Skip to content

All personal information we collect is handled in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Privacy Act). Detailed information about how we handle personal information is contained in our Privacy Policy:

How we handle personal information


We collect personal information only when it is reasonably necessary for, or directly related to, our functions or activities. This includes:

  • dealing with applications under the Administrative Appeals Tribunal Act 1975 (AAT Act) and the Migration Act 1958 (Migration Act), primarily for review of administrative decisions
  • arranging and managing examinations under the Proceeds of Crime Act 2002 
  • managing enquiries, complaints and freedom of information and privacy requests
  • informing the public about AAT decisions and other developments at the AAT through our alerts services
  • managing employment and personnel matters, particularly in relation to our members, staff and contractors
  • facilitating the general administration of the AAT, including consultation and liaison in relation to the AAT’s practices, procedures and operations, procuring goods and services, and undertaking quality assurance activities.

We collect personal information directly from you or your representative.

However, we also collect information from other persons where this is required or authorised under the AAT Act, the Migration Act or another Australian law, or it is unreasonable or impracticable to collect it from you.

Use and disclosure

We use and disclose personal information for the purpose for which it was collected and will only use or disclose information for another purpose where this is permitted under the Privacy Act.

In general, we do not use or disclose personal information for another purpose unless one of the following applies:

  • you have consented
  • you would reasonably expect us to use or disclose the information for that other purpose and it is either related or, in the case of sensitive information, directly related to the purpose for which it was collected
  • it is required or authorised by or under an Australian law or a court/tribunal order
  • it is necessary to lessen or prevent a serious threat to somebody's life, health or safety, or to public safety
  • it is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body (e.g. the Australian Federal Police or the Office of the Migration Agents Registration Authority), or
  • we have reason to suspect that unlawful activity, or misconduct of a serious nature, which relates to our functions or activities has been, is or may be, engaged in, and we believe that the use or disclosure is necessary in order to take appropriate action.

On occasion, we might use personal information we collected from you to seek your feedback on our operations, including inviting you to participate in a survey.

Our Privacy Policy sets out who, other than the individual concerned, can usually access personal information that we hold.

We do not usually disclose personal information to anyone outside of Australia.

Data quality

We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete and relevant. These steps include: 

  • promptly recording new personal information and updating personal information in existing records when we are advised that it has changed
  • using data validation and consistent formats when we collect and record some kinds of personal information
  • reminding people or otherwise offering opportunities to update personal information, and
  • where necessary, confirming the accuracy of information from other parties or a public source with you.

Data security

We take steps to protect the personal information held against misuse, interference and loss and from unauthorised access, modification or disclosure. These steps include:

  • ICT security measures, including authentication requirements for accessing our electronic systems and keeping audit log of systems access by users.
  •  physical security measures, including restricting physical access to our offices and secure storage for information held on site with access to classified material limited to specific AAT personnel who have the required level of clearance
  • secure storage for information held offsite
  • procedures and training for dealing with suspected data breaches.

When no longer required, personal information is deleted or destroyed in a secure manner, or deleted in accordance with the requirements of the Archives Act 1983 and our records authorities.

Access and correction

You may request access or changes to the personal information we hold about you, or request that we change that personal information, under the Privacy Act or the Freedom of Information Act 1982 (FOI Act).

We will allow access or make changes to the personal information we hold unless we consider there is a sound reason not to under the Privacy Act, FOI Act or any other relevant law.

If we do not agree to make requested changes, you may make a statement about the requested changes and, in most cases, we will attach this to the record.

It is not generally possible to make changes to AAT decisions once they have been finalised.

Making a complaint

If you are unhappy with the way we have handled your personal information, or concerned we have breached our obligations under the Privacy Act, you should first lodge a written complaint with us, preferably by completing the attached form and emailing it to [email protected].

We will endeavour to investigate and respond to your complaint within 20 working days.

If you are not satisfied with our response, you may make a complaint to the Australian Information Commissioner. Further information about how to make a privacy complaint is available from the Office of the Australian Information Commissioner’s website.

Contact us

Contact Corporate and Enterprise Services if you want more information about how we handle personal information.

Privacy Impact Assessment Register

A Privacy Impact Assessment (PIA) is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising, or eliminating that impact.

From 1 July 2018 the AAT is required by the Australian Government Agencies Privacy Code to conduct PIAs for all high privacy risk projects and maintain a register of the PIAs it conducts,

A project may be a high privacy risk project if we consider that the project involves any new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.

We have undertaken the following PIAs from 1 July 2018.

Date completed   Project title    Project summary
7/8/2018 Customer Persona Project Conduct of customer survey by independent research agency.
8/8/2018 Online Document Submission Project AAT trial of an online portal for uploading case-related documents by users.
6/3/2019 eCase Search Relaunch Relaunch of internally developed eCase Search tool.
11/6/2019 Skype for Business Introduction of Skype for Business for internal use and some external conciliations.
26/7/2019 Single Touch Payroll Implementation of more frequent, automated reporting of employees personal information to ATO.
4/11/2019 New Members Appraisal Scheme New scheme to enhance professional appraisal and development for members.
27/08/2020 New HR System New HR system to manage recruitment, onboarding and offboarding AAT personnel. 
1/10/2020 Implementation of Window Hello Biometric authentication for AAT employees and members who have been issued an AAT's portable computer devices. 
24/11/2020 Online portal Single online portal for lodging applications and documents. 
15/12/2020 Digitisation of  summons documents Digital submission service to lodge summons material electronically.
16/12/2020 Digitisation of hearing papers (s.37 documents) Introduction of processes and systems to recieve hearing papers electronically from respondent department/agencies.
15/12/2020 HR file digitisation Digitisation of existing staff and member paper personnel files.
17/12/2020 Staff support program Trauma Informed Supervision and Peer Support Training program by an external provider.
6/9/2021 HROnboard system Extension of existing HR system to perform onboarding, cross boarding and offboarding functions of AAT personnel.


For further enquiries contact [email protected].

The PIA Register is updated on 14 March 2024.