2.1 Collection of personal information
The NDIS Commission may collect personal information about you from you, your representative or a third party. We generally use forms, online portals and other electronic or paper correspondence to collect this information. The NDIS Commission or people acting on its behalf (e.g. contracted service providers) may collect information directly. The NDIS Commission may also obtain personal information collected by other Commonwealth agencies, State or Territory government bodies, or other organisations. From time to time, the NDIS Commission may receive personal information from members of the public without it being requested.
The NDIS Commission collects and holds a broad range of personal information in records relating to:
- employment and personnel matters for NDIS Commission staff and contractors (including security assessments)
- the performance of the NDIS Commission’s legislative and administrative functions
- individuals participating in the National Disability Insurance Scheme (NDIS)
- registered NDIS providers
- staff of NDIS providers
- individuals participating in any NDIS Commission funded programs and initiatives
- the management of contracts and funding agreements
- the management of fraud and compliance investigations
- the management of audits (both internal and external)
- correspondence from members of the public to the NDIS Commission and the Minister of the Department of Social Services
- complaints (including privacy complaints) made and feedback provided to the NDIS Commission
- requests made to the NDIS Commission under the Freedom of Information Act 1982 (Cth)
- the provision of legal advice by internal and external lawyers.
The NDIS Commission will not ask you for any personal information which we do not need. The Privacy Act requires that we collect information for a purpose that is reasonably necessary for, or directly related to, a function or activity of the NDIS Commission.
When the NDIS Commission collects personal information, we are required by the Privacy Act to notify you of a number of matters. These include the purposes for which we collect the information, whether the collection is required or authorised by law and any person or body to whom we usually disclose the information. The NDIS Commission generally provides this notification by having Privacy Notices on our paper-based forms and online portals.