We respect and protect the privacy of our users.
We do not automatically collect personal information about you when you visit this online service. You can use this service without telling us who you are or revealing other personal information. If you fill out our feedback form, you do not need to identify yourself or use your real name.
This statement applies to the dta.gov.au website managed by the Digital Transformation Agency (DTA).
If you fill out the feedback or contact us form on any of our pages we will collect the email address you provide and any other identifying information you include, such as a name or phone number.
Other than circumstances such as unlawful activity or serious threats to health and safety, we do not share personal information. If you ask us about an issue that needs to be dealt with by another agency, we will provide you with the necessary details to make contact yourself. You may opt out of further contact from us at any time.
How we deal with complaints and requests
At no cost you can:
- request access to personal information about you that we hold
- ask us to correct your personal information if you find that it is not accurate, up-to-date or complete
- make a complaint about our handling of your personal information.
To protect your privacy and the privacy of others, we will need evidence of your identity before we can grant you access to information about you or change it.
You can request information by email, or send your request or complaint to GPO Box 457, Canberra, ACT 2601.
We undertake to respond within 30 days. If the request or complaint will take longer to resolve, we will provide you with a date by which we expect to respond.
How we protect your personal information
This site is hosted in Australia in secure, government accredited facilities. To help protect the privacy of data and personal information we collect and hold, we maintain physical, technical and administrative safeguards.
Access to your personal information is restricted to employees who need it to provide services to you.
Our website uses a range of analytics services which send website traffic data to servers offshore. These services do not identify individual users or associate your IP address with any other data held by the company for other purposes. We use reports provided by analytics providers to help us understand website traffic and webpage usage.
MailChimp and privacy consent
The DTA will only use this information to:
- create, send and manage emails relating to the work of the DTA
- measure email campaign performance
- improve the features for specific segments of customers
- evaluate your use of our website
- compile reports on website activity for website operators, and
- provide other services relating to website activity and internet usage.
MailChimp may transfer this information to third parties where required to do so by law, or where such third parties process the information on MailChimps’s behalf. MailChimp collects information about when you visit the website, when you use the services, your browser type and version, your operating system, and other similar information.
MailChimp is based in the United States of America (USA) and the information collected about your use of the website (including your IP address) will be transmitted to and stored by MailChimp on servers located outside Australia. We are required to inform you that by subscribing to our eNewsletter:
- You understand and acknowledge that this service utilises a MailChimp platform, which is located in the United States of America (USA) and relevant legislation of the USA will apply.
- Australian Privacy Principle 8.1 contained in Schedule 1 of the Privacy Act will not apply.
- You understand and acknowledge that MailChimp is not subject to the Privacy Act 1988 (Cth) and you will not be able to seek redress under the Privacy Act 1988 (Cth) but will need to seek redress under the laws of the USA.
The DTA website is bound by the Privacy Act 1988 (Cth), including the Australian Privacy Principles.
We also follow the Guidelines for Federal and ACT government websites issued by the Office of the Australian Information Commissioner.
Privacy Impact Assessments
A Privacy Impact Assessment (PIA) is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising, or eliminating that impact.
While PIAs assess a project’s risk of non-compliance with privacy legislation and identify controls to mitigate the risk, a PIA is much more than a simple compliance check. It should ‘tell the full story’ of a project from a privacy perspective, going beyond compliance to also consider the broader privacy implications and risks, including whether the planned uses of personal information in the project will be acceptable to the community. PIAs are key to building community trust and have a range of other benefits, such as demystifying the project and its objectives
From 1 July 2018, the Australian Government Agencies Privacy Code require agencies to conduct a PIA for all high privacy risk projects. A high privacy risk project is one that involves a new or changed way of handling personal information that is likely to have a significant impact on the privacy of individuals.
A register of PIAs completed by the DTA can be found below.
|Initial Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) Alpha||The purpose of this PIA is to assist in identifying and managing privacy issues that are raised by the broad concept and design of the overall Trusted Digital Identity Framework (TDIF) and some of its components. The key components are: 1. The proposed development of mandatory standards, policies and agreements for all TDIF participants; 2. The proposed development of an Identity Exchange; and 3. The proposed development of a Commonwealth Identity Provider (IdP)||05 December 2016||Galexia|