The Australian Transport Safety Bureau is committed in respecting your right to privacy and protecting your personal information in accordance with the Privacy Act 1988 (Privacy Act) and our policies and procedures.
The ATSB publishes this policy to demonstrate its commitment to privacy rights, including by complying with the Privacy Act and the Australian Privacy Principles (APPs).
In this policy, personal information has the same meaning as defined in section 6 of the Privacy Act:
personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Some examples of personal information include names, addresses, banking details, licence and registration numbers, or photographs. It may also include indirectly identifying information, such as the description of an event, where the identities of any persons involved in the event are apparent even though no names are used. Whether or not the description of the event contains personal information may depend on the context and who is reading the information.
Collection of personal information
Solicited personal information
The ATSB generally collects personal information for the purposes of fulfilling the various functions or activities of the ATSB. This includes the ATSB’s primary function of conducting independent aviation, maritime and rail safety investigations under the TSI Act as well as receiving notifications from industry of the occurrence of accidents and incidents.
The TSI Act does contain some coercive information gathering powers that may be used to acquire personal information. However, normally the ATSB seeks to obtain personal information with the consent of the individual concerned.
In some circumstances the ATSB may collect personal information from a third party. This includes where information is provided via the mandatory scheme for the notification of accidents and incidents. The ATSB distributes material that seeks to make participants aware in the aviation, maritime and rail transport industries of the likelihood of their details being passed on to the ATSB if they are involved in an accident or incident. Where practicable, if the ATSB receives personal information via a third party, the ATSB will seek to notify the individual concerned of the circumstances of the collection.
The types of personal information that we generally collect and hold will include:
- personal contact details;
- personnel/employee records including educational or professional qualifications;
- credit card application records;
- information in delegations;
- staff conflict of interest declarations;
- information in ministerial correspondence;
- Freedom of Information applications;
- details of persons who attended ATSB training courses;
- mailing and subscription lists;
- contract, tender and submission documents;
- financial payment records;
- records for legal proceedings;
- complaint and feedback information;
- investigation records including witness statements, flight crew licences, training and qualification details, investigator’s notes and interview reports; and
- records of accidents and incidents notifications.
Personal information that is ‘sensitive information’ is defined by section 6 of the Privacy Act to include information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health or genetic information, biometric information and templates.
Sensitive information is afforded a higher level of protection under the Privacy Act, including limited circumstances in which it can be collected. The ATSB does not normally have a need to collect the majority of the sensitive information referred to in the definition. The exception is for the aviation, maritime and rail accident investigations it conducts under the TSI Act. For the purpose of fulfilling its statutory functions, the ATSB may collect and hold sensitive personal information, including:
- medical reports;
- physical and psychological profiles of persons involved in the occurrence;
- results of breath tests or blood alcohol levels;
- membership of a professional or trade association or trade union; and
- criminal records.
Where applicable, after obtaining the information holder’s consent the ATSB will typically obtain the sensitive information after issuing its holder a direction under section 32(1) of the TSI Act. This allows the information to be designated as ‘restricted information’ for the purposes of the TSI Act and afforded additional statutory protection.
Unsolicited personal information
Where the ATSB received unsolicited personal information, the ATSB must determine within a reasonable period if the information could have been collected in accordance with its functions and activities.
If the information could not have been collected in accordance with the ATSB’s functions and activities, and is not contained in a Commonwealth record, the ATSB must ensure the information is lawfully destroyed or de-identified.
The identity of an individual is typically relevant and necessary in order to achieve the ATSB’s purpose for collecting, using, holding or disclosing personal information. It is therefore unlikely to be practicable for the ATSB to deal with individuals who have not identified themselves or who have used a pseudonym. If an individual is concerned about not being able to deal with the ATSB anonymously, they may contact the Privacy Officer and discuss the circumstances.
How the ATSB stores personal information
The ATSB stores all personal information securely and restricts access to a limited number of staff that need access in order to perform their duties or assist individuals. Most personal information held by the ATSB is stored electronically such as on databases, shared drives or in emails, or on hard copy files.
The ATSB takes all reasonable steps to ensure that personal information is protected from misuse, loss and interference.
When information is no longer required it is securely destroyed in accordance with the
Archives Act 1983 (Archives Act) and relevant disposal authorities or forwarded to the National Archives of Australia (NAA).
Use and disclosure of personal information
The ATSB will only use and/or disclose personal information for the purposes for which it was collected (the primary purpose), unless an individual has consented to another use.
There are certain limited circumstances in which the ATSB may use or disclose information for a different purpose (a secondary purpose) without consent, such as where the secondary purpose is:
- directly related to the primary purpose for which the information was collected;
- required or authorised under an Australian law or has been ordered by a court or tribunal;
- necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or public health or safety;
- a permitted general situation or health situation, as defined by the Privacy Act; or
- an enforcement related activity and the use or disclosure of the information is reasonably necessary.
If the ATSB uses or discloses personal information for a purpose other than what it was originally collected for, the ATSB will keep a written notice of that use or disclosure as required by the APPs.
Disclosure of personal information overseas
The ATSB does not routinely disclose personal information to overseas recipients. However, there may be occasions related to the ATSB’s safety investigation function where this is necessary. In some circumstances there may be parties overseas who are connected with the occurrence of the accident in which case there may need to be a cross border flow of information. In these cases the ATSB complies with APP 8, including seeking to provide assurances that the information will be protected in accordance with the APPs.
Survey Monkey is based in the United States and in the European Union (EU) and the information generated by cookies (including an individual’s IP address) will be transmitted to and stored by Survey Monkey on servers located outside Australia. The ATSB needs to inform you that, should you wish to respond to a survey, you:
- understand and acknowledge that this service utilises a third party software platform, which is located in the USA and the EU, and relevant legislation of those countries will apply; and
- you understand and acknowledge that Survey Monkey is not subject to the Commonwealth Privacy Act 1988 and you will not be able to seek redress under Australian legislation but will need to seek redress under the laws of the USA and the EU for any privacy breaches.
Response to a voluntary survey may also be undertaken by printing out a copy of the online survey form and emailing the completed document to the relevant ATSB email address.
The ATSB does not use third party suppliers for mandatory occurrence reporting and the database associated with occurrence notifications is stored in Australia.
Access to personal information
Under APP 12, individuals have the right to access their personal information held by the ATSB. There is no cost associated with making a request. The ATSB will process the request and provide access to the information within 30 days after the request is made. If the ATSB decides not to grant access to the information, a written statement of reasons will be provided.
This mechanism operates alongside the Freedom of Information Act 1982 (FOI Act) under which an individual may request access to personal information held by the ATSB.
Information on how to apply for access to your personal information under the FOI Act, please go to Freedom of Information on the ATSB website.
To assist ATSB in locating any information held more quickly, an individual is encouraged to provide as much information as possible, such as, dealings they have had with the ATSB.
Correction of personal information
Individuals have the right under APP 13 to request corrections to any of their personal information held by the ATSB that they consider the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. This APP also operates alongside the FOI Act under which an individual may make a request to have personal information amended or annotated.
If an individual considers information held by the ATSB requires correcting, a written request should be sent to the ATSB’s Privacy Officer outlining what aspect of the information needs correction.
There is no charge associated with making a request or for associating the statement with the personal information and notification of the outcome will be provided within 30 days. If the ATSB refuses to correct the information, a written explanation will be provided. However, if the individual requests the ATSB to associate with the information a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading, the ATSB will take reasonable steps in the circumstances to associate the statement which will make it apparent to users of the information.
If the ATSB has disclosed the information previously to a third party, an individual may request that the third party also be notified of any correction made. If it is reasonable and practical to do so the ATSB will notify the third party of the corrections.
For security reasons, and to protect personal information, applicants may be asked to provide proof of identification.
How to request access or correction
To make a request for access to or correction of personal information, a written request should be sent to the ATSB’s Privacy Officer either by email email@example.com (preferred)w or by post to:
Australian Transport Safety Bureau
GPO Box 321
Canberra ACT 2601
For further information or assistance in relation to access and correction of personal information please contact the ATSB’s Privacy Officer using the contact details provided above.
Privacy impact assessment register
The ATSB conducts a Privacy Impact Assessment (PIA) for all high privacy risk projects. A project may be a high privacy risk if it has a significant impact on the privacy of individuals.
An individual may complain about the way the ATSB has handled their personal information. Complaints should be in writing and sent to the Privacy Officer using the contact details provided.
The complaint should provide sufficient information so the issues and concerns can be investigated. A Privacy complaint template is available on the ATSB website. Notification of an outcome will be provided within 30 days and individuals will be kept up-to-date as to the progress of their complaint.
If an individual is dissatisfied with the ATSB investigation outcome, the individual can contact the Office of the Australian Information Commissioner (OAIC) about making a privacy complaint to the OAIC.
ATSB contact details:
Australian Transport Safety Bureau
GPO Box 321
Canberra ACT 2601
Telephone: +61 02 6122 1601
OAIC contact details:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001