Privacy failures put spotlight on digital services

Public confidence in the government's digital services took another hit when it was revealed personal Medicare details were being sold online, and the Tax Office's web customer services went down.

Aside from fears they raise about the security of patients' personal information, the revelations are also alarming because the government doesn't know the source of the breach letting a darknet vendor sell Medicare details.

On the heels of this, and as feared back in February, the Australian Taxation Office's tax return program has hit trouble after the agency was forced to shut down its online customer services for several hours, only a few days into tax time. While not yet reaching the scale of the embarrassing census debacle, the shutdown of a widely used government portal in a critical period echoed the ABS scandal last year. 

Taken together, these failures in government digital services speak of a larger malaise in its IT program that has been growing for some time. The 'censusfail', the notorious robo-debt program, and a litany of other IT stuff-ups have strained the public's trust in crucial government online services.

Departments need to reverse this if they're to stay relevant in a world where commercial operations are moving their services online with relative success.   

While the causes of the Medicare breach remain unknown, there are risk factors that need attention in any review of its IT security. It's significant that the number of people with access to patients' Medicare card details online has climbed as the government tries to cut costs from manual claims by directing more medical practices to its digital system. 

Given the blame for the robo-debt disaster directed at the Department of Human Services' push to cut manual processing of Centrelink debt claims in favour of an online program, the government needs to reconsider whether it's moving the right processes into digital, and to re-examine its reasons for moving them.

The government shouldn't let the drive to cut costs motivate it to digitise services if changes escalate the risk to privacy, department security or client welfare. If they do, then the government needs to mitigate them better.

Given events this last year, there's much reason to believe that departments and agencies don't consider this enough when deciding to embark on these reforms.