Complaints and Resolution is a Defence People Group website.
The Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act 1988 (Privacy Act), regulate how Defence, as an APP entity, collects, holds, uses and discloses personal information.
Generally, Defence collects personal information about individuals within Defence, including:
and individuals external to Defence, including:
Defence collects personal information both directly from the individual concerned, and from other persons, bodies or entities, including an individual's commander, manager and supervisor, and from specialist service providers, such as medical practitioners.
The purposes for which Defence collects personal information are outlined below in Part 4.
You are entitled to request access to personal information Defence holds about you or to request correction of that information. Information about how to do this is provided in Part 7.
Detailed information on the APPs can be found on the website of the Office of the Australian Information Commissioner (note this web link can only be opened in Chrome on the DRN).
Part 2 - Exemptions from the Privacy Act
Additionally, the APPs do not apply to operational information collected by Defence and personal information for special access programs under which foreign governments provide restricted access to technologies.
Part 3 - The kinds of personal information Defence collects and holds
'Personal information' is defined in subsection 6(1) of the Privacy Act as:
information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a. whether the information or opinion is true or not; and
b. whether the information or opinion is recorded in a material form or not.
Part 4 - Purposes for which Defence collects personal information
Defence will only collect personal information that is reasonably necessary for, or directly related to, its functions or activities.
As reflected in the Commonwealth of Australia Administrative Arrangements Order (AAO), which sets out the legislative and functional responsibility of the Minister for Defence and the Department, the Minister for Defence is responsible for the defence of Australia, which includes:
In order to satisfy these responsibilities and Defence's responsibilities under the various pieces of legislation it administers, Defence collects personal information for various purposes depending on the individual's relationship with Defence. Generally, Defence collects personal information for the following purposes:
Defence uses consultants, contractors and outsourced service providers to undertake certain business functions. Personal information about you may be collected by or provided to a Defence consultant, contractor or outsourced service provider when necessary. In situations where personal information about you is provided to a consultant, contractor or outsourced service provider, Defence practice is to generally retain effective control of the information. This is done by specifying in the terms of the contract that Defence is to maintain effective control of any personal information disclosed to and/or used by consultants, contractors or outsourced service providers. In situations where Defence discloses personal information about you to consultants, contractors or outsourced service providers and Defence does not retain effective control of the information, the information will only be used for purposes which are reasonably necessary for, or directly related to, Defence’s functions or activities.
Consultants, contractors and outsourced service providers who have access to personal information collected by Defence, or who collect personal information on behalf of Defence, may, if specified in the terms of their contract, be subject to the same information security policy, training and auditing requirements as Defence personnel and must also comply with the APPs.
Defence may disclose personal information about you to other APP entities, including:
Defence may disclose personal information about members who are attending the Australian Defence Force Academy to the University of New South Wales or to other educational institutions.
Defence may disclose personal information about you to a person who is not in Australia or an external territory (overseas recipient) where it relates to Defence activities or functions. Personal information about you may be disclosed in the country where the recipient is ordinarily located, or in a country where the recipient is or, is soon to be, undertaking work related activities. For example, where Australia is undertaking or participating in military operations or exercises, where it has a Defence establishment (such as RMAF Base Butterworth, located in Malaysia), or where Defence personnel are located overseas on posting, such as those performing a Defence Attaché role or an exchange posting, personal information may be disclosed to 'overseas recipients' in the countries where the activity is being undertaken.
Defence does not disclose personal health information to any other person, including next of kin, unless the individual about whom the information relates has given express consent, or the disclosure is required or authorised by or under Australian law, or in circumstance where it is unreasonable to obtain the individual's consent and the disclosure is necessary to lessen or prevent a serious threat to life, health or safety of an individual or to public health and safety.
If it is necessary for the acquisition or use of Defence equipment and capability, Defence may also disclose the personal information of those involved directly, or indirectly, to recipients in the countries where the recipients are located or the activities or functions are performed.
Part 5 - How Defence collects personal information about you
Defence endeavours to collect personal information about you directly from you where it is reasonably practicable to do so. Defence collects this information by the use of various forms; from information provided to commanders, managers and supervisors; and through PMKeyS (Defence's personnel and organisational data management system).
Due to the scope and nature of Defence activities it is not always possible to collect personal information from the individual concerned. Defence may collect personal information about you indirectly from a range of other sources including, but not limited to:
Defence may also generate personal information about you in the course of undertaking its functions or activities.
Part 6 - How Defence holds personal information about you
Defence stores personal information about you as hardcopy documents or as electronic data within its record management or information technology systems.
Defence protects personal information about you in accordance with the policy provided for in the Defence Security Manual in order to take reasonable steps to protect that information against loss, unauthorised access, use and disclosure, modification and misuse. Defence regularly conducts system audits to ensure that it adheres to its established protective and information security practices. Protective measures include password protections, access privileges, secure cabinets/containers and physical access restrictions. Documents containing personal information also carry the 'Sensitive: Personal' dissemination limitation marker and may also include a warning notation of ‘Health Information’, where appropriate.
Access to personal information about you is restricted to Defence personnel who have a need to access the information for purposes which are directly related to or reasonably necessary for their duties in support of Defence’s functions or activities.
Defence personnel are also required to undertake mandatory annual protective and information security training, and personnel with access to the Defence personnel management system must demonstrate knowledge and an understanding of the APPs. In addition to the statutory and policy security measures for the protection of personal information practised by Defence, reasonable steps must be taken to ensure that the information is protected.
Defence will only destroy personal information in accordance with statutory requirements, including the Archives Act 1983 and in consultation with relevant authorities authorised to destroy the information. The Defence Records Management Manual also contains policy on the retention and destruction of documents. Generally speaking, Defence records must be retained and accessible for as long as they are legally required.
Part 7 - Access to and correction of personal information
You have a right to request access to, or seek correction of, personal information held by Defence about you. Defence will attempt to provide you with access to personal information about you in the format you request. However, on occasion, this may not be possible and in some circumstances, access may only be granted through a third party, such as a medical practitioner. Defence will consult with you in these circumstances.
You can request correction of personal information about you from the area within Defence that collected the information. If you are unsure which area of Defence collected the personal information, you can contact the Defence Privacy Office, who will coordinate your application for correction. You should be aware that Defence's ability to correct or amend personal information may be limited where the information is contained in a Commonwealth record, as defined in the Archives Act 1983.
You can request access to the personal information Defence holds about you in several ways, depending on your circumstances.
Current ADF members can request access to their personal information through their chain of command.
Former ADF members can request access to their personal information contained in:
Defence Archive Centre—Fort Queenscliff (DAC-FQ)
GPO Box 1932
MELBOURNE VIC 3001
Defence no longer holds Army health records prior to 1947 or Air Force health records prior to 1952. For information about how to request these records, contact the Department of Veterans’ Affairs.
All ADF World War I and World War II records are held by the National Archives of Australia. For information about how to request these records contact the National Archives of Australia.
Current Defence APS employees may request personal information directly through their line manager, from the area that holds the information, or by contacting the Defence Service Centre – Cooma on 1800 333 362.
Former Defence APS employees may request personal information about them by contacting the Defence Service Centre – Cooma on 1800 333 362.
ADF recruitment applicants should contact the Defence Force Recruiting Centre at which their application was initially submitted, or call 13 19 01.
Individuals may request personal information about them held by the Australian Government Security Vetting Agency, which was provided for a security clearance process, by contacting the Director Vetting Governance at SecurityClearances@defence.gov.au.
If you are requesting personal information held about you and you are not, or have not been, an ADF member or Defence APS employee (for example a person doing business with Defence or a Defence contractor), you can request personal information about you by contacting the relevant area within Defence (for example, AGSVA or the Defence Export Control Office), or by contacting the Defence Privacy Office, who will assess and coordinate your access to the personal information requested.
Further information on the types of records held at the Defence Archives can be obtained from the Defence Archives web site.
Part 8 - Concerns about how personal information about you is handled
If you have questions about how personal information about you will be, or has been, handled by Defence, or if you believe that Defence has breached the APPs, you should contact the Defence Privacy Office. Your concerns may be forwarded to the relevant area within Defence for consideration and action, if appropriate.
Defence is committed to quick and fair resolution of privacy complaints. However, some cases may require more detailed inquiry. Defence undertakes to keep you informed of the progress of your complaint.
If you are dissatisfied with the way Defence handles your privacy-related complaint, you may contact the Office of the Australian Information Commissioner. Contact details for the Office of the Australian Information Commissioner are in Part 9.
Part 9 - Contact details
PO Box 7927
GPO Box 5218
Sydney NSW 2001
The kinds of personal information collected by Defence for purposes directly related to or reasonably necessary for its functions or activities include:
The kinds of sensitive information collected by Defence for purposes directly related to or reasonably necessary for its functions or activities include:
* An ADF member is defined in section 4 of the Defence Act 1903 to include an officer, soldier, sailor, airman or airwoman.
† A Defence APS employee means a person employed in the Department of Defence under the Public Service Act 1999.
‡ For the purposes of the Privacy Act, the Department of Defence includes the Australian Defence Force and the Australian Defence Force Cadet Organisations (Australian Navy Cadets, Australian Army Cadets and the Australian Air Force Cadets) and are collectively referred to as Defence.
** Defence personnel includes Australian Public Service employees in the Department of Defence (Defence APS employees), Defence members, Defence locally engaged employees, Defence civilians, and foreign personnel on exchange to Defence.