on this page
We review all businesses using Centrelink Confirmation eServices (CCeS) to check you are doing the right thing. Your obligations for CCeS include:
- getting customer consent
- staff access
- telling us about changes to your business
- privacy
- security.
Customer consent
You must get a customer’s consent before you use CCeS. It is voluntary and customers can withdraw their consent at any time. You must also:
- get consent from every customer you want to use CCeS for
- make sure you confirm the identity of the customer before you get consent or use CCeS
- keep consent records for 2 years from the last time you gave your customer a concession, rebate, or service
- ensure your consent record uses wording described in the CCeS procedural guide.
Staff access
You must train new staff in all aspects of using CCeS before they access CCeS.
Always use your own logon ID and password - don’t share these.
Tell us immediately if any staff no longer need access to CCeS. We’ll remove their access.
Changes to your business
Tell us about changes to your business. This includes changes to your:
- business structure or practices
- contact details, including authorised and contact officers.
Privacy and security
You must comply with privacy and secrecy legislation for personal, protected and confidential information. This means you can’t:
- access any records without a business need
- use the customer’s Customer Reference Number (CRN) for any purpose other than for CCeS data exchange
- share customer information without their consent
- access your own information or the information of people you know
- allow access to information to any unauthorised person.
You must tell us of any security incidents such as unauthorised disclosure.
Store customer details in a locked cabinet or secure database.
Make sure you can find consent records at review time.
More information
Find all your obligations in the CCeS policy, terms and procedural guide.