Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

Privacy policy summary

Scope

This summary sets out the key points about how the Office of the Australian Information Commissioner (OAIC) handles personal information.

We collect, hold, use and disclose personal information to carry out our functions or activities under the Australian Information Commissioner Act 2010 (AIC Act), the Privacy Act 1988 (Privacy Act) and the Freedom of Information Act 1982 (FOI Act).

More information can be found in our main privacy policy and our human resources privacy policy.

Collection of your personal information

We usually collect personal information (including sensitive information) from you or your authorised representative when we are handling privacy and freedom of information (FOI) complaints and FOI reviews or taking other regulatory action under the Privacy or FOI Acts. We will also collect your personal information when you apply for a job at the OAIC, notify the OAIC about a data breach or report a matter for investigation.

We sometimes collect personal information from a third party or a publicly available source to enable us to deal with a complaint or review application or to communicate with the public and stakeholders.

We also collect personal information through our websites and social networking services such as Facebook and Twitter. We use this information to improve our website and receive feedback from the community.

The OAIC uses the Australian Government’s SmartForm service to enable you to lodge a complaint, application, data breach notification, enquiry or apply for a job. When you save or submit a form using this service, the information is encrypted and stored in a secure server controlled by the Department of Industry, Innovation and Science (DIIS) until we download it. In very limited circumstances, DIIS may be able to view your information when there is a technical issue that requires investigation (DIIS must seek our permission to do so).

Disclosure

To ensure fairness, we disclose relevant information about the details of your complaint or review application to the respondent and, where relevant, affected third parties.

We may also disclose personal information:

  • to another review body if a complainant, applicant or respondent seeks an external review of the OAIC’s decision
  • to the My Health Records Systems Operator if you notify the OAIC about a data breach that relates to the My Health Records Act.
  • to other regulators or external dispute resolution schemes (generally only if you agree and where the information will assist investigation of a matter)
  • to service providers (like those that host our website servers, manage our IT and manage our human resources information).

We don’t disclose sensitive information about you unless you agree, or would reasonably expect us to.

Generally, we only disclose personal information overseas so that we can properly handle your complaint or application. As well, web traffic information we collect using Google Analytics may be stored overseas.

Accessing and correcting your personal information

If you ask, in most cases we must give you access to the personal information that we hold about you, and take reasonable steps to correct it if we consider it is incorrect. We will try to make the process as simple as possible.

How to make a complaint

You can complain to us in writing about how we have handled your personal information. We will respond to the complaint within 30 days.

You can find more information on our ‘How do I make a privacy complaint?’ web page.

How to contact us

You can contact us at:

Assisted contact options are also available.

This page makes up a part of the OAIC Information Publication Scheme IPS