This policy sets out how the Clean Energy Regulator (the Agency) collects, holds, uses and discloses personal information. Among other things, it sets out the kinds of personal information that the Regulator collects and holds, and how that information is likely to be used and disclosed, including in some instances to overseas recipients.
It applies to all personal information collected, held and disclosed by the Clean Energy Regulator. The Regulator, its employees and consultants must have regard to this policy in their dealings with personal information on behalf of the Agency.
In some circumstances, depending on the terms of the contractual arrangement, it also applies to third parties that are contracted to perform services on behalf of the Agency.
Includes any consent that is expressed or implied by an individual. There are four key elements:
Consent may be given orally or in writing.
Top of page
The Clean Energy Regulator (the Agency) is an independent statutory authority established by the
Clean Energy Regulator Act 2011. The Clean Energy Regulator is the government body responsible for administering legislation to reduce carbon emissions and increase the use of clean energy.
The Agency administers:
These legislative schemes support Australia's transition to a low carbon economy through an informed and efficient market for carbon and investment in renewable energy.
The Agency has administrative responsibilities in relation to:
Top of page
We respect an individual's right to privacy under the
Privacy Act 1988 (the Privacy Act) and we comply with the Privacy Act's requirements in respect of the management of personal information.
In general terms, "personal information" means any information or an opinion about an identified individual, or an individual who is reasonably identifiable, regardless of whether (i) the information or opinion is true or not, and (ii) recorded in a material form or not.
We collect, use, store and from time to time disclose information (including personal information) for purposes directly related to our statutory functions and activities, including the administration of the legislative schemes (refer 2. The Agency). We also deal with personal information in the performance of corporate operations related to those functions (including recruitment, workplace health and safety, contracts and tenders and other activities).
We mainly deal with the following kinds of personal information:
The term 'sensitive information' refers to a particular kind of personal information. We may collect sensitive information about individuals including:
that is also personal information, and
We do not usually collect genetic or biometric information about a person that is not health information.
An individual may choose to deal with us anonymously by or using a pseudonym. However, this principle does not apply if:
If an individual chooses to deal with us anonymously or by using a pseudonym, some or all of the following may happen:
Top of page
The Clean Energy Regulator only collects personal information (other than sensitive information) where the information is reasonably necessary for, or directly related to one or more of the Agency's functions or activities. Usually we collect personal information directly from the individual(s) to whom the personal information relates and/or their authorised representative (an agent). In some circumstances, we collect personal information from third parties. We collect personal information only by lawful and fair means.
We collect solicited personal information in a number ways that include:
We do not collect 'sensitive information' about an individual (as described in
We collect personal information from third parties in the following circumstances:
These third parties may include:
Cookies are pieces of information that a website can transfer to a computer when a person accesses information on that site. Cookies can make websites easier to use by storing information about a person's use and preferences on a particular website. This information may remain on the computer after the user closes the browser.
We do not collect personal information about a person who only browses the Clean Energy Regulator website.
The Clean Energy Regulator website uses session cookies during a search query of our website. Applications accessed from the website also use session cookies. When a user closes their browser, the session cookie is destroyed and no personal information is kept which might identify the user to us in the future.
The Clean Energy Regulator sometimes makes use of online services to assist us in the delivery of our services and activities. These commercial, online services collect, hold and provide us with access to personal information submitted to them by the user. These online services may hold information on overseas servers.
If a user is directed to these services from the Clean Energy Regulator webpage or from an email request, we will notify the user that he or she is leaving the Clean Energy Regulator web environment and providing information to us through a third party.
At or before the time we collect personal information (or as soon as practicable afterwards), we will usually provide the individual concerned with a notice (also known as a 'Privacy Notice' or an 'APP Notice') containing the following information:
From time to time, we receive personal information that we have not requested. This is known as 'unsolicited personal information' and includes:
If we receive unsolicited personal information and we decide that we would not have been permitted to collect it under the Australian Privacy Principles, we will take reasonable steps to destroy or de-identify the information as soon as practicable, unless it is contained in a 'Commonwealth record' (as defined in the
Archives Act 1983) or it is unlawful or unreasonable to do so. The Australian Privacy Principles set out how we should deal with the personal information in these circumstances.
We collect personal information so that we can perform our functions and activities.
We collect personal information for the following purposes:
Top of page
The Clean Energy Regulator is bound by the secrecy provisions in Part 3 of the
Clean Energy Regulator Act 2011 (Clean Energy Regulator Act). Part 3 of the Clean Energy Regulator Act prohibits the disclosure and use of information that was obtained by a person in the person's capacity as an official of the Clean Energy Regulator and relates to the affairs of a person other than an official of the Regulator. This prohibition does not apply where:
For information held by the CER and collected before 2 April 2012 under either the
National Greenhouse Energy and Reporting Act 2007 or the
Renewable Energy (Electricity) Act 2000, the CER is bound by the preserved secrecy provision of those Acts.
We use and disclose personal information for the primary purpose that it was collected. For example, we primarily use personal information when assessing eligibility to participate in one of the schemes we administer.
Before using personal information for any other purposes (known as 'secondary purposes'), we will ensure that the individual has consented to the use or disclosure of the information, or that one of the following circumstances applies:
We routinely disclose personal information to the following type of entities:
In addition, the Agency is required by certain laws (including
Clean Energy Regulator Act 2011,
Clean Energy Act 2011,
Renewable Energy (Electricity) Act 2000,
National Greenhouse and Energy Reporting Act 2007,
Carbon Credits (Carbon Farming) Act 2011,
Australian National Registry of Emissions Units Act 2011) to publish certain information, including some personal information, on our website. This information is available to the general public.
The Agency takes such steps as are reasonable in the circumstances to protect personal information from misuse, interference and loss and from unauthorised access, modification or disclosure. We may hold personal information in either electronic or hard copy form.
Personal information that is contained in electronic form or hard copy is secured in accordance with our information handling practices.
However, as our website is linked to the internet, and the internet is an insecure environment, we cannot provide any assurance regarding the security of transmission of information communicated with us or that such information will not be intercepted while being transmitted over the internet.
Enforcement-related personal information is usually held in a restricted database. Appropriate security clearances and authorisation (i.e. a need to know) are required to access such information.
We take such steps as are reasonable in the circumstances to delete or de-identify (sanitise) personal information that is no longer required any permitted purpose, unless the personal information is contained in a 'Commonwealth record' or it is unlawful to do so.
We destroy hard copy documents containing personal information (of the sort we are permitted to destroy) by shredding them or by disposing of them in a security classified waste bin.
Personal information contained in undelivered emails or returned post is deleted or otherwise put beyond use.
We may disclose personal information to third parties who are not located in Australia or an external territory for some of the purposes listed in paragraph 13 of this Policy.
We usually take such reasonable steps as are necessary in the circumstances to ensure that the overseas recipients of personal information do not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) relating to personal information.
However, we are not required to take such steps in the following situations:
We take reasonable steps to ensure that access to personal information both within the Agency and by third parties is permitted only for legitimate purposes and on a 'need to know' basis.
An individual (or an authorised representative, such as a lawyer or person exercising a power of attorney) may request access to any personal information by contacting the Agency's Privacy Contact Officer (refer 20. Privacy Contact Officer for details). The request does not have to be made in writing or by using a designated form.
Generally speaking, we will give access to personal information within 30 days of receiving the request and in the manner requested (if it is reasonable and practicable to provide it that way). We will need to verify the person's identify (or that of another person authorised to make the request) before providing access. We will not charge for making the request of for giving access to the personal information.
In some circumstances it may be more appropriate for a person to make a formal request for access to the personal information under the
Freedom of Information Act 1982. For example, where a document is likely to contain personal or business information about a person other than the requestor.
In any event, there may be instances where we must refuse to give access to the personal information. For example, we may be required or authorised to refuse access by or under the
Freedom of Information Act 1982 or another Act of the Commonwealth that provides for access by persons to documents. In this case, we will give the requestor a written notice setting out the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so, within 30 days of receipt of the request. We will also provide information about how to complain about the refusal, should the requestor wish to do so.
If an individual believes that the personal information we hold is incorrect, incomplete or inaccurate, the individual may ask us to correct the information. However, if we decide not to correct the information, we will give the individual a written notice setting out the reasons for the refusal except to the extent it would be unreasonable to do so, within 30 days of receipt of the request, to correct the information. We will also provide information about how to complain about the refusal to correct the information, should the requestor wish to do so.
Even if an individual does not ask us to correct personal information, we are required to take such steps (if any) as are reasonable in the circumstances to correct personal information if we are satisfied that, having regard to the purpose for which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
Top of page
Complaints about the treatment of personal information (including a possible breach of privacy) by the Agency must be made in writing (a letter or email), addressed to the Privacy Contact Officer. We will treat complaints confidentially. We will respond within a reasonable time after receipt of the complaint (usually 30 days).
If an individual is not satisfied with our response, they may make a further complaint to the Australian Information Commissioner. Details of how to make a complaint are available on the
Office of the Australian Information Commissioner website.
Top of page
Privacy Contact Officer Clean Energy Regulator GPO Box 621
CANBERRA ACT 2601
Phone: 02 6159 3556
About The Clean Energy Regulator
Carbon Farming Initiative
Carbon Pricing Mechanism
National Greenhouse And Energy Reporting
Renewable Energy Target
Emissions Reduction Fund
Our Systems And Their Resources
Clean Energy Markets
Data and information
Subscribe to email updates
The Clean Energy Regulator is a Government body responsible for accelerating carbon abatement for Australia.
Follow us on Twitter
Follow us on LinkedIn