Version 1.0, June 2014
We collect, hold, use and disclose personal information to carry out functions or activities under the Australian Information Commissioner Act 2010 (AIC Act), the Privacy Act 1988 (Privacy Act) and the Freedom of Information Act 1982 (FOI Act).
These functions and activities include:
handling privacy and freedom of information (FOI) complaints and FOI reviews
taking other regulatory action under the Privacy and FOI Acts
providing advice on privacy, FOI, and information policy issues
consulting with stakeholders, for example, on privacy or FOI guidance
maintaining registers, such as organisations that have opted-in to Privacy Act coverage
responding to access to information requests
communicating with the public, stakeholders and the media including through websites and social media.
Collection of your personal information
At all times we try to only collect the information we need for the particular function or activity we are carrying out.
The main way we collect personal information about you is when you give it to us, for example, we collect personal information such as contact details and complaint , review, request or report details when you:
contact us to ask for information (but only if we need it)
make a complaint about a privacy breach to us
make a complaint about the way an agency has handled an FOI request or seek a review of an FOI decision
ask for access to information RC-D holds about you
report a matter for investigation.
We may also collect information from you when we investigate or review a privacy or FOI matter. If we open a file about your matter, it will often include our opinion on your matter.
Collecting through our websites
Where our website allows you to make comments or give feedback we collect your email address and sometimes other contact details. We may use your email address to respond to your feedback. We store this personal information on servers located in Australia.
Analytic, session and cookie tools
Social Networking Services
We use social networking services such as Facebook, Pintrest, Instagramand Linked-In to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These sites have their own privacy policies.
When you communicate with us through a social network service such as Faceboo, the social network provider and its partners may collect and hold your personal information overseas.
We collect your email and, if you provide it, other contact details when you subscribe to our email lists. We only use this information for the purpose of sending you regular updates on the activities of RC-D, and to administer the lists.
Common situations in which we disclose information are detailed below.
Complaints and reviews
If you make a privacy or FOI complaint, or apply for an FOI review, we will usually give a copy of the complaint or application to the respondent and, where relevant, affected third parties.
If a complainant or applicant requests that only limited information is disclosed to the respondent, we may not have enough information to be able to fairly proceed with the matter. The respondent must have sufficient information to respond to the matter in a meaningful way.
Review of RC-D decisions
We may disclose personal information to another review body if a complainant, applicant or respondent seeks an external review of the RC-D’s decision or makes a complaint to the Commonwealth Ombudsman.
Quality of personal information
To ensure that the personal information we collect is accurate, up-to-date and complete we:
record information in a consistent format
where necessary, confirm the accuracy of information we collect from a third party or a public source
promptly add updated or new personal information to existing records
regularly audit our contact lists to check their accuracy.
We also review the quality of personal information before we use or disclose it.
Storage and security of personal information
We take steps to protect the security of the personal information we hold from both internal and external threats by:
regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure that information
taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and regularly check that staff only access those records when they need to conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
Accessing and correcting your personal information
Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons. You also have the right under the FOI Act to request access to documents that we hold and ask for information that we hold about you to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.
How to make a complaint
If you wish to complain to us about how we have handled your personal information you should complain in writing. If you need help lodging a complaint, you can contact us.
If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action we should take to resolve the complaint.
If we decide that a complaint should be investigated further, the complaint will usually be handled by a more senior staff member than the staff member whose actions you are complaining about.
We will assess and handle complaints about the conduct of an RC-D staff member using the Code of Conduct and the guidelines issued by the RC-D staff protocol.
We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.
If you are not satisfied with our response you may ask for a review by a more senior staff member within RC-D (if that has not already happened) or you can complain to the Commonwealth Ombudsman. For further information see our Internal complaint handling and reconsideration of decisions policy.
How to contact us
You can contact us through any of the following:
Telephone: 03 9428 6223
Post: Level 5/313 Flinders Ln, Melbourne VIC 3000