Privacy policy

About our privacy policy

We, the Attorney-General’s Department, are bound by, and champion, the Privacy Act 1988, including the Australian Privacy Principles (APPs). The APPs set out the standards, rights and obligations for how personal information is collected, stored, used, disclosed, quality assured and secured. We also have obligations for handling personal information. These are outlined in the Australian Government Agencies Privacy Code.

Our privacy policy contains information about how we collect, use, disclose and store personal information, including sensitive information. It also contains information about how individuals can access and correct their personal information.

To find out more about what we are doing to comply with the Privacy Code and to increase our privacy maturity, read our Privacy Management Plan.

Under the Privacy Code, we must conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects. Find out more about our Privacy Impact Assessments.

Remaining anonymous

You are generally able to use a pseudonym or remain anonymous when interacting with us. However, in some circumstances you may have to provide certain personal information. For example, we may require personal information to assess your eligibility for a program or service.

We will inform you if you are not able to remain anonymous or use a pseudonym when dealing with us.

Personal information we collect and hold

The kinds of personal information we collect and hold will vary depending on what information we need to perform our functions and responsibilities. It may include:

• your name, address and contact details (for example phone number and email address)
• information about your identity (such as date of birth, country of birth, passport details, visa details and driver's licence)
• information about your personal circumstances (for example age, gender, marital status and occupation)
• information about your financial affairs (for example payment details, bank account details, and business and financial interests)
• information about your employment (for example applications for employment, work history, referee comments and remuneration)
• government identifiers
• information about assistance provided to you under our assistance arrangements.

We may also collect and hold sensitive information. This may include information about your:

• racial or ethnic origin
• health (including information about your medical history and any disability or injury you may have)
• criminal history
• biometrics (including photographs and voice or video recordings).

How we collect personal information

We may collect personal information directly from you, your representative or a third party. While personal information is usually collected directly from you or another individual, in certain circumstances we may also obtain your personal information from other Australian state and territory government bodies, or other organisations.

We may collect personal information from third parties in the following circumstances:

• with your consent
• where it is unreasonable or impractical to collect the information from you if we are required or authorised to do so by law.
• We may also collect personal information from third parties or publicly available sources when assessing grant applications.

We collect personal information in a variety of ways. These include:

• correspondence and submissions
• paper-based forms
• online (including through web-based forms and email)
• phone calls.

When we collect personal information we will notify you using a privacy collection notice, if it is reasonable to do so. The notice will include why we are collecting the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information.

Why we collect personal information

We only collect personal information if it is reasonably necessary for, or directly related to, one or more of our functions or activities.

We typically only collect sensitive personal information with your consent. However, we may also collect sensitive personal information when it is required or authorised by a law, or a court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Australian Government's executive authority. We will not collect any personal information if we do not need it.

We collect and hold a broad range of personal information relating to:

• individuals participating in programs and initiatives that we fund
• research we have commissioned
• contract management and funding agreements
• Royal Commissions
• correspondence from members of the public or organisations sent to us, the Attorney-General, and some other Australian Government ministers and agencies
• complaints (including privacy complaints) and feedback provided to us
• requests under the Freedom of Information Act 1982
• legal advice provided by internal and external lawyers
• the performance of legislative and administrative functions
• employment and personnel matters for staff and contractors.

How we use and disclose personal information

We may only use and disclose personal information for the purpose for which it was collected (the primary purpose), or otherwise in accordance with the Privacy Act. For example, we use personal information to respond to enquiries, assess applications for financial assistance and progress criminal casework.

We may use or disclose personal information for a secondary purpose where one or more of the following applies:

• you have consented to the use or disclosure for a secondary purpose
• you would reasonably expect us to use the information for that other purpose
• it is legally required or authorised, by or under an Australian law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Australian Government’s executive authority
• it is reasonably necessary for an enforcement-related activity conducted by, or on behalf of, an enforcement body
• we reasonably believe it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
• we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in, and we reasonably believe the use or disclosure is necessary in order for us to take appropriate action in relation to the matter
• it is necessary to help locate a person reported as missing
• it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
• it is reasonably necessary for the purposes of a confidential alternative dispute resolution process

In limited circumstances, we may disclose your biometric information (such as your fingerprints or photograph) or biometric templates (a digital representation of your distinct characteristics) to an enforcement body (such as an Australian police agency, the Australian Crime Commission or the Australian Securities and Investments Commission). 

The third parties we may disclose your personal information to, or who may collect personal information on our behalf, include but are not limited to:

• suppliers and other third parties with whom we have commercial relationships (for example, for research and programs directly related to our functions)
• any organisations for any authorised purpose that directly relates to one of our functions, with your express consent.

We ensure that appropriate protections of personal information are in place with these third parties, consistent with our obligations under the Privacy Act. This includes ensuring that research we commission involves the collection of de-identified (anonymised) data.

Disclosure to overseas recipients

We may need to provide your personal information to an overseas recipient as part of our work. Disclosure may be in accordance with legislation or international information-sharing agreements. This may occur, for example, in relation to a law enforcement matter such as a criminal investigation. Where there is no requirement for us to disclose personal information to an overseas recipient, we will either seek your consent or amend the information to ensure your personal information is not identifiable.

For more information on how we respond to data breaches, read our Data Breach Response Plan.

Quality assurance

We take reasonable steps to ensure the personal information we collect and hold is accurate, up-to-date, and complete. This may include correcting your personal information where it is appropriate to do so.

How we store and protect your personal information

Consistent with the requirements of the Privacy Act, we take reasonable steps to ensure the personal information we collect is held in a safe and secure manner. This includes protecting personal information from:

• loss
• unauthorised access
• misuse
• modification
• disclosure.

Personal information that we hold in Commonwealth records is managed securely through our record-keeping systems. We safeguard our IT systems against unauthorised access and ensure that paper-based files are physically secured. We also ensure that personal information within our systems is only accessible to staff on a need-to-know basis.

When personal information is no longer required to be retained as part of a Commonwealth record, we will delete or destroy it in accordance with the Archives Act 1983 and Privacy Act.

Australian Government Solicitor and the Privacy Act

Although the Australian Government Solicitor (AGS) is a group within our department, the commercial activities AGS undertakes are treated, for the purposes of the Privacy Act, as the acts and practices of an organisation rather than a government agency. The AGS privacy policy outlines the kinds of personal information that AGS collects and holds, and why they collect it.

Getting copies of, or updating, information we might hold about you

You have a right to access and correct personal information we hold about you under the Privacy Act and the Freedom of Information Act 1982 (FOI Act).

You may wish to request corrections to any personal information we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

To get a copy of or update your personal information, contact our Privacy Officer using the contact the details outlined in Enquiries and Complaints.

We will not charge you to access your personal information under the Privacy Act. However, there may be a charge involved for us to process a request under the FOI Act if your request goes beyond a request for your own personal information. To help you decide which legislative framework is best suited to your request, see Getting copies of, or updating, information we might hold about you.

Find out more about how to make a request under the FOI Act

Evidence of identity

You must provide evidence of your identity if you apply to access or correct departmental documents containing your personal information.

The evidence of your identity must clearly show that you are the person whose personal information is being requested or corrected.

Acceptable identity documents include: a passport, an Australian driver’s licence or any other official identification in the English language which contains your photo, signature and address. Copies of identification documents should be certified as true copies of the originals by a person with the power to witness a Commonwealth statutory declarations.

Requests made on behalf of another person

If you are making a request to access or correct the personal information of another person, we will ask you for a written authority from that person, authorising you to make the request on their behalf. We will also ask for evidence of both identities, showing clearly that you are the person who is authorised to apply on behalf of the other person.

When we can refuse a request for access or correction

We may decline access to, or correction of, personal information in certain circumstances, as set out in the Privacy Act. Generally, if we refuse to give you access, we will notify you in writing, including the reasons for refusal and the mechanisms available to you to dispute that decision.

Find out more about Getting copies of, or updating, information we might hold about you.

Enquiries and complaints

Please contact our Privacy Officer if you have any questions about:

• our compliance with the Privacy Act and the APPs
• our privacy policy
• accessing or correcting the personal information we hold about you.

We take all complaints seriously and are committed to a quick and fair resolution. We will respond to your request or complaint promptly if you have provided us with your contact details. Please be aware that we may require proof of your identity to investigate your complaint.