This Corporate Policy is issued under the authority of the Commissioner and should be read together with the ACNC Policy Framework, which sets out the scope, context and definitions common to our policies.

Policy

  1. The ACNC Act gives the ACNC a range of powers and functions to register and regulate Australian charities. In carrying out its functions the ACNC will handle information – that is it will collect, receive, record, store, disclose, publish or use information – about charities and not-for-profits and the people involved in governing these organisations. We may also handle information about people or organisations that are involved in, supporting, providing services to or are in some way interested in or related to these organisations.
  2. The purpose of this policy is to outline the high-level principles that guide all of the ACNC information-handling obligations and to explain the purpose and interaction of relevant policies and procedures.
  3. The ACNC has a number of policies and procedures that set out how we will handle information. This diagram explains the relationship between these policies and procedures:
ACNC Information Handling Policy Diagram
  1. This policy should be read in conjunction with the ACNC’s Privacy Policy and Freedom of Information Policy which set out how the ACNC will comply with our specific obligations under the Privacy Act 1988 (Cth) (the Privacy Act) and the Freedom of Information Act 1982 (Cth) (the FOI Act).
  2. This policy sets out how the ACNC will:
  • protect the secrecy of ‘protected ACNC information’;
  • protect personal information privacy (see also the Privacy Policy)
  • provide the public with access to information held by the ACNC (see also the Freedom of Information Policy), and
  • ensure the secure storage of information.
  1. The ACNC is committed to protecting the privacy of personal information and to handling all information in accordance with the high standards set out in the ACNC Act and with related Australian laws.
  2. This policy supports the ACNC’s need to collect and handle information in a way that allows us to carry out the objects of the ACNC Act, as well as recognising the right of individuals to have their information handled in ways that they would reasonably expect and in accordance with the law.
  3. The Explanatory Memorandum to the ACNC Act states:

The secrecy framework is intended to balance the need to protect personal and confidential information that entities provide to the ACNC with the need to enable disclosure of that information where it is necessary to disclose that information in accordance with the objects of the ACNC Act.

Engagement with and the trust of the not-for-profit (NFP) sector could be at risk if responsible entities and registered entities do not have confidence that their information is being handled appropriately, which would, in turn obstruct the ACNC in undertaking its powers and functions under the ACNC Act.

However, as the NFP sector receives substantial assistance through taxpayer funded concessions and public donations, the information provided to the ACNC needs to be disclosed to the public in certain circumstances in order to promote transparency and accountability of the sector and ensure public confidence that taxpayer resources and public donations are being used appropriately.

  1. The ACNC is committed to being open and transparent in the way it operates and to handling all information in the way expected of all Australian Government agencies.
  2. The ACNC has the following legal obligations that apply to the way that it handles information.

The ACNC Act and related legislation

  1. The ACNC Act gives the ACNC power to collect information from:
  • charities registered under the ACNC Act
  • not-for-profits applying to register as a charities
  • people who are the responsible persons of charities, and
  • other people or organisations.
  1. The ACNC Act requires ACNC staff to protect the security and confidentiality of the information it collects. This secrecy framework provides that information which meets the definition of ‘protected ACNC information’ must only be used or disclosed in the specific circumstances set out in the ACNC Act. These are known as authorised disclosures.1
  2. Also, where the ACNC lawfully discloses protected ACNC information to another party, the other party is also bound by the secrecy framework in the ACNC Act.
  3. In addition to the ACNC Act, there are other laws that contain provisions about information handling which apply to ACNC officers and the information the ACNC collects. For example, if ACNC staff are given access to taxation information about charities, the confidentiality provisions in Division 355 of the Taxation Administration Act 1953 (Cth) will apply.

Relevant information-handling laws applying to all Australian Government Agencies

  1. There are also a number of Commonwealth laws which affect how Australian Government agencies create, manage, store and destroy their records. These impose obligations on the ACNC to handle information in a certain way.

Privacy Act

  1. The Privacy Act regulates the handling of personal information by Australian Government agencies. The Privacy Act regulates the collection of personal information, its accuracy, security, and its use and disclosure. It also provides individuals with rights to access and correct the information that organisations and government agencies hold about them. The Privacy Act also sets out requirements that may apply when an agency enters into a contract under which services are provided to the agency.2

FOI Act

  1. The FOI Act gives individuals the legal right to access documents held by Ministers and Australian Government departments and most agencies. The FOI Act also applies to documents created or held by contractors or sub-contractors who provided services to the public or third parties on behalf of agencies.
  2. When a member of the public requests information, the agency must identify and preserve all relevant sources, including records, until a final decision on the request is made. The FOI Act also sets out how agencies may correct, annotate or update records if a member of the public shows that any personal information relating to them is incomplete, incorrect, out of date or misleading.
  3. The FOI Act also establishes the Information Publication Scheme (IPS) which requires agencies subject to the FOI Act to take a proactive approach to publishing a broad range of information on their website.

Archives Act

  1. The Archives Act 1983 (Cth) (Archives Act) makes it illegal to destroy Australian Government records without permission from the National Archives unless destruction is specified in another piece of legislation or allowed under records authority or a normal administrative practice3.

Electronic Transactions Act

  1. The Electronic Transactions Act 1999 (Cth) ensures that electronic evidence of transactions is not invalidated because of its format. This Act does not authorise the destruction of any Australian Government records, whether originals or copies. The obligations placed on agencies under the Archives Act for the preservation and disposal of Commonwealth records continue to apply.

Financial Management and Accountability Act

  1. An APS employee who misapplies, improperly disposes of or improperly uses Commonwealth records may be in breach of section 41 of the Financial Management and Accountability Act. Regulation 12 of the Act requires that the terms of approval for a proposal to spend money be recorded in writing as soon as practicable.
  2. Australian Government records fall within the meaning of 'public property' as defined in this Act.

Crimes Act

  1. The Crimes Act 1914 (Cth) outlines crimes against the Commonwealth. Several parts of the Act relate to records. For example, section 70 prohibits public servants (or anyone working for the Australian Government, including contractors and consultants) from publishing or communicating facts, documents or information which they gain access to through their work unless they have permission to do so. This includes taking or selling records which should be destroyed.
  2. This Act also makes it an offence for someone to intentionally destroy documents that they know may be required as evidence in a judicial proceeding.

Evidence Act

  1. The Evidence Act 1995 (Cth) defines what documents, including records, can be used as evidence in a Commonwealth court.
  2. All Australian Government agencies need to take account of evidence legislation. A court may need to examine records as evidence of an organisation's decisions and actions.

Relevant laws that might override the secrecy framework in the ACNC Act

  1. There is also other Commonwealth legislation that may override the secrecy framework in the ACNC Act and authorise disclosures in limited circumstances. These may include:

Principles

Principle 1: Information collected lawfully and only where necessary

  1. The ACNC will only collect information if authorised to do so by law or by consent, and will only collect that which is necessary.

Collection of information about charities or not-for-profits applying to be charities

  1. The ACNC is authorised by law to collect certain information about:
  • not-for-profits applying to be registered as charities with the ACNC, and
  • charities that are registered with the ACNC.
  1. As far as possible, when we collect information about your charity or not-for-profits, we will tell you why we are collecting it; if the collection is authorised by law or if we are requesting the information by consent; and how the information will be used.

Collection of personal information about people involved with charities

  1. Personal information is information that identifies a person or could reasonably identify a person.
  2. The ACNC is authorised by law to collect certain personal information about responsible persons (people on the governing body) of registered charities or notfor-profits applying to be registered charities. In the course of pursuing our functions, we may also collect personal information about a range of other people, such as members of the public who are concerned about a charity, or we may collect personal information about a charity’s employees or volunteers during our compliance activities.
  3. Before we collect any personal information, we will tell you the reason we are collecting the information, whether the collection is authorised by law or is by consent (or if it is being collected for another lawful purpose) and the usual way that information will be used or disclosed.
  4. For more information about the collection of personal information, see the Privacy Policy.

Collection of necessary information only

  1. We will not ask for any information in excess of what we are authorised to collect by law, and we will collect it only for the purpose of achieving the objects of the ACNC Act.
  2. The ACNC is responsible for administering a national regulatory framework for charities, including maintaining a public register of charities and ensuring charities meet certain governance and external conduct standards. The ACNC is also charged with promoting the reduction of unnecessary regulatory obligations on Australian charities (section 15-5(1)(c)). We will not contribute to the regulatory burden by asking for information we do not need or use.
  3. If a responsible person or an individual raises a concern about information we are collecting, we will explain the legal authority we have to collect the information (or whether it is by consent), the main ways we will use or disclose that information (if known) and the consequences for the charity or individual of not providing that information.

Principle 2: Use or disclose ‘protected ACNC information’ only in accordance with the law

  1. The ACNC recognises charities need to be able to confidently provide information to the ACNC knowing that it will be protected and only used for the purpose for which it was collected.
  2. Generally, the law sets out how the ACNC can use and disclose the information it collects, and for what purpose. The ACNC Act prohibits ACNC staff from using or disclosing protected ACNC information except in specific situations permitted by the ACNC Act, known as authorised disclosures (Pt 7-1 of the ACNC Act).
  3. Protected ACNC information is defined as information that was disclosed or obtained under or for the purpose of the ACNC Act, and identifies or is reasonably capable of identifying an entity.
  4. Where the use or disclosure of protected ACNC information occurs in line with an authorised disclosure provision, then the use or disclosure will be authorised by law.
  5. There are also provisions which protect the confidentiality of information even when it is lawfully disclosed to a person or another government agency. There are some other laws that may override the secrecy framework in the ACNC Act.
  6. For these reasons the ACNC has procedures in place that ensure the ACNC is meeting its obligations under the ACNC Act (and related legislation) to protect the information (see Operational Procedure: ACNC Protected information procedure (OP 2015/01).
  7. If a responsible person or an individual is unhappy with the ACNC’s use or disclosure of information, they can make a complaint about the ACNC (see the Complaints and compliments about the ACNC Policy). Where the information is personal information, the person can also make a complaint under the Privacy Act (see Privacy Policy and related procedures). They can also raise issues with the Commonwealth Ombudsman.

Principle 3: Respect the privacy of personal information

  1. The ACNC will collect personal information – information that identifies a person or could be used to identify a person.
  2. We will collect personal information about responsible persons of a charity or not-for-profit under the ACNC Act (eg name, contact details, date of birth). We might also collect personal information from the public (eg a person who raises a concern about a charity) or a charity employee or volunteer (eg. during compliance activities).
  3. For the ACNC, this will include the information we collect and keep about responsible persons, but will also include personal information we hold about other individuals such as agents, auditors, employees, and people who have made a complaint about a charity, amongst others.
  4. While the personal information we collect will often be protected ACNC information and therefore covered by the ACNC Act, personal information is also protected by the Privacy Act, which applies to the operations of the ACNC. In relation to personal information we collect, the Privacy Act applies in addition to the secrecy provisions set out in the ACNC Act.
  5. The ACNC respects individual’s rights to personal information privacy and recognises the high standards that apply to this kind of information. For example, if any online form is started but not submitted to the ACNC, the applicant will be prompted to complete the form. If the form remains pending after eight months, it will be deleted from the system as part of the ACNC's commitment to ensuring that personal information we collect is accurate, up to date and complete.
  6. For information-handling in investigations see the Compliance and Enforcement Policy and the Operational Procedure: Investigations.
  7. The Privacy Act contains provisions designed to safeguard an individual’s personal information. The Privacy Act provisions aim to balance the protection of an individual's privacy and other public interests such as the efficient functioning of government. The Privacy Act applies to government agencies including the ACNC.
  8. The ACNC will at all times comply with the ACNC Act, the Privacy Act and any other relevant legislation when dealing with people’s personal information. Our approach to privacy is set out in our Privacy Policy.

Principle 4: Open and transparent operations

  1. At the ACNC, we believe open and transparent government is in the public interest.
  2. As far as possible, without contravening any other laws, we will actively make our policies and procedures publicly available. This is in line with recent changes to the FOI Act which include a presumption of openness and maximum disclosure. Our approach to freedom of information is set out in our Freedom of Information Policy.
  3. We will be helpful when people make requests for information and where possible we will provide information without requiring people to go through the formal process via freedom of information or privacy legislation. Where it is necessary to proceed with a formal request under those laws, we will comply with our relevant procedures.

References

Version Date of effect Brief summary of change
Version 1 - Initial policy 03/12/2012 Initial policy endorsed by ACNC Commissioner on 06/12/2012
Version 2 - Revised policy 22 September 2014 Revision to clarify deletion of form information after 8 months
Version 3 – Revised policy 4 February 2015 Update to include references to new ACNC Operational Procedures

1 See the Operational Procedure: ACNC protected information procedure (OP 2015/01) for further detail on the application of the ACNC secrecy provisions.

2 See the ACNC Privacy Policy for further information on the application of the PrivacyAct 1988 (Cth).

3 See Operational Procedure: Records management – disposal of ACNC records and Operational procedure: ACNC normal administrative practice (NAP) Disposing of administrative records for further information on the ACNC’s records management procedures.