If you think an organisation or agency has mishandled your personal information, you need to complain to them first, before you complain to us. They may be able to take your complaint in person or over the phone, or they may prefer it in writing.

Check their privacy policy — it should explain what you need to do make a complaint. The privacy policy should also include how you can make a complaint and may include the contact details for a privacy officer that you can direct your complaint to.

What to include in your complaint

When you make the complaint, make sure you:

  • identify yourself
  • give any identification or reference number(s), if relevant
  • give a brief description of the matter and why you think the organisation or agency has mishandled your personal information (what happened, when it happened and any consequences)
  • let them know what you’d like them to do to resolve the matter.

If put your complaint in writing also include:

  • a contact address
  • a contact phone number
  • the date (if you’re sending a letter).

Complaint template

You may want to use this template to make your complaint.

Dear Privacy Officer

I am writing to you to make a privacy complaint, about how [name of agency/organisation] has handled my personal information.

On [date]...[provide an explanation of what happened, including as much detail as possible].

As a result of this…[explain the impact the incident has had on you and why you are concerned about this].

To resolve this complaint, I would like your organisation to...[outline what you are seeking to resolve the complaint].

Please call me on [your phone number] to discuss the complaint.

If I do not receive a response from [name of agency/organisation] within a reasonable time (generally 30 days) or the complaint is not resolved, I may contact the Office of the Australian Information Commissioner (OAIC) to make a privacy complaint.

Yours sincerely

[Your name]

Keep a record of your complaint

Make sure you keep a record of your complaint.

If you complained in person or over the phone, make a record (in your mobile device or a diary) of:

  • the date you complained
  • the name of the organisation or agency you complained to
  • the name of the person you complained to, if available
  • a brief description of the matter you complained about and why you think the organisation or agency has mishandled your personal information (what happened, when it happened and any consequences)
  • a brief description of what you asked the organisation or agency to do to resolve the matter.

If you made you complaint in writing, keep a copy of your complaint.

Keep a record of any responses

If you receive a response from the organisation or agency in person or by phone, you may like to record (in your mobile device or diary):

  • the date you received the response
  • the name of the organisation or agency that responded
  • the name of the person you spoke to, if available
  • a brief description of the organisation or agency’s response.

If the organisation or agency responds to your complaint in writing, make sure you keep their response.

Give them at least 30 days to respond

You need to give the organisation or agency a reasonable amount of time to respond to your complaint. We think 30 days is a reasonable time.

If the organisation or agency doesn’t respond to your complaint or you’re not happy with their response, you can lodge a complaint with us.