You are here: Skip breadcrumbAttorney-General's Department >> Privacy policy

 Privacy policy

About this policy

This policy applies to personal information collected by the Attorney-General's Department.

The department is bound by, and champions, the provisions of the Privacy Act 1988, including the Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for how people's personal information is to be handled and maintained. This includes how personal information is collected, stored, used, disclosed, quality assured and secured, as well as individual rights to access or correct their own personal information.

Remaining anonymous

When interacting with the department, you will generally be able to remain anonymous or use a pseudonym. However, it may not always be possible for this to occur. For example, when the department assesses your eligibility for a program or service, or is authorised or required to deal with you as an identified individual, it may be necessary for you to provide certain personal information. The department will inform you if you are not able to remain anonymous or use a pseudonym when dealing with us.

Our personal information handling practices


The department may collect personal information directly from you, your representative or a third party. While information is usually collected directly from you or another individual, in certain circumstances the department may also obtain your personal information that was collected by other Australian, state and territory government bodies, or other organisations.

The department collects and holds a broad range of personal information in records relating to:

  • individuals participating in programs and initiatives that the department funds
  • the management of contracts and funding agreements
  • Royal Commissions
  • correspondence from members of the public or organisations to the department, the Attorney General, other Australian Government ministers and parliamentary secretaries, and agencies
  • complaints (including complaints relating to privacy) and feedback provided to the department
  • requests under the Freedom of Information Act 1982
  • legal advice provided by internal and external lawyers
  • the performance of legislative and administrative functions
  • employment and personnel matters for staff and contractors.

The department collects this personal information in a variety of ways, including through correspondence and submissions, paper based forms, online (through websites, as well as email), over the phone and by fax.

The department only collects personal information where that information is reasonably necessary for, or directly related to, one or more of our functions or activities. Generally, we will only collect sensitive personal information, such as health or criminal history information if you have consented and it is reasonably necessary for, or directly related to, one or more of the department's functions or activities.

Sometimes we may collect sensitive personal information without your consent, such as when it is required or authorised by law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the executive authority of the Australian Government. The department will not collect any personal information if we do not need it.

When the department collects personal information, consistent with the requirements under the Privacy Act, we will notify you of certain matters by using a privacy collection notice if it is reasonable to do so. These matters include the purposes for which we collect the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information.

Kinds of personal information that the department holds

The personal information the department collects and holds varies depending on what is required to perform our functions and responsibilities. It may include:

  • your name, address and contact details (eg phone, email and fax)
  • information about your identity (eg date of birth, country of birth, passport details, visa details and drivers licence)
  • information about your personal circumstances (eg age, gender, marital status and occupation)
  • information about your financial affairs (eg payment details, bank account details, and business and financial interests)
  • information about your employment (eg applications for employment, work history, referee comments and remuneration)
  • government identifiers
  • information about assistance provided to you under our assistance arrangements.

The department may also collect or hold sensitive information, including information about:

  • your racial or ethnic origin
  • your health (including information about your medical history and any disability or injury you may have)
  • criminal activities you may have been involved in
  • your biometrics (including photographs and voice or video recordings of you).

Use and disclosure of personal information

The department will not provide your personal information to other government agencies, private sector organisations, or anyone else unless you consent or one of the following exceptions applies:

  • you would reasonably expect us to use the information for that other purpose
  • it is legally required or authorised, such as by an Australian law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Executive authority of an Australian government
  • it is reasonably necessary for an enforcement-related activity
  • we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
  • we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary in order for us to take appropriate action in relation to the matter
  • we reasonably believe that it is reasonably necessary to help locate a person who has been reported as missing
  • it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
  • it is reasonably necessary for the purposes of a confidential alternative dispute resolution process
  • we reasonably believe that it is necessary for our diplomatic or consular functions or activities.

In limited circumstances, the department may provide your biometric information (such as your fingerprints or photograph) or biometric templates (a digital representation of your distinct characteristics) to an enforcement body (such as an Australian police force, Australian Border Force, the Department of Home Affairs, or the Australian Securities and Investment Commission). Biometric information or templates can only be provided if the department complies with any relevant guidelines made by the Australian Information Commissioner.

Disclosure to overseas recipients

The department may need to provide your personal information to an overseas recipient as part of our work.

In some cases, the department may be required to disclose limited personal information to recipients overseas under legislation or international information sharing agreements. This may occur, for example, in relation to a law enforcement matter such as a criminal investigation.

However, where there is no requirement for the department to disclose personal information to an overseas recipient, we will either seek your consent or amend the information to ensure your personal information is not identifiable.

Quality of personal information

Consistent with the requirements of the Privacy Act, the department takes reasonable steps to ensure that the personal information we hold is safe and secure. We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete. This may include correcting your personal information where it is appropriate to do so.

Data security

The department also takes appropriate steps to protect your personal information from loss, unauthorised access, use, modification or disclosure, and against other types of misuse. We safeguard our IT systems against unauthorised access, and ensure that paper based files are physically secured. We also ensure that personal information within our systems is only accessible to staff who need to have access in order to do their work.

If a data breach occurs, such as if personal information that we hold is subject to unauthorised loss, use or disclosure, we will respond in line with the Office of the Australian Information Commissioner's Data breach notification—A guide to handling personal information security breaches. We will aim to provide timely advice to you to ensure you are able to manage any loss—financial or otherwise—that could result from the breach.

When the personal information we collect is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order.

For example, the Archives Act 1983 requires the department maintain personal information that is, or forms part of, a Commonwealth record. We are also required to maintain records for certain other purposes, including where the National Archives of Australia issues a disposal freeze in response to prominent or controversial issues or events. More information on current disposal freezes is available from the National Archives of Australia website.

Accessing and correcting your personal information

You have a right to access personal information the department holds about you. You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

When we can refuse a request for access or correction

The department can decline access to, or correction of, personal information in certain circumstances as set out in the Privacy Act.

Generally, where the department refuses to give you access, we will give you written notice of the reasons for refusal and the mechanisms available to you to dispute that decision.

Accessing your personal information under the FOI Act

It is also possible to access and correct your personal information that is contained in documents held by the department under the Freedom of Information Act 1982 (the FOI Act). In some circumstances we will suggest that you make your request for personal information under the FOI Act. This is because:

  • an FOI access request can relate to any document in our possession and is not limited to your personal information
  • the FOI Act contains a consultation process for dealing with requests for documents that contain your personal information, as well as the personal or business information about another person
  • you can make a complaint to the Office of the Australian Information Commissioner under the FOI Act if you are unhappy with the department's actions
  • if the department refuses to give you access under the FOI Act, you have a right to apply for internal review or Information Commissioner review of that decision.

The department will not charge you to access your personal information under the Privacy Act. However, there may be a charge involved for us to process a request under the FOI Act, if your request for access to documents goes beyond a request for your own personal information.
Find out more about how to make a request under the FOI Act on the Freedom of Information page. You can also make a request by emailing foi@ag.gov.au.

Privacy Impact Assessments

The Privacy (Australian Government Agencies – Governance) Australian Privacy Principles Code 2017 (Cth) requires all agencies, including the Attorney-General's Department, to conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects. A register of PIAs is maintained by the department, and lists PIAs completed since the Code came into effect on 1 July 2018.

Date of completion

Title of PIA


Crimes Legislation Amendment (Powers, Offences and Other Measures) Bill – Fraud Information Sharing Amendments – Privacy Impact Assessment

Privacy management Plan

The Australian Government Agencies Privacy Code requires agencies to have a privacy management plan. The department's Privacy Management Plan is a strategic planning document in which the department:

  • identifies its privacy goals and targets
  • sets out how it will meet its compliance obligations under the APPs.

Data Breach Response Plan

The department's Data Breach Response Plan sets out procedures and clear lines of authority for the department's staff in the event that there is a data breach (or suspects that a data breach has occurred).

This response plan is intended to enable the department to contain, assess and respond to data breaches quickly, to help mitigate potential harm to affected individuals and to comply with the notifiable data breaches (NDB) scheme that commenced on 22 February 2018.


To make an enquiry about our compliance with the APPs, our privacy policy, or to access or correct the personal information we hold about you, or to make a complaint about the way your personal information has been handled by the department, contact our Privacy Contact Officers at:

Privacy Contact Officer
Attorney-General's Department
3–5 National Circuit
Email: privacy@ag.gov.au

The department takes all complaints seriously and is committed to a quick and fair resolution. We will respond to your request or complaint promptly if you provide your contact details.

You may also make a complaint to the Office of the Australian Information Commissioner (OAIC). If you do so, the OAIC may recommend that you try to resolve your complaint directly with us in the first instance. The OAIC can be contacted on 1300 363 992 or via the Office of the Australian Information Commissioner website. The website also contains further information about making complaints relating to privacy.

What happens when you visit our website

Protecting your privacy online

The department is committed to protecting privacy online in accordance with the Guide to securing personal information issued by the Office of the Australian Information Commissioner.

While every effort is made to secure information transmitted to this site over the internet, there is a possibility that this information could be accessed by a third party while in transit.

Information logged

When you visit the departments site, our server logs the following information:

  • the type of browser and operating system you are using
  • your top level domain name, such as .com, .gov, .au, .uk
  • the address of the referring site, such as the previous site that you visited
  • your server's IP address, a number which is unique to the machine through which you are connected to the internet—usually one of your service provider's machines
  • the date and time of your visit
  • the address of the pages accessed and the documents downloaded.

This information is used only for statistical analysis and systems administration purposes. No attempt is made to identify users or their browsing activities. The exception is where a law enforcement agency is undertaking an investigation and has legal authority to identify users and/or their browsing activities.


A cookie is an electronic token that is passed to your browser which passes it back to the server whenever a page is sent to you.

Our server generates one cookie. It is used to keep track of the pages you have accessed while using our server. The cookie allows you to navigate back and forth the web site and return to pages you have already visited. The cookie exists only for the time you are accessing our server.

Google Analytics

In addition to web server logs, the department's website uses Google Analytics, a web analytics service provided by Google Inc. Reports obtained from Google Analytics are used to help improve the efficiency and usability of this web site.

Google Analytics uses 'cookies' to help analyse how users use this site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google will use this information for the purpose of evaluating the use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

By using the department's , you consent to Google processing data about you in the manner and for the purposes set out above. Please refer to Google's Privacy Policy.


Search terms you enter when using our search engine are collected, but are not associated with any other information that we collect. We use these search terms to ascertain what people are looking for on our site and to improve the services we provide.

Interaction between this site and other sites

This site contains links to other sites and may also use social sharing tools to make it easy to share information – for example, incorporating Facebook tools, so users can 'Like' content. These other sites may use web measurement tools, customisation technologies, and persistent cookies to inform the service they provide to their users.

Our department is not responsible for the privacy practices or the content of other sites.

The department does not use, maintain or share personally identifiable information made available through social media sites including Facebook and YouTube. You should consult the privacy policies of other sites for further information about their policies and practices.