This policy applies to personal information that we collect.
We are bound by, and champion, the provisions of the Privacy Act 1988, including the Australian Privacy Principles. These principles set out standards, rights and obligations for how to handle and maintain people's personal information. This includes how personal information is:
- quality assured
It also includes an individual's right to access or correct their own personal information.
When interacting with us you will generally be able to remain anonymous or use a pseudonym. However, this may not always be possible. For example, when we assess your eligibility for a program or service, or we are authorised or required to deal with you as an identified individual, you may have to provide certain personal information. We will inform you if you are not able to remain anonymous or use a pseudonym when dealing with us.
How we handle personal information
Collecting personal information
We may collect personal information directly from you, your representative or a third party. While information is usually collected directly from you or another individual, in certain circumstances we may also obtain your personal information from other Australian state and territory government bodies, or other organisations.
We collect and hold a broad range of personal information in records relating to:
- individuals participating in programs and initiatives that we fund
- research we have commissioned
- contract management and funding agreements
- royal commissions
- correspondence from members of the public or organisations to us, the Attorney-General, or other Australian Government ministers and agencies
- complaints (including privacy complaints) and feedback provided to us
- requests under the Freedom of Information Act 1982
- legal advice provided by internal and external lawyers
- the performance of legislative and administrative functions
- employment and personnel matters for staff and contractors.
We collect this personal information in a variety of ways. These include:
- correspondence and submissions
- paper-based forms
- online (web-based forms and email)
- phone calls
We only collect personal information where that information is reasonably necessary for, or directly related to, one or more of our functions or activities. Generally, we will only collect sensitive personal information (such as health or criminal history information) if you have consented and it is reasonably necessary for, or directly related to, one or more of our functions or activities.
Sometimes we may collect sensitive personal information without your consent, such as when it is required or authorised by law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Australian Government's executive authority. We will not collect any personal information if we do not need it.
When we collect personal information, consistent with the requirements under the Privacy Act, we will notify you using a privacy collection notice, if it is reasonable to do so. The notice will include why we are collecting the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information.
Types of personal information that we hold
The personal information we collect and hold varies depending on what we need to perform our functions and responsibilities. It may include:
- your name, address and contact details (for example your phone number or email address)
- information about your identity (such as date of birth, country of birth, passport details, visa details and driver's licence)
- information about your personal circumstances (for example age, gender, marital status and occupation)
- information about your financial affairs (for example payment details, bank account details, and business and financial interests)
- information about your employment (for example applications for employment, work history, referee comments and remuneration)
- government identifiers
- information about assistance provided to you under our assistance arrangements.
We may also collect or hold sensitive information. This could include information about:
- your racial or ethnic origin
- your health (including information about your medical history and any disability or injury you may have)
- criminal activities you may have been involved in
- your biometrics (including photographs and voice or video recordings of you).
Use and disclosure of personal information
We will not provide your personal information to other government agencies, private sector organisations, or anyone else unless you consent or one of the following exceptions applies:
- you would reasonably expect us to use the information for that other purpose
- it is legally required or authorised, such as by an Australian law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Australian Government’s executive authority
- it is reasonably necessary for an enforcement-related activity
- we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary in order for us to take appropriate action in relation to the matter
- we reasonably believe that it is necessary to help locate a person who has been reported as missing
- it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
- it is reasonably necessary for the purposes of a confidential alternative dispute resolution process
- we reasonably believe that it is necessary for our diplomatic or consular functions or activities.
In limited circumstances, we may provide your biometric information (such as your fingerprints or photograph) or biometric templates (a digital representation of your distinct characteristics) to an enforcement body (such as an Australian police force, Australian Border Force, the Department of Home Affairs, or the Australian Securities and Investment Commission). Biometric information or templates can only be provided if we comply with any relevant guidelines made by the Australian Information Commissioner.
The third parties that we may disclose your personal information to or who may collect personal information on our behalf, include but are not limited to:
- suppliers and other third parties with whom we have commercial relationships (for example, for research and programs directly related to our functions)
- any organisations for any authorised purpose that directly relates to one of our functions, with your express consent.
We will ensure that appropriate protections of your personal information are in place with these third parties, as per our obligations under the Privacy Act. This includes ensuring that research we commission involves the collection of de-identified (anonymised) data.
Disclosure to overseas recipients
We may need to provide your personal information to an overseas recipient as part of our work.
In some cases, we may have to disclose limited personal information to recipients overseas under legislation or international information sharing agreements. This may occur, for example, in relation to a law enforcement matter such as a criminal investigation.
However, where there is no requirement for us to disclose personal information to an overseas recipient, we will either seek your consent or amend the information to ensure your personal information is not identifiable.
We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete. This may include correcting your personal information where it is appropriate to do so.
Consistent with the requirements of the Privacy Act, we take reasonable steps to ensure that the personal information we hold is safe and secure.
This includes protecting your personal information from:
- unauthorised access
- other types of misuse.
We safeguard our IT systems against unauthorised access, and ensure that paper based files are physically secured. We also ensure that personal information within our systems is only accessible to staff who need to have access in order to do their work.
If a data breach occurs, for example if personal information that we hold is subject to unauthorised loss, use or disclosure, we will respond in line with guidance provided by the Office of the Australian Information Commissioner: Data breach notification—A guide to handling personal information security breaches. We will aim to provide you with timely advice to ensure you are able to manage any loss—financial or otherwise—that could result from the breach.
When the personal information we collect is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order.
Data Breach Response Plan
Our Data Breach Response Plan sets out procedures and clear lines of authority for our staff if there is a data breach (or we suspect a data breach has occurred).
Download a copy of our data breach response plan
This response plan enables us to contain, assess and respond to data breaches quickly, to help mitigate potential harm to affected individuals and to comply with the notifiable data breaches scheme that commenced on 22 February 2018.
Access and correct your personal information
You have a right to access personal information that we hold about you. You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
When we can refuse a request for access or correction
We can decline access to, or correction of, personal information in certain circumstances, as set out in the Privacy Act.
Generally, if we refuse to give you access, we will notify you in writing, including the reasons for refusal and the mechanisms available to you to dispute that decision.
Proof of identity
Your application to access or correct documents that contain your personal information must include evidence of your identity.
If you are seeking documents containing personal information on behalf of someone else, you must provide evidence of both your identities. You must also provide evidence that you have their consent to represent them.
Proof of identity must clearly show that you are the person whose personal information is being requested or corrected. This will include a physical address, as documents containing personal information may be sent to you by registered post rather than by email.
Forms of ID
Acceptable identity documents include:
- a passport
- a driver's licence issued by an Australian state or territory
- any other official identification in the English language that contains your photo, signature and address.
You can send us a photocopy of these documents or email us a scanned copy. Identification documents must be certified as a true copy of the original by a person having the power to witness a Commonwealth statutory declaration.
Find out more about statutory declarations.
Access your personal information under the FOI Act
You can also access and correct your personal information that is contained in documents we hold under the Freedom of Information Act 1982. In some circumstances we will suggest that you make your request for personal information under the FOI Act. This is because:
- An FOI access request can relate to any document in our possession and is not limited to your personal information.
- The FOI Act contains a consultation process for dealing with requests for documents that contain your personal information, as well as the personal or business information about another person.
- You can seek review of our decision by the Information Commissioner under the FOI Act if you are unhappy with it.
- If we refuse to give you access under the FOI Act, you have a right to apply for internal review or Information Commissioner review of that decision.
We will not charge you to access your personal information under the Privacy Act. However, there may be a charge involved for us to process a request under the FOI Act, if your request for access to documents goes beyond a request for your own personal information.
Australian Government Solicitor and the Privacy Act
Privacy Impact Assessment
The Australian Government Agencies Privacy Code 2017 (Cth) requires all agencies, including us, to conduct a Privacy Impact Assessment for all high privacy risk projects. We maintain a register of assessments and have listed all assessments completed since the code came into effect on 1 July 2018 in the table below.
|Date of completion||Title of PIA|
|2018||Crimes Legislation Amendment (Powers, Offences and Other Measures) Bill – Fraud Information Sharing Amendments – Privacy Impact Assessment|
|2018||Foreign Influence Transparency Scheme Act 2018|
|2019||National Elder Abuse Prevalence Study|
|2020||Assessing the privacy risks of increased remote working arrangements|
Privacy Management Plan
The Australian Government Agencies Privacy Code requires agencies to have a privacy management plan. Our Privacy Management Plan is a strategic planning document in which we:
- identify our privacy goals and targets
- set out how we will meet our compliance obligations under the Australian Privacy Principles.
Download a copy of our privacy management plan
Contact our privacy officers to:
- ask about our compliance with the Australian Privacy Principles
- access or correct the personal information we hold about you
- make a complaint about the way we have handled your personal information.
3–5 National Circuit
BARTON ACT 2600
We take all complaints seriously and are committed to a quick and fair resolution. We will respond to your request or complaint promptly if you provide your contact details.
You can also complain to the Office of the Australian Information Commissioner. If you do so, they may recommend that you try to resolve your complaint directly with us in the first instance.
Contact them on 1300 363 992 or via the Office of the Australian Information Commissioner website. Their website also contains more information about making privacy complaints.
When you visit our website
Protecting your privacy online
We are committed to protecting privacy online in accordance with the Office of the Australian Information Commissioner's Guide to securing personal information.
While every effort is made to secure information transmitted to this site over the internet, there is a possibility that this information could be accessed by a third party while in transit.
When you visit any of our online websites or portals, our server logs the following information:
- the type of browser and operating system you are using
- your top level domain name, such as .com, .gov, .au, .uk
- the address of the referring site, such as the previous site that you visited
- your server's IP address, a number which is unique to the machine through which you are connected to the internet—usually one of your service provider's machines
- the date and time of your visit
- the address of the pages accessed and the documents downloaded.
We only use this information for statistical analysis and systems administration purposes. We make no attempt to identify users or their browsing activities. The exception is where a law enforcement agency is undertaking an investigation and has legal authority to identify users and/or their browsing activities.
A cookie is an electronic token that is passed to your browser which passes it back to the server whenever a page is sent to you.
Our server generates one cookie. It is used to keep track of the pages you have accessed while using our server. The cookie allows you to navigate back and forth from the website and return to pages you have already visited. The cookie exists only for the time you are accessing our server.
Information collected by third party software vendors
In addition to web server logs, this website uses several online tools, provided by third party software vendors, to measure website interaction and use. These tools help us make our site better by understanding the user experience and how users are interacting with our website content.
Third party software vendors we use include:
- Google analytics
- Google APIs (such as search console and reCAPTCHA)
For information on how these vendors handle your personal information, review their privacy policies.
Search terms you enter when using our search engine are collected, but are not associated with any other information that we collect. We use these search terms to ascertain what people are looking for on our site and to improve the services we provide.
Interaction between this site and other sites
This site contains links to other sites and may also use social sharing tools to make it easy to share information – for example, incorporating Facebook tools so users can 'like' content. These other sites may use web measurement tools, customisation technologies, and persistent cookies to inform the service they provide to their users.
We are not responsible for the privacy practices or the content of other sites.
We do not use, maintain or share personally identifiable information made available through social media sites including Facebook and YouTube. You should consult the privacy policies of other sites for information about their policies and practices.
3–5 National Circuit BARTON ACT 2600