Quick Exit (ESC)

Privacy Policy

The Privacy Act 1988 (Privacy Act) requires entities bound by the Australian Privacy Principles (APPs) to have a privacy policy.

This privacy policy outlines the personal information handling practices of the Office of the Commonwealth Ombudsman.

For ease of access, we have provided you with a summary and the full policy on this page.



Privacy Policy - Summary


About this policy

This policy explains how the Office of the Commonwealth Ombudsman collects, uses, and protects your personal information (identifying information about you).

We follow the Privacy Act 1988 and update this policy when our practices change.

What we do

The Ombudsman helps people by:

  • Looking into complaints about government agencies and some private industries.
  • Influencing improvement in public administration

What personal information we collect

We only collect information we need to do our job. This includes information about people who contact us, our staff, people who work for the agencies and bodies we oversee, and our suppliers.

Basic information

This may include:

  • Your name and contact details
  • Your date of birth or age
  • Your job or occupation
  • Details and opinions about services you receive
  • Information or allegations about your actions
  • Work history, payroll and tax details.

Sensitive information

Sometimes we collect sensitive information, such as:

  • Health or disability details
  • Ethnicity or language
  • Criminal history.

We usually only collect this with your consent, unless the law allows it.

How we collect your information

We collect information including:

  • When you contact us (through forms, phone calls, emails, etc)
  • When you use our website
  • Through surveys or social media
  • From other people or organisations (like other complainants, agencies and representatives).

Why we collect your information

We collect, use and disclose your information to do things like:

  • Identify and contact you
  • Handle and investigate complaints
  • Find out information from government agencies and private industries

We may also use and disclose it to:

  • Improve our services
  • Analyse trends and issues
  • Run surveys
  • Transfer a complaint to another agency if they can help better.

We will not share your information for other reasons unless you agree, or the law allows it.

Website and cookies

When you visit our website, we may collect information like:

  • Your IP address
  • Pages you visit
  • Time and date of your visit.

We use cookies to improve the website. You can turn cookies off in your browser settings.

How we protect your information

We take steps to keep your information safe, including:

  • Training staff
  • Limiting access to information
  • Using secure systems
  • Protecting data stored by service providers.

Sending information overseas

We do not usually send personal information to people in other countries, other than you.

Your rights

You can:

  • Ask for access to the personal information we hold about you
  • Ask us to update or correct your personal information
  • Complain to us about a privacy breach.

You can do this by contacting our Privacy Officer:

  • Email: information.access@ombudsman.gov.au
  • Mail: GPO Box 442, Canberra ACT 2601

There is no cost for this.

We will respond within a reasonable time (usually within 30 days).

If you are not satisfied, you can complain to the Office of the Australian Information Commissioner (OAIC).



Privacy Policy - Full Privacy Policy


About this policy

This policy explains how the Office of the Commonwealth Ombudsman (including the ACT Ombudsman) (Ombudsman, Office) handles personal information in accordance with the Privacy Act 1988 (Privacy Act).

We will update this policy when our personal information handling practices change and publish the updated policy on our website.

About the Office

The Ombudsman has roles as the Commonwealth Ombudsman and ACT Ombudsman, as well as specific statutory roles, including the Defence Force Ombudsman, Postal Industry Ombudsman, Overseas Students Ombudsman, Private Health Insurance Ombudsman, VET Student Loans Ombudsman, and National Student Ombudsman.

Primarily, the Ombudsman’s functions and powers are set out in the Ombudsman Act 1976 and Ombudsman Act 1989 (ACT), though other Acts confer functions and powers on the Ombudsman.

Some of the Ombudsman’s powers, functions and duties include:

  • looking into complaints about Australian Government agencies and prescribed authorities as well as other industries
  • conducting investigations, visits and inspections, and
  • undertaking activities to foster systemic improvement in public administration.

How to read this policy

Part 1 of this policy is about the personal information of members of the public, such as complainants.

Part 2 deals with personal information:

  • about our staff
  • about staff of other agencies or organisations
  • collected through our website.

Part 3 explains how we manage personal information, including how you can ask for access or correction, or make a complaint.



Part 1: Complainants and other members of the public


Personal information we collect

We collect personal information that we need to carry out our powers, functions and duties.

The personal information we collect may include:

  • name
  • mailing and/or street address
  • email address
  • telephone number
  • age and/or birth date
  • profession, occupation and/or job title, or study status
  • details about the complaint or report, such as:
    • information about your interactions with an agency or individual
    • your observations about an agency or individual’s actions
  • photographic images and/or pictorial representations
  • if necessary, proof of identity details (such as agency identification, driver’s licence or passport numbers)
  • immigration history
  • if you attend an office, your image from CCTV footage

Sensitive information we collect

We collect 'sensitive information' if it is relevant to the function or activity we are carrying out.

This may include information about your:

  • health, disability or accessibility requirements
  • ethnicity, such as language spoken, country of origin and citizenship
  • criminal history
  • political opinions or membership of a political organisation
  • sexual orientation.

We only collect sensitive information with your consent, unless the Privacy Act otherwise allows it.

How we collect personal information

The main way we collect personal information about you is when you provide it. For example:

  • during conversations with you over the phone and in person
  • through emails or other correspondence
  • through our online forms, such as our complaint and enquiry forms
  • when you access and use our website
  • when you respond to our complainant satisfaction survey, conducted by Lonergan Research
  • when you communicate with us via social media (e.g. Facebook, YouTube and LinkedIn).

Indirect collection

We may collect your personal information from other people or bodies, including:

  • your representative
  • other complainants
  • a member of the Australian Defence Force, who reports abuse in Defence
  • other government agencies and organisations
  • law enforcement agencies
  • credit reporting agencies
  • service providers to the Office.

We will do this with your consent, unless we are unable to obtain the information we need from you, or where it is authorised by law.

Why we collect personal information

We collect personal information to exercise our powers or perform our functions and duties, and to communicate with you.

We usually only use or disclose personal information for the purpose for which we collected it.

More specifically, we use or disclose your personal information to:

  • identify you
  • contact you
  • provide services to you, including handling complaints, answering enquiries, providing information and processing claims
  • provide your complaint details to the agency concerned, so it can provide information in response.

Sometimes, we use or disclose personal information for a different purpose, such as to:

  • gather intelligence and insights about systemic issues
  • develop and publish de-identified case studies
  • assess and improve the performance and operation of our website
  • conduct planning, service development, program evaluation, quality control and research for the purposes of this Office, its contractors or service providers
  • survey you about your experience with us to improve our service
  • facilitate the provision of services to or on behalf of the Office by suppliers (e.g. Lonergan Research, our complainant satisfaction survey provider)
  • transfer complaints to other agencies, where they are better placed to assist you with the concern raised.

We will not disclose your personal information other than as described in this privacy policy unless you consent or the disclosure is otherwise permitted under the Privacy Act.



Part 2: Other collections


Ombudsman employees, contractors and job applicants

We collect personal information in relation to job applicants and our staff (APS and contract staff), including:

  • names and contact details
  • referee and emergency contact details
  • CVs, transcripts and referee reports
  • salary and leave records
  • superannuation, taxation and banking details
  • information relating to training, conduct and performance.

This may include sensitive information, where this is necessary to perform our HR and/or Security functions, such as information about:

  • health (e.g. medical certificates, adjustments required)
  • ethnicity
  • membership of professional associations
  • criminal record information (e.g. police check information).

We only collect sensitive information with your consent or where otherwise permitted under the Privacy Act.

We collect this information from you, through recruitment processes, onboarding and HR processes.

We also collect personal information from other people or bodies, where necessary, including recruitment agents, labour hire companies and referees.

We collect this personal information for the purposes of recruiting, engaging and managing staff and contractors.

We only use or disclose personal information for this purpose, unless otherwise permissible under the Privacy Act.

Personal information will only be shared within the Office to the extent this is necessary for the performance of the relevant HR and Security function.

Agency or organisation employees and contractors

We collect and handle the personal information of individuals who work for the agencies and organisations we oversee.

The types of information we collect and hold include:

  • name
  • position
  • contact details
  • information about their actions (which may include a complainant’s opinions or allegations).

This will not usually include sensitive information.

Often, this information will be collected indirectly, such as from an employer agency or organisation, or from a complainant.

We collect this information so we can perform our functions and duties and exercise our powers, including by:

  • issuing requests for information to the nominated agency contact
  • obtaining information relevant to a complaint or investigation.

Collection through our website and digital channels

When you access the Ombudsman’s website, certain information may be collected automatically, including your IP address, the date and time of your visit, the pages you access and documents you download, and details about your browser and operating system. This information is generally used for statistical, administrative and security purposes.

We also collect information through the use of cookies when you access our website. A cookie is a piece of information in a small data file that a website sends to your browser. Our website uses session-based cookies to gather website usage data, for the purpose of improving our website.

If you do not wish to have cookies placed on your device, you can change your web browser settings to reject cookies.



Part 3: Our management of personal information


How we hold and protect personal information

We take reasonable steps to protect your personal information from misuse and loss, and from unauthorised access, modification or disclosure. These steps include:

  • staff training on privacy and information security obligations, personnel screening and adherence to the ‘need‑to‑know’ principle
  • restricting access to our premises and secure storage of records
  • ICT access controls and authentication requirements, system monitoring, and maintaining and testing systems
  • contractual measures to require service providers to implement appropriate privacy, confidentiality and security protections
  • destruction or de-identification when records are no longer needed, in accordance with the Archives Act 1983.

Cloud computing

We use cloud and other information technology services, including services provided by contracted third‑party providers, to store and process information. Where these services are used, we take reasonable steps to ensure that personal information is secure and handled in accordance with the Privacy Act. This includes considering applicable Australian Government requirements, such as the Information Security Manual and Protective Security Policy Framework, and implementing measures such as access controls, monitoring and appropriate contractual protections with service providers.

In general, the data we hold and provide to external providers is not held overseas.

Accessing and correcting personal information

You may request access to any personal information we hold about you at any time by contacting us on the details below.

If we hold information that you are entitled to access, we will provide you with suitable means of accessing it (e.g. by mailing or emailing it to you). If you require access in a particular form, please indicate this in your request. Please note that under the Privacy Act, access may be refused in certain circumstances if the Office is required or authorised to do so under the Freedom of Information Act 1982, or another Commonwealth Act that provides for access to documents or information.

We will not charge you for giving access, or making corrections, to your personal information. We may need to ask you to verify your identity before we provide access to your information or correct it.

In circumstances that it is not appropriate to grant you access or amend your personal information, we will give you written notice of the reasons for our decision within a reasonable time, usually within 30 days of receipt of your request, together with information about mechanisms available to seek review if you do not agree with the decision.

Making a privacy complaint

If you believe that we have breached your privacy, please contact us using the contact information below and provide details of the incident so that we can investigate it.

When a complaint is received, we conduct internal enquiries into the possible breach. The Office will deal with your complaint as quickly as possible and will keep you informed of its progress. Once we have completed our internal enquiries, you will be advised of the outcome in writing.

If you are not happy with the response provided by the Office, you can make a complaint to the Office of the Australian Information Commissioner (OAIC). You can find information on how to make a complaint on the OAIC website.



Contacting our privacy officer


If you have any questions about this privacy policy, wish to apply to access or correct your personal information, or make a complaint, please contact our Privacy Officer by:

You can also download a PDF of this policy.



Privacy Impact Assessment Register

A Privacy Impact Assessment (PIA) is a systemic assessment of a project that may have privacy implications.

The Office of the Commonwealth Ombudsman is required by s 15 of the Privacy (Australian Government Agencies – Governance) APP Code 2017 to publish a version of its PIA Register on its website.