This summary sets out key points about how the Digital Transformation Agency (DTA) handles personal information. We collect, hold, use, disclose and store personal information to carry out our functions or activities in accordance with the:
- Privacy Act 1988 (Cth) (Privacy Act),
- Australian Privacy Principles (APPs)
- Privacy (Australian Government Agencies – Governance) APP Code 2017 (the Code).
We may collect or hold personal information that is reasonably necessary for, or directly related to, the performance of our functions and activities. This may include your name, phone number, email and address, and information about your interactions with us through our services or the pages you visit.
We collect personal information for many purposes, including to providing strategic leadership on whole-of-government and shared ICT and digital services, including sourcing and capability development.
We will usually collect information directly from you, unless there is an exception in the Privacy Act that permits us to collect personal information from a third party.
Storage and protection
Our electronic information is held in secure online systems. We restrict physical access to our offices and limit access to authorised personnel only. DTA staff have access to personal information on a need to know basis only.
When personal information is no longer required to be retained as part of a Commonwealth record, it is generally destroyed in accordance with the Archives Act 1983.
Use and disclosure
We will ordinarily use and disclose your personal information for the primary purpose for which it was collected.
However, we may also use or disclose your personal information for another purpose in certain circumstances. For example, if required or permitted by law or for a purpose related to, or directly related to, the purpose of collection where you would reasonably expect that this would occur.
Sometimes we will pass your personal information to other government agencies or organisations (such as the Australian Taxation Office or Department of Home Affairs), including overseas governments or organisations, for the purpose of assisting with your enquiry or application.
We may disclose some of your personal information to overseas recipients for business, systems administration, and systems maintenance purposes.
Access and correction
You can request access to, or correction of, your personal information by contacting us on the details below.
We will allow access or correct personal information upon request, unless we consider there is a sound reason under law to refuse. If we do not correct your personal information, we will take reasonable steps to associate a statement with your file upon request.
We take your privacy seriously and make all efforts to protect your personal information. If you wish to make a complaint about how DTA handles your personal information, you can contact us on the details below.
How to contact us
- Telephone: 02 6120 8595
- Email: email@example.com
- Mail: Privacy Officer
Digital Transformation Agency,
PO Box 457
Privacy Impact Assessments
A Privacy Impact Assessment (PIA) is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising, or eliminating that impact.
While PIAs assess a project’s risk of non-compliance with privacy legislation and identify controls to mitigate the risk, a PIA is much more than a simple compliance check. It should ‘tell the full story’ of a project from a privacy perspective, going beyond compliance to also consider the broader privacy implications and risks, including whether the planned uses of personal information in the project will be acceptable to the community. PIAs are key to building community trust and have a range of other benefits, such as demystifying the project and its objectives.
From 1 July 2018, the Australian Government Agencies Privacy Code require agencies to conduct a PIA for all high privacy risk projects. A high privacy risk project is one that involves a new or changed way of handling personal information that is likely to have a significant impact on the privacy of individuals.
A register of PIAs completed by the DTA can be found below.
Register of Privacy Impact Assessments (PIAs) - Last reviewed 29 August 2022
Initial Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF) Alpha
|Second Independent Privacy Impact Assessment (PIA) for the Trusted Digital Identity Framework (TDIF)||September 2018||Galexia|
|3rd Independent Privacy Impact Assessment (PIA) on the TDIF and related Digital Identity Eco-system||March 2021||Galexia|
|Privacy Impact Assessment Report for the draft TDI Legislation||February 2022||HWL Ebsworth|
While DTA has exercised due care in ensuring the accuracy of the material contained on this website, the information on the site is made available on the understanding that DTA is not engaged in rendering professional advice here. The website may not cover all the information available on a particular issue.
Get in touch
You can send requests for information or complaints to firstname.lastname@example.org. You can also send your request or complaint by post to Digital Transformation Agency, GPO Box 457, Canberra, ACT 2601.