Oceania Cyber Security Centre’s Privacy Policy

The Oceania Cyber Security Centre (OCSC) respects and is committed to maintaining the privacy of all people who engage with us either via our websites, social media or through any of our research or other projects. This policy (Privacy Policy) governs how OCSC deals with the collection, security, quality, use and disclosure of Personal Information, and is in accordance with the Australian Privacy Principles (APP’s) and the Privacy Act 1988 (Cth) (Privacy Act)

Your use of our sites indicates that you accept the Privacy Policy, and consent to the collection and use by us of your Personal Information according to the terms below. OCSC may from time to time amend the Privacy Policy, and users are advised that continued use of our sites following amendment is deemed confirmation of acceptance.

Definition of Personal Information

In alignment with the Privacy Act, “Personal Information” is defined as:

  1. ’Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
  2. Whether the information or opinion is true or not; and
  3. Whether the information or opinion is recorded in a material form or not.’

The following are all examples of Personal Information:

  1.  ‘Sensitive information’ (includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record, provided the information or opinion otherwise meets the definition of personal information)
  2. ‘Health information’ (which is also ‘sensitive information’
  3. ‘Credit information’
  4. ‘Employee record’ information, and
  5. ‘Tax file number information’.

Collection of Personal Information

OCSC only collects Personal Information where necessary to conduct our research and associated project activities. The nature of the Personal Information which is held by us will vary depending on the nature of the interaction between you and the OCSC. OCSC may collect information in a variety of ways including (but not limited to) by phone, text, electronic/forms completed and provided to us via our websites or by email, fax, social media activities and newsletters.

OCSC will only collect Personal Information which identifies you when we, you or one of our research partners expressly provides it as part of our research activities (for which you will have provided consent). If we do collect identifiable data, it may include names, mail and email addresses, phone numbers. As you would reasonably expect, we may also collect data for providing you with updates through our services. We may also collect website and mobile apps statistics (which includes pages accessed and search terms used) but this information is not identifiable.

Use and Disclosure of Personal Information

OCSC uses Personal Information only to fulfil and undertake research projects and other activities and to provide certain services and advice.

You acknowledge that we may use your Personal Information to provide you with updated information on new projects, to alert you to events that we may organise or to conduct surveys or engage in other marketing purposes for which you would expect us in reasonable circumstances to communicate with you.

Subject to the exceptions listed in the Act, information which identifies individuals will stored securely, only be accessed by authorised OCSC staff and our project partners if applicable, or professional advisers if required, all of whom are bound by the Privacy Act and this Privacy Policy. We will not give your personal information to advertisers and other unrelated or unaffiliated organisations without your consent.

You acknowledge that OCSC’s obligation to disclose Personal Information may involve disclosure to entities located outside Australia (for example in relation to one of our research projects such as a foreign nation state). Where OCSC is required or authorised to disclose your Personal Information, you consent to the disclosure of your Personal Information to selected foreign entities. We may also disclose Personal Information to overseas recipients when storing Personal Information with “cloud” service providers which may be situated outside Australia. Therefore, accepting this policy, you are also accepting the terms and conditions of third parties where the OCSC stores Personal Information.

Security of Information

OCSC will take all reasonable steps to ensure your Personal Information is protected from modification, misuse, disclosure, loss and unauthorised access. We also take reasonable steps to destroy or permanently de-identify Personal Information which is no longer needed for the purposes described in this Privacy Policy. OCSC may use Google Analytics or equivalent social media and other software to collect traffic data on the use of our website for continuous improvement purposes.

Access and Correction of Personal Information

Under the APPs and the Privacy Act, an individual has the right to obtain access to any Personal Information which OCSC holds about them and to advise of any perceived inaccuracy. There are some exceptions to this right set out in the Act. To make a request to access or update any Personal Information OCSC holds about you, please contact the OCSC Director on info@ocsc.com.au.

As OCSC relies on the accuracy of the information you provide us, please notify us of any changes to your personal information details. We will require you to verify your identity and specify what information you require updating.

Enquiries and Complaints

If you would like further information about the way OCSC manages the Personal Information it holds, or wish to complain that you believe that OCSC has breached the APPs, please contact the OCSC Director on info@ocsc.com.au

OCSC and its Project Partners will make every effort to respond within a reasonable time. If you are not satisfied with the way a complaint is handled by either OCSC or its Project Partners, you are entitled to have your complaint reviewed under the Privacy Act. Please refer to the Office of the Australian Information Commissioner’s (OAIC) website at www.oaic.gov.au. The contact details for the OAIC is enquiries@oaic.gov.au.

Mandatory Data Breach Notification

OCSC and its Project Partners are committed to doing all that they can to protect data and personal information. As the internet is inherently insecure no matter how many protection measures are taken, should there be a data breach, OCSC and/or its Project Partners may, in compliance with the law, notify the relevant parties as soon as practicable.

In the case of what is known under the law as an ‘eligible data breach’, OCSC and/or its Project Partners may notify the relevant parties of what has occurred, what information is involved, what the implications may be, what can be done and what OCSC and/or its Project Partners will do in the specific circumstances.