Information Privacy Policy

View a PDF version of this policy.

About this policy

This information privacy policy sets out how the ACT Environment, Planning and Sustainable Development Directorate (EPSDD) manages personal information when performing its functions and duties.

This policy is written in simple language. The specific legal obligations of the EPSDD when collecting, holding, using and disclosing personal information and individual's rights in relation to their personal information are outlined in the Information Privacy Act 2014 and in particular in the Territory Privacy Principles found in that Act.

This information privacy policy is made in accordance with Territory Privacy Principle 1.3 of the Information Privacy Act 2014.

We will update this privacy policy when our personal information management practices change. Updates will be made available via our website and through our email lists.

View the ACT Government Web privacy policy.


This information privacy policy sets out how EPSDD implements its legal obligations under the Information Privacy Act 2014 in the management of 'personal information'. The Information Privacy Act 2014 defines personal information as:

"Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not."

It does not include personal health information about an individual which is covered by the Health Records (Privacy and Access) Act 1997.

EPSDD collects, holds, uses and discloses personal information to carry out functions, activities and duties. The Public Sector Management Act 1994, Information Privacy Act 2014, Territory Records Act 2002, Health Records (Privacy and Access) Act 1997 as well as a range of Directorate specific legislation have provisions for the collection and management of personal information.

These functions and activities include, for example:

More specific detail in regard to what information we collect, how it is held, what it is used for, and who it is disclosed to, is detailed in the Information Privacy Annex included with this Policy.

In accordance with Territory Privacy Principle 1.3, this privacy policy, including its Annex, provides the following information:

Remaining anonymous

Generally when you deal with EPSDD (for example when calling on the phone to make an enquiry) you have the option of remaining anonymous or using a pseudonym (a made up name).

However, in some situations EPSDD will need you to provide your name in order to provide services or assistance to you (particularly if you require a formal response), or if we are authorised or required by law to deal with an identified individual.

If it is impracticable or unlawful for us to deal with you without you providing identifying information we will let you know why we need your personal information and what it will mean for you if the information is not collected.

Kinds of information we collect and hold

The Information Privacy Annex provides more detail in regard to the information the EPSDD collects relating to its specific functions, activities and duties.

It is important to note that EPSDD tries to only collect the minimum information that the Directorate needs to perform, or is directly related to the performance of, its functions, activities. The personal information we collect and hold will vary depending on what we are required to perform and our responsibilities.

It may include:

Sensitive information is handled with additional protections under the Information Privacy Act 2014. Sensitive information is information that is about an individual's:

Normally EPSDD will not collect sensitive information without your consent. However, sometimes we may collect sensitive personal information without your consent, such as when it is required or authorised by a law, a court or tribunal order, or is necessary to prevent a threat to the life, health or safety of one or more individuals, or to public health or safety.

EPSDD will not collect personal information about you if we do not need to.

How do we collect personal information

EPSDD will only collect information by lawful and fair means. The main way EPSDD collects personal information about you is when you provide it to EPSDD.

Your personal information may be collected in a variety of ways, including through paper or online forms, in correspondence to and from you as well as email, over the telephone and by fax.

EPSDD collects personal information such as contact details and complaint,review, request or report details when:

We may also collect contact details and some other personal information if you are on our committees or participating in a meeting or consultation with us.

Normally we collect information directly from you unless it is unreasonable or impracticable to do so. In certain circumstances, for example where it is required by law, we may also obtain personal information collected by other Australian, state and territory government bodies or other organisations.

We also collect personal information from publicly available sources where that may enable us to perform our functions effectively.

Notice of collection

When EPSDD needs to collect personal information from you we will notify you about:

Collecting through our websites

View the web privacy statement.

Social Networking Services

EPSDD utilises social media for engaging with the community. As a general principle the Directorate does not collect personal information via social media platforms. If a community member provides personal information via social media, EPSDD's moderators will request that the community member take the discussion 'offline' by providing the personal information via another source, such as via email, or by contacting the Access Canberra Contact Centre on 13 22 81.

If personal information is disclosed to EPSDD via a social media platform the Directorate will advise the customer of where to locate the privacy policy of the relevant social media platform so that they may be aware of the information that is collected by the relevant third party organisation.

Email lists

Personal information is collected for mailing lists for the purposes of communicating with individuals or groups who are interested in receiving news and details of consultation about planning. The personal information on these records relates to customers and stakeholders of the agency.

Information collected includes names, contact details such as email addresses and organisational information.

This information is not disclosed outside of the Directorate or used for purposes other than the stated purpose.

Use and disclosure

EPSDD will not use your personal information for a secondary purpose or share your personal information with other government agencies, private sector organisations or anyone else without your consent, unless an exception applies.

Exceptions are available a number of circumstances including when -

If EPSDD has this information it is allowed to provide your biometric information (such as your fingerprints or photograph) or your biometric templates (digital representations of your distinct characteristics) to an enforcement body (like the Australian Federal Police, Department of Immigration) if we comply with any guidelines made by the Information Privacy Commissioner.

EPSDD may also disclose personal information to Commonwealth intelligence agencies where that disclosure is authorised by the head of the intelligence agency and the agency certifies that the collection of the personal information from the EPSDD is necessary for its functions.

More information in regard to disclosures can be found in the Information Privacy Annex included with this policy.

Sharing information with service providers

EPSDD contracts with service providers to support the Directorate to carry out specific activities and functions of the Directorate.

In some circumstances it may be necessary for EPSDD to share personal information with these service providers to enable them to perform their functions efficiently and effectively.

In these situations we protect personal information by only entering into contracts with service providers who agree to comply with Territory requirements for the protection of personal information.

Storage and security of personal information

EPSDD is required to take reasonable steps to ensure that personal information it holds is safe and secure.

We strive to protect your personal information from misuse, interference or loss and from unauthorised access, use, modification or disclosure in accordance with the Information Privacy Act 2014.

The Territory Records Act 2002 establishes frameworks for the management of your personal information if it is held within the files or data systems of EPSDD.

Our IT systems employ comprehensive protections to guard against unauthorised access. Paper- based files are stored securely.

As a part of our general practice personal information is only available to staff who need to have access in order to perform their roles.

Accessing your personal information

In accordance with the Information Privacy Act 2014 (Territory Privacy Principles 12 and 13) you have the right to ask for access to personal information that EPSDD holds about you. You are also entitled to request that we correct that personal information, if you believe it is no longer accurate or up-to-date.

If you contact us to request access to your personal information we must provide you with access to your information in an appropriate manner, if it is reasonable and practicable to do so.

If it is not reasonable or practicable we must respond to your request in writing within 30 days telling you why we are unable to provide you with access to that information.

We will not charge you any fees for making the request or providing you with access.

You also have the right under the Freedom of Information Act 2016 to request access to documents that we hold and ask for information that we hold about you to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.

Individuals can obtain information regarding access to their personal information by contacting the Information Manager via email to or by contacting the Access Canberra Contact Centre on 13 22 81.

Correcting your personal information

If you ask EPSDD to correct your personal information, we must take reasonable steps to correct the information if we are satisfied that it is incorrect, inaccurate, incomplete irrelevant, out-of-date or misleading.

If we agree to correct information and that information has previously been shared with another agency, you may request that we notify the other agency of the possible need for them to correct that information.

There may be reasons why we refuse to correct that information, for example if we are required or authorised by law not to correct the information.

If we refuse to correct the information we must give you written notice of why we have refused to correct your information and how you may complain about our decision, within 30 days.

If we refuse to correct your personal information, you can ask us to attach or link a statement that you believe the information is incorrect and why to the information.

We will not charge you any fees for making the request for correction, correcting the information or attaching a statement to the personal information.

In some circumstances and if it is appropriate, we can assist you to correct your personal information held by us if it is no longer accurate, up-to-date and complete.

How to make a complaint

Complaints about how EPSDD has managed your personal information need to be made in writing to the contact details below. We are also able to assist you to lodge your complaint if required.

We will consider your complaint and make every effort to work with you resolve your issues satisfactorily.

We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.

If you are not satisfied with our response you may ask for a review by a more senior officer or you can make a formal privacy complaint to the Australian Privacy Commission under section 34 of the Information Privacy Act 2014.

The Australian Privacy Commission is an independent body that will assess your complaint and can make a determination that our actions are an interference with your privacy. If your complaint is upheld by the Commissioner you may be able seek a remedy in the Magistrates Court.

How to contact us

Phone: 13 22 81


In person: 480 Northbourne Ave, Dickson

Disclosure of personal information overseas

In some circumstances EPSDD may need to share or store information with overseas recipients.

If this disclosure is necessary we will take reasonable steps before disclosing the information to ensure that the recipient treats the personal information with the similar standard of care as is required by the Information Privacy Act 2014.

In some cases, the information will already be sufficiently protected under the law governing the overseas recipient, and you can access mechanisms to enforce those protections.

If it is practical and reasonable to do so we will obtain your consent to overseas disclosure.However, there may be situations where we are unable,for example, where we share information as part of a law enforcement activity Quality of personal information

EPSDD is required to take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete.

Personal information we use or disclose must also be relevant for the purpose for which we use or disclose it.

Annex to the EPSDD Privacy Policy

The EPSDD Information Privacy Policy Annex forms an integral part of this Information Privacy Policy and provides, in specific detail, the kinds of personal information EPSDD collects, holds, uses and discloses, the purpose for its collection, use and disclosure in relation to specific functions, activities and duties.