This policy sets out how personal information held by the Australian Institute of Criminology (AIC) is managed and protected in compliance with the Commonwealth Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles.
This policy sets out how we collect, use, disclose and store personal information, including sensitive information, and how you may access and correct personal information that we hold.
We take your privacy seriously and make all efforts to protect your personal information from misuse, interference and loss; and from unauthorised access, modification or disclosure. If you wish to make a complaint about the AIC’s handling of your personal information, please refer to the Making a complaint section of this policy.
Who we are
The AIC is Australia’s national research and knowledge centre on crime and justice, compiling trend data and disseminating research and policy advice. The AIC seeks to promote justice and reduce crime by undertaking and communicating evidence-based research to inform policy and practice.
The AIC is established under the Commonwealth Criminology Research Act 1971 (the CR Act).
The functions of the AIC and the Director of the AIC are set out in ss 6, 6A and 16 of the CR Act, and we refer to these below. The AIC works closely with the Australian Criminal Intelligence Commission (ACIC) under a shared services arrangement.
For more information about the AIC, see the About Us page on our website.
Collecting personal information
In this policy, personal information has the same meaning as defined by s 6 of the Privacy Act:
- information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
We collect, hold, use and disclose personal information in order to carry out our functions and activities.
In summary, the AIC has the following functions under ss 6, 6A and 16 of the CR Act:
- promoting justice and reducing crime by conducting criminological research and communicating the results of such research;
- assisting the Director in performing the Director’s functions (see s 16 of the CR Act);
- administering grants and engaging specialists in criminological research and related activities;
- conducting or arranging for the conduct of criminological research, and conducting seminars, courses, training and instruction at the request of the Attorney-General;
- collecting information and statistics and providing advice;
- collaborating with other agencies and institutions (in Australia and overseas); and
- publishing material arising out of the AIC’s work.
The AIC also has functions related to the management of personnel, workplace health and safety and corporate services.
We also collect personal information related to employment services, human resource management, and other corporate services functions.
How we collect personal information
In performing our functions, we collect personal information:
- from the public (for example, via surveys or online forms) either directly or through an authorised contractor;
- from third parties or publicly available sources;
- from other government agencies to assist us to contact members of the public to seek their participation in a research project; and
- from individuals who contact us and supply us with the personal information of others in the documents they provide to us (in limited circumstances).
Importantly, while we collect a lot of information indirectly—for example, as part of our research—the majority of this information is de-identified before being provided to us and is not personal information.
We use a variety of methods to collect this information, including:
- paper based and electronic forms (surveys, online forms);
- electronic data files;
- in person or over the telephone;
- audio, photographic and digital recording devices; and
- our website and social media sites.
Any emails attaching or containing data are encrypted and sent via a secure messaging system.
What types of personal information do we hold?
We collect the following types of personal information when performing our functions or activities:
- name, address and contact details (eg phone/fax numbers, email addresses);
- demographic information (eg dates of birth, sex, marital status, occupation, employment status and histories, educational or professional qualifications, addresses, health and welfare services accessed);
- photographs, video and audio recordings;
- curriculum vitaes, referee details, qualifications and identity documents;
- personnel records;
- details of committee or board appointees or members, authors and researchers, and prize entrants and recipients;
- next of kin or relationship details; and
- financial information (eg for staff, consultants and contractors and online purchasers of events tickets).
We also collect and hold some sensitive information as defined by s 6 of the Privacy Act, most commonly:
- health information (including physical and mental health, disability records);
- criminal records; and
- racial or ethnic origin.
Why we collect, hold, use and disclose your personal information
We collect, hold, use and disclose your personal information for statistical and research purposes and for non-research purposes within our functions such as:
- contacting Australian, state and territory government and international agencies, or other organisations for the purpose of analysis and advice;
- public awareness and education, which requires maintaining contact details of:
- subscribers to our notification services, and electronic mailing lists,
- members of committees in which we participate, or for which we provide secretariat services, and
- people who have consented (and signed releases) to take part in photographic, video or audio sessions about our work and publications;
- recording whom we have had contact with in relation to training, media or other public relations events;
- managing committees, boards, awards and grant programs;
- consulting with stakeholders;
- responding to enquiries and complaints;
- managing personnel, contractors and corporate service functions;
- administrative activities such as maintaining employee, contractor and sale/purchase records; and
- responding to requests under the Commonwealth Freedom of Information Act 1982 (FOI Act).
Personal information may be collected as part of an AIC research project, such as when participants take part in a research survey or interview. If we collect personal information during a survey or interview, it will be de-identified prior to analysis. In some cases we may need to use data that is identifiable. If required, we will seek participant consent prior to analysis unless there is a legal exception.
How we use and disclose personal information
We use and disclose personal information for purposes related to our functions, as set out in the CR Act.
We will not use or disclose an individual’s contact details if we are notified that they do not wish to participate or to continue to participate in a research study.
We will only disclose personal information to other individuals, government agencies or organisations where we are permitted to do so under the Privacy Act.
The AIC is permitted to release personal information, without consent, where permitted by s 95 of the Privacy Act for the purposes of medical research, as long as guidelines issued by the National Health and Medical Research Council (NHMRC) are followed. These guidelines are issued under ss 95A and 95AA of the Privacy Act. One of our important functions under the CR Act is to communicate the results of our research to the Commonwealth, the states and territories and the community. Accordingly, we release information for research projects where approval has been granted by the AIC’s Human Research Ethics Committee (HREC). The HREC follows the NHMRC guidelines issued under the Privacy Act when making its decisions.
Advisory council, committees and grants secretariat
The AIC collects, uses and discloses personal information with respect to appointees or members of current and former councils, boards, committees and grant and award programs, including:
- the Criminology Research Advisory Council;
- the Audit Committee;
- the HREC;
- the Criminology Research Grants program; and
- the Australian Crime and Violence Prevention Awards.
The AIC Director, the Director’s executive assistant and relevant executive staff or secretariat staff have access to this personal information. Some of this information may, on occasions, be disclosed to the Attorney-General and the Governor-General in Council.
How we secure personal information
We collect and store personal information securely. Electronic and paper records containing personal information are stored and protected in accordance with the Australian Government Protective Security Policy Framework and managed in accordance with Australian Government records management requirements.
These broader requirements are supported by this policy as well as two other internal policies—the Information Security Policy and the Information Records Management Framework and Policy—and also various procedures relating to:
- confidentiality provisions within contracts;
- activities undertaken by our HREC;
- submissions to the HREC for projects involving personal information;
- data linkage within the AIC (when data from two or more datasets is linked, we follow strict protocols to ensure privacy is maintained);
- the de-identification of data (removing parts of information that may identify people so that the remaining anonymous data are available for analysis and publication); and
- the release of statistical information.
All our staff and contractors are required to sign confidentiality deeds before being granted access to the data we hold. We grant our staff access to information only when they need access to it to perform their duties. Staff are also required to undertake Privacy Act awareness training.
As required by the Privacy Act, we take reasonable steps to ensure that the personal information we collect is accurate, up-to-date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.
We take reasonable steps to protect the information, including personal information, we hold against interference, loss, unauthorised access, use, modification or disclosure, and other misuse, in line with the Australian Government’s Protective Security Policy Framework and the Privacy Act. These steps include using password protection for accessing our electronic IT systems, securing paper files in locked cabinets, and implementing physical access restrictions. In addition, we manage personal information in accordance with our Information Records Management Framework and Policy and procedures.
When no longer required, personal information is destroyed in a secure manner, or deleted according to the appropriate Records Authority and the Commonwealth Archives Act 1983.
The AIC uses Mailchimp to distribute email alerts related to publications and events.
Content on Mailchimp only includes names, email addresses and organisations. Subscribers may opt out of receiving further correspondence from us at any time by using the ‘unsubscribe’ link in our emails. More information about Mailchimp’s handling of personal information is available on the Mailchimp security webpage.
The personal information contained in the AIC’s mailing lists may be accessed by authorised staff who are responsible for administering them.
AIC personnel are employed by the ACIC and seconded to the AIC. The ACIC manages personal information of personnel in accordance with its Information Handling Protocol.
Privacy impact assessments
All AIC privacy impact assessments required under the Australian Government Agencies Privacy Code will be listed in our Privacy impact assessment register.
Please contact us if you wish to:
- query how your personal information is collected, held, used or disclosed;
- obtain access to your personal information or have it corrected; or
- make a privacy complaint.
Australian Institute of Criminology
GPO Box 1936
Canberra City ACT 2601
Contacting us anonymously
We understand that the freedom to remain anonymous (not give your name) or use a pseudonym (another name or nickname) is an important part of privacy. Generally, those contacting us can interact with us anonymously or use a pseudonym if they choose. This applies particularly when making a general enquiry, but may also be possible in other circumstances.
However, in some circumstances this may not be possible or practical. For example, we may need a name, contact details and enough information about a particular matter in order to fairly and efficiently handle and respond to a request, complaint or application, or to act on a report. If this is the case, we will inform the individual and explain why.
How to access or correct your personal information
Everyone has the right to request access to the personal information we hold about them. If that personal information is incorrect or outdated, a request can be made for it be corrected.
We will not charge for giving access or making corrections to personal information. We may need to ask individuals to verify their identity before we provide access to their information or correct it.
Under the Privacy Act, requests for access or correction may be refused in certain circumstances, including where an exemption applies under the FOI Act or where other legal restrictions apply.
If we do not agree to make requested changes to personal information, the individual may make a statement about the requested changes and we will attach this to the record.
If we do not agree to provide access to personal information or to amend or annotate the information we hold, we will provide written notice of this, and, if an objection is received, a formal complaint may be lodged with us.
Individuals can obtain further information about how to request access or changes to the information we hold about them by contacting us (see Contact us above).
We are committed to protecting your privacy. We consider any accidental or unauthorised disclosure of personal information to be a serious matter and will deal with it promptly.
If you consider that we may have breached your privacy, please contact us using the contact information above, and provide details. You may also contact us if you wish to make a complaint.
If you have a privacy complaint, you should contact our Privacy Officer in the first instance. We will respond to your complaint or request within 30 days if you provide your contact details.
Alternatively, if you are a participant in an AIC research project, you may wish to lodge a complaint with the HREC’s secretariat.
We are committed to quick and fair resolution of any complaints and will ensure your complaint is taken seriously. If the matter is complex and the investigation takes longer than expected, we will keep you informed regarding when you will receive a response.
If you are not satisfied with our response, or the HREC’s response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
Contact the Information Commissioner
You also have the option of contacting the Office of the Australian Information Commissioner if you believe we have breached your privacy. Generally the OAIC will expect you to have raised a complaint with the AIC in the first instance.
You may lodge a complaint with the OAIC by using the form on their website, or by contacting them:
Phone: 1300 363 992
Mailing address: GPO Box 5288 Sydney NSW 2001.
Please note that the OAIC can only accept complaints in writing.