Go to top of page

AUSTRAC privacy policy


Purpose of this policy

The purpose of this privacy policy is to provide information about the personal information AUSTRAC collects, how that information will be handled, and how you can access your personal information or make a complaint about AUSTRAC's handling of the information.

Back to top

Personal information

AUSTRAC ensures the protection of any personal information it receives, as required by the Privacy Act 1988 (Privacy Act). 'Personal information' is defined in the Privacy Act as:

information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

On 12 March 2014, the Privacy Act will be amended and the new definition of 'personal information' will be:

information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a) whether the information or opinion is true or not; and
b) whether the information or opinion is recorded in a material form or not.

As well as AUSTRAC's obligations under the Privacy Act, most of the personal information obtained by AUSTRAC is defined as ‘AUSTRAC information’ and is protected from unauthorised use and disclosure, under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).

Back to top

Collection of personal information

AUSTRAC collects personal information only by lawful and fair means to fulfil the objects of, and the AUSTRAC Chief Executive Officer’s (CEO's) functions under, the AML/CTF Act and the Financial Transaction Reports Act 1988 (FTR Act). AUSTRAC’s collection of personal information is required or authorised by those Acts and the Privacy Act.

The AUSTRAC CEO's functions under section 212 of the AML/CTF Act include:

  • to provide advice and assistance, including analysis, in relation to AUSTRAC information, to the persons and agencies who are entitled or authorised to access AUSTRAC information
  • to advise and assist the representatives of reporting entities in relation to compliance by reporting entities with the AML/CTF Act, the regulations and the AML/CTF Rules
  • to promote and monitor compliance with the AML/CTF Act, the regulations and the AML/CTF Rules.

In performing the AUSTRAC CEO's functions, the CEO must consult with:

  • reporting entities or the representatives of reporting entities
  • the Commissioner of the Australian Federal Police
  • the Chief Executive Officer of the Australian Crime Commission
  • the Commissioner of Taxation
  • the Chief Executive Officer of Customs
  • the Information Commissioner, regarding matters that relate to the privacy functions (within the meaning of the Australian Information Commissioner Act 2010).

AUSTRAC collects personal information from individuals, third-party entities, Commonwealth, State and Territory agencies, and public sources. The information is either from compulsory reports or authorised receipts of information under the AML/CTF Act, FTR Act and other relevant legislation.

The Privacy Act requires agencies, as soon as practicable after collecting personal information, to take such steps (if any) as are reasonable in the circumstances to notify individuals of the collection of their personal information. Due to the secrecy restrictions in the AML/CTF Act and as a consequence of the high volume of personal information received, it is neither legally possible nor practicable for AUSTRAC to notify individuals of the receipt of personal information from third-party entities.

Back to top

Collection of personnel and security information

AUSTRAC also collects personal information about its staff, secondees and contractors (and applicants for those positions) for personnel, security and related purposes. That collection is authorised by common law and Commonwealth laws, including:

  • Public Service Act 1999
  • Public Interest Disclosure Act 2013
  • Safety, Rehabilitation and Compensation Act 1988
  • Work Health and Safety Act 2011
  • Long Service Leave (Commonwealth Employees) Act 1976
  • Protective Security Policy Framework
  • Maternity Leave (Commonwealth Employees) Act 1973
  • Paid Parental Leave Act 2010
  • Superannuation Act 1976
  • Superannuation Act 1990
  • Superannuation Benefits (Supervisory Mechanisms) Act 1990
  • Superannuation Guarantee (Administration) Act 1992
  • Superannuation Productivity Benefit Act 1988.

Back to top

Use of personal information

Your personal information will not be used for any purpose other than the purposes for which it was collected, unless:

  • such use is authorised or required by law (including where the use meets an exception in the Information Privacy Principles - from 12 March 2014 the Australian Privacy Principles - set out in the Privacy Act); or
  • you have consented to the use.

Back to top

Disclosure of personal information

AUSTRAC will not disclose personal information about you except where it is:

  • in accordance with the law, including to agencies and entities covered by Part 3 and Part 11 of the AML/CTF Act
  • authorised by you in a contract between you and AUSTRAC
  • in accordance with consent granted by you.

AUSTRAC also discloses personal information to certain overseas recipients who are authorised under Part 11 of the AML/CTF Act, or authorised or required by another law, to receive AUSTRAC information. AUSTRAC has signed exchange instruments with counterpart agencies in the countries to which AUSTRAC disseminates information. AUSTRAC’s international information disclosure arrangements require that foreign recipients give appropriate undertakings protecting the confidentiality and controlling the use of the personal information.

The list of countries and agencies who receive AUSTRAC information and have an exchange instrument is available on the Exchange instruments list page.

Back to top

Disclosure of personnel and security information

Personnel and security information is disclosed to Commonwealth agencies, law enforcement agencies, health providers and advisors, and other persons authorised by Commonwealth, State or Territory law to receive it. It is also disclosed to other entities to whom you give AUSTRAC consent to disclose personnel and/or security information.

Examples of agencies AUSTRAC may disclose personnel or security information to are: financial institutions, the Ombudsman, Comcare, the Australian Public Service Commission, Australian Government Security Vetting Agency, Australian Commissioner for Law Enforcement Integrity, Comsuper, Australian Taxation Office and Merit Protection Commissioner.

Back to top

Further information about personal information

AUSTRAC's personal information digest provides more detailed information about the kinds of personal information AUSTRAC collects, how that information is collected and the purposes for which it is collected, held, used and disclosed.

AUSTRAC’s annual report contains further information about AUSTRAC’s collection, handling and disclosure of personal information, including more information about international disseminations.

Back to top

Accessing or correcting personal information

AUSTRAC aims to ensure that the personal information it holds is accurate, up-to-date and complete. Please ensure any information you provide is accurate, up-to-date and complete, and notify AUSTRAC if you believe it holds information that is outdated, inaccurate or incomplete.

You are entitled to access your personal information held by AUSTRAC, subject to some conditions and exceptions imposed by law. AUSTRAC’s personal information digest contains information about how an individual may access their personal information.

Requests for correction of personal information may be made under the provisions of the Freedom of Information Act 1982 (FOI Act) by contacting the FOI Contact Officer (details below).

Back to top


Complaints about breaches of the Information Privacy Principles (from 12 March 2014, the Australian Privacy Principles) by AUSTRAC may be made to the FOI Contact Officer, or through the AUSTRAC Contact Centre.

The FOI Contact Officer may be contacted by telephone on (02) 6120 2631, email to INFO_ACCESS@austrac.gov.au or by writing to:

Freedom of Information Officer
C/- Attorney General’s Department
3-5 National Circuit

The AUSTRAC Contact Centre may be contacted at contact@austrac.gov.au.

AUSTRAC's privacy complaints information page explains how AUSTRAC deals with complaints about breaches of privacy.

Back to top

Other information relevant to your privacy

Visiting AUSTRAC’s website

When visiting this website, a record of your visit is logged and information is automatically recorded for statistical purposes to enable us to improve this site and our services. This information does not identify you personally and AUSTRAC does not track information about individuals and their visits.

Your web browser supplies information that includes:

  • your internet domain (for example, 'company.com.au' if you use a private internet access account, or 'yourschool.edu.au' if you connect from an educational institution) and the IP address from which you access our website
  • the type of web browser used (for example, Internet Explorer V 10)
  • your computer's operating system (for example, Windows or OS X)
  • the date and time you access this site
  • the pages you visit and any documents downloaded
  • if you followed a link to the AUSTRAC website from another website - the address of that website.

No attempt will be made to identify users or their browsing activities except where otherwise required or authorised by law. For example, in the event of an investigation, a law enforcement agency may exercise its legal authority to inspect the service provider's logs.


AUSTRAC's website does not use cookies.


When AUSTRAC receives information from you, either via email or any other means, the information is stored in a secure environment.

You need to be aware that there are inherent risks associated with the transmission of information via the internet. Although AUSTRAC has implemented security measures, it is not possible to provide absolute guarantees as to the security of data provided via an online transmission.

If you have concerns in this regard, AUSTRAC has alternative methods of obtaining and providing information. Normal mail, telephone and fax facilities are available.

Links to other sites

This website has links to other related websites. When you transfer to another site, AUSTRAC cannot take responsibility for the protection of your privacy. You are subject to the terms of the new site, and should familiarise yourself with the privacy policy of that site.

Back to top

Last modified: 09/07/2018 11:38