Skip to main content

Find disaster recovery services and support

First select disaster or event(s)Expand list
Select assistance typeExpand list

Privacy and Disclosures

The National Emergency Management Agency is committed to treating complaints seriously. This page provides information the Agency’s obligations for handling personal information under the Privacy Act 1988, how to raise concerns of wrongdoing under the provisions of the Public Interest Disclosure Act 2013, and procurements that are not in the public interest if suspended while a complaint is investigated.

Website Privacy Statement

This website is managed by the National Emergency Management Agency (the Agency).

This notification of collection outlines the Agency’s collection, use and disclosure of your personal information in relation to your use of this website in accordance with the Privacy Act 1988.

Further details about the Agency’s handling of personal information is contained in the Agency’s Privacy Policy (see below).

Collection of personal information

Clickstream data (information logged)

When visiting this site, a record of your visit is logged. This ‘clickstream data’ is collected for statistical purposes and is used to help improve this website and the experience of visitors.

The following information is supplied by your browser (for example Internet Explorer, Edge or Chrome) and collected by us:

your server address your operating system (for example Windows, MAC) your top-level domain name (for example .com, .gov) the date and time of your visit to the site the pages accessed and the documents downloaded the previous site visited the type of browser used



We will only disclose your personal information for a purpose other than the purpose for which it was given to us where we are authorised to do so pursuant to the Privacy Act.

Privacy Policy and contacting us 

The Agency's Privacy Policy contains information about the kinds of personal information the Agency may collect and hold, and the purposes for which the Agency may use and disclose personal information.

The Policy contains information about how you can seek access or correction to your personal information. It also contains details about how you can complain about a breach of the Privacy Act by us, and how we will deal with such a complaint.

If you have any additional questions about the National Emergency Management Agency's Privacy Policy, you can contact the Agency's Privacy Officer at:


The Privacy Officer

National Emergency Management Agency

GPO Box 133


If you fail to provide us with a minimum level of information (usually marked with an asterisk and generally, an email address), we may not be able to respond to you.

Subscription services

Personal information is collected by us when you subscribe to any subscription service on this website. The contact information you provide will only be used for the purposes of the subscription service. 

If you fail to provide the personal information requested when you subscribe, we may not be able to provide the subscription service to you.


When you email us personal information, or provide it to us through the ‘contact us’ options provided through this website:

we will record your email address and any other information submitted and use this information for the purpose for which you have provided it your email address will not be added to a mailing list, unless provided by you specifically for that purpose
Privacy Policy

Privacy obligations 

The Agency has obligations for handling personal information as outlined in the:

Privacy Act 1988 (Cth) (the Privacy Act), including the Australian Privacy Principles (APPs); and Australian Government Agencies Privacy Code (the Privacy Code).



The Privacy Officer

National Emergency Management Agency

GPO Box 133


This Policy is reviewed regularly and may be updated from time to time.

This Policy was last updated on: 3 June 2020

If your privacy complaint is not resolved to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC can receive privacy complaints through:

Online Via the online Privacy Complaint form (refer to the OAIC website)
Email (email that is not encrypted can be copied or tracked)

Office of the Australian Information Commissioner

Sydney Offices

GPO Box 5218

Sydney NSW 2001 

(if a person has concerns about postal security, they might want to consider sending their complaint by registered mail)

Fax +61 2 9284 9666

How to contact the Agency's Privacy Officer

Contact the Agency’s Privacy Officer if you want to:

Ask questions about the Agency's Privacy Policy, or if you need a copy of this Policy in an alternative format; Obtain access to or seek correction of your personal information held by the Agency; or Make a privacy complaint about the Agency.

Such third-party sites have their own privacy policies and may send their own cookies to your computer. We do not control the setting of third-party cookies and suggest you check the third-party websites for more information about their cookies and how to manage them.

Website analytics

We may use ‘cookies’ to improve your experience on the National Emergency Management Agency website. The Agency's website also uses Google Analytics, a service which transmits website traffic data to Google servers in the United States.

Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By using the National Emergency Management Agency website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above.

You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google. The Agency's website also contains links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites.

When you visit other websites from the Agency’s official website, it is advised that you be aware and read their respective privacy policies.

Accessing and correcting personal information

You have a right to request access to personal information we hold about you, and to request its correction. We will respond to requests for access or correction within 30 days.

The Privacy Act allows us to refuse access in certain cases, including where an exemption under the Freedom of Information Act 1982 (FOI Act) would apply.

Where we have refused access, we will give you reasons in writing. We will also provide you with information about how you can dispute the decision.

To request access to, or correction of, your personal information please contact the Agency's Privacy Officer. Discussing your request with the Agency's Privacy Officer will help us give you early guidance about your request. This may include guidance about whether your request is best dealt with under the Privacy Act, the FOI Act or another arrangement.

Privacy impact assessments

The Privacy (Australian Government Agencies – Governance) Australian Privacy Principles Code 2017 (the Code) requires agencies, including the Agency, to conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects.

PIAs completed by the Agency, since the Code commenced on 1 July 2018, are listed in the table below.

Date Title
17 February 2021 Joint PIA with the Department of Prime Minister and Cabinet [National Drought and North Queensland Flood Response and Recovery Agency] on proposed Client Relationship Management system

How to make a privacy complaint

If you are not satisfied with how we have collected, held, used or disclosed your personal information, you can make a formal complaint to the Agency's Privacy Officer. Your complaint should include:

A short description of your privacy concern, Any action or dealings you have had with staff of the Agency to address your concern; and Your preferred contact details so we can contact you about your complaint.

We may also collect information about how you use the National Emergency Management Agency's online services and applications. For example, we use social networking services such as Facebook, Twitter and LinkedIn to talk with and support the public. When you talk with us using these services, your personal information may be collected to communicate with you and the public.

These social networking services will also handle your personal information for their own purposes.

These services have their own privacy policies. You can access the privacy policies for these services on their websites.

How we use and disclose information

The Agency may use and disclose collected personal information for the purpose it was first collected. We will take reasonable steps to give you information about the reason for collection at the time of collection, or as soon as possible.

The Agency will only use and disclose your personal information for a secondary purpose if APP 6 allows it.

We may disclose personal information to overseas entities (such as a foreign government or agency) where this is a necessary part of Agency work. We will only do this with your consent or in other circumstances allowed by APP 8.

We may also use third party providers or websites such as Facebook, Twitter, Campaign Monitor, LinkedIn, YouTube and others to deliver or otherwise communicate content.

When personal information is collected from a third party, we take steps to inform of the collection. This may occur through this Privacy Policy, notices or discussions with staff.

If personal information that we hold is lost, or subject to unauthorised access or disclosure, we will respond in line with the Office of the Australian Information Commissioner's Data breach preparation and response —a guide to managing data breaches in accordance with the Privacy Act.

We aim to provide timely advice to affected individuals if a data breach is likely to result in serious harm.

Types of information held

In performing official functions, the Agency may collect and hold the following kinds of personal and sensitive information:

identity and contact details for individuals (e.g. name, phone, email and postal address), photographs, video recordings and audio recordings of individuals, information relating to personal circumstances (e.g. age, gender, cultural and linguistic background, disabilities and other family circumstances including spouses, carers and dependents), information relating to financial affairs (e.g. payment details, bank account details), other information relating to identity (e.g. date of birth, citizenship and visa status, passport details, drivers licence), information about employment (e.g. employment status and work history, education status, referee comments, salary), and government identifiers (e.g. tax file number).

How we collect personal information

The Agency may collect personal information from a person directly, or their authorised representative, or via a third party if permitted by law.

We may collect personal information in a range of ways, including through surveys, email and phone communication, forms or notices, online portals, and via the Agency's website.

You can also refer to the Agency's Privacy Notice for further information.

How we safeguard personal information

The Agency takes its obligations seriously to protect the personal information it holds.

We take reasonable steps to protect your personal information against misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include:

classifying and storing records securely as per Australian Government security guidelines, internal access to information is on a ‘need to know’ basis and only by authorised personnel, monitoring system access which can only be accessed by authenticated credentials, ensuring the Agency's buildings are secure, and regularly updating and auditing the Agency's storage and data security systems.

You can learn more about the Privacy Act and the Privacy Code on the Office of the Australian Information Commissioner website.

Why we collect personal information

We may collect personal information about you when it is reasonably necessary for, or directly related to, one or more of the Agency’s functions or activities. You can find out more about the Agency’s functions on the about section of the Agency's website.

Sensitive information about you may be collected where you consent, when the collection is authorised or required by law, or the collection is otherwise allowed under the Privacy Act. 

We collect personal information for purposes which include:

invitations for public submissions, feedback on review or reform processes, invitations to subscription services related to official news and information, undertaking recruitment, maintaining employment records and facilitating travel, facilitating events, appointments and official visits, administering honours and awards, delivering anniversary messages, coordinating official responses on behalf of the Agency, providing recovery assistance in relation to an emergency or disaster, and administering programmes and grants.

The Agency’s Privacy Policy outlines what kinds of personal and sensitive information we collect, why this information is collected, and how it is handled.

Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Sensitive information’ is a subset of personal information and includes information or an opinion about an individual’s:

racial or ethnic origin political opinions religious beliefs or affiliations philosophical beliefs sexual orientation criminal record health information genetic information.
Public Interest Disclosure

About Public Interest Disclosure 

Public Interest Disclosure (PID) is the reporting of wrongdoing in the Commonwealth public sector.

This may include conduct which you reasonably believe:

contravenes a law is corrupt perverts the course of justice results in a wastage of public funds or property is an abuse of public trust unreasonably endangers health and safety or endangers the environment is maladministration, including conduct that is unjust, oppressive or negligent.


PIDs to the National Emergency Management Agency can be made by:


Written correspondence to an authorised officer via:

Chief Operating Officer

National Emergency Management Agency

GPO Box 133

Canberra City ACT 2601


Making a Public Interest Disclosure

Public interest disclosures can be made by a public official. This includes:

any person who is, or was, employed by the Australian Government individuals employed by any Commonwealth companies, authorities and statutory agencies, the Parliamentary service, statutory officeholders service providers under contract to the Commonwealth and anyone employed by them.

Disclosures are about matters where investigation and correction is in the public interest. This does not include disagreements with government policy or expenditure.

Public Interest Certificate Log

A public interest certificate (PIC) is a document issued by the Coordinator-General of the National Emergency Management Agency (or their delegate) in accordance with section 22 of the Government Procurement (Judicial Review) Act 2018.

A PIC will state that it is not in the public interest for a particular procurement process to be suspended while applications for injunctions are being considered, or complaints are being investigated, under the Act.

The following PICs have been issued by the National Emergency Management Agency:

Procurement Date Issued
National Emergency Management Stockpile Panel 884KB 05/12/2023