About this notice
This Privacy notice applies to personal information collected by the Department of Home Affairs for the purposes of the Trusted Information Sharing Network (TISN) for critical infrastructure resilience. It was last updated in June 2019.
TISN is committed to protecting the personal information with which we are entrusted in accordance with the obligations in the Privacy Act 1988 (the Privacy Act) and the Australian Privacy Principles (APPs), contained in Schedule 1 of the Privacy Act, which regulate the way we collect, store, use and disclose personal information.
Our personal information handling practices
TISN collects personal information for the purpose of providing a secure environment for information sharing and resilience-building initiatives related to critical infrastructure.
These functions and activities may include:
- maintaining effective working relationships with our stakeholders, including:
- TISN members, being owners and operators of critical infrastructure, representatives from Australian, State and Territory government agencies, and peak national bodies
- industry associations
- specialist forums
- non-member owners and operators of critical infrastructure
- sharing information with our stakeholders on issues relevant to the resilience of our critical infrastructure and the continuity of essential services in the face of all hazards
- performing our legislative and administrative functions
- program management
- policy advice and other support to our Ministers;
- contract management
- performing our management, employment and personnel functions in relation to our staff and contractors
- complaints handling
- managing correspondence received from the public or organisations, Commonwealth government agencies, State and Territory government agencies, Australian Government ministers and parliamentary secretaries.
We only collect personal information where that information is reasonably necessary for, or directly related to, one or more of our functions or activities. We collect this personal information in a variety of ways, including face-to-face, paper-based forms, online (through our websites, as well as email) and over the telephone.
We will generally collect your personal information directly from you, but in certain circumstances we may collect your personal information from a third party, such as other individuals, Australian, State and Territory government bodies or other organisations. If we need to collect sensitive information (such as health or criminal history information) we will ask for your consent to do so, except where the collection is required or authorised by an Australian law or court/tribunal order, or other circumstance permitted by the Privacy Act.
When we collect personal information, we are required under the Privacy Act to notify you of a number of matters if it is reasonable to do so. These matters include the purposes for which we collect the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information. This notice is your notification of these matters, together with any privacy notices we provide on our forms and online portals.
Kinds of personal information that we hold
The personal information we collect and hold will vary depending on what we require to perform our functions and activities. It may include:
- information about your identity (date of birth, country of birth, passport details, visa details and drivers licence)
- your name
- your contact details, including email address, postal address and telephone number
- photographs, video recordings and audio recordings of you
- employee records (including applications for employment, selection committee reports, emergency contact details, payroll information, performance information and information relating to employee’s training and development).
Use and disclosure of personal information
We will not use or disclose your personal information for a purpose other than the purpose for which it was collected unless you consent or one of the following exceptions in the Privacy Act applies:
- you would reasonably expect us to use or disclose the information for that other purpose and if the information is sensitive information – directly related to the primary purpose or where the information is not sensitive information – related to the primary purpose
- it is required or authorised by or under an Australian law or court/tribunal order
- it is reasonably necessary for an enforcement-related activity conducted by or on behalf of an enforcement body
- we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety and it is unreasonable or impracticable to obtain your consent to the use or disclosure
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary in order for us to take appropriate action in relation to the matter
- we reasonably believe that it is reasonably necessary to help locate a person who has been reported as missing and the use or disclosure complies with the Privacy (Persons Reported as Missing) Rule 2014
- it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim to which the Commonwealth is a party
- it is reasonably necessary for the purposes of a confidential alternative dispute resolution process.
Disclosure to overseas recipients
We may need to disclose your personal information to an overseas recipient as part of our work. We will generally only disclose your personal information to an overseas recipient if you provide consent for us to do so. Where it is unreasonable or impracticable to obtain your consent, we will only disclose your personal information to an overseas recipient in circumstances permitted by the Privacy Act.
Data quality and security
TISN takes appropriate steps to ensure that the personal information we collect is accurate, up-to-date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times, as necessary.
We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. This includes password protection for accessing our electronic IT system, securing paper files in locked cabinets and physical access restrictions. Our security practices and procedures are guided by whole-of-government standards and guidelines, including the Australian Government Information Security Manual (ISM) and the Protective Security Policy Framework (PSPF).
We are bound by the Archives Act 1983 to retain Commonwealth records until we can lawfully dispose of them, generally either in accordance with:
- a ‘records authority’ issued or agreed to by the National Archives – a records authority determines how long we hold information and when we dispose of it
- ‘normal administrative practice’ – which permits the destruction of information that is duplicated, unimportant or of short-term facilitative value.
We are also required to maintain records for certain other purposes, including where the National Archives of Australia issues a disposal freeze in response to prominent or controversial issues or events, or judicial proceedings have implications for the management of records held by agencies. More information on current disposal freezes and notices is available from the National Archives of Australia website.
How to contact us
If you have a query about the Trusted Information Sharing Network please contact us at:
The Critical Infrastructure Security Division
Department of Home Affairs
PO Box 25
BELCONNEN ACT 2616
What happens when you visit our website
Protecting your privacy online
This website is managed by the Department of Home Affairs. While every effort is made to secure information transmitted to this site over the internet, there is a possibility that this information could be accessed by a third party while in transit. Please see the Department of Home Affairs Web privacy statement from information about the personal information we may collect from when you visit our website.