Privacy and Personal Information
The Department of Infrastructure, Regional Development and Cities (the Department) is subject to the
Privacy Act 1988 (the Privacy Act). The Privacy Act provides for a unified set of Australian Privacy Principles. These principles set the rules for how the Department is to collect, use, handle, store and disclose personal information.
The Department may from time to time, review and update this policy to take account of new laws or technology, and/or changes to the Department's functions, operations and practices.
Types of Personal Information Collected and Held by the Department
The Department only collects personal information that is necessary for, or directly related to, its functions or activities. The types of information the Department generally collects and holds includes:
- personal contact details;
- personnel/employee records including educational qualifications;
- complaint and feedback information;
- financial payment records;
- contract, tender and submission documents;
- litigation and compensation records;
- grants and award information;
- employee conflict of interest declarations;
- mailing and subscription lists;
- FOI applications;
- ministerial correspondence; and
- personal details of board appointees.
Due to the various functions undertaken, especially in relation to transport security and the administration of Australia's external territories such as Christmas Island, Cocos Keeling and Norfolk Islands, the Department also collects and holds a range of sensitive personal information including:
- criminal history records;
- medical records, including physical, mental and dental health as well as next of kin and family history details;
- immigration and transfer files;
- housing and tenancy information;
- subsidised travel applications;
- bank details;
- rehabilitation and compensation case files;
- income and asset information;
- employee tax file numbers; and
- background and police checks.
Why the Department Collects Personal Information
The Department generally collects personal information directly from an individual and only collects information for the purposes of fulfilling regulatory and/or administrative functions.
The legislation administrated by the Department and matters for which the Department may collect, hold, use and disclose personal information can be found in the current Administrative Arrangements Order.
When the Department collects sensitive personal information, it is usually collected with the consent of the individual concerned. In limited circumstances the Department may collect personal information from a third party such as when a court order exists or it is authorised under an Australian law. If personal information about an individual is collected from another source, reasonable steps will be taken in the circumstances to notify the individual of the circumstances of the collection.
How the Department Stores Personal Information
The Department stores all personal information securely and restricts access to those employees who need access in order to perform their duties or to assist individuals. Personal information is stored electronically such as on databases, hard drives or in emails, or on hard copy files.
The Department takes all necessary steps to ensure that personal information is protected from misuse, loss and interference.
When information is no longer required it is securely destroyed in accordance with the Archives Act 1983 and relevant disposal authorities or forwarded to National Archives.
Use and Disclosure of Personal Information
The Department only uses and/or discloses information for the purposes for which it was collected (the primary purpose), unless an individual has consented to another use.
There are certain limited circumstances in which the Department may use or disclose information for a different purpose, known as a secondary purpose, where that purpose is:
- directly related to the primary purpose for which the information was collected;
- required or authorised under an Australian law or has been ordered by a court or tribunal;
- necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or public health or safety;
- a permitted general situation or health situation, as defined by the Privacy Act; or
- an enforcement related activity and the use or disclosure of the information is reasonably necessary.
If the Department uses or discloses information for a purpose other than what it was originally collected for the Department will keep a written notice of that use or disclosure as required by the APPs.
The Department does not routinely disclose personal information to overseas recipients. If, at some point, disclosure of information to an overseas recipient becomes necessary the Department will comply with APP 8 which requires the Department to take reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to the information.
Access to Personal Information
Individuals may request access to personal information held by the Department. There is no charge associated with making a request and the Department will process the request and provide access to the information, in most cases, within 30 days.
The more information an individual can provide about dealings they have had with the Department, the easier and more quickly information can be located.
For security reasons, and to protect individual's privacy, applicants may be asked to provide proof of their identity.
To access personal information, a written request should be sent to the Department's Privacy Officer by email at firstname.lastname@example.org or in writing to:
The Privacy Officer
Department of Infrastructure, Regional Development and Cities
GPO Box 594
CANBERRA ACT 2601
The Privacy Officer can be contacted on (02) 6274 6495 to discuss any privacy issues.
Amendment or Correction of Personal Information
Individuals may request the amendment of personal information held which is considered to be inaccurate, out-of-date, incomplete, irrelevant or misleading. If an individual considers information held by the Department requires amendment a written request should be sent to the Department's Privacy Officer outlining what aspects of the information is believed to be inaccurate, incorrect or out-of-date.
There is no charge associated with making a request and notification of the outcome will be provided, in most cases, within 30 days. If the Department refuses to correct or amend the information a written explanation will be provided.
Making a Privacy Complaint
An individual may complain about the way the Department has handled their personal information. Complaints should be in writing and sent to the Privacy Officer using the contact details provided.
The complaint should provide sufficient detail so the issues and concerns can be investigated.
If an individual is not satisfied with the outcome of an investigation, a complaint can be submitted to the Office of the Australian Information Commissioner (OAIC).
Further details about making a privacy complaint to the OAIC can be found at www.oaic.gov.au/privacy/making-a-privacy-complaint.
For information on Privacy and Information Policy refer to the Office of the Australian Information Commissioner (OAIC) or by telephone on 1300 363 992.