How we handle personal information
About this policy
The Department of Foreign Affairs and Trade (DFAT) must comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act).
This Policy contains information about DFAT’s collection, use, disclosure and storage of personal information, including sensitive information, and how individuals may access and correct personal information that we hold.
We take your privacy seriously and make all efforts to protect your personal information from misuse, interference and loss; and from unauthorised access, modification or disclosure. If you wish to make a complaint about the Department’s handling of your personal information, please refer to the Complaints section of this Policy.
Who should read this Policy
This Policy is relevant to people whose personal information is collected, stored, used or disclosed by DFAT including:
- Australian Passport holders and applicants
- Australians living and travelling overseas, including those who have registered via Smartraveller.gov.au
- Current and former scholarship, Australia Award and grant applicants and recipients
- Current and former tenderers, contractors and sub-contractors to DFAT
- Invitees to public diplomacy events held in Australia and overseas whose details may be in contact databases
- People who have made enquiries or complaints to DFAT or our portfolio Ministers
- Foreign diplomatic and consular staff (for protocol-related purposes)
- Current and former DFAT employees
Remaining anonymous or using a pseudonym
You have the option of not identifying yourself, or using a pseudonym, when dealing with the Department, for example, to make an enquiry or complaint. However, in circumstances where we are required or authorised to deal with an identified individual by or under law, or where it is impracticable for us to deal with you anonymously or pseudonymously (such as when you apply for a passport, scholarship or employment) this option will not be available to you.
What kinds of personal information do we hold
Personal information held by the Department includes, but is not limited to, personal contact details such as names and addresses, information about citizenship, dates and places of birth, photographs of people, financial information provided by contractors and consultants, employment history details of staff and contractors and details provided by individuals registering on www.smartraveller.gov.au.
Sensitive information held by the Department includes, but is not limited to: photographs used for biometric matching purposes to confirm identity on passport applications (biometric information); health information provided by individuals, for example when seeking consular assistance or applying for a scholarship; political opinions or membership of political associations, for example when provided by individuals in correspondence; and religious or philosophical beliefs, for example when provided by staff as part of a security assessment process.
In this policy, personal information and sensitive information has the meaning given to these terms in the Privacy Act.
Why we might collect your personal information
The Department’s role is to advance the interests of Australia and Australians internationally. Personal information is collected where it is necessary for, or directly related to, the performance of our functions and activities. These include:
- providing foreign, trade and development policy advice to government
- working with other government agencies to ensure that Australia's pursuit of its global, regional and bilateral interests is coordinated effectively
- managing Australia’s international presence
- developing and implementing foreign, trade and development policy
- facilitating safe and secure travel for Australians overseas through timely and responsive travel advice, consular services and a secure passport system
Some examples of why we might collect your personal information include:
- to process your passport application
- to process your registration on the Smartraveller website
- to assist you if you seek or require consular help overseas
- to process your application for a scholarship or grant
- to enter into an agreement/contract with you
- when you make a complaint
- when you make an enquiry or request for information
- in order to invite you to an event
- to manage the recruitment, personnel and corporate functions of the Department
- to hold in a stakeholder or other contact database for consultation purposes
- to administer the delivery of goods or services
- to process your security clearance.
Information collected for a primary purpose may sometimes be used or disclosed for a related secondary purpose. For example, information collected from contractors during a tender process may be used as part of an evaluation or review of a particular aid project delivered by that contractor. Personal information collected from scholarship recipients may be used to invite those recipients to alumni events. Employee information collected to administer an individual’s employment may be used or disclosed during a workplace investigation initiated by that individual.
How we collect personal information
The Department collects personal information only by lawful and fair means. It is our usual practice to collect personal information directly from you or your authorised representative when you deal with us by telephone, letter, email, face-to-face or online. In particular, when you use one of the websites maintained by the Department, including www.dfat.gov.au, www.passports.gov.au, www.smartraveller.gov.au, www.foreignminister.gov.au, www.trademinister.gov.au, www.asis.gov.au and www.embassy.gov.au and their sub-domains, we may collect the personal information provided to us via online forms on these websites including when you subscribe to a list, register your travel details or purchase a publication. We do not collect your personal information when you only browse our website.
We may collect personal information from another source including a third party where you consent, where it is unreasonable or impractical to collect the information only from you or where we are required or authorised to do so by law. For example, we collect the name and contact detail of guarantors provided by passport applicants on their passport application forms as it is unreasonable or impractical to collect this information directly from a guarantor. We may collect personal information from third parties or publicly available sources in the course of assessing competitive tender and grant applications.
The Department may collect ‘sensitive information’ about you where you have consented, where the collection is required or authorised by law or where the Department is otherwise permitted under the Privacy Act including where we reasonably believe that the collection is necessary for our diplomatic or consular functions or activities.
How we store and protect personal information
We take steps to protect the personal information we hold against misuse, interference and loss; and from unauthorised access, modification or disclosure. These steps include password protection for electronic files, securing paper files in locked cabinets and physical access restrictions.
Personal information held by the Department in Commonwealth records is managed securely through our recordkeeping system. Staff members across the Department have access to personal information on a need to know basis only. When no longer required to be retained as part of a Commonwealth record, personal information is destroyed in accordance with the Archives Act 1983.
How we use and disclose personal information
Your personal information will only be used and disclosed for the purpose for which it was collected, or otherwise in accordance with the Privacy Act. For example, we use and disclose personal information collected to respond to the assistance sought, application or enquiry made or to make referrals.
Sometimes, we will pass your personal information to other government agencies or organisations, including overseas governments or organisations, for the purpose of assisting with your enquiry or application.
We only use and disclose personal information (for example, to another Australian government agency) for the purpose for which it was collected (the primary purpose) unless one or more of the following applies:
- you have consented to use or disclosure for a secondary purpose
- you would reasonably expect the information to be used or disclosed for a secondary purpose which is related to the primary purpose, or in the case of sensitive information where the secondary purpose is directly related to the primary purpose
- it is required or authorised by or under law
- we reasonably believe that use or disclosure is necessary for our diplomatic or consular functions or activities
- it is reasonably necessary for enforcement activities conducted by or on behalf of an enforcement body
The following are some examples of how we may use and disclose personal information:
- in a crisis overseas, we may use personal information provided by family members to locate, identify and assist Australians in distress. We may disclose personal information to other agencies and bodies directly involved in the crisis response.
- if you make an enquiry for information or write to the Department or one of our portfolio Ministers making representations on a particular issue, we may disclose your personal information to another government department or Minister so that your enquiry or correspondence is addressed by the appropriate entity within parliament or government.
- if you apply for a scholarship, the personal information provided in your application will be used to assess your application and may be disclosed to Australian educational institutions.
- if you apply for an Australian passport we may disclose your personal information in accordance with the law to the immigration department, civil registries and licensing authorities to verify information and assist to establish your identity and eligibility for a passport.
Disclosure of personal information to overseas recipients
The Department’s core functions include the provision of consular assistance to Australian citizens and the administration of the Australian aid program. In order to fulfil these functions, it is likely that some personal information will be disclosed to overseas recipients. For example, we may disclose your name and travel details to a foreign emergency service so that they may locate or assist you in the event of a crisis or emergency in that country. We operate a network of offices via our overseas posts in order to deliver our services globally.
We do not disclose your personal information to any overseas recipient unless one of the following applies:
- the recipient is subject to a law or binding scheme substantially similar to the APPs, and the individual can access mechanisms for protecting their privacy
- you have consented to the disclosure after being expressly informed that we will not be taking reasonable steps to ensure that the overseas recipient does not breach the APPs
- it is required or authorised by law
- we reasonably believe it is necessary for our diplomatic or consular functions and activities, or it is otherwise in accordance with the Privacy Act
- it is required or authorised by an international agreement relating to information sharing to which Australia is a party
- it is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body and the recipient performs similar functions.
How to access or correct your personal information held by DFAT
How you access or correct your personal information depends on which part of the Department you have had dealings with. For example, in order to access or amend your passport information, information will be held by the Australian Passport Office and access or requests for correction should be made to www.passports.gov.au. Consular case file information is held by the Consular Operations Branch and access or requests for correction should be directed to firstname.lastname@example.org. If you are unsure where your information might be held please contact us (see details at the end of this Policy).
If you wish to access personal information we hold about you, or to correct that personal information, we will allow access or make the changes unless we are required or authorised under the Privacy Act, the Freedom of Information Act 1982 or other relevant law to refuse access or correction.
We take your privacy seriously and make all efforts to protect your personal information from misuse, interference, and loss; and from unauthorised access, modification or disclosure. If you are concerned about the Department’s handling of your personal information, you may wish to raise your concern directly with the area of the Department involved. This may allow for an informal and direct resolution of your complaint.
If you are not satisfied with this outcome, or prefer to make your complaint directly to the Department’s central privacy area, you may send your complaint in writing to either:
Freedom of Information and Privacy Law Section
RG Casey Building
John McEwen Crescent
BARTON ACT 0221
If you make a formal complaint we will gather as much relevant background information as possible in the circumstances. In order to assist the Department in its consideration of your complaint please provide as much information as possible in describing how you think your privacy has been interfered with, including:
- What happened
- When it happened (including dates)
- What personal information of yours was affected
- Who did it (include individual names if known)
- How and when you found out about it
- Your contact details
- Any other relevant information, including what, if any, outcome you might be expecting from the complaint process.
If the alleged privacy breach involves personal information which does not belong to you we will ask you for evidence that you have authority to act on behalf of the person whose information is in issue before proceeding any further. Your complaint will be considered by a departmental officer who has not been involved in the conduct about which you are complaining.
We will provide a written response to your formal complaint. If a breach of the APPs has been identified as a result of your complaint, we will advise you of the findings and proposed follow up action which may include, for example, an apology, targeted staff training, revised security or storage arrangements, or amendment of forms to prevent similar situations arising.
If you are not satisfied with our response, you may wish to submit a complaint to the Office of the Information Commissioner in Sydney:
T: 1300 363 992
Post: Director of Privacy Case Management
Office of the Australian Information Commissioner
GPO Box 5218
You may also complain directly to the Office of the Australian Information Commissioner (OAIC) rather than to the Department. If you make a complaint directly to the OAIC the OAIC may recommend that you try to resolve the complaint directly with the Department in the first instance.
61 2 6261 1111
Freedom of Information and Privacy Law Section
RG Casey Building
John McEwen Crescent
BARTON ACT 0221