Community Services Directorate Privacy Statement
About our privacy policy
This privacy statement sets out how the ACT Government's Community Services Directorate (CSD) manages personal information when performing its functions.
We collect and handle personal information in line with the 13 Territory Privacy Principles of the Information Privacy Act 2014.
These principles specify how we can collect, hold, maintain and share personal information. Each principle and how we apply it is outlined below. We provide this information for both staff and the public to use.
This privacy statement is made in line with Territory Privacy Principle 1.3 of the Information Privacy Act.
We review this policy twice a year and update this information if there are any changes.
About our directorate
We are responsible for a wide range of human services functions in the ACT, across:
- multicultural communities
- Aboriginal and Torres Strait Islander communities
- women
- seniors and veterans
- public and community housing services and policy
- homelessness and community services
- children and young people
- family support services and policy
- disability services and policy
- child development services (therapy services)
- Child and Family Centres
- domestic and family safety.
We collect, hold, use and disclose personal information to carry out our functions under the following legislation:
- Aboriginal and Torres Strait Islander Elected Body 2008
- Adoption Act 1993 (ACT)
- Children and Young People Act 2008
- Community Housing Providers National Law (ACT) Act 2013
- Disability Services Act 1991
- Freedom of Information Act 2016
- Health Records (Privacy and Access) Act 1997
- Housing Assistance Act 2007
- Native Title Act 1994
- Public Sector Act 2014
- Senior Practitioner Act 2018
- Territory Records Act 2002
- Work Health and Safety Act 2011
- Working with Vulnerable People (Background Checking) Act 2011.
Territory Privacy Principles
Principle 1: open and transparent management of personal information
Key principle: Agencies must have policies and procedures in place to ensure they manage information in an open and transparent way.
This privacy policy is created to explain how CSD manages the personal information it holds and collects.
Principle 2: anonymity and pseudonymity
Key Principle: Agencies must give individuals the opportunity to deal with the agency on an anonymous basis or using a pseudonym (a made-up name).
Generally, when clients deal with our directorate they have the option of remaining anonymous or using a pseudonym.
In some situations, you may need to provide your name to access appropriate help.
For example, if you contact Housing ACT seeking housing help you'll need to provide your identity to ensure you are being appropriately assisted and your needs met or if you apply for information under the FOI Act 2016, you will be required to provide your personal ID.
Principle 3: collection of solicited personal information
Key principle: An agency must not collect personal information unless the information is reasonably necessary or directly related to the agency’s functions.
We only collect personal information where the information relates to the role of the Directorate.
The main way we collect personal information is through receiving the information from the person directly. However, we can also receive information from a third party.
We collect personal information in a number of ways, including through paper, online forms, email, over the telephone and by fax.
Examples of when we may collect personal information, include when:
- we're required or authorised by law or a Court or tribunal order to collect the information
- individuals participate in community consultations, forums or make a submission to us, and the individual consents to the collection of their personal information
- individuals seek access to our services, for example Housing ACT, or the Child and Family Centre and consents to the collection of their personal information
- an individual makes a complaint about the way we have handled an agency function or seeks a review of a decision we made, or
- a client asks for access to information we hold about them or other information about our operations.
Normally we will collect information directly from the individual unless it is unreasonable or impracticable to do so. In certain circumstances, for example where it is required by law, we may also obtain personal information collected by other Australian, state and territory government bodies or other organisations. For example, in relation to matters concerning the care and protection of a child or young person.
At all times, we only collect the minimum information required. The personal information we collect and hold varies depending on what is required to perform our functions and responsibilities. Personal information may include:
- information about an individual’s identity (eg date of birth, country of birth, passport details, visa details and drivers licence)
- name, address and contact details (eg phone, email and fax)
- information about personal circumstances (eg age, gender, marital status and occupation)
- information about financial affairs (eg payment details, bank account details, and information about business and financial interests)
- information about employment (eg applications for employment, work history, referee comments and remuneration).
Principle 4: dealing with unsolicited personal information
Key principle: If an agency receives information without soliciting it (asking for it) or intending to collect it, the agency must decide if it could have collected the information in line with any of the Territory Privacy Principles.
If we could not have lawfully collected the information, and the information is not already in a Territory Record, we must destroy or de-identify the information as soon as practicable, but only if it is lawful and reasonable to do so.
We will not keep any personal information which we do not have reason to collect or hold.
Principle 5: notification of the collection of personal information
Key principle: Agencies must give timely notice to an individual when they collect personal information about that individual, or otherwise ensure the individual is fully aware of the collection.
When we need to collect personal information from an individual, we'll notify that individual to explain:
- who we are and how to contact us
- the circumstances in which we may have collected personal information
- the name of the law (if any) that requires us to collect this information
- why we're collecting the information
- what may happen if we cannot collect the information we need
- who we may share the personal information with, including where the recipients are and if they're overseas
- how to access or correct the personal information we hold about them
- our Privacy Policy and how we handle personal information
- how to make a complaint about our information handling.
Principle 6: use or disclosure of personal information
Key principle: If an agency holds personal information about an individual that was collected for a particular (primary) purpose, the agency must not use or disclose the information for another (secondary) purpose without the individual’s consent unless an exception applies.
We will not take the following actions (unless an exception applies) if we do not have an individuals content:
- use an individual’s personal information for a different reason
- share personal information with other government agencies, private sector organisations or anyone else.
Exceptions
Examples of exceptions include when:
- the individual would reasonably expect us to use the information for another reason
- the use or sharing of information is legally required or authorised by an Australian law, or court or tribunal order
- the collection or sharing of information is reasonably necessary for an law enforcement-related activity, for example sharing with the AFP
- we have reasonable belief that the collection is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
- we have reason to suspect unlawful activity, or misconduct of a serious nature, that relates to our functions and reasonably believe that collection of the information is necessary in order for appropriate action to be taken
- we reasonably believe that the collection is reasonably necessary to help locate a person who has been reported as missing.
Non-government service providers
We contract non-government service providers to support us to carry out specific activities and functions.
In some circumstances, it may be necessary for us to share personal information with these service providers to allow the service to complete their functions.
In these situations, we will protect personal information by only entering into contracts with service providers who agree to comply with the Information Privacy Act.
Principle 7: direct marketing
This Territory Privacy Principle does not exist. The numbering of the Territory Privacy Principles mirrors the Australian Privacy Principles within the Commonwealth legislation. The Australian Privacy Principle 7 does not relate to the Territory and as such has not been added to the Information Privacy Act.
Principle 8: cross-border disclosure of personal information
Key principle: Agencies must ensure that if they share information with overseas recipients, the information will be subject to similar standards of protection.
In some circumstances, we may need to share or store information with overseas recipients. For example, in relation to Intercountry Adoptions.
If it's necessary to disclose personal information we'll take reasonable steps to ensure that the recipient treats the personal information with the similar standard of care as is required by the Information Privacy Act.
Countries where sharing of information could occur with include:
- Chile
- China
- Columbia
- Hong Kong
- South Africa
- South Korea
- Sri Lanka
- Taiwan
- Thailand.
Principle 9: adoption, use or disclosure of government-related identifiers
This Territory Privacy Principle does not exist. The numbering of the Territory Privacy Principles mirrors the Australian Privacy Principles within the Commonwealth legislation. The Australian Privacy Principle 8 does not relate to the Territory and as such has not been added to the Information Privacy Act.
Principle 10: quality of personal information
Key principle: Information about an individual collected, used or disclosed by an agency should be accurate, up-to-date, complete and relevant, having regard to the purpose of the use or disclosure.
We're required to take reasonable steps to ensure that the personal information we collect is:
- accurate
- up-to-date
- complete.
Personal information which is used or disclosed must also be relevant for the purpose for which we use or disclose it. For example, we cannot share information that is incorrect or are not sure it is accurate.
Principle 11: security of personal information
Key principle: If an agency holds personal information, the agency must take reasonable steps to keep it safe and secure, and to destroy or de-identify the information if the agency no longer needs the information and the information is not part of a Territory record or required to be kept by law.
We're required to take reasonable steps to ensure that the personal information we hold is safe and secure. In line with the Information Privacy Act, we strive to protect personal information from:
- misuse
- unauthorised access
- disclosure.
We manage personal information following the guidelines of the Territory Records Act 2002 (the Act). This Act outlines how long the information we collect needs to be stored before it can be destroyed.
The ACT Government’s ICT systems employ comprehensive protections to guard against unauthorised access.
As a part of our general practice, personal information is only available to staff who need to have access in order to perform their roles.
Principle 12: access to personal information
Key principle: Individuals are entitled to request access to information the agency holds about them, in a suitable form without charge, unless the agency is exempt under another law.
Under the Information Privacy Act, individuals have the right to ask for access to personal information we hold about them.
Under the Information Privacy Act, if we receive a request to access personal information we must provide the client with access to their information in an appropriate manner, if it is reasonable and practicable to do so. If it is not reasonable or practicable, we must respond to the request in writing within 30 days indicating why we're unable to provide access to that information.
There is no charge for making a request or providing access to personal information.
Under the Freedom of Information Act 2016, individuals also have the right to request access to documents/government information we hold.
You can discuss these options with our privacy officer.
Principle 13: correction of personal information
Key principle: Individuals are entitled to request correction of information the agency holds about them, without charge.
Under the Information Privacy Act, after receiving a request to correct personal information we must take reasonable steps to correct the information and ensure it is:
- correct
- accurate
- complete
- relevant
- up to date
- not misleading.
If we correct information that has previously been shared with another agency, the individual can request that we let the other agency know that they'll need to correct the information.
Refusing a request
There are some reasons where we may refuse to correct personal information. For example, if we're required or authorised by law not to correct the information.
If we refuse to correct the information, we'll provide a written notice within 30 days that explains our decision and how to make a complaint.
Even if we refuse a request, the individual can provide a statement outlining that they believe the information is incorrect and why, to be attached to the information we have on file.
There is no charge for making a request, correcting the information or attaching a statement to file.
Under the Freedom of Information Act 2016 individuals also have the right to ask us to change or annotate personal information we hold if it is incomplete, incorrect, out-of-date or misleading.
You can discuss these options with our privacy officer.
Make a complaint
Under the Information Privacy Act, complaints about how we've managed your personal information need to be in writing.
You can contact us using the contact details below. We are able to help individuals to lodge a complaint if required.
Once we receive a complaint we'll acknowledge it and respond within 30 days.
Under the Information Privacy Act, if you're not satisfied with our response you can ask for a review by a more senior officer. You can also make a formal privacy complaint to the Office of the Australian Information Commissioner.
The Office of the Australian Information Commissioner is an independent body that will assess your complaint. If your complaint is upheld by the Commissioner you may be able seek a remedy in the Magistrates Court.
Contact us
You can contact us through an allocated case worker.
If you're not a current client or do not have a case worker you can contact our privacy officer using the details below.