The APSC has adopted the layered privacy notice format. The Australian Information Commissioner's guidelines on the Australian Privacy Principles- external site (APPs) note that using a layered approach to the provision of information may assist an individual's understanding of the information in the policy.
- collection notices listed on the APSC's register of collection notices.
- how an individual may access their personal information and seek its correction;
- how an individual may complain about breaches of the Australian Privacy Principles (APPs); and
- disclosure of personal information to overseas recipients.
- how that information is collected and held; and
- the purposes for which that information is collected, held and disclosed.
Employees of the APSC provide support to four different 'agencies' which are each separate APP entities for the purposes of the Privacy Act:
- the APSC;
- the Merit Protection Commissioner;
- the Remuneration Tribunal; and
- the Defence Force Remuneration Tribunal.
On 16 September 2021 certain functions of the Digital Transformation Agency (DTA) were transferred to the APSC as a result of a machinery of government change. The APSC now maintains and collects information through two websites that were previously the responsibility of the DTA.
While this policy indicates the APSC's general privacy practices, it should be noted that section 103 of the Public Service Regulations 2023 provides authority for personal information about APS employees to be disclosed by the APS Commissioner in the exercise of certain powers.
The purpose of this policy is to:
- clearly communicate the personal information handling practices of the APSC;
- enhance the transparency of APSC operations; and
- provide individuals with a better and more complete understanding of the sort of personal information the APSC holds, and the way the APSC handles that information.
The Australian Public Service Commission
The APSC is a Statutory Agency under the Public Service Act 1999 (PS Act) comprising the APS Commissioner and APS employees who assist the Commissioner. The APSC is an agency for the purposes of the Privacy Act 1988 and the APS Commissioner is the principal executive of the agency.
The vision of the APSC is to lead and shape a unified, high-performing APS. The APSC is tasked with increasing awareness and adoption of best practice public administration by the Australian Public Service (APS) through leadership, promotion, advice and professional development, drawing on research and evaluation. The APSC takes a central, leadership role in providing expertise, guidance, performance monitoring and some centralised services to all agencies. The APSC also undertakes statutory functions under the PS Act, including functions to strengthen the integrity of the APS.
Meaning of certain words and phrases
This Policy uses abbreviations for some words and phrases as follows:
- APP or APPs refers to the Australian Privacy Principles- external site under section 14 of the Privacy Act;
- APS means Australian Public Service;
- APSC means Australian Public Service Commission;
- FOI Act means the Freedom of Information Act 1982;
- OAIC means Office of the Australian Information Commissioner;
- Personal information has the same meaning as in the Privacy Act and includes any information about an identified individual, or an individual who is reasonably identifiable;
- Privacy Act means the Privacy Act 1988; and
- Privacy Contact Officer refers to the officer whose contact details are listed under the heading 'Contact Details' below.
Anonymity and pseudonymity
In general, you have the right to interact anonymously or pseudonymously with this office. There are circumstances, however, where it is impractical for this office to deal with individuals without knowing the identity of the individuals.
If you are seeking information of a general nature from this office, it is unlikely that you will be required to provide your real identity for that purpose. In general, you will not be disadvantaged by dealing anonymously or pseudonymously with this office. However, without knowing your real identity, the type of information we are able to provide to you may be limited.
Before disclosing confidential or personal information, this office will generally need to establish your identity before doing so. In part, this is for the purpose of protecting against the unauthorised disclosure of personal information. Similarly, if you are seeking information about specific circumstances, this office may be unable provide information without knowing the specific details of your request (which may require that you disclose your identity to this office).
If you wish to deal anonymously or pseudonymously with this office, please advise us as early as possible.
Access and correction
You may request access to personal information about you that we hold and you may also request that we correct personal information about you. If you wish to request access or correction, please contact the APSC's Privacy Contact Officer. Before providing access to or correcting personal information about you, we may require you to verify your identity.
APPs 12 and 13 provide individuals with a right of access to and correction of personal information held by an agency. Similar rights also exist under the FOI Act. Whenever possible, the APSC will provide access to and correction of personal information without the need for formal procedures under the legislation.
If you request access or correction, we will provide access or correct the information unless there are valid reasons for not doing so under the Privacy Act, the FOI Act or another relevant law. If we do not provide you with access or we do not make requested changes, we will notify you of the reasons for not doing so and we will also notify you of your review rights.
The access and correction rights under the Privacy Act and the FOI Act are different. The OAIC has published detailed guidelines- external site about access - external site to and correction of personal information- external site. The OAIC's guidelines include information about the practical differences between the Privacy Act and the FOI Act in terms of access to and correction of personal information.
If you believe the APSC has breached any of the APPs, you may submit a complaint to the APSC. Complaints must be made in writing to the Privacy Contact Officer at the email or postal address listed in this policy.
You may submit a complaint anonymously. However, in order to properly consider and respond to your request, the APSC may require further information from you. Therefore, please include your contact details if you submit a complaint.
The APSC will respond to complaints within 30 days of receipt. If you are dissatisfied with the APSC's response to a complaint, you may complain to the OAIC- external site. The OAIC is an independent external body.
Disclosure of personal information to overseas recipients
Most personal information collected and held by the APSC will not be disclosed to overseas recipients.
One of the Australian Public Service Commissioner's functions, under paragraph 41(2)(i) of the PS Act, is to "work with other governments (including foreign governments) on matters relating to public sector workforce management, leadership and career management". In performing this function, a limited amount of personal information about individuals involved in these activities may be disclosed overseas.
Storage and Security of Personal Information
The APSC takes steps to protect the security of the personal information we hold from both internal and external threats by:
- regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information;
- taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and regularly check that staff only access those records when they need to; and
- conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
Where personal information the APSC collects is no longer required, the APSC will delete or destroy it in a secure matter, unless the APSC is required to maintain it because of law, or a court or tribunal order.
This may occur where the Archives Act 1983 requires the APSC maintain your personal information because it is, or forms part of, a Commonwealth record.
If you wish to contact the APSC about a privacy-related matter, including questions about this policy, please contact the APSC's Privacy Contact Officer by one of the following methods: