Information Privacy Complaints Procedure
Queensland Reconstruction Authority (QRA) is committed to maintaining and enhancing public confidence in QRA by creating an environment that encourages feedback and manages complaints in a responsive, timely and fair manner.
Scope and coverage
A privacy complaint is a complaint made by or on behalf of an individual about an act or practice of QRA, in relation to the individual’s personal information. For this procedure, the following are not classified as complaints:
- questions, enquiries and requests for information or action
- feedback obtained during public consultation processes
- feedback received about matters outside the direct responsibility of QRA
- feedback received about another agency or organisation
- complaints that are primarily contractual disputes.
This procedure does not modify or revoke any legislative requirements or appeal processes that apply to managing particular types of complaints, such as:
- complaints alleging criminal or corrupt conduct
- public interest disclosures made under Public Interest Disclosure Act 2010
- customer complaints or complaints made about the CEO
- complaints made under the Industrial Relations Act 2016 or
- complaints made under the Human Rights Act 2019.
Privacy Complaints Management System
A privacy complaint is considered to be an expression of dissatisfaction with QRA’s policies, products, services, or employees. An individual is able to make a complaint about an act or practice of QRA in relation to the individuals personal information that has breached its obligations under the Information Privacy Act 2009 (IP Act) to comply with the:
- Privacy principles; or
- An approval under section 157 of the IP Act.
Requirements for privacy complaint
- The Privacy complaint must be made in writing.
- An address must be provided where notices will be forwarded to.
- Provide the particulars of the act or practice complained of.
Information to be included in a privacy complaint
In order for QRA to properly and efficiently respond to your privacy complaint, you should ensure your complaint contains sufficient information and the outcome you are seeking:
- What happened and where did it happen?
- When did it happen and who was involved?
- If possible, identify the information privacy principles that have been breached and how your personal information may have been mishandled.
- What outcome are you seeking?
Receipt and acknowledgement of complaint
Upon receipt of a complaint within QRA, the receiving officer will create an entry into QRA’s electronic document and records management system and the complaints register. The information recorded in the complaints register will include:
- complainants name and address where the notices will be sent to
- the nature of the complaint
- the complaint outcome
- time taken to resolve the complaint.
Privacy complaints will be acknowledged within 5 working days of receipt.
Assessment, investigation and action of complaint
Reasonable steps will be taken to ensure that QRA will deal with all complaints fairly and professionally. Complaints are assessed, managed and responded to by the RTI/IP officers of QRA. As a general guide:
- QRA will record the complaint, its supporting information and assign a unique identifier to the complaint file.
- An assessment will be conducted to determine if the privacy complaint is of a serious, complicated or urgent nature and if any health and safety concerns involved.
An initial attempt will be made to resolve a complaint or breach informally, where applicable. If the matter cannot be resolved informally, it will be escalated to a General manager who will decide if further action is required or an investigation will be conducted.
Resolution, outcome and options for review
QRA will notify the complainant about the outcome in writing.
The letter/email will include:
- the outcome of the investigation
- a clear explanation of how the decision was made
- an option to complain to the Office of the Information Commissioner (OIC) if the complainant is dissatisfied with QRA’s decision.
Where possible, QRA will contact the complainant over the phone and answer any questions they may have. Remedies which may be available include, a written apology, organisational change such as policies and procedures or if appropriate, an explanation as to how or why the breach occurred and steps QRA will take to avoid it recurring.
How to make a complaint
Privacy complaints are to be made in writing and identify a return address to send any notices to.
Anonymity is the ability of a person to interact with QRA without identifying themselves. The ability to make an anonymous complaint will depend on the circumstance of the complaint. Where the complaint is about general issues which requires QRAs attention but does not directly relate to the complainant, then generally there is no need to identify yourself.
Privacy Complaints can be made in writing
Queensland Reconstruction Authority Principal Information Officer
PO Box 15428
City East QLD 4002
QRA will provide a receipt of acknowledgement to your complaint within 5 working days of receiving your privacy complaint.
QRA has a minimum of 45 business days to respond to a privacy complaint. If the complainant has not received a response from QRA within 45 business days, or if a complainant is not satisfied with the response, the complainant may refer the matter to the Office of the Information Commissioner.
Information Privacy Act 2009 must be applied when managing customer complaints. QRA must handle all personal information including collection, storage, use and disclosure of personal information. The business area responsible for managing complaints, must ensure accurate records are made and kept for as long as they are required. Records associated with complaints must be managed in accordance with the Public Records Act 2002.
The Human Rights Act 2019 places obligations on public entities to be compatible with human rights when acting or making a decision. Human rights should infiltrate the consideration of all complaints, not just those where a breach of a human right is specifically alleged by the complainant.
The following definitions apply for this policy:
|Expression of dissatisfaction, orally or in writing, about the products, policies, services or actions of QRA and/or the associated conduct of officers, or representatives of QRA
|A person who made a complaint
|As defined under Section 164 of the Information Privacy Act 2009
- Information Privacy Act 2009
- Human Rights Act 2019
- Public Interest Disclosure Act 201
- Ombudsman Act 2001
- Health Ombudsman Act 2013
- Crime and Corruption Act 2001
- Public Service Act 2008
- Customer complaints Policy
- Customer complaints procedure
- Dealing with a complaint involving the Chief Executive Officer procedure
- Managing employee complaints policy and procedure
- Managing corrupt conduct procedure
- Privacy Plan
- Public Interest Disclosure procedure
Version 1.1 Final, Date 31 July 2021, Approved by CEO.
(QRA CM Reference: CM DOC/22/14351 and QRABN/21/1211)