The Department of Education and Training (‘the department’) is responsible for national policies and programmes that help Australians access quality and affordable childcare; early childhood education; school education; post-school, higher education; international education and academic research.
More information is available on the Department of Education and Training website.
- a student;
- a parent or guardian;
- a child care provider;
- a principal or teacher;
- an academic or researcher;
- a participant in a programme or service delivered by us;
- a contractor, consultant, or supplier of goods or services to us;
- an applicant for a grant or a tenderer for a contract provided by us;
- a policy stakeholder who works with us;
- a person whose information may be given to us by a third party, including other Australian Government agencies
- an entrant in a competition conducted by us;
- a current or past employee;
- a person seeking employment with us;
- any other individual whose personal information we may collect or hold from time to time.
- describe the types of personal information that we collect, hold, use and disclose;
- outline our personal information handling systems and practices;
- enhance the transparency of our management of personal information;
- explain our authority to collect your personal information, why it may be held by us, how it is used and how it is protected;
- notify whether we are likely to disclose personal information to overseas recipients and, if possible, to whom;
- provide information on how you can access your personal information, correct it if necessary and complain if you believe it has been wrongly collected or inappropriately handled.
- how we collect, use, disclose and store your personal information; and
- how you can contact us if you want to access or correct personal information we hold about you.
Full details of these practices are contained in this document.
Privacy Act 1988
The department, including its employees, contractors and agents, is subject to the Privacy Act 1988 (the Privacy Act) and to the requirements of the Australian Privacy Principles (APPs) contained in the Privacy Act.
The APPs regulate how federal and ACT public sector agencies and certain private sector organisations can collect, hold, use and disclose personal information and how you can access and correct that information.
‘Personal information’ means information (or an opinion), whether true or not, in any form that can identify a living person1.
The APPs only apply to information about individuals, not information about corporate entities such as businesses, firms or trusts. Detailed information and guidance about the APPs can be found on the website of the Office of the Australian Information Commissioner (OAIC) – http://www.oaic.gov.au/.
It covers how we collect and handle personal information, including sensitive information.
‘Sensitive information’ means personal information about you that is of a sensitive nature, including information about health, genetics, biometrics or disability; racial or ethnic origin; religious, political or philosophical beliefs; professional association or trade union memberships, sexuality; or criminal record2. Special requirements apply to the collection and handling of sensitive information.
Our Personal Information Handling Practices
Collection of personal information
Personal information may be collected directly by us, or by people or organisations acting on our behalf (e.g. contracted service providers). It may be collected directly from you, or on your behalf from a representative you have authorised.
We may also obtain personal information collected by other Australian Government agencies, state or territory governments, other third parties, or from publicly available sources. This will only occur where you consent, where it is unreasonable or impractical to collect the information only from you or where we are required or authorised to do so by law.
We are also authorised to collect personal information (which may also be defined as ‘protected information’ where relevant) under a range of Acts that we administer. These include:
- A New Tax System (Family Assistance) Act 1999
- A New Tax System (Family Assistance) (Administration) Act 1999
- Australian Education Act 2013
- Child Care Act 1972
- Education Services for Overseas Students Act 2000
- Higher Education Support Act 2003
- Schools Assistance Act 2008
Under the APPs, we will only collect information for a lawful purpose that is reasonably necessary or directly related to one or more of our functions and activities under the portfolio legislation listed above, or where otherwise required or authorised by law.
When we collect personal information, we are required under the APPs to notify you of a number of matters. These include the purposes for which we collect the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information, including if those persons or bodies are located overseas. We usually provide this notification by including privacy notices on our paper based forms and online portals.
Types of personal information collected by us
We collect and hold a broad range of personal information in records relating to:
- employment and personnel matters for our staff and contractors (including security assessments);
- the performance of our legislative and administrative functions;
- individuals participating in our funded programmes and initiatives;
- the management of contracts and funding agreements;
- the management of fraud and compliance investigations;
- the management of audits (both internal and external);
- correspondence from members of the public to us and our Ministers and Parliamentary Secretaries;
- complaints (including privacy complaints) made and feedback provided to us;
- requests made to us under the Freedom of Information Act 1982(Cth); and
- the provision of legal advice by internal and external lawyers.
This personal information may include but is not limited to:
- your name, address and contact details (e.g. phone, email and fax);
- photographs, video recordings and audio recordings of you;
- information about your personal circumstances (e.g. marital status, age, gender, occupation, accommodation and relevant information about your partner or children);
- information about your financial affairs (e.g. payment details, bank account details and information about business and financial interests);
- information about your identity (e.g. date of birth, country of birth, passport details, visa details, drivers licence);
- information about your employment (e.g. work history, referee comments, remuneration);
- information about your background (e.g. educational qualifications, the languages you speak and your English proficiency);
- government identifiers (e.g. Centrelink Reference Number or Tax File Number);
- information about assistance provided to you under our funding arrangements; and
- information about entitlements under Australian Government legislation.
More detailed information can be found in our Personal Information Holdings document which is available by contacting the Privacy Contact Officer whose details are at section 5.1 below.
Collection of sensitive information
In carrying out our functions and activities we may collect personal information that is sensitive information (see section 1.4). The APPs impose additional obligations on us when collecting, using or disclosing sensitive information. We may only collect sensitive information from you:
- where you provide your consent; or
- where required or authorised by law; or
- where a permitted general situation exists such as to prevent a serious threat to safety.3
We also collect sensitive information where authorised to do so for the purposes of human resource management, fraud investigations, taking appropriate action against suspected unlawful activity or serious misconduct, and responding to inquiries by courts, tribunals and other external review bodies. More detailed information on our sensitive information holdings is contained in our Personal Information Holdings document which is available by contacting the Privacy Contact Officer whose details are at section 5.1 below.
Collecting personal information from children and young people
In carrying out our functions and activities we may collect personal information about children and young people, either directly from them, through their parents or guardians, or from their education providers. Where children and young people are over the age of 16, our general policy is to collect information directly from them as they are likely to have the capacity to understand any privacy notices provided to them and to give informed consent to collection. For children under the age of 16, or where capacity to provide consent is at issue, our policy is that a parent or guardian will be notified and their consent sought.
Collection of unsolicited information
Sometimes personal information is not sought by us but is delivered or sent to us by either the individual or a third party without prior request.
Where unsolicited information is received by us, we will, within a reasonable period, determine whether that information is directly related to one or more of our functions or activities. If this cannot be determined, we will, as soon as practicable, destroy or de-identify the information. If this can be determined we will notify you of the purpose of collection and our intended uses and disclosures according to the requirements of the APPs, unless it is impracticable or unreasonable for us to do so.
How we collect personal information
We primarily use forms, online portals and other electronic or paper correspondence to collect your personal information. By signing paper documents or agreeing to the terms and conditions and disclaimers for electronic documents you are consenting to the collection of any personal information you provide to us.
We may also collect your personal information if you:
- communicate with us by telephone, mail, email, fax or SMS;
- attend a face to face meeting or event conducted by us or our contractors;
- use our website;
- interact with us on our social media platforms.
As noted at section 2.1, in certain circumstances we may collect and receive personal information about you from third parties including other Australian Government agencies and state and territory governments.
Remaining anonymous or using a pseudonym
We understand that anonymity is an important element of privacy and you may wish to remain anonymous, or use a pseudonym when interacting with us.
In many cases you will be able to advise us that you wish to remain anonymous or use a pseudonym during your contact with us, however in circumstances where it is likely we would need to collect your personal information, such as to resolve a dispute or provide you with a service, we will notify you accordingly at the time of collection.
Information collected by our contractors
Under the Privacy Act, we are required to take contractual measures to ensure that contracted service providers (including subcontractors) comply with the same privacy requirements applicable to us.
Storage and data security
We hold personal information in a range of paper-based and electronic records, including cloud computing.
Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government’s records management regime, including the Archives Act 1983, Records Authorities and General Disposal Authorities. This ensures your personal information is held securely.
We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse.
Access to your personal information held by us is restricted to authorised persons who are departmental employees or contractors, on a need to know basis.
Electronic and paper records containing personal information are protected in accordance with Australian Government security policies including the Attorney General’s Department’s Protective Security Policy Framework and the Australian Signals Directorate’s Information Security Manual.
We conduct regular audits to ensure we adhere to these policies.
We take all reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, relevant and not misleading.
Audits and quality inspections are also conducted from time to time to ensure the accuracy and integrity of information, and any systemic data quality issues are identified and resolved promptly.
Purposes for which information is collected, held, used and disclosed
We collect personal information for a variety of different purposes relating to our functions and activities including:
- performing our employment and personnel functions in relation to our staff and contractors;
- performing our legislative and administrative functions;
- policy development, research and evaluation;
- complaints handling;
- programme management;
- contract management; and
- management of correspondence with the public.
We use and disclose personal information for the primary purposes for which it is collected. You will be given information about the primary purpose of collection at the time the information is collected.
More detailed information about the primary purposes for which we collect, hold, use and disclose personal information is in our Personal Information Holdings document which is available by contacting the Privacy Contact Officer whose details are at section 5.1 below.
We will only use your personal information for secondary purposes where we are able to do so in accordance with the Privacy Act. This may include where you have consented to this secondary purpose, or where the secondary purpose is related (or if sensitive information, directly related) to the primary purpose and you would reasonably expect us to use or disclose the information for the secondary purpose, where it is required or authorised by law or where a permitted general situation exists such as to prevent a serious threat to safety.
Likely secondary purposes for which we may use or disclose your personal information include but are not limited to: quality assurance, auditing, reporting, research, evaluation and analysis, and promotional purposes.
Log information (browsing)
When you use our online services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your server address, your top level domain name (for example, .com, .gov, .au, .uk, etc), the date and time of visit to the site, the pages accessed and documents viewed, the previous sites visited, the browser type, the browser language, and one or more cookies that may uniquely identify your browser.
No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the website.
A cookie is a small file containing a string of characters to your computer that uniquely identifies your browser. It is information that your web browser sends back to our website server whenever you visit it again.
Links to External Websites
There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communication with us, such as post, fax or telephone (although these also have risks associated with them).
We only record your email address when you send a message to us or subscribe to one of our mailing lists. Any personal information, including email addresses, will only be used or disclosed for the purpose for which it was provided.
Disclosure of personal information overseas
We will, on occasion, disclose personal information to overseas recipients. The situations in which we may disclose personal information overseas include:
- the publication on the internet of material which may contain personal information, such as departmental reports and other documents; photographs, video recordings and audio recordings; and posts and comments on our social media platforms;
- the provision of personal information to overseas researchers or consultants (where consent has been given for this or we are otherwise legally able to provide this information);
- the provision of personal information to recipients using a web-based email account where data is stored on an overseas server; and
- the provision of personal information to foreign governments and law enforcement agencies (in limited circumstances and where authorised by law).
We will not disclose your personal information to an overseas recipient unless one of the following applies:
- the recipient is subject to a law or binding scheme substantially similar to the Australian Privacy Principles, including mechanisms for enforcement;
- you consent to the disclosure after being expressly informed that we will not be taking reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles;
- disclosure is required or authorised by law;
- disclosure is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body and the recipient performs similar functions.
It is not practicable to list every country to which we may provide personal information as this will vary depending on the circumstances.
Accidental or unauthorised disclosure of personal informationWe will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information. The department follows the OAIC’s Data breach notification — A guide to handling personal information security breaches when handling accidental or unauthorised disclosures of personal information.Legislative or administrative sanctions may apply to unauthorised disclosures of personal information.
Accessing and Correcting Your Personal Information
How to seek access to and correction of personal information
You have a right under the Privacy Act to access personal information we hold about you.
You also have a right under the Privacy Act to request corrections of any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
Our access and correction process
If you request access to or correction of your personal information, we must respond to you within 30 calendar days.
While the Privacy Act requires that we give you access to or correct your personal information on request, it does set out circumstances in which we may refuse you access or decline to correct your personal information.
If we refuse to give you access or decline to correct your personal information we will provide you with a written notice which, among other things, gives our reasons for refusing your request.
It is also possible to access and correct documents held by us under the Freedom of Information Act 1982. For information on this, please contact our FOI Coordinator (contact details are available on the Freedom of Information page of our website).
For further information on requesting access to or correction of your personal information please read our Guide to Accessing and Correcting Your Personal Information document on our website.
If you are unsatisfied with our response
If you are unsatisfied with our response, you may make a complaint, either directly to us (see section 5.1 below), or you may wish to contact:
How to make a complaint
Please be aware that it may be difficult to properly investigate or respond to your complaint if you provide insufficient detail. You may submit an anonymous complaint, however if you do it may not be possible for us to provide a response to you.
Our complaint handling process
We are committed to quick and fair resolution of complaints and will ensure your complaint is taken seriously and investigated appropriately. You will not be victimised or suffer negative treatment if you make a complaint.
For further information about our complaint handling process please read our Privacy Complaint Handling Policy document on our website.
If you are unsatisfied with our response
If you are not satisfied with the way we have handled your complaint in the first instance, you may contact the Office of the Australian Information Commissioner to refer your complaint for further investigation. Please note that the Information Commissioner may not investigate if you have not first brought your complaint to our attention.
Office of the Australian Information Commissioner
Telephone: 1300 363 992
Post: GPO Box 5218
Sydney NSW 2001
General enquiries, complaints, requests for access or correction
If you wish to:
- query how your personal information is collected, held, used or disclosed by us;
- request access to or seek correction of your personal information; or
- make a privacy complaint;
please contact us:
Privacy Contact Officer
People, Communication and Legal Group
Department of Education and Training
GPO Box 9880
Canberra ACT 2601
13 33 97 (please note this our main number)
Date policy last updated: 13 March 2014
1 See section 6 of the Privacy Act 1988 and the APP Guidelines issued by the Office of the Australian Information Commissioner.
2 As above.
3 For further information on the range of ‘permitted general situations’ see APP Guidelines – Chapter C