We only collect, receive, hold, use and disclose information about you to assist you and to carry out our responsibilities under law. We have a range of roles under ACT laws:
We will only share your information as required or authorised by law. If we share that information with other government agencies, those other agencies are also required to handle your information in a way that is consistent with the Information Privacy Act.
The Commission is an independent agency established in 2006 under the HRC Act. Our four Commissioners promote the human rights and welfare of all people living in the ACT and are responsible for overseeing our responsibilities under ACT law. Each Commissioner and their specific responsibilities are described in our Operations Protocol.
The Commission provides an independent, fair and accessible process for the resolution of complaints, including about disability and health services, discrimination, sexual harassment, victimisation and services for older people and children and young people. The Commission provides individual advocacy for vulnerable members of the community and protects the rights of children and young people, and of people with disability (including those with mental health concerns). The Commission also provides support, advocacy and assistance (including financial assistance) to victims of crime.
We only collect information about you in ways that are lawful and fair. We only collect information about you with your informed consent or where we need it for, or it is directly related to, our work.
We collect information from you in a variety of ways, including through complaint forms, in letters or emails to and from you, over the telephone and by fax or in person.
We normally collect information from you directly. However, we may collect your information from other people, organisations or government bodies where you agree or we exercise legislative powers. This includes situations when it is not safe or reasonable to ask you directly (e.g. doing so would endanger you or we cannot locate you).
We also collect information about you from publicly available sources (e.g. publicly visible social media) if reasonably necessary for, or directly related to, our functions.
We will normally provide you with notice before we collect information about you or as soon as we can afterwards unless we are required or permitted by law not to tell you.
We treat your sensitive information with greater caution. We will not collect your sensitive information without telling you why we need to collect it and asking for your permission except:
We can only collect information about your health for a lawful purpose that is directly related to our functions, per the Health Records (Privacy and Access Act) 1997.
We will assist you to interact with us without giving your name or by using a made-up name, if asked. However there are times when we will need verified information about you so we can fairly and efficiently respond (e.g. for individual complaints).
We will not normally use your information for a particular purpose unless you have allowed us or would reasonably expect us to. However, at times, laws or court orders may require or allow us to otherwise use your information, without asking you.
We use information from your previous complaints or contacts to help us reply to you quickly and conveniently. We avoid asking for the same information twice.
If we collect your contact details at training sessions or events, we may use them to update you about our activities (but only if you opt-in).
Information about you may help us undertake general research or improve our services, however we will not publish this unless you agree or we de-identify it.
We will only share or disclose your information with bodies outside the Commission if you agree or where a law requires or allows us to.
Third parties may, on occasion, request or require your information from the Commission. Examples of who we may provide information to are listed below:
You can ask us for access to any information we hold about you. We must respond within 30 days. If it is reasonable and workable, we must allow you to access to your information in an appropriate way. We do not charge access fees unless required by law.
At times we may refuse to let you access information we hold about you, like if a particular law requires us not to disclose it. For this reason we do not generally allow access to information about complaints or our inquiries under the HRC Act. We may also redact parts of information you have asked for to respect someone else’s
privacy. Where we refuse access to information, we will give you written reasons why.
We take reasonable steps to ensure we collect, hold, use or share information about you that is accurate, up-to-date and complete. We may check your details with you when appropriate and will update our records where they do not match.
If you find that our information about you is factually incorrect, you can ask us to correct or update it, and to also suggest that agencies we have shared it with update it too.
At times we may decline to change factual information about you. We will give you written reasons why within 30 days and guidance on how to challenge our decision.
The Information Privacy Act 2014 and ACT Protective Security Policy Framework require us to take reasonable steps to ensure your information is safe and secure with us.
Examples include limiting data access on a need-to-know basis, firewall and password protections, restricted access to premises and secure storage of paper files.
If your information is accidentally released, lost or accessed without authorisation (e.g. hacked) we will: first, immediately act to limit further damage; second, investigate the breach and assess how it could affect you; third, warn you if you are affected or in danger (and other relevant agencies, like the police); and, fourth, take measures to prevent similar breaches in future.
We regularly review our processes and data security to minimise the likelihood of your information being accidentally released, lost or misused. We are also aware of the risks of natural disaster and so back up your data regularly to avoid losing it.
The Territory Records Act 2002 requires us to keep records of our work and governs how long we hold information about you depending on its purpose. If we do not need to use, share or keep particular information about you any longer, we will take reasonable steps to remove any identifying features from the information or else destroy it.
If you are unhappy with how we have handled information about you, you can complain to us in writing (by letter or email). If you ask, we will help you to lodge your complaint with us.
We are at Level 2, 11 Moore Street, Canberra ACT and are open Monday to Friday, between 9.00am-5.00pm, except on public holidays.
We promptly tell you we have received your complaint when we receive it. We then consider your complaint to work out how we can appropriately resolve your issue. We will normally respond within about four weeks.
If you are not satisfied with our response, you may be able to make a formal privacy complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC provides services as the ACT Information Privacy Commissioner and is responsible for considering complaints against ACT public sector agencies.
The OAIC’s mailing address is GPO Box 5218 Sydney NSW 2001.