About this Privacy Policy

The Privacy Act 1988 (Privacy Act) requires entities bound by the Australian Privacy Principles to have a Privacy Policy. This Privacy Policy outlines the personal information handling practices of the Independent Parliamentary Expenses Authority (IPEA).

This policy is written in simple language. The specific legal obligations of IPEA when collecting and handling your personal information are outlined in the Privacy Act and in particular in the Australian Privacy Principles (APPs) found in that Act. We will update this Privacy Policy when our information handling practices change. Updates will be publicised on our website.

Privacy Act

In general terms, the Privacy Act, including the 13 APPs in Schedule 1 of that Act, regulates the collection, use, disclosure, storage and security, access and correction of personal information.

‘Personal information’ is information or an opinion about an identified individual or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not, or
  • whether the information or opinion is recorded in a material form or not.

There are also particular obligations under the Privacy Act in relation to the handling of ‘sensitive information’, which means:

  • information or an opinion about an individual’s:
  • racial or ethnic origin
  • political opinions
  • membership of a political association
  • religious beliefs or affiliations
  • philosophical beliefs
  • membership of a professional or trade association
  • membership of a trade union
  • sexual orientation or practices
  • criminal record
  • health information
  • genetic information that is not otherwise health information
  • biometric information that is to be used for the purpose of automated biometric verification or biometric identification
  • biometric templates.

Who Should Read this Privacy Policy?

This Privacy Policy is particularly relevant to you if you are:

  • an individual whose personal information may be given to or held by IPEA
  • a contractor, consultant, supplier or vendor of goods or services to IPEA
  • a person seeking employment, or employed with IPEA, or
  • a person seeking employment, or employed under the Members of Parliament (Staff) Act 1984.

Anonymity and Pseudonymity

The APPs give individuals the option of not identifying themselves, or using a pseudonym (e.g. an alias) when dealing with IPEA, unless:

  • we are required or authorised by law to only deal with individuals who have identified themselves, or
  • it is impracticable to deal with individuals on an anonymous or pseudonymous basis.

For most of our functions and activities we will need your name and contact information and enough information about the particular matter to enable us to fairly and efficiently handle your matter. We may be unable to progress or resolve your matter if you do not identify yourself.

Privacy Enquiries

If you have any questions or would like more information about IPEA’s privacy practices you can contact us by:

Email: privacy [at]
Post: Privacy Officer
Independent Parliamentary Expenses Authority
One Canberra Avenue

Personal Information Handling Practices

Collection of Personal Information

Why IPEA Collects Information About You and Other People Associated with You

IPEA collects personal information for purposes relating to the administration of its functions under the Independent Parliamentary Expenses Authority Act 2017 (IPEA Act), including:

  • processing claims for travel expenses and travel allowances in relation to current and former Parliamentarians, their staff and eligible dependants
  • administering and monitoring payments under the parliamentary work expenses framework
  • auditing parliamentarians’ work expense matters
  • giving advice to current and former Members of Parliament about travel expenditure matters
  • providing secretariat support to the Members of IPEA.

We also collect personal information:

  • for employment related purposes, including recruitment, staff management, workers’ compensation claims and rehabilitation, workplace health and safety obligations, public interest disclosures, administering relevant superannuation benefits, processing entitlements and managing the conditions of employment of persons employed by IPEA
  • for other administrative purposes, such as:
    • processing freedom of information (FOI) requests
    • receiving and responding to correspondence.

IPEA does not collect personal information for disclosure overseas. If it becomes necessary to do so, we will review this policy.

How IPEA Collects Personal Information

Personal information about you may be collected by IPEA from you, or from your authorised representative or agent.

We may also collect personal information:

  • from the Department of Finance (Finance) or another third party where the information is relevant to IPEA’s functions, in accordance with the IPEA Act
  • from third parties where we are authorised or required by law to do so, where you have consented, and other circumstances permitted under the Privacy Act.

IPEA collects and receives personal information through various channels including forms, online portals, electronic and paper correspondence as well as telephone and fax.

Types of Personal Information IPEA Collects and Holds

Broadly grouped, the personal information we collect and hold may include:

  • information relating to current and former members of Parliament and eligible family members in the context of the administration, monitoring and auditing of work expenses, including financial information;
  • names, addresses and phone numbers of parliamentarians and their staff.
  • information about parliamentarians’ work, including work in their electorate.
  • schedules and travel itineraries;
    • sensitive information, for example, information about a person’s political party membership and associated activities engaged in by that person;
    • information about job applicants and employees relating to employment with IPEA (e.g. personal details, referee and emergency contact details, banking information, superannuation details, employment contracts, training and development, performance management, leave records, etc);
  • information relating to staff employed under the Members of Parliament (Staff) Act 1984 in the context of the administration, monitoring and auditing of travel expenses, including financial information;
  • comments on IPEA social networking services;
    • information relating to the performance of IPEA’s obligations as an employer, for example work health and safety assessments, incidents and investigations in accordance with the Work Health and Safety Act 2011.

Sensitive Information

We may collect and hold sensitive information about you in certain circumstances. This may include:

  • racial or ethnic origin;
  • political opinions;
  • criminal record (for example, in the context of recruitment activities or security assessments);
  • health information (for example, medical history, or information relating to a work-related injury in the context of a work health and safety assessment/incident/investigation or workers’ compensation claim).

Collection of Personal Information

IPEA will only collect personal information, including sensitive information, in the following circumstances:

  • the collection of the information is consented to by the person to whom the information relates; or
  • IPEA is required or authorised to collect the information to carry out its functions.

Personal information collected by IPEA must be reasonably necessary for, or directly related to, IPEA’s functions or activities. Wherever possible, IPEA will collect personal information from the individual to whom the information relates.

In circumstances where your personal information was not, or won’t be, collected directly from you or your authorised representative, IPEA will tell you as soon as possible that IPEA plans to, or has already collected, the information. This includes telling you the purpose and method of collection and how we are authorised to collect the information.

IPEA will also inform you the main consequences (if any) for you if IPEA does not collect the information and any people or entities to whom the information might be disclosed. The individual will also be directed to this policy and IPEA’s contact details.

Storage of Personal Information

Personal information collected by IPEA is securely held and only accessible by those IPEA employees with a genuine need to access it for the purpose of their work in carrying out IPEA’s functions.

Collection through Our Website – Cookies and Google Analytics

When you visit the IPEA website, we may use a range of tools provided by third parties such as Google to collect or view website traffic information. These websites have their own privacy policies. We also use cookies and session tools to improve your experience when accessing our website.

Information collected when you visit the IPEA website may include the IP address of the device you are using and information about sites that IP address has come from. IPEA uses this information to maintain, secure and improve our website. In relation to Google Analytics, you can opt out of the collection of this information using the Google Analytics Opt-out Browser Add-on.

Unsolicited Information

If IPEA receives unsolicited personal information in relation to a person, which does not relate to its activities or functions, and it is unclear whether the information was provided with the person’s consent, IPEA will de-identify the information or ensure it is destroyed, unless it is unlawful or unreasonable to do so.

Disclosure of Personal Information

IPEA is authorised under the IPEA Act to disclose personal information in certain circumstances, including publishing reports on IPEA’s website about travel expenditure matters relating to current and former Parliamentarians, and staff employed under the MOPS Act.

IPEA uses a number of service providers to whom we may disclose personal information, for example to provide IT services. To protect any personal information that may be disclosed, we take contractual measures to require the service provider to only handle the information for the purposes of providing the relevant services.

Your personal information will not otherwise be used or disclosed for purposes unrelated to the purpose for which it was originally collected by IPEA unless:

  • you have consented to the use or disclosure of your information for that other purpose;
  • you would reasonably expect IPEA to use or disclose the information for the secondary purpose, and that purpose is:
  • related to the primary purpose of collection or,
  •  in the case of sensitive information, directly related to the primary purpose;
    • the use or disclosure is required or authorised by or under an Australian law or a court/tribunal order; or
    • the use or disclosure is otherwise permitted under the Privacy Act and the APPs.

Quality of Personal Information

IPEA takes steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.

We also review the quality of personal information before we use or disclose it to ensure it is accurate, up to date, complete and relevant.

Storage and Security

IPEA has controls in place to protect the information we hold from loss, unauthorised access or disclosure and from any other misuse, interference and loss. Our controls include:

  • access to personal information collected is restricted to authorised persons on a need-to-know basis
  • our internal network and databases are protected using firewall, intrusion detection and other technologies
  • paper files containing personal and sensitive information are protected in accordance with Australian Government security and record-keeping policies, guidelines and standards and secured in locked cabinets, Australian Government-approved security containers or secure rooms with restricted access
  • IPEA’s premises are under 24-hour surveillance and access is via security passes only, with all access and attempted access logged electronically
  • IPEA conducts system audits and staff training to ensure adherence to our established protective and computer security practices
  • personal information that is no longer required is destroyed in a secure manner, or archived or deleted, in accordance with IPEA’s obligations under the Privacy Act and the Archives Act 1983 (subject to any laws that prohibit or limit the destruction or deletion of records).

Access to and Correction of Personal Information

Freedom of Information Request

Under the FOI Act, a person is able to request access to personal information about them that is held by IPEA free of charge. Such a request can be sent to:

FOI [at] or
• The FOI Coordinator

Independent Parliamentary Expenses Authority
One Canberra Avenue

It should be noted that exemptions apply under the FOI Act which may result in some personal information not being released. If this happens, IPEA will provide written reasons and explain the rights of appeal that apply.

Request under the Privacy Act

Under the Privacy Act you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days.

You can make a request for access or correction to information by contacting the following:

Privacy Officer
Independent Parliamentary Expenses Authority
One Canberra Avenue

You can also contact us via email at privacy [at]

Privacy Impact Assessments

Conduct of Privacy Impact Assessments

IPEA will conduct privacy impact assessments for all high privacy risk projects. Generally, such projects will include, but are not limited to, projects involving a new or changed way of handling IPEA’s personal information which is likely to have a significant impact on the privacy of individuals.

When IPEA collaborates with another agency on a high privacy risk project, it may conduct a joint privacy impact assessment together with the other agency.

Register of Privacy Impact Assessments

IPEA will maintain a public register of its privacy impact assessments on its website.


How to Make a Complaint

If you wish to make a complaint to us about how we have handled your personal information you should complain in writing.

We will tell you promptly that we have received your complaint and then respond to the complaint within 30 days.

You can contact us by post: 

Privacy Officer
Independent Parliamentary Expenses Authority
One Canberra Avenue

How to Make a Complaint to the Office of the Australian Information Commissioner

If you are dissatisfied with the way IPEA handles your privacy-related complaint you may contact the Office of the Australian Information Commissioner (OAIC) by:

Downloadable Document