All personal information we collect is handled in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Privacy Act):
How we handle personal information
We collect personal information only when it is reasonably necessary for, or directly related to, our functions or activities. This includes:
- dealing with applications under the Administrative Appeals Tribunal Act 1975 (AAT Act) and the Migration Act 1958 and, in particular, applications for review of administrative decisions
- arranging and managing examinations under the Proceeds of Crime Act 2002 (Proceeds of Crime Act)
- managing enquiries, complaints and freedom of information and privacy requests
- informing interested persons about our decisions and other developments at the AAT through our AAT alerts email service
- managing the personnel of the AAT
- facilitating the general administration of the AAT, including undertaking consultation processes and liaison in relation to the AAT's practices, procedures and operations.
We collect personal information directly from the individual to whom it relates, or from his or her representative.
However, we also collect information from other persons where this is required or authorised under the AAT Act, the Migration Act or another Australian law, or it is unreasonable or impracticable to collect it from the individual concerned.
Use and disclosure
We use and disclose personal information for the purpose for which it was collected and will only use or disclose information for another purpose where this is permitted under the Privacy Act.
In general, we do not use or disclose personal information for another purpose unless one of the following applies:
- the individual has consented
- the individual would reasonably expect us to use or disclose the information for that other purpose and it is either related or, in the case of sensitive information, directly related to the purpose for which it was collected
- it is required or authorised by or under an Australian law or a court/tribunal order
- it is necessary to lessen or prevent a serious threat to somebody's life, health or safety, or to public safety
- it is reasonably necessary for the enforcement of the criminal law, or of a law imposing a pecuniary penalty or sanction, or for the protection of public revenue.
We do not usually disclose personal information to anyone outside of Australia.
We take steps to ensure the information we collect is accurate, up-to-date and complete. This includes maintaining and updating information when individuals advise us of changes.
We take steps to protect the personal information held against misuse, interference and loss and from unauthorised access, modification or disclosure, including:
- restricting physical access to AAT offices
- password protection for accessing our electronic systems
- secure storage for information including restricting access to classified material specific to AAT personnel who have the required level of clearance.
When no longer required, personal information is destroyed in a secure manner, or deleted in accordance with the requirements of the Archives Act 1983.
Access and correction
If you are a party to an application made to the AAT, you might be able to access documents or other material on a review file, subject to any confidentiality or other restrictions.
You may otherwise request access or changes to the personal information we hold about you, or request that we change that personal information, under the Privacy Act or the Freedom of Information Act 1982 (FOI Act).
We will allow access or make changes to the personal information we hold unless we consider there is a sound reason not to under the Privacy Act, FOI Act or other relevant law.
If we do not agree to make requested changes, you may make a statement about the requested changes and, in most cases, we will attach this to the record. It is not generally possible to make changes to AAT decisions once they have been finalised.
Find out more about:
Making a complaint
If you are unhappy with the way we have handled your personal information, or concerned we have breached our obligations under the Privacy Act, you must and lodge a written complaint.
You can make a written complaint by:
We will respond to you within 30 days.
If you are still not satisfied, you can complain to the Australian Information Commissioner. More information is available on the Office of the Australian Information Commissioner's website.
Contact our Principal Registry by phone, email, post or fax if you want more information about how we handle personal information.
Privacy Impact Assessment Register
A Privacy Impact Assessment (PIA) is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising, or eliminating that impact.
From 1 July 2018 the AAT is required by the Australian Government Agencies Privacy Code to conduct PIAs for all high privacy risk projects and maintain a register of the PIAs it conducts,
A project may be a high privacy risk project if we consider that the project involves any new or changed ways of handling personal information that are likely to have a significant impact on the privacy of individuals.
We have undertaken the following PIAs from 1 July 2018.
||Customer Persona Project
||AAT engaged an indepenent research agency to formalise customer persona. The agency conducted customer surveys via an online community and observied some face to face, telephone and email interactions with the AAT.
||Digital Strategy Project
||AAT trial of an online portal for uploading case-related documents by users.