Kinds of personal and sensitive information collected and held
The kinds of personal information we may collect and hold is determined by the reason for collection. It may include:
- name, address and contact details (e.g. phone, email and fax)
- photographs, video recordings and audio recordings of you
- information about the supports and services you have provided to NDIS participants and how you provided those supports and services
- information about your personal circumstances (e.g. marital status, age, gender, occupation, accommodation and relevant information about your partner or children)
- information about your financial affairs (e.g. payment details, bank account details and information about business and financial interests)
- information about your employment (e.g. work history, referee comments, remuneration)
- government identifiers (e.g. Centrelink Reference Number or Tax File Number) and/or
- information about assistance provided to you under the NDIS.
Sensitive information may include information about:
- your health
- your identity (e.g. date of birth, country of birth, passport details, visa details, drivers licence, birth certificates, ATM cards)
- your background (e.g. educational qualifications, the languages you speak and your English proficiency), and/or
- your criminal history.
The NDIS Act authorises the collection, use and disclosure of protected Commission information in certain circumstances, including where this is for the purposes of the NDIS Act. Where the collection of personal information is authorised or required under the NDIS Act and Rules, not providing the information may constitute a contravention of the NDIS Act, which may lead to a criminal or civil penalty. Where the NDIS Commission asks you to provide personal information voluntarily, you should consider your own privacy obligations and seek advice if necessary.
Use and disclosure of personal and sensitive information
The NDIS Commission may use or disclose some or all of the personal information collected from you for the purpose of performing the functions of the NDIS Commissioner under the NDIS Act such as in relation to the NDIS Worker Screening Database. This may include sharing information with the Worker Screening Units in States and Territories.
If authorised by the NDIS Act, the NDIS Commission may also disclose personal information to other relevant parties, including other Commonwealth, State or Territory agencies, regulatory bodies or professional associations. The NDIS Commission often makes disclosures of personal information to:
- the NDIA, including the NDIS Fraud Taskforce
- the Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability
- State and Territory Worker Screening Units
- Public Advocates
- Other regulators with a role that has a connection with NDIS supports and services
The NDIS Commission is not likely to disclose personal information to overseas recipients.
Personal and sensitive information obtained by us will only be used and disclosed for the purposes, and in the circumstances, outlined above and will not be used or disclosed without your consent for any other purpose or in other circumstances, except as authorised under the Privacy Act or where authorised or required by law, including by the NDIS Act.
Accessing and correcting your personal and sensitive information
How to make an enquiry, request or complaint
Enquiries, requests and complaints relating to the Privacy Act and the collection of your personal information can be made by:
- email: firstname.lastname@example.org(
- telephone: 1800 035 544
- mail: NDIS Commission Feedback, PO Box 210, Penrith NSW 2750
If you make a complaint regarding the collection, use or handling of your personal information we will deal with your complaint in accordance with the NDIS Commission’s Complaints and Feedback Policy