Privacy Policy

1. Introduction

The Department of Social Services (DSS, we, our) has responsibility for a broad range of subject areas including:

  • communities and vulnerable people
  • disability and carers
  • families and children
  • housing support
  • mental health
  • seniors and pensions
  • women’s safety
  • working age payments
  • welfare reform
  • policy and payments relating to social security.

DSS has responsibility for managing the Community Grants Hub to deliver end-to-end grant administration services to Australian Government client agencies to support their policy outcomes. The Community Grants Hub has a separate Privacy Policy.

DSS also has responsibility for the National Redress Scheme to provide support to people who have experienced institutional child sexual abuse; and assisting with the establishment and operation of social services portfolio bodies, such as the National Domestic, Family and Sexual Violence Commission.

For more information about DSS please see the Department of Social Services website.

1.1 Who should read this Privacy Policy?

You should read this policy if you are:

  • an individual whose personal information may be given to or held by DSS
  • a contractor, consultant, supplier or vendor of goods or services to DSS
  • a service provider funded to deliver services under a DSS grant agreement
  • a person seeking employment with DSS
  • a person who is or was employed by DSS (or its predecessor agencies).

1.2 The Privacy Act 1988

The Privacy Act 1988 (the Privacy Act) regulates how federal and ACT public sector agencies and certain private sector organisations can collect, hold, use and disclose personal information, and how you can access and correct information about you held by those agencies and organisations.

The definition of ‘personal information’ is broad. Generally,

  • ‘personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

The Privacy Act applies only to information about individuals, not to information about corporate entities such as businesses, firms or trusts. Detailed information on the Privacy Act can be found on the Office of the Australian Information Commissioner (OAIC) website.

1.3 DSS and privacy

This Privacy Policy sets out how DSS complies with the Privacy Act.

In performing its functions and administering its legislation, DSS may collect, hold, use or disclose your personal information. DSS takes privacy seriously and will only collect, hold, use and disclose your personal information in accordance with the Privacy Act.

If DSS does not receive personal information about you the Privacy Act will not apply.

1.4 Australian Government Agencies Privacy Code

DSS must comply with the Australian Government Agencies Privacy Code (the Code).

The Code sets out the requirements and key practical steps that DSS must take to help build a consistent, high standard of personal information management across all Australian government agencies.

For more information about how we meet our requirements under the Code please contact DSS using the contact details set out at section 5 of this Policy.

1.5 Remaining anonymous or using a pseudonym

DSS understands that anonymity is an important element of privacy and some members of the public may wish to be anonymous when interacting with DSS.

DSS also understands some members of the public may wish to use a pseudonym.

Generally, members of the public will have the right to remain anonymous or adopt a pseudonym when dealing with DSS. However, it is not always possible to remain anonymous or adopt a pseudonym in order for us to interact with you effectively, and DSS will inform you when this is the case.

1.6 Information covered under this Privacy Policy

This Policy applies to all personal information collected about you by DSS, including any financial information you provide to DSS (such as your credit card details), personal information collected through our social media websites, and information collected through service providers who deliver services for DSS under contracts and grant agreements.

1.7 Information held by contracted service providers

Under the Privacy Act, DSS is required to take contractual measures to ensure contracted service providers (including sub-contractors) comply with the same privacy requirements applicable to DSS.

2. DSS’s personal information handling practices

2.1 Collection of personal information

Personal information about you may be collected by DSS from you, your representative or a third party. We generally use forms, online portals and other electronic or paper correspondence or communication tools to collect this information.

Information may be collected directly by DSS, by people or organisations acting on behalf of DSS (e.g. contracted service providers), or by service providers funded to deliver services under DSS grant agreements. DSS may also obtain personal information collected by other Commonwealth agencies, State or Territory government bodies, or other organisations.

From time to time personal information is provided to DSS by members of the public without being requested by DSS. If we receive unsolicited information, we will handle it in accordance with Australian Privacy Principle 4.

DSS collects and holds a broad range of personal information in records relating to:

  • employment and personnel matters for DSS staff and contractors (including security assessments)
  • the performance of its legislative and administrative functions
  • individuals participating in DSS funded programs and initiatives
  • the management of contracts and funding agreements
  • the management of fraud and compliance investigations
  • the management of audits (both internal and external)
  • correspondence from members of the public to DSS and social services portfolio agencies, Ministers and Assistant Ministers
  • complaints (including privacy complaints) or enquiries made to DSS
  • feedback provided to DSS
  • requests made to DSS under the Freedom of Information Act 1982 (Cth)
  • the provision of legal advice by internal and external lawyers.

DSS will not ask you for any personal information which we do not need. The Privacy Act requires that we only collect information for purposes that are reasonably necessary for, or directly related to, the functions or activities of DSS.

When we collect personal information, we are required under the Privacy Act to notify you of a number of matters. These include the purposes for which we collect the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information. DSS provides this notification by issuing separate privacy notices on our paper-based forms and online portals related to particular programs and activities.

2.2 Some personal information may be protected by other legislation

Some personal information collected by DSS may be protected under protected information provisions (also referred to as secrecy provisions) under its portfolio legislation (e.g. the social security law; the family assistance law; disability services law and other laws we administer). These protected information provisions contain rules for the collection, use and disclosure of information (which may include personal information) governed by the relevant legislation. These rules operate alongside the rules in the Privacy Act. A full list of DSS’s portfolio legislation can be found in the current Administrative Arrangements Order available on the Federal Register of Legislation.

2.3 Kinds of personal information collected and held

In performing its functions, DSS collects and holds the following kinds of personal information (which will vary depending on the context of the collection):

  • name, address and contact details (e.g. phone, email, residential or business address)
  • photographs, video recordings and audio recordings of you
  • information about your personal circumstances where relevant (e.g. marital status, age, gender, occupation, accommodation and relevant information about your partner or children)
  • information about your financial affairs (e.g. payment details, bank account details and information about business and financial interests)
  • information about your identity (e.g. date of birth, country of birth, passport details, visa details, drivers licence, birth certificates, ATM cards)
  • information about your employment (e.g. work history, referee comments, remuneration)
  • information about your background (e.g. educational qualifications, the languages you speak and your English proficiency)
  • government identifiers (e.g. Centrelink Reference Number, Job Seeker Identification Number, or Tax File Number)
  • information about assistance provided to you under DSS funding arrangements, and
  • information about your entitlements under DSS portfolio legislation.

On occasion, a range of sensitive information may also be collected or held about you, such as information about:

  • your racial or ethnic origin;
  • your health (including information about your medical history and any disability or injury you may have) or
  • any criminal record you may have or
  • with consent, biometric information (such as facial recognition and/or fingerprints) of DSS staff and contractors.

2.4 How DSS collects and holds personal information

DSS collects personal information through a variety of different methods including:

  • paper-based forms
  • electronic forms (including online forms)
  • face to face meetings
  • telephone communications
  • email communications
  • communications by fax
  • DSS websites
  • DSS social media websites and accounts
  • data sharing, matching or linkage arrangements with other Australian Government and State and Territory government agencies
  • surveys conducted by the Longitudinal Studies, and
  • the DSS Data Exchange.

DSS may also collect personal information through individual chats with virtual assistants (chatbots). DSS requests that individuals do not share personal information with virtual assistants. However, if an individual shares personal information with a virtual assistant, that information will be recorded and handled in accordance with the Privacy Act.

DSS holds personal information in a range of paper-based and electronic records.

Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government records management regime, including the Archives Act 1983, agency-specific records authorities and general records authorities. This ensures your personal information is held securely.

2.5 Purposes for which personal information is collected, held, used and disclosed

DSS collects and holds personal information for a variety of different purposes relating to its functions and activities including:

  • performing its employment and personnel functions in relation to DSS staff and contractors
  • performing its legislative and administrative functions
  • policy development, research and evaluation, including the Longitudinal Studies
  • complaints and enquiries handling
  • program management
  • grant and contract management
  • investigations, audits and fraud and compliance functions
  • management of correspondence with the public.

DSS also collects and holds personal information in the DSS Data Exchange to enable service providers funded to deliver services under DSS grant agreements to use the Data Exchange.

DSS uses and discloses personal information for the primary purposes for which it is collected. You will be given information about the primary purpose of collection at the time the information is collected from you or as soon as possible afterwards.

DSS will only use or disclose your personal information for secondary purposes where it is able to do so in accordance with the Privacy Act.

DSS may also share your personal information with other government agencies or organisations if it is required or authorised by law.

DSS undertakes written Privacy Impact Assessments for all high privacy risk projects that involve new or changed ways of handling personal information.

2.6 Data security and integrity

Access to personal information held within DSS is restricted to authorised persons who are DSS employees or contractors. DSS takes all reasonable steps, including through contractual measures, to protect the personal information we hold and against loss unauthorised access, use, modification, or disclosure.

Electronic and paper records containing personal information are protected in accordance with Australian Government security policies.

DSS regularly conducts audits to ensure we adhere to our protective and computer security policies.

DSS takes all reasonable steps to ensure that the personal information it holds is accurate, up-to-date, complete, relevant, and not misleading.

2.7 How to seek access to and correction of personal information

You have a right under the Privacy Act to access personal information we hold about you.

You also have a right under the Privacy Act to request corrections to any personal information that DSS holds about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

However, the Privacy Act sets out circumstances in which DSS can decline access to or correction of personal information (e.g. where access is unlawful under a secrecy provision in portfolio legislation, where your information is integrated with information about other people, or where the personal information held is an opinion about you and not an objective fact).

To access or seek correction of personal information we hold about you, please contact DSS using the contact details set out at section 5 of this Policy.

It is also possible to access and correct documents held by DSS under the Freedom of Information Act 1982 (the FOI Act). For information on this, please contact our FOI Coordinator (contact details are available on the DSS Freedom of Information webpage).

2.8 Accidental or unauthorised disclosure of personal information

DSS will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information.

DSS and its contractors are subject to the Notifiable Data Breaches Scheme (NDB Scheme) under the Privacy Act, and we will act in accordance with the requirements of the NDB Scheme and the guidance of the OAIC in assessing and responding to suspected notifiable data breaches. Where a breach of personal information occurs that is likely to cause serious harm to individuals, we will notify the OAIC and affected individuals as required.

Legislative or administrative sanctions may also apply to unauthorised disclosures of personal information which is also protected information under secrecy provisions under DSS portfolio legislation.

2.9 Our website

We manage the DSS website.

Generally DSS only collects personal information from its website where a person chooses to provide that information.

If you visit our website to read or download information, DSS records a range of technical information which does not reveal your identity. This information includes your IP or server address, your general locality and the date and time of your visit to the website. This information is used for statistical and development purposes.

No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the website.

Some functionality of the DSS website is not run by DSS and third parties may capture and store your personal information outside Australia. These third parties include (but are not limited to) Facebook, YouTube, MailChimp, SurveyMonkey, Twitter and Google, and they may not be subject to the Privacy Act at all or in the same way as DSS. DSS is not responsible for the privacy practices of these third parties and encourages you to examine each website's privacy policies and make your own decisions regarding their reliability.

The DSS website contains links to other websites. DSS is not responsible for the content and privacy practices of other websites and encourages you to examine each website's privacy policies and make your own decisions regarding the reliability of material and information found.

2.10 Cookies

Cookies are used to maintain contact with a user through a website session. A cookie is a small file supplied by DSS, and stored by your web browser software on your computer when you access the DSS website. Cookies allow DSS to recognise an individual web user, as they browse the DSS website. It does not store any personal information. You may disable cookies by adjusting the settings on your web browser, but if you do this you may not be able to use the full functionality of the DSS website.

2.11 Electronic communication

There are inherent risks associated with the transmission of information over the Internet, including via email. You should be aware of this when sending personal information to us via email or a DSS website, including through virtual assistants (chatbots). If this is of concern to you then you may use other methods of communication with DSS, such as post, fax, or phone (although these also have risks associated with them).

DSS only records email addresses when a person sends a message or subscribes to a mailing list. Any personal information provided, including email addresses, will only be used or disclosed for the purpose for which it was provided.

If you interact with a virtual assistant (chatbot) on a DSS website, your chat records will be kept by DSS. If you wish to access your chat records, please contact us using the contact details set out at section 5 of this Policy.

2.12 Disclosure of personal information overseas

DSS will, on occasion, disclose personal information to overseas recipients. The situations in which DSS may transfer personal information overseas include:

  • the provision of personal information to overseas researchers or consultants (where consent has been given for this or DSS is otherwise legally able to provide this information in accordance with protected information provisions),
  • the provision of personal information to recipients using a web-based email account where data is stored on an overseas server, and
  • the provision of personal information to foreign governments and law enforcement agencies (in limited circumstances and where authorised by law).

It is not practicable to list every country to which DSS may provide personal information as this will vary depending on the circumstances.

However, you may contact DSS (using the contact details set out at section 5 of this Policy) to find out which countries, if any, your information has been given to.

3. Complaints

3.1 How to make a complaint

If you think DSS may have breached your privacy rights you may contact us using the contact details set out at section 5 of this Policy.

3.2 DSS’s process for handling complaints

We will respond to your complaint or request promptly if you provide your contact details. We are committed to quick and fair resolution of any complaints and will ensure your complaint is taken seriously. You will not be victimised or suffer negative treatment if you make a complaint.

3.3 How to complain to the Office of the Australian Information Commissioner (OAIC)

You also have the option of contacting the OAIC if you wish to make a privacy complaint against DSS and if you are not satisfied with how we have handled your complaint in the first instance.

The OAIC website contains information on how to make a privacy complaint.

If you make a complaint directly to the OAIC rather than to DSS, the OAIC may recommend you try to resolve the complaint directly with DSS in the first instance.

4. Privacy Policy updates

This Privacy Policy will be reviewed regularly and updated as required.

5. How to contact us

5.1 General enquiries and requests to access or correct personal information

If you wish to:

  • query how your personal information is collected, held, used or disclosed
  • ask questions about this Privacy Policy
  • obtain access to or seek correction of your personal information

please contact the DSS Feedback and Complaints Team using the following contact details:

  • email: complaints@dss.gov.au
  • telephone: 1800 634 035
  • post: DSS Feedback, GPO Box 9820, Canberra ACT 2601.

5.2 Contact details for privacy complaints

If you wish to make a complaint about a breach of your privacy, please contact the DSS Feedback and Complaints team using the following contact details:

  • email: complaints@dss.gov.au
  • telephone: 1800 634 035
  • post: DSS Feedback, GPO Box 9820, Canberra ACT 2601.

5.3 Availability of this Policy

If you wish to access this Policy in an alternative format (e.g. hard copy) please contact DSS using the contact details set out at section 5 of this Policy.

This Policy is available free of charge.

Last updated: