Department of Finance Privacy Policy

The Department of Finance (Finance) is bound by the Privacy Act 1988 (Privacy Act), including the Australian Privacy Principles (APPs). The Privacy Act outlines how we may collect, use and disclose personal information, and how you can access and correct information held by us about you. Our Privacy Policy has been developed in accordance with the APPs and embodies our commitment to protecting the personal information we hold.

The Australian Government Agencies Privacy Code also requires us to conduct a Privacy Impact Assessment for all high privacy risk projects.

The kinds of personal information we collect and hold will vary depending on what information we need to perform our functions and responsibilities. It may include (but is not limited to):

• your name, address and contact details (for example phone number and email address)
• information about your identity (such as date of birth, country of birth, passport details,  drivers licence and the type of identity document used to verify your identity through the Australian Government's Document Verification Service)
• information about your personal circumstances (for example age, gender, marital status and occupation)
• information about your financial affairs (for example payment details, bank account details, and business and financial interests)
• information about your employment (for example, applications for employment, work history, referee comments, remuneration and work-related travel or other expenses)
• information about your engagement as a contractor or service provider to government agencies (including the supplier you work with and the government agency, location and duration of the engagement, category of work undertaken, timesheets and if you are removed from a contract or your contract is terminated early and the reason why this occurred)
• government identifiers (such as Tax File Numbers).

It may also be necessary in some circumstances for us to collect some forms of sensitive information about you. This might include information about your:

• racial or ethnic origin
• health (including information about your medical history and any disability or injury you may have)
• criminal history
• biometrics (including photographs and voice or video recordings).

Where possible, we will allow you to interact with us anonymously or using a pseudonym. However, we usually need enough information to enable us to fairly and efficiently perform our functions.

We only collect personal information if it is reasonably necessary for, or directly related to, our functions and activities. For example, to:

• administer statutory schemes for which we are responsible, such as the Members of Parliament (Staff) Act 1984 and the Judges Pensions Act 1968
• process work expenses for current and former members of Parliament
• deliver transport services to COMCAR clients and eligible passengers
• deliver whole of government services, including (but not limited to) information and communication technology services, insurance and risk management services and managing human resource (HR) and financial transactional records of client agencies of the Service Delivery Office
• administer whole of government arrangements for labour hire and contractor services, including associated reporting and integrity functions
• assess and respond to applications and submissions made to Finance by members of the public or organisations
• manage contracts and administer funding agreements
• manage employment and personnel matters for staff, contractors and office holders
• contact you (directly and/or via email subscription services).

Further detail is provided in the Privacy Statements covering specific activities undertaken by our Ministerial and Parliamentary Services, Service Delivery Office, on Dataplace and the Contractor Reporting, Integrity Information Solution.

We may collect personal information directly from you, your representative or a third party.  

We may collect information from a third party where:

• you have agreed
• it is unreasonable or impractical to collect the information from you
• we are required or authorised by law to do so.

We collect information via a range of methods, including forms, online platforms, electronic and paper correspondence, phone calls, and where required, CCTV. We may also use artificial intelligence software provided by service providers that may generate new personal information about you based on existing personal information held by us consistent with our AI Transparency Statement.  

When we collect personal information, we will inform you using a privacy collection notice if it is reasonable to do so. The notice will include why we are collecting the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information.  

We may also collect sensitive personal information about you, generally with your consent.  

If you or another person provide sensitive information, we will only retain the information where:

• you have agreed
• it is required or authorised by or under an Australian law or a court/tribunal order
• collection of the information is authorised for other purposes permitted under the Privacy Act.

In all other circumstances, we will arrange for the return or secure destruction of sensitive information.

We may only use and disclose personal information for the purpose for which it was collected, or as otherwise permitted under the Privacy Act.  

We may disclose personal information to service providers (for example IT, travel and email subscription service providers or other relevant vendors) contracted to assist us to perform our functions. We ensure that appropriate protections are in place with these third parties, consistent with our obligations under the Privacy Act.

We may also use or disclose personal information for a secondary purpose where one or more of the following applies:

• you have agreed to a secondary use or disclosure
• you would reasonably expect us to use the information for that other purpose
• it is legally required or authorised, by or under an Australian law, or a court/tribunal order
• it is reasonably necessary for an enforcement-related activity conducted by, or on behalf of, an enforcement body
• we reasonably believe it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
• we suspect unlawful activity or serious misconduct, relating to our functions and activities has been, is being, or may be engaged in, or we reasonably believe that the further use is necessary to lessen or prevent a serious threat to the health or safety of any individual, or to the public health or safety
• it is necessary to help locate a person reported as missing
• it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
• it is reasonably necessary for the purposes of a confidential alternative dispute resolution process

We may disclose personal information overseas when using the services of email subscription or event registration or ticketing platforms. We may also disclose personal information overseas when websites we manage are accessed by users that are located overseas. In limited circumstances, service providers contracted by us (such as for IT services) may store or transmit information overseas. We will only disclose your information overseas in accordance with APP 8, including for example, where the recipient is subject to a law or binding scheme substantially similar to the APPs, we have sought your consent, or we have ensured appropriate contractual conditions to protect that information are met. 

From time to time we receive personal information we have not solicited. In these circumstances we will take reasonable steps to destroy or de-identify the information as soon as practicable, unless it is contained in a ‘Commonwealth record’ or it is unlawful or unreasonable to do so.

We take reasonable steps to ensure that the personal information we collect is accurate, up to date and complete. This may include correcting your personal information where it is appropriate to do so.

If you ask, we must give you access to your personal information and take responsible steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.

To request access to, or correction of, your personal information, please contact us using the contact details below. It is also possible to access and correct documents held by us under the Freedom of Information Act 1982. 

We have controls in place to protect the information we collect from loss, unauthorised access or disclosure and from any other misuse, including:

• access to personal information collected is restricted to authorised persons on a need to know basis
• multifactor identification and other system controls are used to ensure only authorised personnel have access to computer files
• our internal network and databases are protected using firewall, intrusion detection and other technologies
• our service providers are contractually bound to protect personal information and apply security measures
• paper-based documents containing personal information are secured in locked or in secure rooms which are only accessible to authorised personnel
• our premises are under 24-hour surveillance and access is via security passes only, with all access and attempted access logged electronically, and
• we conduct system audits and staff training to ensure adherence to our established protective and computer security practices. 

When you visit one of our websites, we may use a range of tools provided by third parties such as Google to collect or view website traffic information. These websites have their own privacy policies.

We also use cookies and session tools to improve your experience when accessing our website. Information collected may include the IP address of the device you are using and information about sites that IP address has come from. Finance uses this information to maintain, secure and improve our website.

In relation to Google Analytics, you can opt out of the collection of this information using the Google Analytics Opt-out Browser Add-on.

We may need to update this Privacy Policy from time to time to reflect our current privacy practices or changes in the law. When we make any changes, we will post our updated policy on our website.

Contact the department’s Privacy Contact Officer if you want to:

• obtain access to your personal information
• request a correction to your personal information
• make a complaint about a breach of your privacy
• query how your personal information is collected, used or disclosed
• make a suggestion or comment in relation to our Privacy Policy.

If we receive a complaint we will:

• respond to let you know we have received your complaint
• assign your complaint to one of our staff to assess, and if appropriate, investigate
• advise you of the outcome.

If you are not satisfied with our response you may contact the Office of the Australian Information Commissioner.

Email:    privacy@finance.gov.au 
Post:    

Privacy Contact Officer
Department of Finance 
1 Canberra Avenue
FORREST  ACT  2603
 

View Department of Finance Privacy Policy  [225.4 KB]