Department of Education
The Department of Education, its employees, contractors and agents (collectively, the department) is subject to the Privacy Act 1988 (the Privacy Act) and to the requirements of the Australian Privacy Principles (APPs) contained in the Privacy Act.
We also adhere to applicable guidelines issued to agencies by the Office of the Australian Information Commissioner.
- the types of personal information that we collect, hold, use and disclose;
- our personal information handling practices;
- our authority to collect your personal information, why it may be held by us, how it is used and how it is protected;
- whether we are likely to disclose personal information to overseas recipients and if possible, to whom;
- how you can access your personal information, correct it if necessary and complain if you believe it has been wrongly collected or inappropriately handled.
- a student;
- a parent or guardian;
- a child care service provider;
- a principal or teacher;
- an academic or researcher;
- a participant in a program or service delivered by us;
- a contractor, consultant, or supplier of goods or services to us;
- an applicant for a grant or a tenderer for a contract provided by us;
- a policy stakeholder who works with us;
- a person whose information may be given to us by a third party, including other Australian Government agencies;
- an entrant in a competition conducted by us;
- a person seeking employment with us;
- a current or past employee of the department; or
- any other individual whose personal information we may collect, hold, use and disclose.
Information we collect and why we hold, use and disclose it
We are responsible for national policies and programs that help Australians access quality and affordable childcare; early childhood education; school education; post-school, higher education; international education and academic research.
We collect, hold, use and disclose personal information for a variety of purposes, including:
- performing our management, employment and personnel functions in relation to our staff and contractors;
- performing our legislative and administrative functions;
- policy development, research and evaluation;
- data sharing or data integration with other Australian Government agencies, including but not limited to, data sharing or data integration with the Australian Bureau of Statistics for the Multi-Agency Data Integration Project and the Data Integration Partnership for Australia;
- complaints handling;
- administering requests received by us under the Freedom of Information Act 1982 (Cth);
- preventing, detecting, investigating or dealing with fraud or corruption against the Commonwealth;
- program management;
- maintaining effective working relationships with state and territory governments, non-government education authorities and providers, universities and other relevant stakeholders;
- policy advice and other support to our Ministers;
- contract management; and
- management of correspondence with the public.
We only collect, hold, use and disclose personal information for a lawful purpose that is reasonably necessary or directly related to one or more of our functions or activities or where otherwise required or authorised by law.
We will only use your personal information for secondary purposes where we are able to do so in accordance with the Privacy Act.
Tax File Numbers
The following information is provided to comply with the department's obligation under subrule 14(1) of the Privacy (Tax File Number) Rule 2015 (TFN Rule).
Purpose of collection
A tax file number (TFN) is a unique identifier issued by the Commissioner of Taxation. The department may collect TFNs for the following purposes:
- to administer the Higher Education Loan Programs;;
- to make payments of salaries and wages to eligible employees and contractors;
- to administer child care financial assistance payments.
You are not legally obliged to quote your TFN but there may be financial consequences where you chose not to quote it.
Prohibitions and penalties
Certain Commonwealth legislation prohibits the collection, recording, use and disclosure of TFN information. Relevantly:
- the TFN Rule and the Taxation Administration Act 1953 (Cth) (TAA) contain prohibitions on:
- requiring, requesting or collecting TFN information for unauthorised purposes (TFN subrule 8(1) and subsection 8WA(1) of the TAA), and
- recording, using or disclosing TFN information unless permitted under taxation, personal assistance or superannuation law (TFN Rules 9 and 10; and subsection 8WB(1) of the TAA).
A breach of the TFN Rule is an interference with privacy under the Privacy Act. Individuals who consider that their TFN information has been mishandled may make a complaint to the Australian Information Commissioner. Where the breach of privacy is very serious, the Australian Information Commissioner may seek a civil penalty.
A breach of either sections 8WA and 8WB of the TAA is punishable by a fine of 100 penalty units or 2 years imprisonment or both. NOTE: Effective from 1 July 2017, 1 penalty unit is equal to $210. This unit value will automatically increase in line with the consumer price index from 1 July 2020 and every three years after.
- The A New Tax System (Family Assistance)(Administration) Act 1999 (the Family Assistance Administration Act) and Child Care Act 1972 (the Child Care Act) are both personal assistance laws within the definition contained in TFN subrule 6(2). These Acts contain prohibitions on the making of a record, disclosure, use, solicitation or supply of information that is protected information – which includes TFNs (sections 163 – 167 of the Family Assistance Administration Act and sections 12K, 12L, 12M, 12Q, 12R and 12S of the Child Care Act). These offences are punishable by two years imprisonment. There are exceptions permitting the collection, use or disclosure of protected information in limited circumstances, as outlined under Part 6 of the Family Assistance Administration Act, and Part IIIA of the Child Care Act.
- The Higher Education Support Act 2003 (HESA) is a taxation law within the definition contained in TFN subrule 6(2). In collecting, recording, using and disclosing tax file numbers under HESA the department, the Australian Taxation Office, higher education providers and vocational education and training providers must not contravene sections 8WA and 8WB of the TAA.
If you would like further information about protections surrounding tax file numbers you may wish to consult:
- The Office of the Australian Information Commissioner's website (https://oaic.gov.au/privacy-law/privacy-act/tax-file-numbers).
- The TFN Rule which regulates the collection, storage, use, disclosure, security and disposal of individuals' TFN information. The TFN Rule is available on the Federal Register of Legislation website (https://www.legislation.gov.au/Details/F2015L00249).
There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communication with us, such as post, fax or telephone (although these also have risks associated with them).
We only record your email address when you send a message to us or subscribe to one of our mailing lists. Unless otherwise notified, any personal information, including email addresses, will only be used or disclosed for the purpose for which it was provided.
Log information (browsing)
When you use our online services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your server address, your top level domain name (for example, .com, .gov, .au, .uk, etc), the date and time of visit to the site, the pages accessed and documents viewed, the previous sites visited, the browser type, the browser language, and one or more cookies that may uniquely identify your browser.
Cookies are used to maintain contact with a user through a website session. A cookie is a small file stored by your web browser software on your computer when you access our website. Cookies allow us to recognise an individual web user as they browse our website.
Collection and Analytics
The information collected includes when you accessed our website, how you accessed the site (for example, from a search engine, a link, an advertisement) and what you did on the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of compiling reports on website activity and providing other services relating to website activity and internet usage.
Demographic and interest reports may be generated including identifiers such as your age, gender, affinity categories (for example, education and training interests), in-market segments and other categories based on acquisition, behaviour, and conversions metrics. These reports may be used by the department to assist it make policy and program decisions.
You can prevent your information from being collected on our website by:
- disabling location services on your browser/device.
Additional advice regarding how to protect yourself online can be found at Stay Smart Online.
Links to External Websites and Social Networking Services
We also use social networking services such as Facebook, Twitter, Google+, Youtube, Instagram and Yammer to talk with the public and our staff. When you talk with us using these services we may collect your personal information to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.
Disclosure of personal information overseas
We will on occasion disclose personal information to overseas recipients, but only where certain conditions are met, for example, you give your consent or the disclosure is otherwise authorised by law. The situations in which we may disclose personal information overseas include:
- the publication on the internet of material which may contain personal information, such as departmental reports and other documents; photographs, video recordings and audio recordings; and posts and comments on our social media platforms;
- the provision of personal information to overseas researchers or consultants;
- the provision of personal information to recipients using a web-based service where data is stored on an overseas server, for example, the department may use Mailchimp for email subscriptions and SurveyMonkey for online surveys; and
- the provision of personal information to foreign governments and law enforcement agencies.
Information collected by our contractors
Under the Privacy Act we are required to take contractual measures to ensure that contracted service providers (including subcontractors) comply with the same privacy requirements applicable to us.
Storage and Data Security
Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government's records management regime.
We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse.
We take all reasonable steps to make sure that the personal information we collect and store is accurate, up-to-date, complete, relevant and not misleading.
Access to and alteration of records containing personal information
You have a right under the Privacy Act to access personal information we hold about you.
You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
It is also possible to access and correct documents held by us under the Freedom of Information Act 1982. For information on this, please contact our FOI Coordinator (contact details are available on the Freedom of Information page of our website).
For further detail, including a comparison of both access mechanisms and how you can make a request, please see our Guide to Accessing and Correcting Personal Information.
Privacy Impact Assessments
A privacy impact assessment (PIA) is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.
The Privacy (Australian Government Agencies - Governance) APP Code 2017(Privacy Code) requires us to undertake a PIA in certain instances and to maintain a register of those PIAs from 1 July 2018. In accordance with the Privacy Code, we publish a version of our PIA register on our website.
If you think we may have breached your privacy you may contact us to make a complaint using the contact details below. In order to ensure that we fully understand the nature of your complaint and the outcome you are seeking, we prefer that you make your complaint in writing.
For further information about our complaint handling processes please see our Privacy Complaint Handling Procedures.
If you have any enquiries or complaints about privacy, or if you wish to access or correct your personal information, please email us at firstname.lastname@example.org or write to:
Child Care and Corporate Legal Branch
Department of Education
GPO Box 9880
Canberra ACT 2601.
Last updated: July 2019