Privacy Act 1988
The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
The Privacy Act includes thirteen Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for the handling, holding, use, accessing and correction of personal information (including sensitive information).
The APPs regulate how organisations can collect, hold, use and disclose personal information and how you can access and correct that information. The APPs only apply to information about individuals, not information about corporate entities such as businesses, firms or trusts.
‘Sensitive information’ means personal information about you that is of a sensitive nature, including information about health, genetics, biometrics or disability; racial or ethnic origin; religious, political or philosophical beliefs; professional association or trade union memberships, sexuality; or criminal record. Special requirements apply to the collection and handling of sensitive information.
Collection of personal information
Under the APPs, we will only collect information for a lawful purpose that is reasonably necessary for, or directly related to your employment with us, or where otherwise required or authorised by law.
Types of personal information collected by us
- employment and personnel matters for our staff
- the performance of our legislative and administrative functions;
This personal information may include but is not limited to:
- your name, address and contact details (e.g. phone, email and fax);
- photographs, video recordings and audio recordings of you;
- information about your personal circumstances (e.g. marital status, age, gender, occupation, accommodation and relevant information about your partner or children);
- information about your financial affairs (e.g. payment details, bank account details and information about business and financial interests);
- information about your identity (e.g. date of birth, country of birth, passport details, visa details, drivers licence);
- information about your employment (e.g. work history, referee comments, remuneration);
- information about your background (e.g. educational qualifications, the languages you speak and your English proficiency);
- government identifiers (e.g.or Tax File Number);
- information about your recruitment, training and qualifications
Collection of sensitive information
- where you provide your consent; or
- where required or authorised by law; or
- where a permitted general situation exists such as to prevent a serious threat to safety.
Collection of unsolicited information
Where unsolicited information is received by us, we will, within a reasonable period, determine whether that information is directly related to one or more of our functions or activities. If this cannot be determined, we will, as soon as practicable, destroy or de-identify the information. If this can be determined we will notify you of the purpose of collection and our intended uses and disclosures according to the requirements of the APPs, unless it is impracticable or unreasonable for us to do so.
How we collect personal information
We may also collect your personal information if you:
- communicate with us by telephone, mail, email, fax or SMS;
- attend a face to face meeting or event conducted by us or our contractors;
- use our websites;
- interact with us on our social media platforms.
Storage and data security
Access to your personal information held by us is restricted to authorised persons who are departmental employees or contractors, on a need to know basis.
These steps include responding to requests to correct personal information when it is reasonable and appropriate to do so. Audits and quality inspections are also conducted from time to time to ensure the accuracy and integrity of information, and any systemic data quality issues are identified and resolved promptly.
Purposes for which information is collected, held, used and disclosed
- performing our employment and personnel functions in relation to our staff;
- performing our legislative and administrative functions;
- policy development, research and evaluation;
- complaints handling;
We use and disclose personal information for the primary purpose for which it is collected.
We will only use your personal information for secondary purposes where we are able to do so in accordance with the Privacy Act. This may include where you have consented to this secondary purpose, or where the secondary purpose is related (or if sensitive information, directly related) to the primary purpose and you would reasonably expect us to use or disclose the information for the secondary purpose, where it is required or authorised by law or where a permitted general situation exists such as to prevent a serious threat to safety.
Likely secondary purposes for which we many use or disclose your personal information include but are not limited to: quality assurance, auditing, reporting, research, evaluation and analysis, and promotional purposes.
We only record your email address when you send a message to us or subscribe to one of our mailing lists. Any personal information, including email addresses, will only be used or disclosed for the purpose for which it was provided.
Accidental or unauthorised disclosure of personal information
Accessing and Correcting Your Personal Information
How to seek access to and correction of personal information
Our access and correction process
While the Privacy Act requires that we give you access to your personal information upon request or an opportunity to request the correction of your personal information, it does set out circumstances in which we may refuse to give you access or decline to correct your personal information.
If we refuse to give you access or make corrections to your personal information, we will provide you with a written notice which, among other things, gives our reasons for refusing your request.