Sorry, you need to enable JavaScript to visit this website.
AIFS Logo
Most relevant
Home Compliance and reporting Policies and procedures

AIFS' privacy policy

Purpose

This policy explains how the Australian Institute of Family Studies (AIFS) manages personal information. It outlines:

  • How we collect, use, store, and protect personal information.
  • How individuals can access or correct their information.
  • How to make a privacy complaint.

Scope

This policy applies to all personal information (including sensitive information) collected by AIFS, including personal information of employees, research participants and other individuals associated with AIFS.

AIFS’ privacy obligations

The Australian Institute of Family Studies adheres to the Privacy Act 1988, including the Australian Privacy Principles (APPs), that outlines rights and obligations regarding personal information collection, storage, use, disclosure, quality assurance and security.

We also follow:

  • The Protective Security Policy Framework and the Australian Government Information Security Manual for data security.
  • The Archives Act 1983 for storing, using, and disposing of personal information.
  • The Australian Government Agencies Code 2017, which requires us to conduct Privacy Impact Assessments (PIAs) and maintain a public register of PIAs.

What personal information we collect and hold

AIFS collects personal information only for purposes that are necessary or directly related to our operational functions or research activities in accordance with the Privacy Act 1988 and the Family Law Act 1975.

AIFS privacy policy defines ‘personal information’ in accordance with section 6 of the Privacy Act, which states:

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable:

a). whether the information or opinion is true or not, and

b). whether the information or opinion is recorded in material form or not.

Personal information collected and securely stored by AIFS may include:

  • name, address and contact details (e.g. phone number and email address)
  • identity information (e.g. date of birth, country of birth, passport details, or driver’s licence)
  • personal circumstances (e.g. age, gender, marital status and occupation)
  • financial affairs (e.g. payment details, bank account details and business)
  • employment information (e.g. applications for employment, work history, referee comments and remuneration)
  • government identifiers (e.g. Medicare number).

We may also collect and securely store sensitive personal information but this will only be done with your consent or when authorised or required by law.

Sensitive information is a subset of personal information and includes information or an opinion about your racial or ethnic origin, political opinions, religious beliefs or affiliations, sexual orientation, criminal record, health information or genetic information.

How we collect personal information

AIFS collects personal information in the following ways:

  • directly from you or your authorised representative
  • from third parties or publicly available sources, with your consent, or if it is necessary for a specific purpose
  • from other government agencies or service providers for research participation and data linkage
  • from individuals providing information about third parties in their documents
  • from individuals requesting access or correction of personal information or information under the Freedom of Information Act 1982
  • from general enquiries and correspondence
  • from research or privacy complaints
  • from interactions through our website or social media platforms
  • from attendance at our events, webinars or workshops.

When we collect personal information, we will notify you with a privacy collection notice if it is reasonable to do so. The notice will include the purpose of collection, whether it is required or authorised by law and any usual disclosures.

Why we collect personal information

AIFS collects data to conduct research and share findings to improve family wellbeing. We communicate these insights to policy makers, service providers, researchers and the broader community.

AIFS collects and holds personal information for 2 key purposes:

  • research activities
  • operational purposes.

Personal information is collected when individuals participate in AIFS research activities, such as surveys, interviews, focus groups and consultations. Personal information is also collected to manage the personnel and corporate service functions of AIFS.

We collect and hold a wide range of personal information related to:

  • research
  • data linkage services
  • policy advice and consultations
  • business operations
  • mailing lists and third-party email service providers
  • enquiries and correspondence
  • privacy complaints and freedom of information requests
  • AIFS online platforms.

More information on the above can be found in the Appendix.

How we use, store and disclose personal information

We use personal information only for the purposes it was collected, either for a primary or related purpose, in accordance with the Privacy Act 1988.

Occasionally, we may use contact details from another government agency to contact members of the public for research surveys, focus groups or interviews. If someone does not wish to participate, we do not use their contact details for any other purpose and destroy their personal information according to the AIFS Records Authority.

We do not disclose personal information to other government agencies, organisations or anyone else unless one of the following applies:

  • The individual has consented.
  • The individual would reasonably expect, or has been informed, that information of that kind is usually passed to those individuals, bodies or agencies.
  • It is otherwise required or authorised by law.
  • It will prevent or lessen a serious and imminent threat to somebody’s life or health.
  • It is reasonably necessary for the enforcement of the criminal law, a law imposing a pecuniary penalty, or for the protection of public revenue.

Online platforms

When you visit our online platforms, we collect limited data to help us understand how people use our site and improve our services. This data is gathered through Google Analytics and stored on servers in the USA, Belgium, and Finland.

Google’s Privacy Policy states that your IP address will not be linked to other data they hold. The information we collect does not personally identify you. Instead, it helps us understand general patterns—such as how visitors find our site, which pages they view, and how long they stay. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out browser add-on.

We do not share personal information collected online with other agencies, organisations or individuals, unless:

  • You’ve given consent,
  • It’s reasonably expected or previously advised, or
  • It’s required by law.

We also do not collect or use personal information posted on social media sites accessed via our website’s social media plugins.

Occasionally, we use third-party platforms to deliver content or host webinars. These platforms are managed by external organisations who handle personal information according to their own privacy policies.

Overseas disclosures

We sometimes work with service providers—including third-party platforms—that are based outside Australia or store data internationally. These providers help us deliver services and perform essential functions.

In some cases, we may need to share your personal information with overseas organisations. This could be:

  • Required by law, or
  • Part of international data-sharing agreements.

If there’s no legal requirement, we will either:

  • Ask for your consent, or
  • Anonymise the data so it can’t be linked back to you.

Automated decision making

We use artificial intelligence tools—such as Microsoft Copilot—to support analytics, insights, and workplace productivity across our corporate, research, and operational areas. These tools may analyse data to help identify patterns or trends, but they do not make decisions about individuals or use identifiable personal information.

For more details about where we may use AI across AIFS, visit our AI Transparency Statement.

Data quality

We take reasonable steps to ensure that the personal information we collect and hold is accurate. This may include correcting or deleting your personal information when advised by individuals or when appropriate to do so.

If you are on one of our automated email lists, you can opt out of further contact by clicking the ‘unsubscribe’ link included in our emails.

Data security

In line with the Privacy Act 1988, we take reasonable steps to ensure the personal information we collect is held securely.

This includes protecting personal information from:

  • loss
  • unauthorised access
  • misuse
  • modification
  • disclosure.

AIFS has both technical and organisational data security measures to protect personal information.

Technical security measures:

  • Security controls follow the Australian Government's Protective Security Policy Framework (PSPF), Essential Eight and Information Security Manual (ISM).
  • Digital records are stored in Cloud servers located in Australia.
  • Electronic systems are protected using strong credentials and multifactor authentication.
  • Only authorised staff have access to personal information on a need-to-know basis, with permissions strictly managed by the assigned project owner.
  • We adhere to the separation principle to ensure privacy and confidentiality1
  • We deploy the most up-to-date software and technology for staff to ensure information is always kept secure.
  • Personal information no longer needed is disposed of or de-identified in accordance with the Archives Act 1983, the AIFS Records Authority and AIFS Information Assets Management procedures.

Organisational data security measures:

  • Staff receive security and privacy training during induction and mandatory annual refresher training.
  • Regular reviews and updates are conducted for the AIFS Information Security Policy, Data Breach Response Protocol, Cyber Security Response Protocol, and other internal data-related guidelines and processes.
  • As part of compliance with the Protective Security Policy Framework, annual audits are performed on data stores in AIFS’ possession.
  • Privacy Impact Assessments are conducted for any high-risk projects (or part thereof) involving personal information.
  • The AIFS Ethics Committee reviews all high-risk data collections and research projects.

We take all reasonable steps to secure our servers, including:

  • encrypting all data on the servers to prevent unauthorised access
  • encrypting all network traffic to and from the servers to prevent any tampering or accessing of data while in transit
  • requiring staff to authenticate using multifactor authentication (MFA) to access Microsoft 365 services.

However, we cannot control the security of data on third-party platforms.

Destruction and disposal

AIFS manages the storage and disposal of personal information in accordance with the Australian Government records management regime, including the Archives Act 1983, agency-specific records authorities and general records authorities.

Access and correction

Under the Privacy Act 1988 and the Freedom of Information Act 1982 you have a right to:

  • access your personal information held by AIFS
  • request corrections to any personal information we hold about you if you believe it is inaccurate, out-of-date, incomplete, irrelevant or misleading.

Under the Privacy Act 1998, you can access your personal information held by AIFS without any fees. This means you have the right to see what information AIFS has about you and you can request to correct or update your personal information if you find any inaccuracies.

Under the Freedom of Information Act 1982, you may be required to pay a fee, if your request goes beyond a request for your own personal information or if it requires AIFS to perform extensive work, such as retrieving information from multiple sources or making numerous copies.

When we can refuse a request for access or correction

In some cases, we may decline access or correction of personal information. This can happen under specific conditions outlined in the Privacy Act 19882 or the Freedom of Information Act 1982.3 If we refuse your request, we will notify you in writing within 30 days, explaining the reasons the decision and how you can dispute it. Research participants should note that personal information collected during a study may be de-identified or destroyed in line with the AIFS Records Authority before the study’s completion. Therefore, participants may not be able to access or correct their personal information disclosed during surveys, interviews or focus groups.

Proof of identity

You will be asked to provide evidence of your identity (e.g. a passport, driver’s licence or any other official identification in English that contains your photo, signature and address) if you apply to access or correct documents containing your personal information.

The evidence of your identity must clearly show that you are the person whose personal information is being requested or corrected.

How to make a request?

Contact us to request access or a change to incorrect or outdated personal information by submitting your request in one of the following ways.

Email:

  • Email [email protected] to request a copy or update your personal information under the Freedom of Information Act 1982.
  • Email [email protected] to request a copy of or update your personal information under the Privacy Act 1988. Contact AIFS privacy if you are a research participant and need to request a correction of your personal details.

Web form:

You can submit your enquiry via an online web form.

Post:

Australian Institute of family Studies
Level 4/40 City Road
Southbank Vic 30006

If you would like to know more about the freedom of information process you can visit Freedom of information on the Office of the Australian Information Commissioner (OAIC) website.

Privacy enquiries and complaints

If you have any questions or concerns about privacy, please contact our Privacy Officer at [email protected]. You can reach out regarding:

  • our privacy policy
  • our compliance with the Privacy Act 1988 and the APPs
  • accessing or correcting the personal information we hold about you under the Privacy Act 1988.

We take all complaints seriously and are committed to a timely and fair resolution. If you provide your contact details, we’ll respond to your enquiry as soon as possible. For formal complaints, we will respond within 30 days and keep you updated throughout the process. Please note that we may need proof of your identity to investigate your complaint or access information.

If you are a participant in an AIFS research project, you may also choose to lodge a complaint with the AIFS Ethics Committee.

If you are not satisfied with the outcome of the complaint or the way it was handled by us, you can lodge a privacy complaint with the Office of the Australian Information Commissioner (OAIC) website.

Appendix: Types of personal information collected by AIFS

Research

AIFS research activities that may collect personal information include:

  • longitudinal cohort studies
  • qualitative research
  • quantitative research

All research data collected during research activities are securely stored in accordance with the Protective Security Policy Framework (PSPF) and Information Security Manual. Identifying information is removed before research analysis to ensure personal information data is de-identified. Access to this information is restricted to authorised staff working on specific projects.

Longitudinal cohort studies

  • Personal information collected from participants may include names, addresses, contact details, gender, date of birth, employment status, education level, financial information and relationship status. Similar information may be collected for household members, family or teachers of the participant.
  • Sensitive information may include racial or ethnic origin, sexual orientation, religious beliefs, health or medical information, and criminal record information.
What happens to collected data?

For longitudinal studies, contracted service providers conduct surveys and securely store the data, including personal information. These providers are legally bound to meet AIFS’ privacy obligations and have their own privacy policies, processes and security protections aligned with AIFS’ expectations. They provide AIFS with de-identified survey responses, which then undergo data processing and confidentialisation before being released to approved data users.

Participants’ contact details are held and managed by the contracted service provider and are not supplied to AIFS. Participants’ contact details and responses to surveys or interviews are securely stored and encrypted on electronic storage systems, including computer servers or Cloud services, that use multilevel password protection.

De-identified research data for longitudinal studies may also be disclosed to pre-approved data users under strict confidentiality requirements.

For certain data linkage activities (e.g. geospatial linkage), the contracted service providers send AIFS Data Linkage and Integrating Authority (DLIA) the participant-identifiable data (such as residential addresses) for the purpose of approved data linkage activities. The DLIA works in a separate area to the AIFS team managing the data.

Qualitative studies

  • Personal information collected may include names, addresses, telephone numbers and other contact details.
  • Sensitive information collected from research participants may include relationship status, health or medical information, criminal record, sexual orientation and religious beliefs.
What happens to collected data?

Encrypted interview or focus group files are transcribed by authorised transcribers such as SmartDocs Transcription Services. Transcribers may be asked to remove identifying information and AIFS researchers then de-identify transcripts further if needed. If transcribers do not perform de-identification, AIFS staff will do so based on what is required for the research. Once the project is complete, any remaining identifying details that were required for the research are removed by AIFS staff, and links between transcripts and participant contact details are permanently destroyed.

In some cases, interviews or focus groups are video and/or audio recorded using Microsoft Teams and researchers sometimes use Microsoft Teams automated transcription feature. Video recordings from Microsoft Teams are converted to audio and the video file is deleted as soon as possible. The AI transcript is checked to ensure it is accurate and any identifiable data not required for research purposes are removed by the research team and securely stored on AIFS computer servers or cloud services. Any links between transcripts and participant contact details are destroyed. After the research project has concluded, any remaining identifying details that were required for the research are removed by AIFS staff.

Contact details and consent forms are securely stored on AIFS computer servers or cloud services in accordance with AIFS Records Authority and AIFS Information Security Policies.

Quantitative studies

  • Personal information collected from participants may include names, addresses, gender, date of birth, employment status, education level and financial information, as well as similar details for household or family members of participants.
  • Sensitive information collected from research participants may include relationship status, health or medical information, criminal records, sexual orientation and religious beliefs.
What happens to collected data?

Survey data are de-identified to protect participants’ privacy, and contact details are held separately from survey responses. Personal information is securely stored in various formats, including computer servers and cloud services.

AIFS may use an online statistical survey web tool (e.g. Lime Survey) to conduct some of its quantitative studies. AIFS follows a rigorous selection and evaluation process for survey platforms and enforces strict internal user permissions and role-based access control to ensure that only authorised staff manage survey data.

Data linkage services

AIFS is a Commonwealth Data Linkage and Integrating Authority for many major studies. Linkage to administrative data enhances the quality and analytical utility of survey data by adding new dimensions (see: What is Data Linkage?)

  • Personal information collected from participants for the purposes of data linkage may include names, addresses, gender, date of birth, government identifiers such as Medicare number, Centrelink Reference Number, Unique Student Identifier.
  • Sensitive information may include health or medical information sourced from the Medicare Benefits Schedule (MBS), Pharmaceutical Benefits Scheme (PBS), Australian Immunisation Register (AIR) / Australia Child Immunisation Register (ACIR), state-based hospital and emergency services data and welfare information sourced from Centrelink income support payment records.

What happens to collected data?

AIFS DLIA receives participant identifiable information (e.g. names, date of birth, gender, address) from external agencies and service providers of national longitudinal studies. We use the identifiable information to find those participants in the administrative database. We then extract their de-identified administrative records and integrate this information with the de-identified survey data. De-identified linked and integrated datasets are made available to approved users.

All data linkage and integration activities are conducted in accordance with the Separation Principle.4 Transfer and storage of personal and sensitive data is managed in accordance with the principles set out in the Data Availability and Transparency Act 2022.

External advice and consultation

  • Personal information collected may include name, contact details, position title, organisation name or government department.

What happens to collected data?

We collect personal information when we contact officers in Australian, state, and territory government agencies, and private sector organisations for analysis and advice. Additionally, we collect personal information during consultations with stakeholders while researching issues. The personal information of our stakeholders is recorded in our Customer Relationship Management (CRM) tool, which stores personal details according to the Privacy Act 1988 and the Protective Security Policy Framework (PSPF).

Mailing lists and third-party emails service providers

  • Personal information collected may include name, contact details, position title, organisation name or government department.

What happens to collected data?

We collect personal information directly from individuals we contact regarding media or other public relations events, webinars or workshops. Personal information is securely stored until the individual requests a removal from the mailing list or fails to respond to a confirmation request. Records are regularly updated and accessible only by authorised staff.

Personal information may be disclosed to third parties, such as online service provider platforms like Mailchimp, which AIFS uses to distribute AIFS information, publications or publication alerts. They may also be used to deliver large volumes of emails to communicate with conference delegates or webinar participants. You can check the Mailchimp Privacy Policy.

Enquiries

  • Personal information collected may include names, contact details and details of the enquiry.

What happens to collected data?

This information is collected directly from individuals who contact us by telephone, email or via the online enquiry web form. Personal information is used solely to prepare and respond to the enquiry. Personal information related to enquiries is securely kept as an electronic record and is accessible only to staff responsible for responding to enquiries. The information is retained until the enquiry is closed or for as long as is necessary.

Privacy complaints and freedom of information (FOI) requests

Personal information collected may include names, contact details and details of the complaint or FOI request.

What happens to collected data?

This information is collected directly from the complainant or FOI applicant and is used solely to contact the individual and prepare a response to their request or complaint. Personal information related to the complaint or FOI request is securely kept as an electronic record and is accessible only by authorised staff. Personal information is retained until the FOI request or complaint is closed or for as long as necessary.

Business operation activities

We collect personal information directly from individuals to support:

  • our business operations, including financial information and accounting records
  • personnel records and human resource matters.

We also collect personal information (including contact details) as part of our normal communication processes, such as when you email staff members, telephone us or hand us your business card. Personal information records are kept both in electronic and hardcopy formats and are stored and destroyed in accordance with the AIFS General Records Authority and the Archives Act 1983.

Financial information records

Personal information collected may include name, contact details, business characteristics (e.g. business name, address, contact details, ABN, organisation email domains), bank details, and employment information.

What happens to collected data?

Personal details are collected to maintain a record of transactions and payments handled by AIFS. This information is securely stored, not disclosed to other persons or organisations and only accessible by authorised staff.

Human resource records

  • Personal information collected in personnel records may include name, contact details, date of birth, occupation, AGS number, gender, educational information, employment information, bank details and other relevant financial information (e.g. tax file number).
  • Sensitive information may include health information, racial or ethnic origin, criminal record and trade union membership.
What happens to collected data?

AIFS collects personal information to manage human resource records, including employment applications. Third-party service providers may be used to process job applications and manage recruitment.

Personnel records for current and former employees are accessible by authorised staff and outsourced payroll providers. Information in these records may be disclosed to Comcare, Commonwealth Medical Officers, Attorney-General’s Department, Australian Public Service Commission, Commonwealth Super and other superannuation administrators, Australian Taxation Office and the receiving agency following an employee's movement or re-engagement.

Get more information about AIFS Human Resources Personal Information and Privacy [PDF, 2.7 MB]

Contractors, advisory committees and consultancies

  • Personal information collected may may include name, contact details, position title, qualification, business characteristics (e.g. business name, address, contact details, ABN, organisation email domains), financial information (e.g. bank details).
What happens to collected data?

Personal information about contractors, advisory committee members and consultants is collected to manage expenditure on external service providers, who we engage with for administrative and consultancy purposes. Information is usually collected directly from individuals or their employers.

Occasionally, we may collect personal information from third parties or publicly available sources—such as websites—where it is reasonable to expect us to do so. Personal details such as name, contact details, organisation name, position title are securely stored in our CRM system.

AIFS’ online platforms

When you visit our online resources, our metric tools may collect the following information for statistical purposes:

  • your IP address
  • top-level domain name (e.g. .com, .gov, .au, .uk)
  • date and time of your visit
  • pages accessed and documents downloaded
  • whether you’ve visited our site before
  • type of browser used
  • any cookies that your browser has presented to our server.

The data collected when you visit our online resources are not used to personally identify anyone.

Cookies

Most of our online platforms use sessions and cookies. Cookies are small data files transferred to computers or devices by websites for record-keeping and enhancing website functionality. These cookies can be blocked by users without affecting interaction with the AIFS website.

We use cookies to help us track your visit. This includes:

  • whether you have visited our website before
  • how much time you spent on our website.

Social media

AIFS uses various social media channels, such as Facebook, Instagram, LinkedIn, X, and YouTube to inform, engage and communicate with the public.

We may also provide social media plugins on our website to facilitate sharing information via social media sites. However, we do not collect, use or disclose personal information posted on social media sites that were accessed via our website using a social media plugin.

Third-party social media service providers may collect your personal information for their own purposes. These sites have their own privacy policies and AIFS is not responsible for the privacy practices of third-party providers.

Web form

When you email us personal information or provide it to us through the ‘contact us’ option on our website:

  • We will record your email address, and any other information submitted.
  • We will use this information for the purpose for which you provide it.
  • Your email address will not be added to a mailing list unless provided by you specifically for that purpose.

If you choose not to provide us with a minimum level of information (usually marked with an asterisk and, generally, an email address), we may not be able to respond to you.

1 See the Australian Bureau of Statistic’s The separation principle.

2 More information is available here: Access your personal information

3 More information is available here: Exemptions and conditional exemptions under the Freedom of Information Act 1982

4 See the Australian Bureau of Statistic’s The separation principle.

 

Share