There are a number of stages in the complaint handling process. See our Complaint Chart below for an overview of the process.
We will try to deal with your complaint as quickly as possible, and to keep you informed of its progress. Some complaints are resolved within weeks, but more complex complaints may take longer.If you are unsure about whether the Office of the Australian Information Commissioner (OAIC) can investigate your complaint, please refer to our privacy complaint checker for guidance.
Will we investigate your complaint?
We cannot investigate all complaints about your privacy. Once your complaint is received we will assess it to make sure that you have complained about a privacy issue that is covered by the Privacy Act 1988 (Privacy Act). We will also check whether the complaint is about an agency or organisation covered by the Privacy Act.
Your complaint needs to involve your ‘personal information'. 'Personal information' is any information that can reasonably identify an individual. If you have complained about something that the Privacy Act does not cover, we will write to you to explain why we cannot assist you.
If you have complained about something that the Privacy Act covers, we will then check to see whether the agency or organisation you have complained about has had an opportunity to address your complaint directly, and if not, whether it would be appropriate for them to do so. We may decide not to investigate a complaint if you have not first complained to the agency or organisation directly.
If we are satisfied that direct resolution has been attempted and was unsuccessful, or is not appropriate, we will then decide whether it is appropriate for the OAIC to investigate your complaint. We will consider factors including the amount of time that has passed since you found out about the act or practice, whether the matter is better dealt with under another law or by another body, and whether you have provided information to support your complaint. Investigating and Resolving your complaint
Sometimes we need more information to see whether we can investigate your complaint. If this is the case, we may undertake preliminary inquiries into your complaint. We may contact you, the respondent you are complaining about and third parties to gather more information about your privacy complaint. If we can resolve your complaint during this stage, we will attempt to do this.
Based on the information we gather, we may either move to investigate, resolve, or close your complaint. Any information or documents that you provide us may be given to the respondent or anyone else who can assist us in dealing with your complaint. If you do not wish for your information to be passed on, you will need to tell us. However, in fairness to everyone involved in the complaint, if you do not want your information to be passed on, it may mean we are unable to continue to handle your complaint.
The OAIC investigates complaints by contacting the respondent, usually in writing, to tell them about your complaint and asking for their side of the story. Following our investigation, we may try to resolve your complaint through facilitating conciliation, if appropriate. The aim of conciliation is to resolve the issues through discussion and negotiation, allowing parties to reach their own agreement on the outcome rather than the OAIC deciding what should happen. As such, it is important to think about what action you would like from the respondent to resolve your complaint.
It is important to note that the role of the OAIC is to act as an impartial third party throughout this process. We do not act as an advocate for either party.
If you and the respondent can agree on an outcome to resolve your complaint, we will close your complaint on the basis that it has been adequately dealt with.
If you and the respondent cannot reach an agreement, we will make a decision on what should happen.
If we think the respondent has agreed to a reasonable outcome but you have not accepted it, we can close your complaint on the grounds that the respondent has adequately dealt with the matter, even if you do not agree.
If we do not think that the respondent has agreed to a reasonable outcome, the Australian Information Commissioner can make a formal decision about what the respondent needs to do. This is called a determination.
You can choose to withdraw your complaint at any time.
The OAIC’s emphasis throughout the complaint resolution process is on providing advice, assistance and information to help organisations comply with the Privacy Act, rather than seeking out and punishing the few organisations that do not.
Depending on the particular complaint, some possible resolutions could include:
- an apology
- a change to the respondent's practices or procedures
- staff counselling
- taking steps to address the matter, for example providing access to personal information, or amending records
- compensation for financial or non-financial loss
- other non-financial options, for example a complimentary subscription to a service.
In the large majority of complaints that come to the OAIC, resolution most often involves measures other than monetary compensation. Only a small number of complaints have involved financial compensation. In all but a few serious matters, the amounts have been between $500 and $3,000.
The following complaint chart gives a general overview of our complaints process:
For further information, please see:
- Privacy fact sheet 10: What will happen to my complaint
- Privacy fact sheet 12: Conciliation of privacy complaints
- Information Sheet 13: The Federal Privacy Commissioner’s Approach to Promoting Compliance with the Privacy Act
- Privacy Complaints Practice and Procedure Manual
- Privacy complaint checker