About this policy
This policy applies to personal information that we collect.
We are bound by, and champion, the provisions of the Privacy Act 1988, including the Australian Privacy Principles (APPs). These principles set out standards, rights and obligations for how to handle and maintain people's personal information. This includes how personal information is:
- quality assured
It also includes an individual's right to access or correct their own personal information.
When interacting with us you will generally be able to remain anonymous or use a pseudonym. However, this may not always be possible. For example, when we assesses your eligibility for a program or service, or we are authorised or required to deal with you as an identified individual, you may have to provide certain personal information. We will inform you if you are not able to remain anonymous or use a pseudonym when dealing with us.
Our personal information handling practices
We may collect personal information directly from you, your representative or a third party. While information is usually collected directly from you or another individual, in certain circumstances we may also obtain your personal information from other Australian, state and territory government bodies, or other organisations.
We collect and hold a broad range of personal information in records relating to:
- individuals participating in programs and initiatives that we fund
- research we have commissioned
- contract management and funding agreements
- royal commissions
- correspondence from members of the public or organisations to us, the Attorney-General, or other Australian Government ministers and agencies
- complaints (including privacy complaints) and feedback provided to us
- requests under the Freedom of Information Act 1982
- legal advice provided by internal and external lawyers
- the performance of legislative and administrative functions
- employment and personnel matters for staff and contractors.
We collect this personal information in a variety of ways. These include:
- correspondence and submissions
- paper-based forms
- online (web-based forms and email)
- phone calls
We only collect personal information where that information is reasonably necessary for, or directly related to, one or more of our functions or activities. Generally, we will only collect sensitive personal information, such as health or criminal history information if you have consented and it is reasonably necessary for, or directly related to, one or more of our functions or activities.
Sometimes we may collect sensitive personal information without your consent, such as when it is required or authorised by law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Australian Government's executive authority. We will not collect any personal information if we do not need it.
When we collect personal information, consistent with the requirements under the Privacy Act, we will notify you of certain matters using a privacy collection notice, if it is reasonable to do so. These matters include the purposes for which we collect the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information.
Types of personal information that we hold
The personal information we collect and hold varies depending on what we need to perform our functions and responsibilities. It may include:
- your name, address and contact details (for example your phone number or email address)
- information about your identity (such as date of birth, country of birth, passport details, visa details and driver's licence)
- information about your personal circumstances (for example age, gender, marital status and occupation)
- information about your financial affairs (for example payment details, bank account details, and business and financial interests)
- information about your employment (for example applications for employment, work history, referee comments and remuneration)
- government identifiers
- information about assistance provided to you under our assistance arrangements.
We may also collect or hold sensitive information. This could include information about:
- your racial or ethnic origin
- your health (including information about your medical history and any disability or injury you may have)
- criminal activities you may have been involved in
- your biometrics (including photographs and voice or video recordings of you).
Use and disclosure of personal information
We will not provide your personal information to other government agencies, private sector organisations, or anyone else unless you consent or one of the following exceptions applies:
- you would reasonably expect us to use the information for that other purpose
- it is legally required or authorised, such as by an Australian law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Executive authority of an Australian government
- it is reasonably necessary for an enforcement-related activity
- we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary in order for us to take appropriate action in relation to the matter
- we reasonably believe that it is necessary to help locate a person who has been reported as missing
- it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
- it is reasonably necessary for the purposes of a confidential alternative dispute resolution process
- we reasonably believe that it is necessary for our diplomatic or consular functions or activities.
In limited circumstances, we may provide your biometric information (such as your fingerprints or photograph) or biometric templates (a digital representation of your distinct characteristics) to an enforcement body (such as an Australian police force, Australian Border Force, the Department of Home Affairs, or the Australian Securities and Investment Commission). Biometric information or templates can only be provided if we comply with any relevant guidelines made by the Australian Information Commissioner.
The third parties that we may disclose your personal information to or who may collect personal information on our behalf, include but are not limited to:
- suppliers and other third parties with whom we have commercial relationships (for example, for research and programs directly related to our functions)
- any organisations for any authorised purpose that directly relates to one of our functions, with your express consent.
We will ensure that appropriate protections of your personal information are in place with these third parties, as per our obligations under the Privacy Act 1988. This includes ensuring that research we commission involves the collection of de-identified (anonymised) data.
Disclosure to overseas recipients
We may need to provide your personal information to an overseas recipient as part of our work.
In some cases, we may have to disclose limited personal information to recipients overseas under legislation or international information sharing agreements. This may occur, for example, in relation to a law enforcement matter such as a criminal investigation.
However, where there is no requirement for us to disclose personal information to an overseas recipient, we will either seek your consent or amend the information to ensure your personal information is not identifiable.
Quality of personal information
Consistent with the requirements of the Privacy Act, we take reasonable steps to ensure that the personal information we hold is safe and secure. We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete. This may include correcting your personal information where it is appropriate to do so.
We also take appropriate steps to protect your personal information from:
- unauthorised access
- other types of misuse. We safeguard our IT systems against unauthorised access, and ensure that paper based files are physically secured. We also ensure that personal information within our systems is only accessible to staff who need to have access in order to do their work.
If a data breach occurs, for example if personal information that we hold is subject to unauthorised loss, use or disclosure, we will respond in line with the Office of the Australian Information Commissioner's Data breach notification—A guide to handling personal information security breaches. We will aim to provide you with timely advice to ensure you are able to manage any loss—financial or otherwise—that could result from the breach.
When the personal information we collect is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order.
For example, under the Archives Act 1983 we must maintain personal information that is, or forms part of, a Commonwealth record. We must also maintain records for certain other purposes, including where the National Archives of Australia issues a disposal freeze in response to prominent or controversial issues or events. Find out more about current disposal freezes on the National Archives of Australia website.
Access and correct your personal information
You have a right to access personal information that we holds about you. You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
When we can refuse a request for access or correction
We can decline access to, or correction of, personal information in certain circumstances, as set out in the Privacy Act.
Generally, if we refuse to give you access, we will notify you in writing, including the reasons for refusal and the mechanisms available to you to dispute that decision.
Access your personal information under the FOI Act
You can also access and correct your personal information that is contained in documents we hold under the Freedom of Information Act 1982 (the FOI Act). In some circumstances we will suggest that you make your request for personal information under the FOI Act. This is because:
- an FOI access request can relate to any document in our possession and is not limited to your personal information
- the FOI Act contains a consultation process for dealing with requests for documents that contain your personal information, as well as the personal or business information about another person
- you can make a complaint to the Office of the Australian Information Commissioner under the FOI Act if you are unhappy with our actions
- if we refuse to give you access under the FOI Act, you have a right to apply for internal review or Information Commissioner review of that decision.
We will not charge you to access your personal information under the Privacy Act. However, there may be a charge involved for us to process a request under the FOI Act, if your request for access to documents goes beyond a request for your own personal information.
Privacy Impact Assessments
The Privacy (Australian Government Agencies – Governance) Australian Privacy Principles Code 2017 (Cth) requires all agencies, including the Attorney-General's Department, to conduct a Privacy Impact Assessment for all high privacy risk projects. We maintain a register of assessments and list all assessments completed since the code came into effect on 1 July 2018.
|Date of completion||Title of PIA|
|2018||Crimes Legislation Amendment (Powers, Offences and Other Measures) Bill – Fraud Information Sharing Amendments – Privacy Impact Assessment|
Privacy management plan
The Australian Government Agencies Privacy Code requires agencies to have a privacy management plan. Our Privacy Management Plan is a strategic planning document in which we:
- identify our privacy goals and targets
- set out how we will meet our compliance obligations under the APPs.
Download a copy of our privacy management plan
Data Breach Response Plan
Our Data Breach Response Plan sets out procedures and clear lines of authority for our staff if there is a data breach (or we suspect a data breach has occurred).
Download a copy of our data breach response plan
This response plan is intended to enable us to contain, assess and respond to data breaches quickly, to help mitigate potential harm to affected individuals and to comply with the notifiable data breaches scheme that commenced on 22 February 2018.
3–5 National Circuit
BARTON ACT 2600
We take all complaints seriously and are committed to a quick and fair resolution. We will respond to your request or complaint promptly if you provide your contact details.
You can also complain to the Office of the Australian Information Commissioner. If you do so, they may recommend that you try to resolve your complaint directly with us in the first instance.
Contact them on 1300 363 992 or via the Office of the Australian Information Commissioner website. Their website also contains more information about making privacy complaints.
If you have a complaint about the way the department has handled your personal information, you may contact our Privacy Contact Officer.
Accessing and correcting your personal information
Under the Privacy Act 1988, you have a right to access your personal information that is held by this department. You also have a right to request corrections to any personal information that we hold about you if you think that it is inaccurate, out-of-date, incomplete, irrelevant or misleading.
When you visit our website
Protecting your privacy online
We are committed to protecting privacy online in accordance with the Office of the Australian Information Commissioner's Guide to securing personal information.
While every effort is made to secure information transmitted to this site over the internet, there is a possibility that this information could be accessed by a third party while in transit.
When you visit our site, our server logs the following information:
- the type of browser and operating system you are using
- your top level domain name, such as .com, .gov, .au, .uk
- the address of the referring site, such as the previous site that you visited
- your server's IP address, a number which is unique to the machine through which you are connected to the internet—usually one of your service provider's machines
- the date and time of your visit
- the address of the pages accessed and the documents downloaded.
We only use this information for statistical analysis and systems administration purposes. We make no attempt to identify users or their browsing activities. The exception is where a law enforcement agency is undertaking an investigation and has legal authority to identify users and/or their browsing activities.
A cookie is an electronic token that is passed to your browser which passes it back to the server whenever a page is sent to you.
Our server generates one cookie. It is used to keep track of the pages you have accessed while using our server. The cookie allows you to navigate back and forth from the website and return to pages you have already visited. The cookie exists only for the time you are accessing our server.
In addition to web server logs, this website uses Google Analytics, a web analytics service provided by Google Inc. We use reports obtained from Google Analytics to help improve the efficiency and usability of this website.
Google will use this information for the purpose of evaluating the use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
Search terms you enter when using our search engine are collected, but are not associated with any other information that we collect. We use these search terms to ascertain what people are looking for on our site and to improve the services we provide.
Interaction between this site and other sites
This site contains links to other sites and may also use social sharing tools to make it easy to share information – for example, incorporating Facebook tools, so users can 'like' content. These other sites may use web measurement tools, customisation technologies, and persistent cookies to inform the service they provide to their users.
We are not responsible for the privacy practices or the content of other sites.
We do not use, maintain or share personally identifiable information made available through social media sites including Facebook and YouTube. You should consult the privacy policies of other sites for information about their policies and practices.
3–5 National Circuit BARTON ACT 2600