View a PDF version of this policy.
About this policy
This policy is written in simple language. The specific legal obligations of the EPD when collecting, holding, using and disclosing personal information and individual’ s rights in relation to their personal information are outlined in the Information Privacy Act 2014 and in particular in the Territory Privacy Principles found in that Act.
"Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not."
It does not include personal health information about an individual which is covered by the Health Records (Privacy and Access) Act 1997.
The EPD collects, holds, uses and discloses personal information to carry out functions, activities and duties. The Public Sector Management Act 1994, Information Privacy Act 2014, Territory Records Act 2002, Health Records (Privacy and Access) Act 1997 as well as a range of Directorate specific legislation have provisions for the collection and management of personal information.
These functions and activities include, for example:
- administering relevant Territory legislation
- providing advice on land, planning, environment and sustainability
- consulting with stakeholders, for example, on variations to the Territory Plan or Master Planning documents
- maintaining registersabout occupational license holders
- responding to access to information requests including through legal compulsion, such as subpoenas
- communicating with the public, stakeholders and the media including through websites and social media
- managing privacy and freedom of information (FOI) requests and FOI reviews
More specific detail in regard to what information we collect, how it is held, what it is used for, and who it is disclosed to, is detailed in the Information Privacy Annex included with this Policy.
- the kinds of personal information that EPD collects and holds
- how EPD collects and holds personal information
- the purposes for which EPD collects, holds, uses and discloses personal information
- how an individual may access personal information about themselves that is held by EPD and seek correction of that information
- how an individual may complain about a breach of the Territory Privacy Principles, any Territory Privacy Principle code that binds EPD, and how EPD will deal with the complaint
- whether EPD is likely to disclose personal information to overseas recipients, and if so, the countries in which the recipients are located
Generally when you deal with EPD (for example when calling on the phone to make an enquiry) you have the option of remaining anonymous or using a pseudonym (a made up name).
However, in some situations EPD will need you to provide your name in order to provide services or assistance to you (particularly if you require a formal response), or if we are authorised or required by law to deal with an identified individual.
If it is impracticable or unlawful for us to deal with you without you providing identifying information we will let you know why we need your personal information and what it will mean for you if the information is not collected.
Kinds of information we collect and hold
The Information Privacy Annex provides more detail in regard to the information the EPD collects relating to its specific functions, activities and duties.
It is important to note that EPD tries to only collect the minimum information that the Directorate needs to perform, or is directly related to the performance of, its functions, activities. The personal information we collect and hold will vary depending on what we are required to perform and our responsibilities.
It may include:
- information about your identity (e.g. date of birth, country of birth, passport details,visa details and drivers license)
- your name, address and contact details (eg phone,email and fax)
- information about your personal circumstances (e.g. age, gender, marital status and occupation)
- information about your financial affairs (e.g. payment details, bank account details, and information about business and financial interests)
- information about your employment (e.g. applications for employment, work history, referee comments and remuneration)
- information about assistance provided to you under our assistance arrangements
Sensitive information is handled with additional protections under the Information Privacy Act. Sensitive information is information that is about an individual's:
- racial or ethnic origin
- political opinions
- membership of a political association
- religious beliefs or affiliations
- philosophical beliefs
- membership of a professional or trade
- membership of a trade union
- sexual orientation or practices
- criminal record
- biometric information (including photographs, voice or video recordings of you)
Normally EPD will not collect sensitive information without your consent. However, sometimes we may collect sensitive personal information without your consent, such as when it is required or authorised by a law, a court or tribunal order, or is necessary to prevent a threat to the life, health or safety of one or more individuals, or to public health or safety.
EPD will not collect personal information about you if we do not need to.
How do we collect personal information
EPD will only collect information by lawful and fair means. The main way EPD collects personal information about you is when you provide it to EPD.
Your personal information may be collected in a variety of ways, including through paper or online forms, in correspondence to and from you as well as email, over the telephone and by fax.
EPD collects personal information such as contact details and complaint,review, request or report details when:
- we are required or authorised by law or a Court or tribunal order to collect the information
- you participate in community consultations, forums or make submissions to us, and you consent to our collection of your personal information
- you contact us to ask for information (but only if we need it)
- you make a complaint about the way we have handled an FOI request or seek a review of an FOI decision
- you ask for access to information that EPD holds about you or other information about the operations of EPD
We may also collect contact details and some other personal information if you are on our committees or participating in a meeting or consultation with us.
Normally we collect information directly from you unless it is unreasonable or impracticable to do so. In certain circumstances, for example where it is required by law, we may also obtain personal information collected by other Australian, state and territory government bodies or other organisations.
We also collect personal information from publicly available sources where that may enable us to perform our functions effectively.
Notice of collection
When EPD needs to collect personal information from you we will notify you about:
- who we are and how you can contact us
- the circumstances inwhichwe may or have collected personal information
- the name of the law that requires us to collect this information (if any)
- the purposes for which we collect the information
- how you may be affected if we cannot collect the information we need
- the details of any agencies or types of agencies which we normally share personal information with, including whether those recipients are overseas, and which countries those recipients are located in
- The notice will be included on paper or electronic forms and on the EPD website if it collects any personal information.
Collecting through our websites
Social Networking Services
EPD utilises social media for engaging with the community. As a general principle the Directorate does not collect personal information via social media platforms. If a community member provides personal information via social media, EPD’s moderators will request that the community member take the discussion ‘offline’ by providing the personal information via another source, such as via email, or by contacting the Access Canberra Contact Centre on 13 22 81.
Personal information is collected for mailing lists for the purposes of communicating with individuals or groups who are interested in receiving news and details of consultation about planning. The personal information on these records relates to customers and stakeholders of the agency.
Information collected includes names, contact details such as email addresses and organisational information.
This information is not disclosed outside of the Directorate or used for purposes other than the stated purpose.
Use and disclosure
EPD will not use your personal information for a secondary purpose or share your personal information with other government agencies, private sector organisations or anyone else without your consent, unless an exception applies.
Exceptions are available a number of circumstances including when -
- you would reasonably expect us to use the information for the secondary purpose that is related (or directly related - in the case of sensitive information) to the original purpose for which the information was collected
- the use or sharing of information is legally required or authorised by an Australian law, or court or tribunal order
- the collection is reasonably necessary for an law enforcement-related activity such as the prevention, detection, investigation prosecution or punishment of criminal offences or breaches of the law; intelligence gathering, surveillance, conduct of protective or custodial services we reasonably believe that collection is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
- we have reason to suspect unlawful activity, or misconduct of a serious nature, that relates to our functions and we reasonably believe that collection of the information is necessary in order for us to take appropriate action
- we reasonably believe that the collection is reasonably necessary to help locate a person who has been reported as missing.
If EPD has this information it is allowed to provide your biometric information (such as your fingerprints or photograph) or your biometric templates (digital representations of your distinct characteristics) to an enforcement body (like the Australian Federal Police, Department of Immigration) if we comply with any guidelines made by the Information Privacy Commissioner.
EPD may also disclose personal information to Commonwealth intelligence agencies where that disclosure is authorised by the head of the intelligence agency and the agency certifies that the collection of the personal information from the EPD is necessary for its functions.
More information in regard to disclosures can be found in the Information Privacy Annex included with this policy.
Sharing information with service providers
EPD contracts with service providers to support the Directorate to carry out specific activities and functions of the Directorate.
In some circumstances it may be necessary for EPD to share personal information with these service providers to enable them to perform their functions efficiently and effectively.
In these situations we protect personal information by only entering into contracts with service providers who agree to comply with Territory requirements for the protection of personal information.
Storage and security of personal information
EPD is required to take reasonable steps to ensure that personal information it holds is safe and secure.
We strive to protect your personal information from misuse, interference or loss and from unauthorised access, use, modification or disclosure in accordance with the Information Privacy Act 2014.
The Territory Records Act establishes frameworks for the management ofyour personal information if it is held within the files or data systems of EPD.
Our IT systems employ comprehensive protections to guard against unauthorised access. Paper- based files are stored securely.
As a part of our general practice personal information is only available to staff who need to have access in order to perform their roles.
Accessing your personal information
Inaccordance with the Information Privacy Act (Territory Privacy Principles 12 and 13) you have the right to ask for access to personal information that EPD holds about you. You are also entitled to request that we correct that personal information, if you believe it is no longer accurate or up-to-date.
Ifyou contact usto request access to your personal information we must provide you with access to your information inan appropriate manner, if it is reasonable and practicable to do so.
If it is not reasonable or practicable we must respond to your request in writing within 30 days telling you why we are unable to provide you with access to that information.
We will not charge you any fees for making the request or providing you with access.
You also have the right underthe Freedom of Information Act 1989 to request access to documents that we hold and ask for information that we hold about you to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.
Individuals can obtain information regarding access to their personal information by contacting the Information Manager via email to EPDCorporate@act.gov.au or by contacting the Access Canberra Contact Centre on 13 22 81.
Correcting your personal information
If you ask EPD to correct your personal information, we must take reasonable steps to correct the information if we are satisfied that it is incorrect, inaccurate, incomplete irrelevant, out-of-date or misleading.
If we agree to correct information and that information has previously been shared with another agency, you may request that we notify the other agency of the possible need for them to correct that information.
There may be reasons why we refuse to correct that information, for example if we are required or authorised by law not to correct the information.
If we refuse to correct the information we must give you written notice of why we have refused to correct your information and how you may complain about our decision, within 30 days.
If we refuse to correct your personal information, you can ask us to attach or link a statement that you believe the information is incorrect and why to the information.
We will not charge you any fees for making the request for correction, correcting the information or attaching a statement to the personal information.
Insome circumstances and if it isappropriate, we can assist you to correct your personal information heldbyus if itis nolonger accurate, up-to-date andcomplete.
How to make a complaint
Complaints about how EPD has managed your personal information need to be made in writing to the contact details below. We are also able to assist you to lodge your complaint if required.
We will consider your complaint and make every effort to work with you resolve your issues satisfactorily.
We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.
If you are not satisfied with our response you may ask for a review by a more senior officer or you can make a formal privacy complaint to the Australian Privacy Commission under section 34 of the Information Privacy Act.
The Australian Privacy Commission is an independent body that will assess your complaint and can make a determination that our actions are an interference with your privacy. If your complaint is upheld by the Commissioner you may be able seek a remedy in the Magistrates Court.
How to contact us
Telephone: 13 22 81
In person: Dame Pattie Menzies House, South Building, 16 Challis Street, Dickson
Disclosure of personal information overseas
In some circumstances EPD may need to share or store information with overseas recipients.
If this disclosure is necessary we will take reasonable steps before disclosing the information to ensure that the recipient treats the personal information with the similar standard of care as is required by the Information Privacy Act.
In some cases, the information will already be sufficiently protected under the law governing the overseas recipient, and you can access mechanisms to enforce those protections.
If it is practical and reasonable to do so we will obtain your consent to overseas disclosure.However, there may be situations where we are unable,for example, where we share information as part of a law enforcement activity Quality of personal information
EPD is required to take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete.
Personal information we use or disclose must also be relevant for the purpose for which we use or disclose it.