Information privacy complaints procedure

A privacy complaint is considered to be an expression of dissatisfaction with QRA’s policies, products, services, or employees. An individual is able to make a complaint about an act or practice of QRA in relation to the individuals personal information that has breached its obligations under the Information Privacy Act 2009 (IP Act) to comply with the:

• Privacy principles; or
• An approval under section 157 of the IP Act.

• The Privacy complaint must be made in writing.
• An address must be provided where notices will be forwarded to.
• Provide the particulars of the act or practice complained of.

In order for QRA to properly and efficiently respond to your privacy complaint, you should ensure your complaint contains sufficient information and the outcome you are seeking:

• What happened and where did it happen?
• When did it happen and who was involved?
• If possible, identify the information privacy principles that have been breached and how your personal information may have been mishandled.
• What outcome are you seeking?

Upon receipt of a complaint within QRA, the receiving officer will create an entry into QRA’s electronic document and records management system and the complaints register. The information recorded in the complaints register will include:

• complainants name and address where the notices will be sent to
• the nature of the complaint
• the complaint outcome
• time taken to resolve the complaint.

Privacy complaints will be acknowledged within 5 working days of receipt.

Reasonable steps will be taken to ensure that QRA will deal with all complaints fairly and professionally. Complaints are assessed, managed and responded to by the RTI/IP officers of QRA. As a general guide:

• QRA will record the complaint, its supporting information and assign a unique identifier to the complaint file.
• An assessment will be conducted to determine if the privacy complaint is of a serious, complicated or urgent nature and if any health and safety concerns involved.

An initial attempt will be made to resolve a complaint or breach informally, where applicable. If the matter cannot be resolved informally, it will be escalated to a General manager who will decide if further action is required or an investigation will be conducted.

QRA will notify the complainant about the outcome in writing.

The letter/email will include:

• the outcome of the investigation
• a clear explanation of how the decision was made
• an option to complain to the Office of the Information Commissioner (OIC) if the complainant is dissatisfied with QRA’s decision.

Where possible, QRA will contact the complainant over the phone and answer any questions they may have. Remedies which may be available include, a written apology, organisational change such as policies and procedures or if appropriate, an explanation as to how or why the breach occurred and steps QRA will take to avoid it recurring.

Privacy complaints are to be made in writing and identify a return address to send any notices to.

Anonymous complaints

Anonymity is the ability of a person to interact with QRA without identifying themselves. The ability to make an anonymous complaint will depend on the circumstance of the complaint. Where the complaint is about general issues which requires QRAs attention but does not directly relate to the complainant, then generally there is no need to identify yourself.

Privacy Complaints can be made in writing

Post:

Queensland Reconstruction Authority Principal Information Officer
PO Box 15428
City East QLD 4002

Email: RTI@qra.qld.gov.au

QRA will provide a receipt of acknowledgement to your complaint within 5 working days of receiving your privacy complaint.

QRA has a minimum of 45 business days to respond to a privacy complaint. If the complainant has not received a response from QRA within 45 business days, or if a complainant is not satisfied with the response, the complainant may refer the matter to the Office of the Information Commissioner.

Records Management

Information Privacy Act 2009 must be applied when managing customer complaints. QRA must handle all personal information including collection, storage, use and disclosure of personal information. The business area responsible for managing complaints, must ensure accurate records are made and kept for as long as they are required. Records associated with complaints must be managed in accordance with the Public Records Act 2002.