About this policy
As an agency under the Privacy Act 1988, the IGB is bound by the Australian Privacy Principles (APPs). The APPs regulate how agencies and organisations may collect, store, use and disclose personal information, and how individuals may access and correct personal information held about them.
The policy is written in simple language. The specific legal obligations of the IGB when collecting and handling your personal information are outlined in the Privacy Act. The IGB also takes into account information and guidance about the Australian Privacy Principles published by the Office of the Australian Information Commissioner.
Overview of the IGB’s obligations under the Privacy Act
The IGB collects, holds, uses and discloses personal information to review the performance of functions, or exercise of powers, by biosecurity officials (that is, the Director of Biosecurity, biosecurity officers and biosecurity enforcement officers under one or more provisions of the Biosecurity Act. The IGB’s functions and powers are set out in Chapter 10, Part 6, Division 2 of the Biosecurity Actand Chapter 8 of the Biosecurity Regulation 2016.
The functions and powers of the IGB are to review the activities of biosecurity officials and thereby provide an independent review mechanism for the efficiency and effectiveness of the activities undertaken by the Department of Agriculture and Water Resources (department). The IGB may require information to be provided if it is relevant to a review and this information may include personal information.
How we collect your personal information
Personal information is defined in s 6(1) of the Privacy Act as:
information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not, and
- whether the information or opinion is recorded in a material form or not.
Personal information that is collected under or in accordance with the Biosecurity Act is also 'protected information' under the Biosecurity Act. The IGB’s collection of this information is for the review of the performance of functions or exercise of powers by biosecurity officials under the Biosecurity Act. Information may be collected by request or a formal notice requiring information to be given or documents to be produced.
Sensitive information is a subset of personal information with additional requirements concerning collection, use and disclosure under the Privacy Act.
Sensitive information is defined in the Privacy Act. It includes personal information that is about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record. Sensitive information also includes health information about an individual, genetic information about an individual, biometric information that is to be used for the purpose of automated biometric verification/identification and biometric templates.
In addition to collecting information from individuals and entities directly, the IGB may also collect information from the department or other sources. The IGB is assisted by officers of the department in the collection and management of information.
Collection of personal information from other entities
Given the nature of the IGB’s role and functions, the IGB may collect personal information through or from the following agencies or bodies:
- Department of the Environment
- Department of Immigration and Border Protection
- Department of Health
- Other government agencies within the agriculture and water resources portfolio
- Industry members who assist with the arrival of people or importation of goods
Dealing with the IGB without being identified or by using a pseudonym
- In some circumstances (for example, if reporting a breakdown in biosecurity risk management practices at your place of work), you may choose to interact with the IGB anonymously or using a pseudonym. However, for most of the IGB’s functions and activities it is not practicable to deal with individuals who have not identified themselves or who have used a pseudonym. Usually your name and contact information and enough information to enable the IGB to appropriately and efficiently undertake a review are required.
- When we collect your personal information, we take reasonable steps to provide you with a privacy notice explaining the purpose of the collection and from whom the information is being collected, as well as how the IGB will handle the information collected or ensure that you are aware of these matters.
Methods of collection
The IGB collects personal information in a variety of ways, including (but not limited to):
- formal requests for information or documents
- submissions (hard copy and electronic)
- forms (including electronic and hard copy)
- correspondence (letters and emails)
- face to face meetings
- telephone calls and messages
- taped interviews or audio visual recordings
- IGB website.
Collection of information via the IGB’s website
In addition to collecting any personal information you may enter on a website administered by the department, the IGB (and the department as the provider of the web functionality to the IGB) also makes a record of your visit to the website and logs the following information for statistical purposes: your Internet Protocol (IP) address, the date and time of your visit to the site, the web pages accessed and documents downloaded, the previous site visited, and your web browser and operating system.
In most cases, the usage data collected via the IGBs website does not identify you and you would not be reasonably identifiable, and so the data would not be considered personal information. In those rare circumstances where the collected data can be considered personal information, the handling of the data is subject to the Privacy Act like other personal information.
How we hold personal information
We take steps to protect the security of the personal information we hold from both internal and external threats by:
- regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information
- taking measures to address those risks
- conducting regular audits to assess whether we have adequately complied with or implemented these measures.
The information collected by the IGB is held independently from the department’s records and access to the IGB’s records is limited to only those individuals directly supporting the IGB.
We destroy personal information in a secure manner when we no longer need it where this is permitted under the requirements of the Archives Act 1983.
Personal information held by third parties
When your personal information is to be held by a contractor engaged by the IGB, the IGB is required by the Privacy Act to ensure that the contractor complies with the same privacy requirements applicable to the IGB.
The IGB has privacy clauses in all the legal documents that it has entered into with other entities. This is to ensure third parties that the IGB deals with are required to handle personal information in accordance with the APPs.
The purposes for which we hold, use and disclose personal information
‘Personal information’ that is collected under or in accordance with the Biosecurity Act 2015 is also ‘protected information’ under the Biosecurity Act 2015.
The IGB can use and disclose your personal information in accordance with its functions and powers under the Biosecurity Act and other Acts (including the Privacy Act). The IGB collects, uses and discloses protected information as part of its regulatory functions under the Biosecurity Act, and protected information is only recorded, used and disclosed in accordance with Chapter 11, Part 2 of the Biosecurity Act. Protected information under the Biosecurity Act is defined as personal information or commercial-in-confidence information.
When the IGB conducts a review, he or she is required to publish a report. While review reports are not a review of a single performance of a function or exercise of power by a single biosecurity official, these reports may contain personal information. Reports will be published on the IGB’s website, administered by the department. The IGB will undertake reasonable steps to ensure that personal information is included in public reports only where necessary. The IGB will provide a privacy notice when personal information is collected by the IGB. The privacy notice will contain more detailed information about the way the IGB will handle your personal information, the specific purpose for the collection and if your personal information may be disclosed.
In order for the IGB to perform review functions, the IGB may need to disclose your personal information to persons outside Australia (‘overseas recipients’). For example, to disclose your name and/or contact details to overseas organisations as the basis for identifying information that relates to you which is held by the overseas organisation.
The need to disclose personal information would generally arise as a consequence of the IGB requiring additional information not available from you or the department.
Where this is required, the IGB will seek your consent.
Common organisations to which the IGB may disclose personal information include:
- Overseas government agencies
- Shipping companies
- Certifying authorities
- Suppliers and manufacturers
How to access and seek correction of your personal information
You have a right to request access to the personal information the IGB holds about you and to request that your personal information is corrected. If you ask, the IGB must give access to your personal information, and take reasonable steps to correct it if the IGB considers it is incorrect, unless there is a law that allows or requires the IGB not to. Access and correction requests will be responded to within 30 days.
You may request access to or correction of your personal information by writing to the IGB by email to Inspector-General of Biosecurity or mail to PO Box 657, Mascot NSW 1460.
We will ask you to verify your identity before we give you access to information or correct it. If the IGB refuses to give you access to, or correct, your personal information, we will notify you in writing setting out the reasons.
The access and correction requirements in the Privacy Act operate alongside, and do not replace, other informal or legal procedures including the Freedom of Information Act 1982, through which you can seek access to, or amendment of, your personal information.
How to make a privacy complaint
If you wish to make a complaint about how the IGB or a contracted service provider has handled your personal information, you should to the IGB by email to Inspector-General of Biosecurity or mail to PO Box 657, Mascot NSW 1460.
If you make a complaint about how the IGB has handled your personal information, the IGB will determine what (if any) action we should take to respond to your complaint. We will tell you promptly that we have received your complaint and respond to the complaint within 30 days, or let you know if we need further time to deal with it.
To enable the IGB to properly and efficiently respond to your complaint, you should ensure that your complaint contains sufficient information to enable the IGB to understand the nature of your complaint and the outcome you are seeking. You may wish to include details about:
- what happened
- when it happened or came to your attention
- where it happened
- who was involved
- the personal information that has been mishandled
- how you think your privacy has been breached
- the outcome you are seeking.
We may need to seek further information from you and from others involved in the matters you have complained about to investigate your complaint.
If you are unhappy with the IGB’s response
If you not satisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by:
Phone: 1300 363 992
Mail: OAIC, GPO Box 5218 Sydney NSW 2001
Please note: If you take a concern or make a complaint directly to the OAIC rather than to the IGB in the first instance, the OAIC may recommend you first try to resolve the complaint directly with the IGB.