On this page:
- Who we are
- Privacy Act 1988
- Australian Institute of Health and Welfare Act 1987
- Our Ethics Committee
- Our personal information handling practices
- Securing personal information
- Use and disclosure of personal information
- Our website
- How to access, correct or update personal information
- How to complain about a possible breach of privacy
- How to contact us about privacy
The Australian Institute of Health and Welfare (AIHW) is a corporate Commonwealth entity established in 1987, governed by a management board, and accountable to the Australian Parliament as part of the Health portfolio.
We collect and report information on many topics and issues, including health and welfare expenditure, hospitals, disease and injury, mental health, ageing, homelessness, disability and child protection.
One of our main activities is to work with the states and territories to improve the quality of data. Where possible, we compile national datasets based on data from each state and territory. We create authoritative evidence and accessible information and statistics that inform policy and decision makers to improve the health and welfare of all Australians.
- the Privacy Act 1988 (Privacy Act), including the Australian Privacy Principles (APPs)
- the Privacy (Australian Government Agencies – Governance) APP Code 2017
- Section 29 of the Australian Institute of Health and Welfare Act 1987 (AIHW Act).
The full listing of Australian Privacy Principles is located on the Office of the Australian Information Commissioner website at Privacy/ Australian Privacy Principles.
Under the Privacy Act 1988, 'personal information' is information about a living person who could reasonably be identified. We comply with the APPs in the Privacy Act 1988 when we collect, use, disclose and store personal information, and when dealing with how people may access and correct the personal information we hold about them.
The Privacy Act 1988 has an important exception to the APPs. Section 95 permits us to take actions that might otherwise breach an APP, if those actions are for medical research approved by a Human Research Ethics Committee and in accordance with the Guidelines under Section 95 of the Privacy Act 1988 issued by the National Health and Medical Research Council.
The Privacy (Australian Government Agencies – Governance) APP Code 2017 (the Privacy Code) requires that an agency:
- have a privacy management plan that measures and documents its performance against privacy at least annually
- have a designated privacy champion, who promotes a culture of privacy and provides leadership on strategic privacy issues
- have a designated privacy officer, who is the primary point of contact for advice on privacy matters
- conduct a privacy impact assessment (PIA) for all high privacy risk projects
- publish a register of PIAs on its website.
The AIHW complies with requirements of the Code through the following actions:
- each year we prepare and implement a Privacy Management Plan that includes specific, measurable privacy goals and targets to ensure compliance with the Privacy Code and actions to continually improve our privacy maturity
- the AIHW Privacy Champion's role is to promote a culture of privacy and provide leadership on strategic privacy issues. Our designated Privacy Champion is the Head of the Data Governance Group
- the AIHW Privacy Officer is the first point of contact for advice on privacy matters and the primary privacy contact for the Office of the Australian Information Commissioner. Our designated Privacy Officer is the Head of the Ethics, Privacy and Legal Unit
- our staff are provided privacy training on induction and are required to complete mandatory annual privacy training. Annual presentations and privacy awareness updates are provided to staff during Privacy Awareness Week
- Our Ethics Committee considers a Privacy Impact Assessment prepared by AIHW for all of the data collections and research projects it considers for approval. Listings of Ethics Committee approved data linkage projects and data collections are provided on our website. The Committee also reviews PIAs for all ‘high privacy risk’ activities that involve new or changed ways of handling personal information.
It is a criminal offence for our staff, or anyone working with or receiving information from us, to disclose information in breach of Section 29 of Australian Institute of Health and Welfare Act 1987 (AIHW Act).
We do not disclose information we collect about persons (living or deceased) or organisations to anyone outside the AIHW unless authorised to do so under the Act.
The Australian Institute of Health and Welfare Ethics Committee is established under Section 16 of the AIHW Act and the Australian Institute of Health and Welfare (Ethics Committee) Regulations 2018. The Committee's functions and membership are prescribed in the regulations.
Further information about the Ethics Committee can be accessed on our website at Our services/ Committees/ AIHW Ethics Committee.
We collect and handle personal information for two key purposes.
Statistics and information
We collect, hold, use and disclose personal information to carry out our work (Section 5, AIHW Act).
We collect health-related and welfare-related data and information to develop statistics for and information used by governments and researchers to assist with health and welfare policy and decision making. This work includes:
- conducting health and welfare surveys
- maintaining health and welfare data sets
- maintaining national registers such as the National Death Index, National Mortality Database and National Cancer Database
- facilitating health and welfare research projects
- undertaking data linkage activities for health and welfare research.
We collect this personal information directly from members of the public or indirectly from Australian Government agencies, state or territory government bodies and other organisations.
We collect and hold some sensitive information, including:
- health information (such as physical and mental health, disability records)
- race or ethnic origin.
More information: About our data.
Management and operational purposes
The second reason we collect personal information is for management and operational purposes. We collect personal information including:
- contact details of:
- subscribers to our notification services
- members of committees we are on or provide secretariat services for
- individuals associated with research projects considered by the AIHW Ethics Committee
- people who have signed releases to take part in photographic, video or audio sessions about our work and publications
- responses to queries and complaints
- records of applicants for vacancies and temporary engagement registers, employees, contractors and sales and purchases.
We may collect other types of personal information to help us carry out our management and operational functions including:
- name, address and contact details (for example, phone and fax numbers)
- demographics (for example, dates of birth, sex, marital status), employment status, employment history, educational qualifications, accommodation, health and welfare services accessed
- photographs, video and audio recordings
- records of staff, former staff, contractors and consultants and applications for temporary or permanent vacancies
- financial information (for example, for staff, consultants, contractors and those who buy our publications online).
We collect this information in various ways, including:
- paper-based and electronic forms (surveys, online forms)
- electronic data files
- in person
- audio, photographic and digital recording devices
- our website
- our social media sites.
We collect, hold, use and disclose personal information for a variety of purposes relating to our management and operational activities, including:
- to make communicating with you easier, including providing you with a response to any request you may make
- performing our employment and personnel functions in relation to our staff and contractors, including payroll, recruitment and other matters (such as those relating to work health and safety)
- performing our legislative and administrative functions
- contract and committee management.
Electronic mail addresses
We will record your email address only if you send us a message. It will only be used for the purpose for which you provide it, and will not be added to a mailing list unless you request that this be done.
We collect and store personal information securely. Electronic and paper records containing your personal information are stored and protected in accordance with the Australian Government's Protective Security Policy Framework and managed in accordance with Australian Government records management requirements set out in the Archives Act 1983 and our Data Governance Framework (295KB PDF).
We support these broader requirements with many internal policies and procedures on:
- information security and privacy (technical, physical and personnel aspects)
- data custody
- operations of the AIHW Ethics Committee
- submissions to the AIHW Ethics Committee for projects involving personal information
- data linkage (we follow strict protocols when data held in two or more data sets is linked)
- confidentialising data (which means removing personally identifying information, leaving anonymous data for creating and publishing statistics and information)
- release of statistical information.
All our staff and contractors must sign confidentiality agreements before they can access any data we hold. We only grant our staff with access to a data collection when they need it to perform their work.
We only use personal information to perform our work under the AIHW Act, or in our capacity as an employer.
If we disclose personal information, we do so as permitted by the AIHW Act, the Privacy Act 1988, and any other relevant legal requirements.
We may disclose your personal information where:
- you have agreed
- you would reasonably expect, or have been told, that we usually disclose information in a particular circumstance or to a particular person or organisation
- it is required or authorised by law.
When you browse our website, we collect this information about your visit, which we use for statistical purposes:
- your server or IP address (the name or number which uniquely identifies the computer you are using to connect to the Internet)
- date and time of your visit
- pages you accessed and documents you downloaded
- search terms you used
- previous sites you visited
- top-level domain name (for example, .com, .gov, .au, .uk)
- type of browser you used.
We use Swift Digital, an online marketing platform service provider to send and manage subscription emails. In using this service, Swift Digital may collect personal information where you have provided consent which may contain email addresses and other information to be used for the distribution of email campaigns and other important information.
To subscribe or login to some parts of our website, you must provide either a valid email address or a specific user name and password. These details will only be used for the purpose for which you have provided them and will not be added to any other mailing lists unless you specifically ask us to. Email mailing list addresses are stored on Swift Digital's server and can be accessed by authorised AIHW staff only. Your email address will not be disclosed without your consent, unless required by law.
All information collected using the Swift Digital service is remains property of the AIHW and is never shared or used by third parties.
Swift Digital maintains data in compliance with Australia's SPAM ACT 2003 and Australian Privacy Principles. All data is maintained within Australia and remains subject to Australian jurisdiction.
Where stipulated data is encrypted in transit using SSL connections. All data stored via Swift Digital is encrypted at rest.
Should you wish to contact Swift Digital, you can find contact details on Swift Digital's website.
- whether you have visited our website before
- how much time you spent on our website
- the text size you chose for viewing our website
- publications you purchased.
We use Google Analytics, a United States-based service, to analyse browsing information and produce reports on how visitors use our website. Google may transfer this information to third parties when required by law, or when the third parties process the information on Google's behalf. Google stores information across multiple countries.
Social networking services
We use social networking services such as Twitter, LinkedIn and YouTube to communicate to the public and potential employees. When you communicate with us using these services, we may collect your personal information, but we only use it to help us to share information with you and the public. The social networking service will also handle your personal information for its own purposes. These sites have their own privacy policies.
Links to other sites
We might include links to other sites including social media sites to make it easy to share information. These other sites might use web measurement tools, customisation technologies and persistent cookies to inform the service they provide to their users. We are not responsible for the privacy practices or the content of other websites, and we do not use, maintain or share personal information that is collected by other websites.
You can ask to access the personal information we hold about you. If that information is incorrect or outdated, you can ask us to correct it.
Contact our Privacy Officer.
We are committed to protecting your privacy. You can make a complaint if you believe we may have breached your privacy or our privacy obligations.
Send your complaint to our Privacy Officer providing your contact details.
We take all complaints seriously and are committed to quickly and fairly resolving them. If the matter is complex and takes longer to investigate that we first expected, we will keep you informed on when you will receive a response.
If you are not happy with our response to your complaint about privacy, you can ask the Office of the Australian Information Commissioner to review your complaint and our response. You do not have to send your complaint to us before you ask the OAIC to consider it. However, if you do so, the OAIC may recommend that you try to resolve it with us first.
- [email protected]