Australian Electoral Commission

Privacy Policy

Updated: 18 June 2014

1. Overview

This policy applies to personal information collected by the Australian Electoral Commission (the ‘AEC’). The purpose of the policy is to:

  • clearly communicate the personal information handling practices of the AEC
  • enhance the transparency of AEC operations, and
  •  provide individuals with a better and more complete understanding of the sort of personal information the AEC holds, and the way the AEC handles that information.

The AEC is bound by the provisions of the Privacy Act 1988, (Privacy Act) including the Australian Privacy Principles (APPs).  The APPs set out standards, rights and obligations for how we handle and maintain personal information. This includes how we collect, store, use, disclose, quality assure and secure personal information, as well as your rights to access or correct your personal information.

1.1 The Australian Electoral Commission

The AEC is established under the Commonwealth Electoral Act 1918 (Electoral Act) comprising a Chairperson, the Electoral Commissioner and one other member. The AEC is an entity for the purposes of the Privacy Act.

The Electoral Commissioner and the Australian Public Service employees who assist the Commissioner together constitute a Statutory Agency and the Electoral Commissioner is the principal executive of the agency.

The AEC has seven core business functions:

  • managing the Commonwealth electoral Roll,
  • conducting elections, referendums, including industrial and fee-for-service elections and protected action ballots,
  • educating and informing the community about electoral rights and responsibilities,
  • providing research, advice and assistance on electoral matters to the Parliament, other government agencies and recognised bodies,
  • providing assistance in overseas elections and referendums in support of wider government initiatives,
  • administering election funding, financial disclosure and party registration requirements, and
  • supporting electoral redistributions.

1.2 Anonymity and pseudonymity

In general, you have the right to interact anonymously or pseudonymously with the AEC. There are circumstances, however, where it is impractical for us to deal with individuals without knowing the identity of the individuals.  This is particularly the case when interacting with the AEC in the performance of our statutory functions relating to the enrolment of electors and the conduct of elections.  As these matters involve the exercise of individual rights and obligations, the AEC will require evidence of identity to enable the administration of those statutory functions to take place.

If you are seeking information of a general nature from the AEC, it is unlikely that you will be required to provide your real identity for that purpose. In general, you will not be disadvantaged by dealing anonymously or pseudonymously with us. However, without knowing your real identity, the type of information we are able to provide to you may be limited.

The Electoral Act prohibits the disclosure of information about one person to another person except in limited, specified circumstances. Those circumstances do not include requests by third parties for access to personal information held by the AEC, including requests by authorised representatives of an individual unless there is a specific authorisation that refers to the particular information in the possession of the AEC.

Before disclosing your confidential or personal information to you, the AEC will need to establish your identity.This is for the purpose of protecting you against the unauthorised disclosure of personal information that is in the possession of the AEC. Similarly, if you are seeking information about specific circumstances, we may be unable provide information without knowing the specific details of your request (which may require that you disclose your identity to us).

If you wish to deal anonymously or pseudonymously with the AEC, please advise us as early as possible.

2. Personal information handling practices

2.1 Collection of personal information

2.1.1 Means of collection

In carrying out its functions and activities, the AEC usually collects personal information about individuals directly from those individuals or their authorised representative(s). In certain circumstances we may also obtain personal information from third parties including that which is collected by other Australian, state and territory government bodies or organisations.

We only collect personal information from a third party or from a publicly available source, if:

  • the individual has consented to such collection or would reasonably expect the AEC to collect his or her personal information in this way, or
  • it is collected only when it is necessary for, or directly related to AEC functions or activities under the the Electoral Act and the Referendum (Machinery Provisions) Act 1984 (the ‘Referendum Act’) and subordinate laws made under those Acts (collectively referred to as ‘Electoral Legislation’) .

We collect this personal information in a variety of ways, including paper-based forms, by electronic means including online (through our website, as well as email), over the telephone and by fax.

2.1.2 Kinds of personal information collected

The AEC only collects personal information where that information is reasonably necessary for, or directly related to, one or more of our functions or activities.

The AEC maintains an impartial and independent electoral system for eligible voters through active electoral Roll management, efficient delivery of polling services and targeted education and public awareness programs.

The personal information we collect and hold will vary depending on what we require to perform our functions and responsibilities. It may include:

  • information about your identity (such as date of birth, country of birth, passport details, visa details, photographs and drivers licence)
  • name, address and contact details (such as telephone, email and facsimile)
  • information about your personal circumstances (such as age, gender, marital status and occupation)
  • information about your financial affairs (such as payment details, bank account details, and information about business and financial interests)
  • information about your employment (such as applications for employment, work history, referee comments and remuneration)
  • government identifiers
  • the management of contracts
  • correspondence from members of the public or organisations to the AEC, the Special Minister of State and other Australian Government ministers and parliamentary secretaries, including submissions to consultations
  • complaints (including complaints relating to privacy) and feedback provided to us
  • requests made to us under the Freedom of Information Act 1982 (FOI Act)
  • legal advice provided by internal and external lawyers
  • employment and personnel matters for our staff and contractors.

The APPs place more stringent obligation on entities when they handle ‘sensitive information’1. Generally, we will only collect sensitive information if you consent and it is reasonably necessary for, or directly related to, one or more of our functions or activities. Sometimes we may collect or deal with sensitive personal information without your consent, such as when it is required or authorised by a law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Executive authority of the Australian Government.

The range of sensitive personal information we may collect and hold, includes:

  • racial or ethnic origin
  • health (including information about medical history and any disability or injury)
  • criminal activities, and
  • biometrics.

2.2 Use and disclosure of personal information

The AEC collects and holds personal information for the purpose of carrying out its functions and activities. In some cases, the AEC may use or disclose personal information for a purpose other than that for which it was collected, but we will not give your personal information to other government agencies, private sector organisations, or anyone else unless you consent or one of the following exceptions applies:

  • you would reasonably expect us to use the information for that other purpose
  • it is legally required or authorised, such as by an Australian law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Executive authority of an Australian government
  • we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
  • we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary in order for us to take appropriate action in relation to the matter.

The Electoral Act prohibits the disclosure of information about one person to another person except in limited, specified circumstances.

The Electoral Act provides for public inspection of the Commonwealth electoral Roll.

The Electoral Act also provides for lawful disclosure of electoral Roll information to a range of organisations but it also precludes any further use or disclosure of that personal information for other than a permitted purpose.

Access to personal information by third parties including requests by authorised representatives of an individual is only permitted when there is a specific authorisation that refers to the particular information in the possession of the AEC.

There is nothing in the Electoral Act that authorises the recipient of a power of attorney to do anything that an elector is required to do merely by virtue of holding that power of attorney. Accordingly the AEC will not disclose personal information in the absence of a specific authorisation even where a power of attorney has been given.

2.2.1 Disclosure of personal information to overseas recipients

Most personal information collected and held by the AEC will not be disclosed to anyone who is overseas. We may need to provide your personal information to an overseas recipient as part of our work. The Electoral Act enables certain electors residing outside Australia to be included on the electoral Roll. Information may be provided to an AEC service provider who delivers services for the AEC to overseas electors.

If we are unable to seek your consent to provide your personal information to an overseas recipient, or it is impractical to do so, we will only provide your personal information to an overseas recipient if we are allowed to do so under the Privacy Act.

2.3 Access and correction

You have a right to access personal information we hold about you.  That right of access must be exercised by you as an individual and not your nominated representative unless you have given a specific authorisation that refers to the particular information in the possession of the AEC. A power of attorney will not suffice as the authorisation.

You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

If you wish to request access or correction, please contact the AEC's Privacy Contact Officer. Before providing access to or correcting personal information about you, we will require you to verify your identity.

It is also possible to access and correct documents held by us under the FOI Act. In some circumstances we will suggest that you make your request under the FOI Act. This is because:

  • an FOI access request can relate to any document in our possession and is not limited to personal information
  • the FOI Act contains a consultation process for dealing with requests for documents that contain personal or business information about another person
  • you can complain to the Australian Information Commissioner about what we do under the FOI Act
  • if you are refused access under the FOI Act you have a right to apply for internal review or Information Commissioner review of the access refusal decision.

Find out more information about how to make a request under the FOI Act on the Freedom of Information page.

2.3.1 Refusal to give access or to correct information

The Privacy Act and the FOI Act sets out circumstances in which we can decline access to or correction of personal information. This includes situations where we are authorised or required to refuse access.

Generally, where we refuse to give you access, we will give you written notice of the reasons for refusal and the mechanisms available to you to dispute that decision.

2.4 Integrity of personal information

The Privacy Act requires us to take reasonable steps to ensure that the personal information we hold is safe and secure. We are also required to take reasonable steps to ensure that the personal information that we collect is accurate, up-to-date, and complete. This may include correcting your personal information where it is appropriate to do so.

2.4.1 Security of personal information

We aim to protect your personal information from loss, unauthorised access, use, modification or disclosure, and against other misuse.  Among other things, we safeguard our Information and communications technology (ICT) systems against unauthorised access, and ensure that paper-based files are secured. We also ensure that access to your personal information within our systems is only available to those people who need to have access in order to do electoral work.

If a data breach occurs, such as if personal information that we hold is subject to unauthorised loss, use or disclosure, we will respond in line with the Office of the Australian Information Commissioner’s Data breach notification —A guide to handling personal information security breaches. We will aim to provide timely advice to you to ensure you are able to manage any loss—financial or otherwise—that could result from the breach.

2.4.2 Retention and destruction of records

AEC records, including records containing personal information, and electoral documents are created, kept and destroyed in accordance with the Archives Act 1983 (Archives Act) and the preservation and destruction provisions in the Electoral Act.

When the personal information that we collect:

  • is no longer required, and there is no law, or court or tribunal order requiring it to be maintained, or
  • becomes subject to the destruction requirements in the Electoral Act

we delete or destroy it in a secure manner.

2.4.3 Complaints

If you believe the AEC has breached any of the APPs, you may submit a complaint to the AEC. Complaints must be made in writing to the Privacy Contact Officer at the email or postal address listed in this policy.

You may submit a complaint anonymously. However, in order to properly consider and respond to your request, the AEC may require further information from you. Therefore, please include your contact details if you submit a complaint.

The AEC will respond to complaints within 30 days of receipt. If you are dissatisfied with the AEC's response to a complaint, you may complain to the OAIC. The OAIC is an independent external body. Our contact details are set out in Section 4 below.

3. The AEC website: protecting your privacy online

The AEC is committed to protecting privacy online in accordance with the Guidelines for Federal and ACT Government Websites issued by the Office of the Australian Information Commissioner.

3.1 Personal information submitted to the AEC electronically

Where the AEC collects personal information submitted directly by a user, those electronic records are stored securely in databases managed on behalf of the AEC by its ICT providers and in accordance with the AEC's ICT security policies and practices.

Where personal information is held in electronic files, access to it is restricted to AEC employees whose duties require access to the information.

3.2 Personal Information collected and held

The AEC automatically collects generic information about all visitors to its online resources. That information is very limited and only used to:

  • identify generic online resource usage patterns
  • improve our services, and
  • manage the AEC's servers, including maintaining security.

When visiting the AEC website the site server makes a record of the visit and logs the following information:

  • the user’s server's IP (Internet Protocol) address, a number which is unique to the machine through which the user is connected to the internet
  • the user's server address – this allows us to consider the visitors who use the site most, and tailor the site to their interests and needs
  • the user's operating system (for example Windows, Mac etc.) – this allows us to tailor browser or platform specific parts of the site to each operating system because browsers act differently on each platform
  • the user's top level domain name (for example .com, .gov, .au etc.) – this can allow us to tailor information relevant to different domains
  • the date and time of the visit to the site – this is important for identifying the website's busy times and ensuring maintenance on the site is conducted outside these periods
  • pages accessed and documents downloaded – this indicates to us which pages or documents are most important to our users and also helps identify important information that may be difficult to find
  • duration of the visit – this indicates to us how interesting and informative our site is to our users
  • geographic location – this shows us how well marketed our site is
  • the address of the referring site, such as the previous site that you visited before the AEC website – this helps us determine which sites are providing links to ours as well as sites where we may be able to seek links
  • the type of browser used – this is important for browser specific coding, for example JavaScript.

This information is used only for statistical analysis and systems administration purposes. No attempt is made to identify users or their browsing activities, except in the unlikely event of an investigation by a law enforcement agency.

3.3 ‘Cookies’

A ‘cookie’ is an electronic token that is passed to your browser which passes it back to the server whenever a page is sent to you.

The AEC website uses a cookie to maintain contact through a session. The cookie allows the website to recognise you as a unique user as you move from one page of the website to another. The cookie will expire when the browser session is closed or the computer is shut down. No attempt will be made to identify anonymous users or their browsing activities unless legally compelled to do so, such as in the event of an investigation.

3.4 Google Analytics

In addition to web server logs, the AEC website uses Google Analytics, a web analytics service provided by Google Inc. Reports obtained from Google Analytics are used to help improve the efficiency and usability of this web site.

Google Analytics uses 'cookies' to help analyse how users use this site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

By using the AEC’s website, you consent to Google processing data about you in the manner and for the purposes set out above. Please refer to Google's Privacy Policy.

3.5 Searches

Search terms you enter when using the AEC search engine are collected, but are not associated with any other information that we collect. We use these search terms to ascertain what people are looking for on our site and to improve the services that we provide.

3.6 Interaction between this site and other sites

The AEC website contains links to other sites. The AEC is not responsible for the privacy practices or the content of such websites and has no knowledge if cookies or other tracking devices are used on linked websites.

These other sites may use web measurement tools, customisation technologies and persistent cookies to inform the service they provide to their users. You should read the privacy statement published on each website that you visit.

3.7 Your email address

The AEC will only record your email address in the event that you send a message by email, you register requesting notifications, you provide your email address when completing a claim for enrolment, or your email address is provided by a third party. Registration for notifications may be made initially by email, postal mail or facsimile. Your email address will only be used for the purpose for which you have provided it and will not be added to any mailing lists without your consent by way of a specific request in writing. The AEC will not use or disclose your email address for any other purpose, without your prior written consent.

If you are listed on one or more of our media or subscriber email lists you can opt out at any time. You can unsubscribe online or by using the ‘unsubscribe’ option noted in our subscriber emails .

3.8 Security of information

The AEC provides a secure environment with data usually secured in transit between your computer and our servers through the use of encryption technology (SSL/TLS Certificates). The AEC has a reliable system with data stored securely in databases managed on behalf of the AEC by its ICT providers and in accordance with the AEC's ICT security policies and practices.

While every effort is made to secure information transmitted to the AEC  website over the internet, there may be inherent risks associated with the transmission of information via the Internet and there is therefore a possibility that this information could be accessed by a third party while in transit.

For those who do not wish to use the Internet, the AEC provides alternative ways of obtaining and providing information.

4. How to contact the AEC

If you wish to contact the AEC about a privacy-related matter, including questions about this policy, please contact the AEC's Privacy Contact Officer.

Email: info@aec.gov.au

Post: The Privacy Officer
Australian Electoral Commission,
GPO Box 6172
Kingston ACT 2604,
Australia.

Telephone: 02 6271 4411

Assisted contact options are also available.

You can also obtain further information from the Office of the Australian Information Commissioner website, or by telephone on 1300 363 992.

5. Glossary

APP/APPs
refers to the Australian Privacy Principles under section 14 of the Privacy Act; the APPs, together with Guidelines on them are available from the Office of the Australian Information Commissioner website or by telephone on 1300 363 992.
Electoral Act
means the Commonwealth Electoral Act 1918
FOI Act
means the Freedom of Information Act 1982. Guidelines on the FOI Act are available from the Office of the Australian Information Commissioner website
OAIC
means Office of the Australian Information Commissioner
Personal information
has the same meaning as in the Privacy Act and includes any information about an identified individual, or an individual who is reasonably identifiable. It includes an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not. It also includes ‘sensitive information’, which is a particular category of personal information. While we recognise that maintaining the confidentiality of all personal information is important in gaining and maintaining your trust, sensitive information is often afforded a higher level of protection.
Privacy Act
means the Privacy Act 1988
Privacy Contact Officer
refers to the officer whose contact details are listed under Contact Details
Sensitive information
is defined by the Privacy Act (see section 6). It means information or an opinion about an individual’s:
  • racial or ethnic origin
  • political opinions or membership of a political organisation
  • religious beliefs or affiliations
  • philosophical beliefs
  • membership of a professional or trade association or trade union
  • sexual preferences or practices
  • criminal record
  • health information
  • genetic information
  • biometric information to be used for verification or identification
  • biometric templates.

1Section 6 of the Privacy Act defines ‘sensitive information’. See Glossary for details.