Our privacy obligations
The Department of Prime Minister and Cabinet’s Privacy Policy illustrates our commitment to being responsible custodians of personal information and our obligations to protect that information.
The Department has obligations for handling personal information as outlined in the:
- Privacy Act 1988 (Cth) (the Privacy Act), including the Australian Privacy Principles (APPs); and
- Australian Government Agencies Privacy Code (the Privacy Code).
You can learn more about the Privacy Act and the Privacy Code on the Office of the Australian Information Commissioner (OAIC) website.
The Department’s Privacy Policy outlines what kinds of personal and sensitive information we collect, why we collect this information, and how we handle it.
‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
‘Sensitive information’ is a subset of personal information and includes information or an opinion about an individual’s:
- racial or ethnic origin
- political opinions
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation
- criminal record
- health information
- genetic information.
You can learn more about the Privacy Act and the Privacy Code on the Office of the Australian Information Commissioner (OAIC) website.
In addition to the requirements under the Privacy Act, the Department’s obligations to protect personal information arise from other sources including the Public Governance, Performance and Accountability Act 2013, the APS Code of Conduct (s 13 of the Public Service Act 1999) and the Crimes Act 1914.
The requirements of the Archives Act 1983 relating to Commonwealth records (including the disposal, alteration and destruction of such records) apply to the Department’s records, including personal information held by PM&C.
Remaining Anonymous
You are able to use a pseudonym or remain anonymous when interacting with us in most instances. However, in some circumstances you may have to provide certain personal information. For example, we may require personal information to assess your eligibility for a program or service or confirm your identity for release of personal information.
We will inform you if you are not able to remain anonymous or use a pseudonym when dealing with us.
Why we collect personal information
The Department will not ask you for any personal information we do not need. The Privacy Act requires that we only collect information for purposes that are reasonable necessary for, or directly related to, the functions and activities of the Department. We provide high quality advice and support to the Prime Minister, the Cabinet, Portfolio Ministers and Assistant Ministers to achieve a coordinated and innovative approach to the development and implementation of Government policies. Find out more about our functions at About us.
We may also collect sensitive information about you where you consent, when the collection is authorised or required by law, or the collection is otherwise allowed under the Privacy Act.
We collect, hold, use and disclose personal information for a range of purposes related to our functions and activities, including to:
- facilitate invitations for, and the running of, public submissions and consultations,
- seek feedback on policy, programs and services the Government delivers, and the review or reform of policy and processes,
- facilitate invitations to subscription services so that individuals who subscribe can receive information and other communications from the Department,
- undertake recruitment and manage employment (including reasonable adjustments, entitlements, remuneration and performance management)
- facilitate travel and security arrangements,
- conduct research we have commissioned or which we have partnered to deliver,
- coordinate on intergovernmental policy matters with States and Territories,
- respond to correspondence from members of the public or organisations to us, the Prime Minister, portfolio Ministers or other Australian Government Ministers and agencies,
- facilitate events, official visits, and appointments,
- administer honours and awards, deliver anniversary messages, and respond to requests for special access,
- process requests under the Freedom of Information Act 1982, and perform other legislative and administrative functions,
- handle complaints (including privacy complaints) and feedback provided to us,
- coordinate responses and provide crisis and recovery assistance in relation to an emergency or disaster, and
- administer programmes and grants.
How we collect personal information
The Department may collect personal information about individuals through surveys, email and phone communications, correspondence and submissions, forms and notices (including online portals), and via our websites. This includes:
- from the individual directly, or through their authorised representative,
- via a third party if permitted by law.
When we collect personal information we will notify you using a privacy collection notice, if it is reasonable to do so. The notice will include reasons why we are collecting the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information. We will also inform you how you can request access to, or correction of, your personal information, and who to contact if you have a privacy enquiry or wish to make a complaint. There may be some situations where we are not able to notify you using a privacy collection notice. Examples of these situations include:
- notification would be inconsistent with another legal obligation, for example, by breaching a statutory secrecy provision, a client’s legal professional privilege, or a legal obligation of confidence,
- notification may pose a serious threat to the life, health or safety of an individual or pose a threat to public health or safety, for example, a law enforcement agency obtaining personal information from a confidential source for the purpose of an investigation.
How we safeguard personal information
The Department takes seriously its obligations to protect the personal information it holds. We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:
- classifying and storing records securely per Australian government security guidelines
- internal access to information is on a ‘need to know’ basis and only by authorised personnel
- monitoring system access with controls and authenticated credentials
- ensuring our buildings are secure
- regularly updating and auditing our storage and data security systems.
When personal information is collected from a third party, we take steps to inform of the collection. This may occur through this Privacy Policy, notices or discussions with our staff.
If personal information that we hold is lost, or subject to unauthorised access or disclosure, we will respond in line with the Office of the Australian Information Commissioner's Data breach preparation and response —a guide to managing data breaches in accordance with the Privacy Act and the Department’s Data Breach Response Plan. We aim to provide timely advice to affected individuals if a data breach is likely to result in serious harm.
The types of information we hold
In performing our functions, the Department may collect and hold the following kinds of personal information:
- identity and contact details for individuals (e.g. name, phone, email and postal address),
- information relating to individuals’ personal circumstances and health (e.g. age, gender, and family circumstances including spouses, carers and dependents),
- information relating to individuals’ financial affairs (e.g. payment details, bank account details),
- other information relating to identity (e.g. date of birth, signatures, citizenship and visa status),
- information about employment (e.g. employment status and work history, education status, referee comments, salary), and
- government identifiers (e.g. tax file number).
We may also collect and hold the following kinds of sensitive information:
- racial and ethnic origin,
- sexual orientation,
- biometrics (such as photographs, video recordings and audio recordings of individuals, passport details, drivers licences),
- religious, cultural and linguistic background,
- health (including information about your medical history and any disabilities or injuries)
- information about political or union memberships and associations,
- information about criminal activities individuals may have been involved in,
We may also collect information about how you use our online services and applications. For example, we use social networking services such as Facebook, Twitter and LinkedIn to talk with the public and our staff. When you talk with us using these services we may collect your personal information to communicate with you and the public. These social networking services will also handle your personal information for their own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.
How we use and disclose information
The Department may use and disclose collected personal information for the primary purpose of collection, and where we are otherwise permitted by law to use and disclose it. We will take reasonable steps to give you information about the reason for collection at the time of collection, or as soon as practicable thereafter. The Department will only use and disclose your personal information for a secondary purpose if APP 6 allows it.
We may disclose personal information to overseas third parties (such as a foreign government or agency) where this is a necessary part of our work. We will only disclose to overseas third parties if:
- you have given us your consent to disclose personal information to that third party; or
- we reasonably believe that:
- the overseas recipient is subject to a law or binding scheme that is, overall substantially similar to the APPs; and
- the law or binding scheme can be enforced; or
- the disclosure is required or authorised by an Australian law or court / tribunal order.
We may also use third party providers to deliver or otherwise communicate content. These third parties may collect and store your personal information in servers outside of Australia, they include; Google, Facebook, Twitter, Campaign Monitor, LinkedIn, Qualitrics, Instagram, YouTube and others. Such third-party sites have their own privacy policies and may send their own cookies to your computer. We do not control the setting of third-party cookies and suggest you check the third-party websites for more information about their cookies and how to manage them.
Website analytics
To improve your experience on our site, we may use 'cookies'. Our website also uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage – to improve your interactions with us.
By using this website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.
Our website may also contain links to other websites. Please be aware that we are not responsible for the content or privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read the respective privacy policies.
Find out more about the Department’s collection and use of information from our websites and social media platforms in our Website and Online Communications Privacy Collection Notice.
Accessing and correcting personal information
You have a right to request access to personal information we hold about you, and to request its correction. We will respond to requests for access or correction within 30 days.
The Privacy Act allows us to refuse access in certain cases, including where an exemption under the Freedom of Information Act 1982 (FOI Act) would apply. Where we have refused access, we will give you reasons in writing. We will also provide you with information about how you can dispute the decision.
The Department may be able to delete the personal information we hold relating to you in certain circumstances, such as if the information is no longer required for our functions or activities, not contained in a Commonwealth record for the purposes of the Archives Act 1983, or not required to be held under other legislation.
To request access to, correction of, or deletion of your personal information please contact our Privacy Officer. Discussing your request with our Privacy Officer will help us give you early guidance about your request. This may include guidance about whether your request is best dealt with under the Privacy Act, the FOI Act or another arrangement.
Privacy Impact Assessments
The Privacy Code requires agencies, including the Department, to conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects.
PIAs completed by the Department, since the Privacy Code commenced on 1 July 2018, are listed in the table below.
| Date | Title |
|---|---|
| October 2021 | Updated Final PIA on the case management system – independent complaints and support service for serious incidents |
| August 2021 | Draft PIA on the case management system – independent complaints and support service for serious incidents |
| 8 March 2021 | PIA on the Data Availability and Transparency Bill 2020 |
| 17 February 2021 | Joint PIA with the National Drought and North Queensland Flood Response and Recovery Agency (NDFA) on proposed Client Relationship Management system |
| 6 September 2020 | Draft PIA on the Exposure Draft Data Availability and Transparency Bill 2020 |
| 28 June 2019 | PIA on the Proposed Data Sharing and Release (D&R) Bill and Related Regulatory Framework |
This Register was last updated on: 19 January 2023
How to make a privacy complaint
If you are not satisfied with how we have collected, held, used or disclosed your personal information, you can make a formal complaint to our Privacy Officer.
Your complaint should include:
- A short description of your privacy concern,
- Any action or dealings you have had with staff of the Department to address your concern; and
- Your preferred contact details so we can contact you about your complaint.
If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
The OAIC can receive privacy complaints through:
- the online Privacy Complaint form (refer to the OAIC’s website
- by email (email that is not encrypted can be copied or tracked) at enquiries@oaic.gov.au
- by mail (if you have concerns about postal security, consider sending your complaint by registered mail) to:
Office of the Australian Information Commissioner
Sydney Offices
GPO Box 5218
Sydney NSW 2001
- by fax at +61 2 9284 9666
How to contact our Privacy Officer
Contact the Department’s Privacy Officer if you want to:
- Ask questions about our privacy policy, or if you need a copy of this policy in an alternative format;
- Obtain access to or seek correction of your personal information held by the Department; or
- Make a privacy complaint about the Department.
Email: privacy@pmc.gov.au
Post: The Privacy Officer
Department of the Prime Minister and Cabinet
PO Box 6500
CANBERRA ACT 2600
We review this policy regularly, and may update it from time to time.
This policy was last updated on: 22 August 2023