Issue date 4 December 2017
Our personal information handling practices
Purposes for collection
We only collect personal information that is reasonably necessary for, or directly related to, one or more of our functions or activities under the legislation we administer. For further information, see The laws we administer.
How we collect information
We collect personal information from individuals, or their authorised representatives.
In some circumstances we may collect personal information about individuals from third parties. This includes:
- personal information collected from third parties about individuals who are the subject of reports of misconduct made to us
- personal information collected from third parties about individuals in the course of our compliance or investigation activities
- information provided to us in the course of our registration, licensing and other statutory functions that contains personal information about individuals
- information provided to us in other documents, such as tender documents and curriculum vitaes, that contain personal information about individuals.
The Australian Privacy Principles place a general obligation on Australian Government agencies to inform individuals when they collect personal information about them from third parties. However, in many cases where we collect information from third parties, we do not inform the individuals because one of the following exceptions applies:
- we expect that the individual will have consented to us collecting the information
- we are required or authorised to collect the personal information from third parties by law
- it would not be reasonable for the individual to know that we have collected the information because, for example, it may relate to the investigation of a report of misconduct.
Use and disclosure
We only use personal information for the purpose for which it was collected unless one of the following applies:
- the individual consents to, or would reasonably expect us to use the information for a different purpose
- we are required or authorised by law to use the information
- we reasonably believe that the use or disclosure is necessary for our or other agencies' enforcement activities.
We only disclose personal information to bodies or persons if one of the following applies:
- the individual has consented
- the individual would reasonably expect us to disclose the personal information
- we are required or authorised by law to disclose the information
- we reasonably believe that the use or disclosure is necessary for our enforcement activities.
Security of information
We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and other misuse. These steps include password protection and access privileges for accessing our electronic IT systems, securing paper files in locked cabinets, and physical access restrictions.
Access, correction and complaints
You are entitled seek access to personal information we hold about you and request that we make corrections to that information. You may also make a complaint about our handling of your personal information.