Our privacy obligations
The National Indigenous Australians Agency (NIAA) has obligations for handling personal information as outlined in the:
- Privacy Act 1988 (Cth) (the Privacy Act), including the Australian Privacy Principles (APPs); and
- Australian Government Agencies Privacy Code (the Privacy Code).
‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
‘Sensitive information’ is a subset of personal information and includes information or an opinion about an individual’s:
- racial or ethnic origin
- political opinions
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation
- criminal record
- health information
- genetic information.
You can learn more about the Privacy Act and the Privacy Code on the website of the Office of the Australian Information Commissioner (OAIC).
Why we collect personal information
We may collect personal information about you when it’s reasonably necessary for, or directly related to, one or more of our functions or activities.
We may collect sensitive information about you where you consent, when the collection is authorised or required by law, or the collection is otherwise allowed under the Privacy Act. Find out more about our functions here: who we are.
We collect personal information for purposes which include:
- invitations for public submissions and feedback on review or reform processes;
- invitations to subscription services so that individuals who subscribe can get information from the NIAA;
- undertaking recruitment, maintaining employment records and facilitating travel;
- facilitating events and official visits;
- facilitating appointments;
- coordinating responses and providing recovery assistance in relation to a time of emergency or disaster; and
- administering programmes and grants
- managing complaints and enquiries.
How we collect personal information
The NIAA may collect personal information from a person directly, or their authorised representative, or via a third party if permitted by law. We may collect personal information in a range of ways, including through surveys, email and phone communication, forms or notices, online portals, and via our website.
How we safeguard personal information
The NIAA takes seriously its obligations to protect the personal information it holds. We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:
- classifying and storing records securely as per Australian government security guidelines;
- Internal access to information is on a ‘need to know’ basis and only by authorised personnel;
- monitoring system access which can only be accessed by authenticated credentials;
- ensuring our buildings are secure; and
- regularly updating and auditing our storage and data security systems.
If personal information that we hold is lost, or subject to unauthorised access or disclosure, we will respond in line with the Office of the Australian Information Commissioner's Data breach preparation and response —a guide to managing data breaches in accordance with the Privacy Act . We aim to provide timely advice to affected individuals if a data breach is likely to result in serious harm.
The types of information we hold
In performing our functions, the NIAA may collect and hold the following kinds of personal and sensitive information:
- identity and contact details for individuals (e.g. name, phone, email and postal address),
- photographs, video recordings and audio recordings of individuals,
- information relating to personal circumstances (e.g. age, gender, cultural and linguistic background, disabilities and other family circumstances including spouses, carers and dependents),
- information relating to financial affairs (e.g. payment details, bank account details),
- other information relating to identity (e.g. date of birth, citizenship and visa status, passport details, drivers licence),
- information about employment (e.g. employment status and work history, education status, referee comments, salary), and
- government identifiers (e.g. tax file number).
We may also collect information about how you use our online services and applications. For example, we use social networking services such as Facebook, Twitter and LinkedIn to talk with the public and our staff. When you talk with us using these services we may collect your personal information to communicate with you and the public. These social networking services will also handle your personal information for their own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.
Refer to our Website Privacy Notice for further information about our collection of information about online and though other internet activities.
How we use and disclose information
The NIAA may use and disclose collected personal information for the purpose it was first collected. We will take reasonable steps to give you information about the reason for collection at the time of collection, or as soon as possible. The NIAA will only use and disclose your personal information for a secondary purpose if APP 6 allows it. It should be noted that regulation 9.2 of the Public Service Regulations 1999 provides authority for personal information about APS employees to be disclosed by the NIAA in the exercise of certain powers.
We may disclose personal information to overseas entities (such as a foreign government or agency) where this is a necessary part of our work. We will only do this with your consent or in other circumstances allowed by APP 8.
We may also use third party providers or website such as Facebook, Twitter, Campaign Monitor, LinkedIn, YouTube and others to deliver or otherwise communicate content. Such third-party sites have their own privacy policies and may send their own cookies to your computer. We do not control the setting of third-party cookies and suggest you check the third-party websites for more information about their cookies and how to manage them.
Under the Agency’s shared services arrangement with the Department of Prime Minister and Cabinet (DPMC), we may share relevant personal information with DPMC for the purpose of DPMC providing shared services to the Agency.
To improve your experience on our site, we may use 'cookies'. Our website also uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
Accessing and correcting personal information
You have a right to request access to personal information we hold about you, and to request its correction. We will respond to requests for access or correction within 30 days.
The Privacy Act allows us to refuse access in certain cases, including where an exemption under the Freedom of Information Act 1982 (FOI Act) would apply. Where we have refused access, we will give you reasons in writing. We will also provide you with information about how you can dispute the decision.
To request access to, or correction of, your personal information please contact our Privacy Officer. Discussing your request with our Privacy Officer will help us give you early guidance about your request. This may include guidance about whether your request is best dealt with under the Privacy Act, the FOI Act or another arrangement.
Privacy Impact Assessments
The Privacy (Australian Government Agencies – Governance) Australian Privacy Principles Code 2017 (the Code) requires agencies, including the NIAA, to conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects.
PIAs completed by the NIAA, since the Code commenced on 1 July 2018, will be listed in the table below.
How to make a privacy complaint
If you are not satisfied with how we have collected, held, used or disclosed your personal information, you can make a formal complaint to our Privacy Officer.
Your complaint should include:
- A short description of your privacy concern,
- Any action or dealings you have had with staff of the Department to address your concern; and
- Your preferred contact details so we can contact you about your complaint.
If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
The OAIC can receive privacy complaints through:
- the online Privacy Complaint form (refer to the OAIC’s website)
- by email (email that is not encrypted can be copied or tracked) at firstname.lastname@example.org
- by mail (if a person has concerns about postal security, they might want to consider sending their complaint by registered mail):
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
- by fax: 02 9284 9666.
How to contact our Privacy Officer
Contact the NIAA’s Privacy Officer if you want to:
- Obtain access to or seek correction of your personal information held by the NIAA; or
- Make a privacy complaint about the NIAA.
Post: The Privacy Officer
National Indigenous Australians Agency
PO Box 2191
CANBERRA ACT 2600
Phone: 02 6152 3080
We review this Policy regularly, and may update it from time to time.
This Policy was last updated on: 8 May 2020.