Last review date: 20 December 2024

☒  the identity and the contact details of the controller and, where applicable, of the controller's representative

☒  the purposes of the processing for which the personal data is intended

☒  the legal basis for the processing

☒  the categories of personal data concerned

☒  the source from which the personal data originates and, if applicable, whether it came from publicly accessible sources

☒  the recipients or categories of recipients of the personal data, if any

☒  the existence of data subjects' rights, such as the right to access, rectification, erasure, data portability, etc.

☒  whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data

☒  other

Agencies are also required to take reasonable steps to ensure that the individual concerned is aware of the consequences (if any) for that individual if all or any part of the requested information is not provided.

While it is not a requirement to provide information regarding data transfers to third countries, if there will be a disclosure of personal information to an overseas agency and that overseas agency may use and disclose the information for its own purposes, then IPP 12 must be complied with. One of the means of being able to comply with IPP 12 is to obtain express authorization for the disclosure from the individual concerned after the individual has been expressly informed that the recipient may not be required to protect the information in a way that, overall, provides comparable safeguards to those in the Privacy Act.

Last review date: 20 December 2024

Yes.

Data subjects have the following data privacy rights, although the specifics of the scope and conditions for each of these vary depending on the circumstances and local law:

☒  right to access the data subject's own personal data

☒  right to rectify/correct the data subject's own personal data where inaccurate or incomplete

☒  other

Individuals have the right to submit to an agency a statement detailing the correction they seek to their personal information. If the agency does not make the requested correction, the individual can request the agency to attach the statement of correction to their personal information.

Last review date: 20 December 2024

Yes.

There are accountability and governance requirements to:

☒  implement appropriate measures to comply with data privacy and cybersecurity

☒  identify a specific individual as the data privacy contact for data subject or data protection authority inquiries