For guidance on personal information security breaches in Defence click here. The full guide to handling information security breaches can be found at The Office of the Privacy Commissioner website at http://www.privacy.gov.au/publications/breach_guide.pdf
Every attempt is to be made to resolve privacy complaints at the lowest, most appropriate level. If a matter cannot be resolved informally, and the complainant is dissatisfied, they should lodge a written complaint with the manager of the area responsible for the alleged privacy breach. The complaint should include:
- summary of the incident or description of the process (identify the relevant IPP, if known)
- any action taken in an attempt to resolve the matter prior to lodging the complaint
- how the alleged privacy breach has affected the complainant
- what outcome is sought by the complainant
- any relevant reference or supporting documents
- contact details of the complainant
Please note:Complaints relating to an ADF Health privacy matter are to be managed in accordance with Health Directive No 914 (available on the Defence intranet under Defence Documents) |
In all other cases, the manager of the responsible area is to acknowledge receipt of the complaint and should include the following details:
- Heading – Privacy Complaint Acknowledgement (STAFF-IN-CONFIDENCE)
- confirmation that the complaint has been received
- summary statement of the understanding of the complaint
- confirmation that the complaint is being investigated
- request for any further information (if required)
- point of contact
If the complaint has not been resolved within 28 days, the manager of the responsible area should provide the complainant with regular updates.
All privacy complaints are to be treated as STAFF-IN-CONFIDENCE and be managed in a manner consistent with the requirements of the Privacy Act 1988. Care should be exercised to ensure the personal information of all parties, not only the complainant, is managed appropriately.
In the first instance, the manager responsible for handling the complaint should report the complaint to Fairness and Resolution Branch. Deputy Director Privacy or Deputy Director Administrative Review in FR Branch will provide advice to assist in determining whether a breach has occurred and what, if any, remediation is required. In all instances, the manager is to inform the complainant of the final outcome of the investigation of the complaint and should include the following information:
- whether a breach has occurred
- the circumstances contributing to the breach or perception of a breach
- what corrective action has been taken
- if the complaint is substantiated and it is appropriate, an apology on behalf of the responsible area
- advice that if not satisfied with the outcome, the complainant may seek review through established complaint management processes (Defence contractors can only use contractual remedies or submit a complaint with the Office of the Privacy Commissioner)
Please note:If a complainant is dissatisfied with the handling and/or the outcome of their complaint they can request a Review of Actions (Defence APS employees) or submit a Redress of Grievance (ADF members) |
Case notes from various complaints and enquiries to the Office of the Privacy Commissioner have been published. A selection of the case notes that explore the applicable IPPs and are relevant to Defence personnel are available on the Questions and Answers (link) page of this website.