Published: 17 November 2022
This Privacy policy covers personal information collected on Dataplace, how it is secured and kept safe, and what we do with the information we collect.
Dataplace also publishes a Data transparency statement, which is not a legal requirement, but it is provided so that users of the platform can understand more broadly the data collected and why, who the data might be shared with and how it is managed. It is provided to users of the platform to be transparent about the data management practices employed for Dataplace.
Dataplace is a whole of government platform, managed by the Office of the National Data Commissioner (ONDC) on behalf of the Australian Government. The ONDC is a part of the Department of Finance.
The Department of the Prime Minister and Cabinet (PM&C) assists the ONDC in hosting the Dataplace platform.
Dataplace facilitates access between organisations that want to use government data and government agencies that hold data.
Dataplace supports making a request for data from any Australian Government agency, this includes requesting data under the Data Availability and Transparency Act 2022 data sharing scheme (DATA Scheme). Dataplace also allows organisations to apply to be an accredited user or an accredited data service provider (ADSP) under the DATA Scheme.
This Privacy Policy applies specifically to the handling of personal information by the Office of the National Data Commissioner (within the Department of Finance) and the National Data Commissioner (referred to together as 'we', 'us' 'our') in connection with Dataplace. It outlines the kinds of personal information we collect, why we collect it, and how we handle it for the purposes of providing Dataplace services.
In the Privacy policy:
It may include information about you such as your name and contact information.
You should read the Privacy policy if you are:
How we collect personal information
We collect personal information (including some sensitive information) in different ways including:
What we collect
We may collect different kinds of information about you. This can include:
When you access and use Dataplace the website server logs the following information:
Why we collect information and how we use it
We collect and use personal information (including sensitive information) in accordance with the *Privacy Act 1988 (Cth) *and the Australian Privacy Principles, for the purpose of enabling you to have access to Dataplace, to administer the Dataplace platform with IT support provided by PM&C, and to undertake functions and activities under the DATA Scheme.
This includes:
providing access to Dataplace - we collect and use personal information to onboard users to Dataplace and manage access so you can use the services of Dataplace
processing applications for organisations to become an accredited user or data service provider under the DATA Scheme - we collect and use personal information as part of these applications, including to:
- assess against the accreditation criteria under the DATA Scheme
*managing data requests and data sharing agreements *- we collect and use personal information to help government agencies manage data sharing requests and data sharing agreements, including so they can communicate with you about your data sharing request. In circumstances where sensitive data (which may not be sensitive personal information) is being shared, we may collect information to identify individuals who will have access to that sensitive data
maintaining registers under the DATA Scheme - we will use personal information to maintain the accredited user and data sharing registers that we are required to do under the DATA Scheme
operating Dataplace - we use information collected by Dataplace to ensure that Dataplace is operating effectively and efficiently and to respond to enquiries you may make to us about Dataplace.
manage and respond to requests for information or support (including requests made under freedom of information legislation)
conduct statistical reporting and research, including to de-identify personal information so that any statistical reporting or research outcomes do not identify you or any other individuals
undertake statistical analysisand system administration using information collected from our website. No attempt is made to identify users or their browsing activities, except where a law enforcement agency or the Commissioner is undertaking an investigation and has legal authority to identify users and/or their browsing activities.
seek legal advice if required.
We may engage contractors to assist us undertake any of the above functions and activities. We ensure that all contractors are subject to the same legal requirements as our staff, including strict confidentiality, privacy and security obligations.
Who we disclose your information to
We may need to disclose your personal information to others. We will protect your information by taking steps to ensure that any disclosure is done in accordance with the *Privacy Act 1988 *(Cth).
We may disclose your personal information (including sensitive information) to:
Disclosure of information overseas
We will not disclose information outside Australia for any other reason, unless authorised by law.
How we store personal information
We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These include:
How to access and correct your personal information
Accessing your personal information
You have the right to ask for access to the personal information that we hold about you. You can do this using our contact details below.
If you ask us for access to the information we must give you access, unless there is a law that restricts us from giving you access.
If we refuse to give you access to your personal information, we will let you know in writing and will provide reasons for our refusal.
Updating your personal information
You have the right to ask that we correct personal information that we hold about you. You can do this using our contact details below. If you have a personal profile on Dataplace, you may update the personal information present in that profile.
If you ask us to correct your personal information, we must take reasonable steps to correct your information if we consider that it is incorrect.
If we refuse to correct your personal information, we will let you know in writing and will provide reasons for our refusal.
The Privacy Code requires agencies, including the Department, to conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects. It is also open to the Department to undertake PIAs as best practice and to exercise due diligence where a project is below this threshold.
PIAs completed by the Department, since the Privacy Code commenced on 1 July 2018, are listed in the table below.
| |
| |
| |
| |
How to make a complaint
How to complain to us
If you think we may have breached your privacy rights, you may contact us using the contact details set out below.
We will respond to your complaint promptly if you provide your contact details. You do not need to provide your name, or can use a pseudonym, but we may not be able to fully investigate and resolve your complaint if you do not provide all relevant details.
We are committed to quick and fair resolution of any complaints, and will ensure your complaint is taken seriously. You will not be victimised or suffer negative treatment by us if you make a complaint.
How to complain to the Office of the Australian Information Commissioner (OAIC)
You also have the option of contacting the OAIC, if you wish to make a privacy complaint against us.
The OAIC website contains information on how to make a privacy complaint to the OAIC.
If you make a complaint directly to the OAIC, the OAIC may recommend you try to resolve the complaint directly with us in the first instance.
How to contact us
If you wish to ask questions about this Privacy policy, or how your personal information is collected, held, used or disclosed please contact us.
Please also contactus if you wish to obtain access to or seek correction of your personal information or make a complaint about a breach of your privacy.
Please contact the Department of Finance Privacy Officer, using the following contact details:
Email: privacy@finance.gov.au
Post: Privacy Contact Officer, Department of Finance, 1 Canberra Avenue, FORREST ACT 2600
Fax: +61 2 6283 7999
Availability of this Privacy policy
If you wish to access this Privacy policy in an alternative format (e.g. hard copy) please contact us using the contact details above. This Privacy policy is available free of charge.