Privacy Policy (original) (raw)

Home

1. Overview

This policy applies to personal information collected by the Australian Electoral Commission (the ‘AEC’). The purpose of the policy is to:

clearly communicate the personal information handling practices of the AEC,
enhance the transparency of AEC operations, and
provide individuals with a better and more complete understanding of the sort of personal information the AEC holds, and the way the AEC handles that information.

The AEC is bound by the provisions of the Privacy Act 1988, (Privacy Act) including the Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for how we handle and maintain personal information. This includes how we collect, store, use, disclose, quality assure and secure personal information, as well as your rights to access or correct your personal information.

1.1 The Australian Electoral Commission

The AEC is established under the Commonwealth Electoral Act 1918 (Electoral Act) comprising a Chairperson, the Electoral Commissioner and one other member. The AEC is an entity for the purposes of the Privacy Act.

The Electoral Commissioner and the Australian Public Service employees who assist the Commissioner together constitute a Statutory Agency and the Electoral Commissioner is the principal executive of the agency. The functions and powers of the Commission are set out in section 7 of the Electoral Act.

The AEC is funded to deliver one purpose and one outcome – that is to maintain an impartial and independent electoral system for eligible voters through active roll management, efficient delivery of polling services, and targeted education and public awareness programs. The AEC must deliver electoral events, and its functions include:

ensuring confidence in and managing and maintaining the Commonwealth electoral Roll,
conducting successful electoral events, including federal elections, by-elections, referendums, industrial and fee-for-service elections and protected action ballots,
educating and informing the community about electoral rights and responsibilities and undertaking public awareness activities,
providing research, advice and assistance on electoral matters to the Parliament, other government agencies and recognised bodies,
providing assistance in overseas elections and referendums in support of wider government initiatives,
administering election funding, financial disclosure and party registration requirements, and
supporting electoral redistributions.

1.2 Anonymity and pseudonymity

In general, you have the right to interact anonymously or pseudonymously with the AEC. There are circumstances, however, where it is impractical for us to deal with individuals without knowing the identity of the individuals. This is particularly the case when interacting with the AEC in the performance of our statutory functions relating to the enrolment of electors and the conduct of elections. As these matters involve the exercise of individual rights and obligations, the AEC will require evidence of identity to enable the administration of those statutory functions to take place.

If you are seeking information of a general nature from the AEC, it is unlikely that you will be required to provide your real identity for that purpose. In general, you will not be disadvantaged by dealing anonymously or pseudonymously with us. However, without knowing your real identity, the type of information we are able to provide to you may be limited.

The Electoral Act prohibits the disclosure of information about one person to another person except in limited, specified circumstances. Those circumstances do not include requests by third parties for access to personal information held by the AEC, including requests by authorised representatives of an individual unless there is a specific authorisation that refers to the particular information in the possession of the AEC.

Before disclosing your confidential or personal information to you, the AEC will need to establish your identity. This is for the purpose of protecting you against the unauthorised disclosure of personal information that is in the possession of the AEC. Similarly, if you are seeking information about specific circumstances, we may be unable provide information without knowing the specific details of your request (which may require that you disclose your identity to us).

If you wish to deal anonymously or pseudonymously with the AEC, please advise us as early as possible.

2. Personal information handling practices

2.1 Collection of personal information

2.1.1 Means of collection

In carrying out its functions and activities, the AEC usually collects personal information about individuals directly from those individuals or their authorised representative(s). In certain circumstances we may also obtain personal information from third parties including that which is collected by other Australian, state and territory government bodies or organisations.

We only collect personal information from a third party or from a publicly available source, if:

the individual has consented to such collection or would reasonably expect the AEC to collect his or her personal information in this way, or
it is collected only when it is necessary for, or directly related to AEC functions or activities under the Electoral Act and the Referendum (Machinery Provisions) Act 1984 (the ‘Referendum Act’) and subordinate laws made under those Acts (collectively referred to as ‘Electoral Legislation’).

We collect this personal information in a variety of ways, including paper-based forms, by electronic means including online (through our website, the AEC mobile application (the ‘mobile App’) and by email), over the telephone and by fax.

2.1.2 Kinds of personal information collected

The AEC only collects personal information where that information is reasonably necessary for, or directly related to, one or more of our functions or activities.

The AEC maintains an impartial and independent electoral system for eligible voters through active electoral Roll management, efficient delivery of polling services and targeted education and public awareness programs.

The personal information we collect and hold will vary depending on what we require to perform our functions and responsibilities. It may include:

information about your identity (such as date of birth, country of birth, passport details, visa details, photographs and drivers licence)
name, address and contact details (such as telephone, email and facsimile)
information about your personal circumstances (such as age, gender, marital status and occupation)
information about your financial affairs (such as payment details, bank account details, and information about business and financial interests)
information about your employment (such as applications for employment, work history, referee comments and remuneration)
government identifiers
the management of contracts
correspondence from members of the public or organisations to the AEC, the Special Minister of State and other Australian Government ministers and parliamentary secretaries, including submissions to consultations
complaints (including complaints relating to privacy) and feedback provided to us
requests made to us under the Freedom of Information Act 1982 (FOI Act)
information contained in candidate nomination forms, candidate qualification checklists and additional documents provided by a candidate running for the House of Representatives or the Senate
legal advice provided by internal and external lawyers
employment and personnel matters for our staff and contractors.

The APPs place more stringent obligation on entities when they handle ‘sensitive information’1. Generally, we will only collect sensitive information if you consent and it is reasonably necessary for, or directly related to, one or more of our functions or activities. Sometimes we may collect or deal with sensitive personal information without your consent, such as when it is required or authorised by a law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Executive authority of the Australian Government.

The range of sensitive personal information we may collect and hold, includes:

racial or ethnic origin
health (including information about medical history and any disability or injury)
membership of a political association
political opinions
membership of a trade union
criminal activities, and
biometrics.

2.2 Use and disclosure of personal information

The AEC collects and holds personal information for the purpose of carrying out its functions and activities. In some cases, the AEC may use or disclose personal information for a purpose other than that for which it was collected, but we will not give your personal information to other government agencies, private sector organisations, or anyone else unless you consent or one of the following exceptions applies:

you would reasonably expect us to use the information for that other purpose
it is legally required or authorised, such as by an Australian law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Executive authority of an Australian government
we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary in order for us to take appropriate action in relation to the matter.

The Electoral Act prohibits the disclosure of information about one person to another person except in limited, specified circumstances.

The Electoral Act provides for public inspection of the Commonwealth electoral Roll.

The Electoral Act also provides for lawful disclosure of electoral Roll information to a range of organisations but it also precludes any further use or disclosure of that personal information for other than a permitted purpose.

Access to personal information by third parties including requests by authorised representatives of an individual is only permitted when there is a specific authorisation that refers to the particular information in the possession of the AEC.

There is nothing in the Electoral Act that authorises the recipient of a power of attorney to do anything that an elector is required to do merely by virtue of holding that power of attorney. Accordingly the AEC will not disclose personal information in the absence of a specific authorisation even where a power of attorney has been given.

As part of the nomination process, the Electoral Act sets out that individuals nominating as candidates for election as a Senator or Member of the House of Representatives must answer every mandatory question of the qualification checklist. The Electoral Act also provides for personal information collected from a candidate’s qualification checklist to be disclosed through publishing the qualification checklists and any additional documents provided on the AEC website and by delivering qualification checklists and any additional documents provided by successful candidates (those elected) to the relevant House of Parliament.

2.2.1 Disclosure of personal information to overseas recipients

Most personal information collected and held by the AEC will not be disclosed to anyone who is overseas. We may need to provide your personal information to an overseas recipient as part of our work. The Electoral Act enables certain electors residing outside Australia to be included on the electoral Roll. Information may be provided to an AEC service provider who delivers services for the AEC to overseas electors.

If we are unable to seek your consent to provide your personal information to an overseas recipient, or it is impractical to do so, we will only provide your personal information to an overseas recipient if we are allowed to do so under the Privacy Act.

2.3 Access and correction

You have a right to access personal information we hold about you. That right of access must be exercised by you as an individual and not your nominated representative unless you have given a specific authorisation that refers to the particular information in the possession of the AEC. A power of attorney will not suffice as the authorisation.

You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

If you wish to request access or correction, please contact the AEC's Privacy Contact Officer. Before providing access to or correcting personal information about you, we will require you to verify your identity.

It is also possible to access and correct documents held by us under the FOI Act. In some circumstances we will suggest that you make your request under the FOI Act. This is because:

an FOI access request can relate to any document in our possession and is not limited to personal information
the FOI Act contains a consultation process for dealing with requests for documents that contain personal or business information about another person
you can complain to the Australian Information Commissioner about what we do under the FOI Act
if you are refused access under the FOI Act you have a right to apply for internal review or Information Commissioner review of the access refusal decision.

Find out more information about how to make a request under the FOI Act on the Freedom of Information page.

Individuals can request access to their own personal information contained in a candidate’s qualification checklist, or, in the additional documents provided with that qualification checklist, after the 40 day period for petitions disputing an election or return to be lodged has ended, and the checklists and additional documents have been removed from the AEC’s website. If you wish to request access to your personal information contained within a qualification checklist or additional documents provided with a qualification checklist, please contact the AEC’s Privacy Officer. It should be noted that APP 13 – correction and amendment of personal information - does not apply to these documents.

2.3.1 Refusal to give access or to correct information

The Privacy Act and the FOI Act sets out circumstances in which we can decline access to or correction of personal information. This includes situations where we are authorised or required to refuse access.

Generally, where we refuse to give you access, we will give you written notice of the reasons for refusal and the mechanisms available to you to dispute that decision.

2.4 Integrity of personal information

The Privacy Act requires us to take reasonable steps to ensure that the personal information we hold is safe and secure. We are also required to take reasonable steps to ensure that the personal information that we collect is accurate, up-to-date, and complete. This may include correcting your personal information where it is appropriate to do so.

2.4.1 Security of personal information

We aim to protect your personal information from loss, unauthorised access, use, modification or disclosure, and against other misuse. Among other things, we safeguard our Information and communications technology (ICT) systems against unauthorised access, and ensure that paper-based files are secured. We also ensure that access to your personal information within our systems is only available to those people who need to have access in order to do electoral work.

If a data breach occurs, such as if personal information that we hold is subject to unauthorised loss, use or disclosure, we will respond in line with the Office of the Australian Information Commissioner’s guidance on reporting a data breach. We will aim to provide timely advice to you to ensure you are able to manage any loss—financial or otherwise—that could result from the breach.

2.4.2 Retention and destruction of records

AEC records, including records containing personal information, and electoral documents are created, kept and destroyed in accordance with the Archives Act 1983 and the preservation and destruction provisions in the Electoral Act.

When the personal information that we collect:

is no longer required, and there is no law, or court or tribunal order requiring it to be maintained, or
becomes subject to the destruction requirements in the Electoral Act

we delete or destroy it in a secure manner.

2.4.3 Complaints

If you believe the AEC has breached any of the APPs, you may submit a complaint to the AEC. Complaints must be made in writing to the Privacy Contact Officer at the email or postal address listed in this policy.

You may submit a complaint anonymously. However, in order to properly consider and respond to your request, the AEC may require further information from you. Therefore, please include your contact details if you submit a complaint.

The AEC will respond to complaints within 30 days of receipt. Our contact details are set out in Section 4 below. If you are dissatisfied with the AEC's response to a complaint, you may complain to the OAIC. The OAIC is an independent external body.

2.5 Declarations of emergency or disaster

2.5.1 Handling personal information in declared emergencies and disasters

When an emergency declaration is in force, Part VIA of the Privacy Act allows us to collect, use and disclose personal information about an individual who we reasonably believe may be impacted by the emergency or disaster for permitted purposes, for example:

identifying those who are, or may be, injured, missing or dead, or involved in the emergency or disaster
helping individuals to access services including repatriation, medical or other treatment, health services and financial or other humanitarian assistance
helping law enforcement with the emergency or disaster
coordinating or managing the emergency or disaster
ensuring that people who are responsible for individuals are kept appropriately informed about those individuals and the emergency response to those individuals

Further information on handling personal information in declared emergencies and disasters is available on the OAIC website.

3. The AEC website and mobile App: protecting your privacy online

The AEC is committed to protecting privacy online in accordance with the Privacy Act and the Guidelines for Federal and ACT Government Websites issued by the Office of the Australian Information Commissioner.

3.1 Personal information submitted to the AEC electronically

Where the AEC collects personal information submitted directly by a user, those electronic records are stored securely in databases managed on behalf of the AEC by its ICT providers and in accordance with the AEC's ICT security policies and practices.

Where personal information is held in electronic files, access to it is restricted to AEC employees whose duties require access to the information.

3.2 Personal Information collected and held

The AEC automatically collects generic information about all visitors to its online resources. That information is very limited and only used to:

identify generic online resource usage patterns
improve our services, and
manage the AEC's servers, including maintaining security.

When visiting the AEC website the site server makes a record of the visit and logs the following information:

the user’s server's IP (Internet Protocol) address, a number which is unique to the machine through which the user is connected to the internet
the user's server address – this allows us to consider the visitors who use the site most, and tailor the site to their interests and needs
the user's operating system (for example Windows, Mac etc.) – this allows us to tailor browser or platform specific parts of the site to each operating system because browsers act differently on each platform
the user's top level domain name (for example .com, .gov, .au etc.) – this can allow us to tailor information relevant to different domains
the date and time of the visit to the site – this is important for identifying the website's busy times and ensuring maintenance on the site is conducted outside these periods
pages accessed and documents downloaded – this indicates to us which pages or documents are most important to our users and also helps identify important information that may be difficult to find
duration of the visit – this indicates to us how interesting and informative our site is to our users
geographic location – this shows us how well marketed our site is
the address of the referring site, such as the previous site that you visited before the AEC website – this helps us determine which sites are providing links to ours as well as sites where we may be able to seek links
the type of browser used – this is important for browser specific coding, for example JavaScript.

This information is used only for statistical analysis and systems administration purposes. No attempt is made to identify users or their browsing activities, except in the unlikely event of an investigation by a law enforcement agency.

If a user chooses to download and use the mobile App on a mobile device, they may be prompted to provide certain personal information, including the user's:

name
address or geocode (being a location the user identifies on a map)
postcode
electoral division

This information is used by the App to:

confirm the user’s enrolment details
customise their access to AEC services on the App
run periodic checks to ensure their details are consistent with those held by the AEC and that they have not been affected by a division redistribution.

This information is not collected and stored by the AEC. Instead, it will be stored locally on the user’s mobile device for future use. The AEC will only collect the IP address of the user (when conducting their on-boarding enrolment check), and names and addresses searched for on the electoral Roll (but not who has conducted the search) for audit purposes.

When using the mobile App, the App will automatically collect certain non-personal information, including aggregated data through the use of Google Analytics (see section 3.4 below). This data will be used to monitor and optimise the performance of the mobile App and the services it provides.

3.3 ‘Cookies’

A ‘cookie’ is an electronic token that is passed to your browser which passes it back to the server whenever a page is sent to you.

The AEC website uses a cookie to maintain contact through a session. The cookie allows the website to recognise you as a unique user as you move from one page of the website to another. The cookie will expire when the browser session is closed or the computer is shut down. No attempt will be made to identify anonymous users or their browsing activities unless legally compelled to do so, such as in the event of an investigation.

3.4 Google Analytics

In addition to web server logs, the AEC website uses Google Analytics, a web analytics service provided by Google Inc. Reports obtained from Google Analytics are used to help improve the efficiency and usability of its online services (including this web site and the mobile App).

Google Analytics uses 'cookies' to help analyse how users use its online services. The information generated by the cookie about your use of the website or the mobile App (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google will use this information for the purpose of evaluating your use of our online services, compiling reports on website activity for website and mobile App operators and providing other services relating to online activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

By using the AEC’s online services, you consent to Google processing data about you in the manner and for the purposes set out above. Please refer to Google's Privacy Policy.

3.5 Searches

Search terms you enter when using the AEC search engine are collected, but are not associated with any other information that we collect. We use these search terms to ascertain what people are looking for on our site and to improve the services that we provide.

3.6 Interaction between this site and other sites

The AEC website contains links to other sites. The AEC is not responsible for the privacy practices or the content of such websites and has no knowledge if cookies or other tracking devices are used on linked websites.

These other sites may use web measurement tools, customisation technologies and persistent cookies to inform the service they provide to their users. You should read the privacy statement published on each website that you visit.

3.7 Your email address

The AEC will only record your email address in the event that you send a message by email, you register requesting notifications, you provide your email address when completing a claim for enrolment, or your email address is provided by a third party. Registration for notifications may be made initially by email, postal mail or facsimile. Your email address will only be used for the purpose for which you have provided it and will not be added to any mailing lists without your consent by way of a specific request in writing. The AEC will not use or disclose your email address for any other purpose, without your prior written consent.

3.8 Security of information

The AEC provides a secure environment with data usually secured in transit between your computer and our servers through the use of encryption technology (SSL/TLS Certificates). The AEC has a reliable system with data stored securely in databases managed on behalf of the AEC by its ICT providers and in accordance with the AEC's ICT security policies and practices.

While every effort is made to secure information transmitted to the AEC website over the internet, there may be inherent risks associated with the transmission of information via the Internet and there is therefore a possibility that this information could be accessed by a third party while in transit.

For those who do not wish to use the Internet, the AEC provides alternative ways of obtaining and providing information.

If you wish to contact the AEC about a privacy-related matter, including questions about this policy, please contact the AEC's Privacy Contact Officer.

You can make a privacy enquiry to us in writing, over the phone, or through our online privacy enquiry form.

You can make a privacy complaint to us in writing, over the phone, or through our online complaints form by selecting ‘Privacy’ from the drop-down menu.

In writing: The Privacy Officer
Australian Electoral Commission,
Locked Bag 4007
Canberra ACT 2601
Australia.

By phone: 02 6271 4411

Assisted contact options are also available.

You can also obtain further information from the Office of the Australian Information Commissioner website, or by telephone on 1300 363 992.

5. Glossary

APP/APPs

refers to the Australian Privacy Principles under section 14 of the Privacy Act; the APPs, together with Guidelines on them are available from the Office of the Australian Information Commissioner website or by telephone on 1300 363 992.

Electoral Act

means the Commonwealth Electoral Act 1918

FOI Act

means the Freedom of Information Act 1982. Guidelines on the FOI Act are available from the Office of the Australian Information Commissioner website

OAIC

means Office of the Australian Information Commissioner

Personal information

has the same meaning as in section 6 of the Privacy Act and includes any information about an identified individual, or an individual who is reasonably identifiable. It includes an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not. It also includes ‘sensitive information’, which is a particular category of personal information. While we recognise that maintaining the confidentiality of all personal information is important in gaining and maintaining your trust, sensitive information is often afforded a higher level of protection.

Privacy Act

means the Privacy Act 1988

Privacy Contact Officer

refers to the officer whose contact details are listed under Contact Details

Sensitive information

is defined by the Privacy Act (see section 6). It means information or an opinion about an individual’s:

racial or ethnic origin
political opinions or membership of a political association
religious beliefs or affiliations
philosophical beliefs
membership of a professional or trade association or trade union
sexual preferences or practices
criminal record
health information
genetic information
biometric information to be used for verification or identification
biometric templates.

1Section 6 of the Privacy Act defines ‘sensitive information’. See Glossary for details.

Updated: 21 January 2021