Privacy

Information privacy

The Information Privacy Act 2014 (the Information Privacy Act) is the law that we, (the Chief Minister, Treasury and Economic Development Directorate or CMTEDD) and all ACT public sector agencies must follow when handling your personal information.
The Information Privacy Act has a set of 13 principles called the Territory Privacy Principles (TPPs). We must apply the TPPs when we collect, store, use, disclose, provide access to or correct your personal information.
The Information Privacy Act also requires that we:

  • have a current and up to date Privacy Policy that tells you how we will handle personal information when carrying out our functions and activities; and
  • provide you with a Privacy Notice that tell you about why we are collecting your personal information and how we might use or disclose it.

Section 9, Information Privacy Act 2014, a public sector agency includes…'a Minister, an administrative unit (directorate), statutory office holders and their staff assisting them, territory authorities and instrumentalities, ACTTAB Ltd, an ACT Court or an entity prescribed by regulations'.

Our Privacy Policy is available to download:

CMTEDD Privacy Policy PDF 766 KB
CMTEDD Privacy Policy DOC 404 KB

Our Privacy Notice is available to download:

CMTEDD Privacy Notice PDF 412 KB
CMTEDD Privacy Notice DOC 182 KB

What is personal information?

‘Personal Information' is has a meaning given by the Information Privacy Act as:

‘Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not’.

Under the Information Privacy Act, personal information does not include ‘personal health information'. Personal health information or health records we handle are protected and governed by the Health Records (Privacy and Access) Act 1997.

Access and correction

You have the right to ask for (access) your personal information that we hold about you. You can ask in person, over the phone, or in writing. If you ask for access, we will take steps to verify your identity before we will disclose your personal information.

If you have asked another person to access your personal information on your behalf, prior to granting access, we will take steps to verify their identity and confirm they have your consent and authority to receive that information, before disclosing your personal information.

If your personal information is held by a business unit that provides public access or over-the-counter services, you may be able to ask for access in person. However, we have the right to refuse your request where:

  • your personal information is not readily accessible, or is contained in a physical file that is stored somewhere else;
  • the personal information in your record also contains the personal information of other people or third parties; or
  • another law protects or tells us how the information must be disclosed i.e. secrecy laws or laws which require a fee or form that must be used for disclosure.

If we cannot give you access in person, you may be asked to:

  • make a written request;
  • use or complete an approved form (if one applies including any lawful fee); or
  • make an FOI request where;
    • there is third party personal information present, or
    • if the amount of information is too big for counter staff to process.

If you request access to your personal information, we must provide you with access (in the way you requested if reasonable) within 30 days. If we refuse to provide access, we must advise you in writing (within 30 days of your request) of the reasons for refusal. Reasons for refusal may include where the information is subject to an exemption under the FOI Act, or where disclosure is not permitted under another law.

There are no review rights if we refuse a request for access. You may instead wish to make a request for access under the FOI Act (which does have review rights) or, make a complaint to the Office of the Australian Information Commissioner (OAIC).

Further information about our FOI arrangements, including how you can apply for access, can be found on our Freedom of Information website.

How to request access

When requesting access, you should ask the relevant CMTEDD business unit or officer who you believe holds your personal information in the first instance.

You can also make a request for access or correction by contacting the CMTEDD Privacy Contact Officer by:

Email: CMTEDDPrivacy@act.gov.au
Mail: CMTEDD Privacy Contact Officer Chief Minister, Treasury and Economic Development Directorate
GPO Box 158
CANBERRA ACT 2601

Are there any charges for access?

No, you will not be charged for making the request or accessing your personal information, unless a fee is required by law for the information. For example, births, deaths and marriages certificates requests may require you to pay a fee.

Correction

  • You can ask us to correct your personal information we hold if you believe it is:
  • incorrect;
  • out-of-date;
  • incomplete;
  • irrelevant; or
  • misleading.

If you ask us to correct your personal information, we are required to take reasonable steps to do so, if having regard to the purpose for which it was collected, we agree the information is incorrect, out-of-date, incomplete, irrelevant, or misleading.

We may refuse a request to correct your personal information where we believe another applicable law prevents the correction, or if we do not agree that the information is incorrect, out-of-date, incomplete, irrelevant, or misleading.

If we refuse to correct your record, and you ask us to make an associated statement (the statement can say why you believe the personal information is incorrect, out-of-date, incomplete, irrelevant, or misleading), we will do so. We are not required to make an associated statement unless you specifically ask us to make one.

There are no review rights under the Information Privacy Act if we refuse to correct your personal information. You can, however, seek amendment of your personal information under the FOI Act, which does have review rights, or make a complaint to the OAIC.

How to make a privacy complaint or report a privacy breach

Making a privacy complaint

If you want to complaint about how we have handled your personal information you can phone us, however, if you phone us we will still ask you where not unreasonable to put your complaint in writing, provide us with your name, address and phone number for contact, and enough information about the business unit or person you are making the complaint about. We can assist you to lodge your complaint if you need help.

We will acknowledge receipt of your complaint within five working days and we will undertake an investigation into your complaint. In general, we aim to have completed our investigation within 21 working days and will endeavour to keep you update regularly throughout the investigation.

Information about our information privacy complaints process can be found in our Information Privacy Complaints Handling Policy:

CMTEDD Information Privacy Complaints Handling Policy PDF 521 KB
CMTEDD Information Privacy Complaints Handling Policy DOC 93 KB

Reporting a privacy data breach

We take your privacy seriously and will deal promptly with any unauthorised access, use or disclosure of your personal information.

The Office of the Australian Information Commissioner's (OAIC's) Notifiable Data Breaches Scheme (NDBS) does not apply to CMTEDD or other ACT public sector agencies unless:

  • the information subject of the breach includes Tax File Numbers (TFN's); or
  • personal health information or is part of a health record.

Generally, the NDBS requires agencies to notify individuals whose personal information is involved in a data breach and to notify the OAIC where the breach is likely to result in serious harm to those individuals.

Although we are not required to notify under the NDBS, it is our policy to voluntarily report any significant privacy data breaches to the OAIC. We will seek the OAIC's advice and assistance where we consider a breach may result in serious harm to affected individuals. This is aligns with the NDBS and is keeping with best privacy practice.

Complaining to the Information Privacy Commissioner

You can make a formal privacy complaint to the Information Privacy Commissioner if you do not agree or are not happy with our response to your complaint, or you believe we have breached your privacy.

Under an agreement with the ACT Government, the OAIC performs the role of the Information Privacy Commissioner for the ACT and manages complaints against ACT public sector agencies. The OAIC is an independent body that will assess your complaint and can decide if our actions are an interference with your privacy.

Complaints made to the OAIC must be in writing and include your name, address and telephone number, and provide details of the subject of your complaint. Exceptions to this requirement may be made by the OAIC in circumstances where they consider a complaint made by phone appropriate. The OAIC can be contacted via:

Mail: Director of Privacy Case Management
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Email: Enquiries@oaic.gov.au
Complaints advice and form available on the Office of the Australian Information Commissioner website.
Phone: 1300 363 992

If your complaint or alleged breach is upheld by the OAIC and a decision is made, we will comply with any determination made by the OAIC. The OAIC's decision may include remedies such as an apology, compensation, and to undertake actions such as amend policies, operations or processes to prevent further or similar interferences with privacy.

Contact us

If you have any comment in relation to any aspect of the collection, use, security of, or access to your personal information please contact us by

Email: CMTEDDPrivacy@act.gov.au
Mail: CMTEDD Privacy Contact Officer Chief Minister, Treasury and Economic Development Directorate
GPO Box 158
CANBERRA ACT 2601

Assisted Contact

If you need assistance when accessing this Privacy Policy, please contact:

National Relay Service (NRS)

The NRS is a government initiative that allows people who are deaf, hard of hearing and/or have a speech impairment to make and receive phone calls.

You can access the 24-hour relay call numbers using the links below:

Make an Internet relay callwww screen icon

Make a captioned relay callCaptioned relay call icon

Speak and Listen number
1300 555 727

TTY number
133 677

SMS relay number
0423 677 767

Visit the Australian Department of Communications website for other NRS numbers.

Choose the ‘Making a call’ option that suits your needs to contact one of the Telephone numbers listed above.

Translating and Interpreting Service (TIS)

TIS is an interpreting service provided by the Department of Home Affairs for people who do not speak English and for agencies and businesses that need to communicate with their non-English speaking clients.

Translating and interpreting service logo

13 14 50 (within Australia)

+613 9203 4027 (outside Australia)

TIS Online is available at: http://tisnational.gov.au/