- Purpose of this policy
- Personal information
- Collection of personal information
- Collection of personnel and security information
- Use of personal information
- Disclosure of personal information
- Disclosure of personnel and security information
- Further information about personal information
- Accessing or correcting personal information
- Other information relevant to your privacy
AUSTRAC ensures the protection of any personal information it receives, as required by the Privacy Act 1988 (Privacy Act). 'Personal information' is defined in the Privacy Act as:
information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
On 12 March 2014, the Privacy Act will be amended and the new definition of 'personal information' will be:
information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a) whether the information or opinion is true or not; and
b) whether the information or opinion is recorded in a material form or not.
As well as AUSTRAC's obligations under the Privacy Act, most of the personal information obtained by AUSTRAC is defined as ‘AUSTRAC information’ and is protected from unauthorised use and disclosure, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).
AUSTRAC collects personal information only by lawful and fair means to fulfil the objects of, and the AUSTRAC Chief Executive Officer’s (CEO's) functions under, the AML/CTF Act and the Financial Transaction Reports Act 1988 (FTR Act). AUSTRAC’s collection of personal information is required or authorised by those Acts and the Privacy Act.
The AUSTRAC CEO's functions under section 212 of the AML/CTF Act include:
- to provide advice and assistance, including analysis, in relation to AUSTRAC information, to the persons and agencies who are entitled or authorised to access AUSTRAC information
- to advise and assist the representatives of reporting entities in relation to compliance by reporting entities with the AML/CTF Act, the regulations and the AML/CTF Rules
- to promote and monitor compliance with the AML/CTF Act, the regulations and the AML/CTF Rules.
In performing the AUSTRAC CEO's functions, the CEO must consult with:
- reporting entities or the representatives of reporting entities
- the Commissioner of the Australian Federal Police
- the Chief Executive Officer of the Australian Crime Commission
- the Commissioner of Taxation
- the Chief Executive Officer of Customs
- the Information Commissioner, regarding matters that relate to the privacy functions (within the meaning of the Australian Information Commissioner Act 2010).
AUSTRAC collects personal information from individuals, third-party entities, Commonwealth, State and Territory agencies, and public sources. The information is either from compulsory reports or authorised receipts of information under the AML/CTF Act, FTR Act and other relevant legislation.
The Privacy Act requires agencies, as soon as practicable after collecting personal information, to take such steps (if any) as are reasonable in the circumstances to notify individuals of the collection of their personal information. Due to the secrecy restrictions in the AML/CTF Act and as a consequence of the high volume of personal information received, it is neither legally possible nor practicable for AUSTRAC to notify individuals of the receipt of personal information from third-party entities.
AUSTRAC also collects personal information about its staff, secondees and contractors (and applicants for those positions) for personnel, security and related purposes. That collection is authorised by common law and Commonwealth laws, including:
- Public Service Act 1999
- Public Interest Disclosure Act 2013
- Safety, Rehabilitation and Compensation Act 1988
- Work Health and Safety Act 2011
- Long Service Leave (Commonwealth Employees) Act 1976
- Protective Security Policy Framework
- Maternity Leave (Commonwealth Employees) Act 1973
- Paid Parental Leave Act 2010
- Superannuation Act 1976
- Superannuation Act 1990
- Superannuation Benefits (Supervisory Mechanisms) Act 1990
- Superannuation Guarantee (Administration) Act 1992
- Superannuation Productivity Benefit Act 1988.
Your personal information will not be used for any purpose other than the purposes for which it was collected, unless:
- such use is authorised or required by law (including where the use meets an exception in the Information Privacy Principles - from 12 March 2014 the Australian Privacy Principles - set out in the Privacy Act); or
- you have consented to the use.
AUSTRAC will not disclose personal information about you except where it is:
- in accordance with the law, including to agencies and entities covered by Part 3 and Part 11 of the AML/CTF Act
- authorised by you in a contract between you and AUSTRAC
- in accordance with consent granted by you.
AUSTRAC also discloses personal information to certain overseas recipients who are authorised under Part 11 of the AML/CTF Act, or authorised or required by another law, to receive AUSTRAC information. AUSTRAC has signed exchange instruments with counterpart agencies in the countries to which AUSTRAC disseminates information. AUSTRAC’s international information disclosure arrangements require that foreign recipients give appropriate undertakings protecting the confidentiality and controlling the use of the personal information.
The list of countries and agencies who receive AUSTRAC information and have an exchange instrument is available on the Exchange instruments list page.
Personnel and security information is disclosed to Commonwealth agencies, law enforcement agencies, health providers and advisors, and other persons authorised by Commonwealth, State or Territory law to receive it. It is also disclosed to other entities to whom you give AUSTRAC consent to disclose personnel and/or security information.
Examples of agencies AUSTRAC may disclose personnel or security information to are: financial institutions, the Ombudsman, Comcare, the Australian Public Service Commission, Australian Government Security Vetting Agency, Australian Commissioner for Law Enforcement Integrity, Comsuper, Australian Taxation Office and Merit Protection Commissioner.
AUSTRAC's personal information digest provides more detailed information about the kinds of personal information AUSTRAC collects, how that information is collected and the purposes for which it is collected, held, used and disclosed.
AUSTRAC’s annual report contains further information about AUSTRAC’s collection, handling and disclosure of personal information, including more information about international disseminations.
AUSTRAC aims to ensure that the personal information it holds is accurate, up-to-date and complete. Please ensure any information you provide is accurate, up-to-date and complete, and notify AUSTRAC if you believe it holds information that is outdated, inaccurate or incomplete.
You are entitled to access your personal information held by AUSTRAC, subject to some conditions and exceptions imposed by law. AUSTRAC’s personal information digest contains information about how an individual may access their personal information.
Requests for correction of personal information may be made under the provisions of the Freedom of Information Act 1982 (FOI Act) by contacting the FOI Contact Officer (details below).
Complaints about breaches of the Information Privacy Principles (from 12 March 2014, the Australian Privacy Principles) by AUSTRAC may be made to the FOI Contact Officer, or through the AUSTRAC Information Service Centre.
The FOI Contact Officer may be contacted by telephone on (02) 6120 2631, email to INFO_ACCESS@austrac.gov.au or by writing to:
Freedom of Information Officer
C/- Attorney General’s Department
3-5 National Circuit
BARTON ACT 2600
The AUSTRAC Information Service Centre may be contacted at firstname.lastname@example.org.
AUSTRAC's privacy complaints information page explains how AUSTRAC deals with complaints about breaches of privacy.
Visiting AUSTRAC’s website
When visiting this website, a record of your visit is logged and information is automatically recorded for statistical purposes to enable us to improve this site and our services. This information does not identify you personally and AUSTRAC does not track information about individuals and their visits.
Your web browser supplies information that includes:
- your internet domain (for example, 'company.com.au' if you use a private internet access account, or 'yourschool.edu.au' if you connect from an educational institution) and the IP address from which you access our website
- the type of web browser used (for example, Internet Explorer V 10)
- your computer's operating system (for example, Windows or OS X)
- the date and time you access this site
- the pages you visit and any documents downloaded
- if you followed a link to the AUSTRAC website from another website - the address of that website.
No attempt will be made to identify users or their browsing activities except where otherwise required or authorised by law. For example, in the event of an investigation, a law enforcement agency may exercise its legal authority to inspect the service provider's logs.
When AUSTRAC receives information from you, either via email or any other means, the information is stored in a secure environment.
You need to be aware that there are inherent risks associated with the transmission of information via the internet. Although AUSTRAC has implemented security measures, it is not possible to provide absolute guarantees as to the security of data provided via an online transmission.
If you have concerns in this regard, AUSTRAC has alternative methods of obtaining and providing information. Normal mail, telephone and fax facilities are available.
Links to other sites