out' if by doing so I can't reach a service provider?
I am very concerned about the design of the myGov scheme and would like to request the report arising from the Privacy
Impact Assessment of myGov.
Steven Roddis
You have received a secure email from the Department of Human Services.
Please select the link below to view the email.
Please note, you may have to register for this service
Please copy and paste the URL into your browser. If you encounter any issues, please close and reopen your browser before navigating to the URL again.
Your account with a new passphrase has been successfully set.
You can access your account by clicking on the following URL:
Please copy and paste the URL into your browser. If you encounter any issues, please close and reopen your browser before navigating to the URL again.
You have received a secure email from the Department of Human Services.
Please select the link below to view the email.
Please note, you may have to register for this service
Please copy and paste the URL into your browser. If you encounter any issues, please close and reopen your browser before navigating to the URL again.
Steven Roddis left an annotation ()
Here is their response:
Steven Roddis left an annotation ()
I'm a bit iffy about #5 but more worried about #7
They claim 1.22 hours of searching...
and a whopping 21.33 hours of decision making time for 3 documents containing an estimated* 5 (yes five) pages.
*erm.. ok why it is an estimate is anyone's guess.
Karen Dearne left an annotation ()
This seems new? Replies contained in a secure email that you have to register for means the material cannot be seen by others... So we cannot provide any comment?
Steven Roddis left an annotation ()
@Karen I agree it is silly. I have attached the various responses as an annotation though. Let me know if it doesn't show up.
Steven Roddis left an annotation ()
I have sent a reply
I suspect you may have made mistake in creating your letter.
You claim 3 documents, totaling 5 pages will take:
An extra 67.2 minutes to find them, and
a whopping 1279.8 minutes to make a decision on what (if any) to release.
Given that is is 21 people in a room for more than an hour or almost 3 work days nonstop,
I believe you have made a mistake.
If you haven't, please itemise how the time will be spent.
In addition,
Given Medicare is an essential service and that it is now impossible to use Medicare online without MyGov, I submit there is an overriding public interest in releasing the Privacy Impact Assessment and that all costs should be waived.
Steven Roddis

Ben Fairless left an annotation ()
If you get any attachments or PDF documents etc, feel free to send an email from your registered email address on Right to Know to and we can provide a One-Time link to upload the files :)
Right to Know Administrator
Karen Dearne left an annotation ()
There is no record of a tender or contract issued for a myGov PIA - the only one I can find was for the previous account, done in July-Sept 2011. Visit and search for CN415362. This PIA does not appear to have been published
Dear Mr Roddis,
Thank you for your email. I note your contention that the charge should not be imposed. A decision on charges will be notified to you by 12 May 2014.
Kind regards,
Ms McLeod
Freedom of Information Legal Team
FOI and Information Release Legal Branch | Legal Services Division
Department of Human Services
This email and any attachments may contain information subject to legal professional privilege or information that is otherwise sensitive or confidential. If you are not the intended recipient of this email, you are prohibited from using or disseminating this communication. If you have received this communication in error please notify the sender immediately and permanently delete this email.
Steven Roddis left an annotation ()
@Karen Dearne hmm... I never checked there. However I have been told the documents do exist. I'm really hoping they are released intact, I have great interest in them.
Karen Dearne left an annotation ()
It appears that the OAIC "advised" the DHS on MyGov PIA under its contract with the department:
Advice to the Department of Human Services
An MOU between the OAIC and the Department of Human Services (DHS) was signed on 4 February 2013. Under the MOU the OAIC provides dedicated privacy policy advice and assistance to DHS on Service Delivery Reform and general privacy issues.
The DHS Service Delivery Reform (SDR) program is intended to give Australians better access to social, health and welfare services. Some aspects of the program, such as the increased coordination and linking of services, will involve changes to the way that individuals' personal information is handled.
The Privacy Commissioner is a member of the inter-departmental committee set up to advise on SDR and consider the reforms from a whole-of-government perspective. The OAIC has provided advice on privacy impact assessments related to SDR, including the Tell Us Once and Single View of Customer service offerings. The OAIC also provided input into the privacy impact assessment drafted by DHS for the new authenticated portal, myGov.
In the Privacy Commissioner's most recent report on its activities relating to the PCEHR System, it notes:
Responded to two written enquiries from Consumers eHealth Alliance on various privacy aspects of the eHealth record system including the accuracy of PBS information contained in the PCEHR; the publication of quarterly reports under the MOU; and the use of myGov in the PCEHR registration process.
Dear Mr Roddis,
Please find attached correspondence relating to your request for documents
(7511), made under the Freedom of Information Act 1982.
Kind Regards
Elizabeth Bell
Principal Government Lawyer
FOI and Information Release Legal Branch | Legal Services Division
Department of Human Services
Steven Roddis left an annotation ()
"totalled 5 pages. I note that this figure was a typographical error; the documents falling within the scope of your request total 58 pages."
Elizabeth's response seems reasonable to me, the charge will be $75.45
Public Interest: -%50
Documents fall within scope: 31 pages.
30 min search and retrieval: $7.50
Decision-making: 12.17 hours - 5 hours: $143.40
I'm happy to pay this, does anyone have anything to add?
Dear Elizabeth Bell,
Thank you for your well-reasoned and fair review, I'm happy to pay the amount. However it will take me sometime to order a chequebook, do you support Direct Deposit?
Yours sincerely,
Steven Roddis
Dear Mr Roddis
In response to your query about payment options relating to your request
for documents (LEX 7511), made under the Freedom of Information Act 1982,
the department cannot take direct deposits for FOI matters. The amount due
should be paid by cheque or money order and made out to the Collector of
Public Monies. Please quote reference number [LEX 7511] with your payment
and advise us by email when your payment has been made.
Please send to:
Vickie Denham
FOI Legal Team
Department of Human Services
PO Box 7788
Please let me know if you have any further queries.
Vickie Denham
FOI Legal Team
FOI and Information Release Branch
Legal Services Division
‘This email and any attachments may contain information subject to legal
professional privilege or information that is otherwise sensitive or
confidential. If you are not the intended recipient of this email, you are
prohibited from using or disseminating this communication. If you have
received this communication in error please notify the sender immediately
and permanently delete this email.
Steven Roddis left an annotation ()
To those watching this request: I ordered a cheque book on the 12th.
Karen Dearne left an annotation ()
Unfortunately, mygov is not adequately concerned about citizens' right to privacy and data security, it appears. See
Steven Roddis left an annotation ()
The worst part is not the flaw but their really poor response and lack of mitigations eg.

Brendan Molloy left an annotation ()
Steven, they can take direct deposit. DFAT does constantly. Call the OAIC before it's gone and get advice.
Steven Roddis left an annotation ()
@Brendan I called OIAC today, they said it wasn't their area and they have nothing to do with payment methods.
Dear Vickie Denham,
RE: LEX 7511
I have just mailed a cheque for $75.45 to you with a note that it is for LEX 7511.
Yours sincerely,
Steven Roddis
Steven Roddis left an annotation ()
Although still no confirmation from the department, my bank says the cheque has cleared.
Dear Mr Roddis,
I confirm that the department has received and processed your cheque and a decision on this request is due to be notified to you by Thursday, 26 June 2014.
Kind Regards
Elizabeth Bell
Principal Government Lawyer
FOI and Information Release Legal Branch | Legal Services Division
Department of Human Services
Steven Roddis left an annotation ()
It's been 77 days already.
On the 26th it would have been 105.
13 March - FOI Request made
(27 days)
09 April - Response indicated charges (I replied that day)
(14 days)
23 April - Confirmation of my request to waive charges.
(19 days)
12 May - Decision on Charges
(7 days)
19 May - Chequebook arrived & Paid by cheque
(5 days)
24 May - Payment cleared
(5 days)
29 May - Confirmation of Payment received.
I've been waiting 27+14+19+5 = 65 days not including time taken to make payment.
I'd like to note to those following this, that it took 33 days from when I made a request to waive charges for a decision to be made.
Karen Dearne left an annotation ()
Give the Govt all of your information here!
See how easy it is?
Hmm, just click over those terms and conditions...
Dear Mr Roddis,
We would like to get in touch with you this afternoon to discuss your
freedom of information request (LEX 7511).
Please provide us with a phone number that we can contact you on, or give
me a call on (02) 6223 4025.
Julian Russell
Government Lawyer
FOI and Information Release Legal Branch | Legal Services Division
Department of Human Services
This email and any attachments may contain information subject to legal
professional privilege or information that is otherwise sensitive or
confidential. If you are not the intended recipient of this email, you are
prohibited from using or disseminating this communication. If you have
received this communication in error please notify the sender immediately
and permanently delete this email.
Hi, I was advised over the phone by Julian Russell that DHS will be proactively releasing a redacted version of the documents I requested.
I was informed:
* It would be released within 10 days.
* If necessary I could make a new request for the unredacted version.
* The redacted version is what I would be getting anyway.
* The charges will be refunded.
With that in mind, I withdraw this (LEX 7511) FOI request.
Yours sincerely,
Steven Roddis
Dear Mr Roddis,
To enable us to refund your processing charge, please provide us with a postal address. We will then arrange for a cheque in the amount of the charge to be forwarded to that address.
Julian Russell
Government Lawyer
FOI and Information Release Legal Branch | Legal Services Division
Department of Human Services
18 Canberra Avenue, Forrest
Ph: (02) 6223 4025
This email and any attachments may contain information subject to legal professional privilege or information that is otherwise sensitive or confidential. If you are not the intended recipient of this email, you are prohibited from using or disseminating this communication. If you have received this communication in error please notify the sender immediately and permanently delete this email.
You can make the cheque out to:
Steven Roddis
and post it to:
Steven Roddis
PO BOX 450
Thirroul, NSW 2515
Steven Roddis left an annotation ()
Got a tweet from @BenGrubb suggesting
might be the document.
Dear Mr Roddis,
I refer to your request of 13 March 2014 for access under the Freedom of
Information Act 1982 (FOI Act) to:
“the report arising from the Privacy Impact Assessment of
On 26 June 2014, you agreed to withdraw this request on the understanding
that the department would provide you with a redacted copy of the document
outside the FOI process.
Please find attached a redacted copy of the document you have requested.
Attached to the front of the document is a one page explanatory statement
that should be read in conjunction with the document.
The department is processing your refund of the charge of $75.45 and you
will receive a cheque in that amount shortly to the address that you have
Julian Russell
Government Lawyer
FOI and Information Release Legal Branch | Legal Services Division
Department of Human Services
This email and any attachments may contain information subject to legal
professional privilege or information that is otherwise sensitive or
confidential. If you are not the intended recipient of this email, you are
prohibited from using or disseminating this communication. If you have
received this communication in error please notify the sender immediately
and permanently delete this email.
Your The Department of Human Services secure email account is about to expire.
In order to keep your account active and prevent your secure messages from being deleted,
you must access your account by clicking on the following URL:
Please copy and paste the URL into your browser. If you encounter any issues, please close and reopen your browser before navigating to the URL again.
Steven Roddis left an annotation ()
I received an acknowledgement in the above message.
Here it is: