Privacy policy

About this privacy policy

The Privacy Act 1988 (Privacy Act) requires the Independent Parliamentary Expenses Authority (IPEA) to have a Privacy Policy. This Privacy Policy outlines IPEA’s handling practices for personal information.

IPEA’s specific legal obligations when collecting and handling your personal information are outlined in the Privacy Act and in the Australian Privacy Principles (APPs), found in that Act. IPEA will update this Privacy Policy if and when its handling practices for personal information change.

Privacy Act

In general terms, the Privacy Act regulates the collection, use, disclosure, storage and security, access and correction of the personal information held by IPEA. 

‘Personal information’ is defined in the Privacy Act as information or an opinion about an identified individual or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not, or
  • whether the information or opinion is recorded in a material form or not.

There are also particular obligations under the Privacy Act in relation to the handling of ‘sensitive information’, which means information or an opinion about an individual’s:

  • racial or ethnic origin
  • political opinions
  • membership of a political association
  • religious beliefs or affiliations
  • philosophical beliefs
  • membership of a professional or trade association
  • membership of a trade union
  • sexual orientation or practices
  • criminal record
  • ‘health information’, which includes information or an opinion about a person’s health, including an illness, disability or injury, (at any time)
  • genetic information that is not otherwise health information
  • biometric information that is to be used for the purpose of automated biometric verification or biometric identification
  • biometric templates

Who should read this privacy policy?

This Privacy Policy is particularly relevant to current or former parliamentarians and their family members; people currently or formerly employed, or seeking employment, under the Members of Parliament (Staff) Act 1984; prospective, past and present IPEA employees; and contractors, consultants and vendors of goods or services to IPEA.

Anonymity and pseudonymity

People have the option of not identifying themselves, or using a pseudonym (i.e. an alias) when dealing with IPEA, unless:

  • IPEA is required or authorised by law to only deal with individuals who have identified themselves
  • it is impracticable for IPEA to deal with individuals who have not identified themselves

For many of our functions and activities, IPEA will need your name and contact information and enough information about the particular matter to enable us to fairly and efficiently handle your matter. IPEA may be unable to progress or resolve your matter if you do not identify yourself.

Personal information handling practices

Collection, use and disclosure of personal information

Kinds of personal information IPEA collects and holds

Broadly, the kinds of personal information collected and held by IPEA may include:

  • information relating to current and former members of Parliament and eligible family members in the context of the administration, reporting, monitoring and auditing of work expenses, including financial information
  • names, addresses and phone numbers of parliamentarians and their staff
  • information about parliamentarians’ work, including work in their electorate
  • schedules and travel itineraries
  • sensitive information, for example information about a person’s
  • political party membership and associated activities
  • racial or ethnic origin
  • political opinions
  • criminal record (for example, in the context of recruitment activities or security assessments)
  • health information (for example, medical history, or information relating to a work-related injury in the context of a work health and safety issue or workers’ compensation claim)
  • information about job applicants and employees relating to employment with IPEA (e.g. personal details, referee and emergency contact details, financial information, superannuation details, employment contracts, training and development, performance management, leave records, etc)
  • information relating to staff employed under the Members of Parliament (Staff) Act 1984 in the context of the administration, monitoring and auditing of travel expenses, including financial information;
  • comments on IPEA social networking sites
  • information relating to the performance of IPEA’s obligations as an employer, for example work health and safety assessments, incidents and investigations in accordance with the Work Health and Safety Act 2011

Unsolicited personal information

IPEA may receive unsolicited personal information. In circumstances where IPEA receives unsolicited personal information which is not reasonably necessary for, or directly related to, IPEA’s functions or activities, IPEA will generally take steps to destroy or de-identify the information as soon as possible. IPEA will not destroy or de-identify the information if it is unlawful or unreasonable to do so. If IPEA keeps unsolicited personal information, the information will be used only in accordance with the Privacy Act and this Privacy Policy.

Purposes of collecting and using personal information

IPEA collects and uses personal information for purposes relating to the performance of its statutory functions under the Independent Parliamentary Expenses Authority Act 2017 (IPEA Act), including:

  • giving personal advice, and issuing advisory documents, about matters relating to the travel resources of parliamentarians and their staff
  • preparing and publishing reports about parliamentary work resources
  • processing claims for travel resources for current and former parliamentarians, their staff and eligible family members
  • monitoring matters relating to travel resources of parliamentarians and their staff
  • auditing the work resources of parliamentarians and travel resources of their staff

IPEA also collects personal information:

  • for employment-related purposes, including recruitment, staff management, workers’ compensation claims and rehabilitation, workplace health and safety obligations, public interest disclosures, administering relevant superannuation benefits and managing the conditions of employment of persons employed by IPEA
  • for other administrative purposes, such as:
    • procuring goods and services
    • providing secretariat support to the Members of IPEA and associated committees
    • processing freedom of information (FOI) requests
    • receiving and responding to correspondence

Generally, IPEA does not collect personal or sensitive information unless that information is reasonably necessary for, or directly related to, one of its functions or activities. IPEA is also able to collect this type of information in circumstances where it is legally required or authorised to do so.

In addition, IPEA may use or disclose personal or sensitive information in circumstances that do not reflect the purposes for which the information was initially collected. In these circumstances, IPEA will seek the person’s consent to use or disclose the information. IPEA may also be expressly authorised under the IPEA Act or another law to use or disclose the information for another purpose, in which case consent is not required.

IPEA is authorised under the IPEA Act to disclose personal information for carrying out its reporting functions, including preparing and publishing parliamentary expenditure reports on IPEA’s website; and preparing and publishing audit reports.

In addition, IPEA uses a number of service providers to whom it may disclose personal information, for example to provide IT or travel-related services. Protection and security of personal information is paramount to IPEA’s contractual arrangements with those providers.

IPEA does not collect personal information for disclosure overseas. If it becomes necessary to do so, IPEA will review this Privacy Policy.

How IPEA collects and holds personal information

Wherever possible, when IPEA requires your personal information to perform its statutory and administrative functions, IPEA will collect personal information either directly from you or from someone else with your consent. IPEA may also collect personal information about individuals from third parties where required or authorised by law to do so.

In circumstances where your personal information was not, or won’t be, collected directly from you or your authorised representative, IPEA will inform you about this as soon as possible, including the purpose and method of collection.

IPEA will also inform you of the main consequences (if any) for you if IPEA does not collect the information and any people or entities to whom the information might be disclosed. The individual will also be directed to this policy and IPEA’s contact details.

IPEA collects and receives personal information through various channels including forms, online portals, electronic and paper correspondence as well as telephone and fax. This information is securely held within IPEA’s premises and IT systems and only accessed by IPEA employees and consultants for the purposes of performing IPEA’s statutory and administrative functions on a need-to know basis.

Personal information that is no longer required for IPEA’s work will be destroyed, archived or deleted in accordance with IPEA’s obligations under the Privacy Act and the Archives Act 1983, subject to any laws that prohibit or limit the destruction or deletion of records.

Collecting information through the IPEA website

When you visit the IPEA website, IPEA may use a range of tools provided by third parties such as Google to collect or view website traffic information. These websites have their own privacy policies. IPEA also uses cookies and session tools to improve your experience when accessing the IPEA website.

Information collected when you visit the IPEA website may include the IP address of the device you are using and information about sites that the IP address has come from. IPEA uses this information to maintain, secure and improve its website. In relation to Google Analytics, you can opt out of the collection of this information using the Google Analytics Opt-out Browser Add-on.

Access to and correction of your personal information

Quality of personal information

IPEA takes steps to ensure that the personal information we collect is accurate, up to date and complete.  These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.

IPEA also reviews the quality of personal information before it is used or disclosed in performing IPEA’s functions to ensure it is accurate, up to date, complete and relevant.

Requesting access under the Privacy Act

Under the Privacy Act, you have the right to ask for access to personal information that IPEA holds about you, and, if any of it is wrong or inaccurate, ask IPEA to correct your personal information. You can make a request for access or correction to your personal information by email or post as follows:

privacy [at] or

Privacy Officer
Independent Parliamentary Expenses Authority
One Canberra Avenue

Freedom of information request

Under the Freedom of Information Act 1982 (FOI Act), you are also able to request access to personal information about you that is held by IPEA. Such a request can be sent to:

FOI [at] or

The FOI Coordinator
Independent Parliamentary Expenses Authority
One Canberra Avenue

It should be noted that exemptions apply under both the FOI Act and Privacy Act which may result in access being wholly or partially refused. If this happens, IPEA will provide written reasons and explain the rights of appeal that apply.

IPEA will not charge you to access your own personal information, nor for any corrections that may be requested.

Enquiries and complaints

General privacy enquiries and how to make a privacy complaint to IPEA

If you have any questions, or would like more information about IPEA’s Privacy Policy, you can contact IPEA by email or post:

privacy [at] or

Privacy Officer
Independent Parliamentary Expenses Authority
One Canberra Avenue

If you wish to make a complaint about how IPEA has handled your personal information, you should complain directly to IPEA in writing, using the above contact details.

If IPEA receives a privacy-related complaint from you, we will acknowledge your complaint and then respond to the complaint within 30 days.

How to make a complaint to the Office of the Australian Information Commissioner

If you are dissatisfied with the way IPEA handles your privacy-related complaint you may contact the Office of the Australian Information Commissioner (OAIC) by:

Downloadable documents

Privacy Impact Assessment Register (PIA)