Procedures for handling misdirected correspondence 104-04070040

When contacted by an unintended individual it is important to gather information to report the incident via the Privacy Incident Portal.

When advised correspondence was received by an unintended individual:

• Thank the unintended individual for bringing this to the attention of Services Australia
• Apologise for any inconvenience caused by receiving the correspondence
• Reassure the unintended individual Services Australia takes this seriously and will act urgently to deal with the situation
• Ask for information to help identify why the correspondence was delivered to the unintended individual
  Do not ask the unintended individual to open the correspondence if they have not already done so

If the correspondence has not been opened:

• Ask for and note down the below information if the unintended individual is able to provide it:
• details of the unintended individual, for example, name, reference number (if they have one), phone number, address
• how the documents were received, such as by post, via email, handed to them personally, received online
• if the unintended individual was expecting correspondence from Services Australia and this has not been received
• any other documents received in the same envelope (if already opened)
• the name and address showing on the envelope or in the clear window
• Tell the unintended individual not to open the envelope if they have not already done so

If the correspondence has been opened:

• Ask them to provide:
• the date of the correspondence
• the type of correspondence received
• where was the letter sent from, for example Centrelink, Medicare or Child Support
• Ask if the person the documents were intended for previously lived at the unintended individual's address
• Ask the unintended individual to return the correspondence to Services Australia by post or in person:
• (if available) offer to send an express post/reply paid envelope to assist with the return of the correspondence
• provide the address for the unintended individual's local service centre (not the central scanning centre)
• If the correspondence cannot be returned for any reason, ask the unintended individual to destroy it
• Thank the unintended individual again for contacting Services Australia and finalise the contact

Note: the use and/or disclosure of the intended individual’s personal information by the unintended individual may be in contravention of secrecy provisions containing in the relevant legislation.

Check the record of the customer the correspondence was intended for. If the customer's address has not been updated since the correspondence was sent it may no longer be current, for example the customer may have previously lived at the address of the unintended individual.

Does the customer record have an old or incorrect address?

• Yes, go to Step 3
• No, address has been updated since the correspondence was sent. Go to Step 4

Follow the relevant process to make the address invalid or end dated:

• Centrelink, see Return to sender (RTS) mail for Centrelink and Updating address details
• Medicare, see Return mail indicator for Medicare claims
• Child Support, see Updating Child Support customer information
• Australian Immunisation Register, see Returned mail for Australian Immunisation Register (AIR)

Note: check that Services Australia is using accurate address information to ensure compliance with the Privacy Act 1988. The References page contains a link to the Privacy Act 1988.

Go to Step 5.

Reissue the correspondence (if it has not already been reissued) to the customer's current address.

See the following Operational Blueprint procedures related to reissuing correspondence:

• Viewing or reissuing a letter or electronic message (Centrelink)
• Return to sender (RTS) mail for aged care services (Medicare)
• Letters Cuba Process Help (Child Support)
• Letters for Child Support customers (Child Support)
• Manual letters in Pluto (Child Support)

Complete a Privacy Incident Notification form. See the Resources page for a link to the Privacy Incident Portal.

Note: Privacy Operations will liaise with the responsible business area regarding any recommendations for contact with the customer or other corrective action. Privacy Operations will not contact the unintended individual, but may contact the Service Officer who submitted the request for further information if required.