Skip to main content

Aboriginal and Torres Strait Islander people are advised that this website may contain images and voices of deceased people.

Privacy Policy

Our privacy obligations

This policy outlines the personal information handling practices of the National Indigenous Australians Agency (NIAA). The NIAA has obligations for handling personal information as outlined in the:

The NIAA’s Privacy Policy outlines what kinds of personal and sensitive information we collect, why we collect this information, and how we handle it.

‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

‘Sensitive information’ is a subset of personal information and includes information or an opinion about an individual’s:

  • racial or ethnic origin
  • political opinions
  • religious beliefs or affiliations
  • philosophical beliefs
  • sexual orientation
  • criminal record
  • health information
  • genetic information.

You can learn more about the Privacy Act, APPs and the Privacy Code on the website of the Office of the Australian Information Commissioner (OAIC).


Why we collect personal information

The NIAA may collect personal information about you when it is reasonably necessary for, or directly related to, one or more of our functions or activities, including:

  • leading and coordinating Commonwealth policy development, program design and implementation and service delivery for Aboriginal and Torres Strait Islander peoples
  • providing advice to the Prime Minister, and the Minister for Indigenous Australians, on whole-of-government priorities for Aboriginal and Torres Strait Islander peoples
  • leading and coordinating the development and implementation of Australia’s Closing the Gap targets in partnership with Indigenous Australians
  • leading Commonwealth activities to promote reconciliation.

Find out more about our functions here: who we are.

The NIAA collects personal information for purposes which include:

  • invitations for public submissions, consultations and feedback on review or reform processes
  • invitations to subscription services so individuals who subscribe can get information from the NIAA
  • undertaking recruitment, establishing and maintaining employment records and facilitating travel
  • facilitating events, official visits and registrations and attendance at community consultations
  • facilitating appointments
  • coordinating responses and providing recovery assistance in relation to a time of emergency or disaster
  • administering programmes and grants
  • policy development, research and evaluation in relation to functions and activities of the NIAA
  • processing and assessing applications made to the agency including requests for the removal of caveats on grant-funded property
  • managing complaints and enquiries
  • addressing issues and investigating offences relating to low aromatic fuel areas
  • investigating fraud, including internal fraud.

The NIAA may collect sensitive information about you where you consent, when the collection is authorised or required by law, or where the collection is otherwise allowed under the Privacy Act.


What we collect

In performing our functions, the NIAA may collect and hold information about you, such as your:

  • name
  • phone number
  • email
  • address
  • date of birth
  • gender.

Information about your personal circumstances, such as your:

  • cultural and linguistic background
  • education status
  • financial situation (e.g. payment details, bank account details)
  • citizenship and visa status
  • passport, drivers licence and travel movements
  • disabilities
  • family circumstances (including spouses, carers and dependents)
  • information about employment (e.g. employment status and work history, education status, qualification, performance, referee comments, salary)
  • government identifiers (e.g. tax file number).

Information about your interactions with us, such as through:

  • the services, grants and funding we provide
  • feedback, surveys and complaints
  • Consultations
  • physical and virtual events that we hold
  • the web pages you visit.

We may also collect information about how you use our online services and applications. For example, we use social networking services such as Facebook, Twitter and LinkedIn to talk with the public and our staff. When you talk with us using these services we may collect your personal information to communicate with you and the public. These social networking services will also handle your personal information for their own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.

Refer to our Website Privacy Notice for further information about our collection of information about online and though other internet activities.

Sometimes the NIAA may need to collect sensitive information about you. This could include information about your health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history, genetic or biometric information. We will only collect your sensitive information where:

  • you consent
  • we are authorised or required by law to do so
  • collection is otherwise allowed under the Privacy Act.

In some circumstances, we may collect your biometric information such as audio recording of your voice or visual recordings of your person, usually with your consent. You will be expressly advised before such collections occur.

In specific situations, such as where someone applies to the Territories Stolen Generations Redress Scheme, we will require details of circumstances around the removal of Aboriginal and Torres Strait Islander peoples from family or community. We understand this information is highly sensitive. For further information on this process, including information on the personal and sensitive information we collect, and the purpose of that collection, please see


How we collect personal information

The NIAA may collect personal information from a person directly, or their authorised representative, or via a third party if permitted by law. We may collect personal information in a range of ways, including through surveys, email and phone communication, forms or notices, online portals, and via our website.


How we safeguard personal information

The NIAA takes its obligations to protect the personal information it holds seriously. We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

  • classifying and storing records securely as per Australian government security guidelines
  • ensuring internal access to information is on a ‘need to know’ basis, and only by authorised personnel
  • monitoring system access which can only be accessed by authenticated credentials
  • ensuring our buildings are secure
  • regularly updating and auditing our storage and data security systems.

When personal information is collected from a third party, we take steps to inform you of the collection. This may occur through this Privacy Policy, notices or discussions with our staff.

If personal information we hold is lost, or subject to unauthorised access or disclosure, we will respond in accordance with the NIAA’s Data Breach Response Plan and the OAIC’s Data breach preparation and response — a guide to managing data breaches in accordance with the Privacy Act. We aim to provide timely advice to affected individuals if a data breach is likely to result in serious harm.


How we use and disclose information

The NIAA may use and disclose collected personal information for the purpose it was first collected. We will take reasonable steps to give you information about the reason for collection at the time of collection, or as soon as possible. The NIAA will only use and disclose your personal information for a secondary purpose if APP 6 allows it. Regulation 9.2 of the Public Service Regulations 1999 provides authority for personal information about APS employees to be disclosed by the NIAA in the exercise of certain powers.

The NIAA may disclose personal information to overseas entities (such as a foreign government or agency) where this is a necessary part of our work. We will only do this with your consent or in other circumstances allowed by APP 8.

The NIAA may use your personal information to create a record of your interaction with us on our Customer Relationship Manager (CRM). This record is created for the purposes of:

  • understanding how you interact with us
  • understanding how you engage with our activities, such as consultations and grant opportunities
  • improving our ability to assist you when you contact us
  • providing you with relevant information, and 
  • allowing us to access details of your previous contact history to help us engage with you more efficiently. 

The NIAA seeks your consent to record your personal information in the CRM. 

We may disclose personal information from the CRM to other Australian Government, state and territory government agencies who work jointly with us to deliver our functions and activities. We provide your personal information to these government agencies only when reasonably necessary. Access to your personal information is restricted to those who need it to provide information or services that you have requested.

We may also use third party providers or websites such as Facebook, Twitter, Campaign Monitor, LinkedIn, YouTube and others to deliver or otherwise communicate content. Such third-party sites have their own privacy policies and may send their own cookies to your computer. We do not control the setting of third-party cookies and suggest you check the third-party websites for more information about their cookies and how to manage them.

Under the Agency’s shared services arrangement with the Department of Prime Minister and Cabinet (PM&C), we may share relevant personal information with PM&C for the purpose of PM&C providing shared services to the Agency.


Website analytics

To improve your experience on our site, we may use 'cookies'. Our website also uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By using this website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google. Our website may also contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read the respective privacy policies.


Accessing and correcting personal information

You have a right to request access to personal information we hold about you, and to request its correction. We will respond to requests for access or correction within 30 days.

The Privacy Act allows us to refuse access in certain cases, including where an exemption under the Freedom of Information Act 1982 (FOI Act) would apply.

Where we have refused access, we will give you reasons for that refusal in writing. We will also provide you with information about how you can dispute the decision.

To request access to, or correction of, your personal information please contact our Privacy Officer at Discussing your request with our Privacy Officer will help us give you early guidance about your request. This may include guidance about whether your request is best dealt with under the Privacy Act, the FOI Act or another arrangement.


How to make a privacy complaint

If you are not satisfied with how we have collected, held, used or disclosed your personal information, you can make a formal complaint to our Privacy Officer. Your complaint will be taken seriously. You will not suffer negative treatment if you make a complaint.

We prefer you submit your complaint in writing to the Privacy Officer. Use the contact information below. Your complaint should include:

  • a short description of your privacy concern
  • any action or dealings you have had with staff of the Agency to address your concern
  • your preferred contact details so we can contact you about your complaint.

We will:

  • acknowledge your complaint upon receipt
  • provide you with updates on the handling of your complaint, including seeking any additional information (if required)
  • use the information from your complaint and any additional information to address your complaint
  • speak to other areas within the Agency or any other relevant third parties (if required)
  • endeavour to respond to your request within a reasonable period of time (usually 30 days).

If your complaint also relates to another Commonwealth department or agency, the Agency may:

  • request further information to determine which department/agency should handle your complaint;
  • refer you to make a complaint to that department/agency; or
  • engage with the other department/agency to respond to your complaint.

While you may submit an anonymous complaint, this may make it difficult for the Agency to investigate or respond to your complaint.

If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the OAIC.

The OAIC can receive privacy complaints through:

  • the online Privacy Complaint form (refer to the OAIC’s website)
  • by email (email that is not encrypted can be copied or tracked) at
  • by fax: 02 9284 9666
  • by mail (if a person has concerns about postal security, they might want to consider sending their complaint by registered mail):

Office of the Australian Information Commissioner
Sydney Offices
GPO Box 5218
Sydney NSW 2001

How to contact our Privacy Officer
Contact the NIAA’s Privacy Officer if you want to:

  • ask questions about our Privacy Policy, or if you need a copy of this Policy in an alternative format
  • obtain access to, or seek correction of your personal information the NIAA holds
  • make a privacy complaint about the NIAA.

Post: The Privacy Officer
National Indigenous Australians Agency
PO Box 2191
Phone: 02 6152 3080

We review this Policy regularly, and may update it from time to time.


Privacy Impact Assessment Report Register

The Privacy Code requires that all agencies, including the NIAA, must conduct a Privacy Impact Assessment (PIAs) for all high privacy risk projects.

The NIAA Privacy Impact Assessment Register records details of PIAs conducted by NIAA, in accordance with the Code, since the Agency was established on 1 July 2019.

Date of CompletionTitle of Privacy Impact Assessment
June 2020NIAA Customer Relationship Management (CRM) Project
November 2020NIAA Community Development Program Data Project
February 2021Long-term outcomes for Indigenous participants of employment services programs linked data project
May 2021NIAA Indigenous Employment Services Programs Data Acquisition Project
February 2022Remote Engagement Program Trials
September 2022Privacy Impact Assessment for the Aboriginal Land Grant (Jervis Bay Territory) Amendment (Strengthening Land and Governance Provisions) Bill 2022
May 2023Pre-employment screening checks
July 2023First Nations Tourism Mentoring Program
January 2024Territories Stolen Generations Redress Scheme



Did you find this page useful?