Purposes for collection
We only collect personal information that is reasonably necessary for, or directly related to, one or more of our functions or activities under the legislation we administer. For further information, see The laws ASIC administers.
We collect personal information to:
- handle reports of misconduct lodged with us, monitor compliance with the laws we administer, and identify, investigate and take enforcement action in relation to contraventions of those laws
- assist us to fulfil our statutory obligations, such as administering registration and licensing regimes, granting relief from regulatory requirements, and dealing with unclaimed property
- enable us to consult with stakeholders and consider and determine policy
- cooperate with foreign regulators and law enforcement agencies
- deal with and assess complaints about our conduct
- manage our employees, contractors and service providers
- enable users to access our online tools and systems
- enable us to provide subscription services to people who have chosen to take part in those services.
How we collect information
We collect personal information from individuals or their authorised representatives.
In some circumstances we may collect personal information about individuals from third parties. This includes:
- personal information collected from third parties about individuals who are the subject of reports of misconduct made to us
- personal information collected from third parties about individuals in the course of our compliance or investigation activities.
- information provided to us in the course of our registration, licensing and other statutory functions that contains personal information about individuals
- information provided to use in other documents, such as tender documents and curriculum vitaes, that contain personal information about individuals.
The Australian Privacy Principles place a general obligation on Australian Government agencies to inform individuals when they collect personal information about them from third parties. However, in many cases where we collect information from third parties, we do not inform the individuals because one of the following exceptions applies:
- we expect that the individual would have consented to us collecting the information
- we are required or authorised to collect the personal information from third parties by law
- it would not be reasonable for the individual to know that we have collected the information because, for example, it may relate to the investigation of a report of misconduct.
The Australian Privacy Principles require Australian Government agencies to allow individuals the option of not identifying themselves, or using a pseudonym, when dealing with the agency when it is lawful and practicable to do so.
We generally provide individuals with the option of not identifying themselves or using a pseudonym. However, on many occasions we will not be able to do this. Examples include:
- people registering a business name or applying for an Australian financial services licence will need to provide their name and address
- whistleblowers seeking protection under the Corporations Act 2001 must provide us with their name.
Consequences of not providing information
If we ask an individual to voluntarily provide personal information to us, there are no punitive consequences if they do not provide any or all of the information to us. However, there may be other consequences; for example:
- they may not being able to make the most of our services
- we may not be able to process an application for a licence
- we may not be able to properly investigate or resolve a report of misconduct made by the individual
- we may issue a compulsory notice seeking the information.
If we compel someone to provide personal information to us (for example, under s33 of the ASIC Act), or they are required to provide personal information to us in compliance with another statutory obligation, they may commit an offence or be subject to a penalty if they fail to provide all or any of the personal information to us. If we issue a compulsory notice to an individual, we will inform them of the offences and penalties for a failure to comply with that notice.
We only use personal information which we have collected for the purpose for which it was collected, unless one of the following applies:
- the individual consents to us using, or would reasonably expect us to use, the information for a different purpose
- we are required or authorised by law to use the information
- we reasonably believe that the use or disclosure is necessary for our enforcement activities.
We are required or authorised to collect, use or disclose personal information by or under a variety of laws. They include the following:
- ASIC Act
- Corporations Act 2001
- Business Names Registration Act 2011
- Insurance Contracts Act 1984
- Superannuation Industry (Supervision) Act 1993
- Retirement Savings Accounts Act 1997
- Life Insurance Act 1995
- National Consumer Credit Protection Act 2009.
The types of bodies or persons to which we usually disclose personal information collected by us include the following:
- lawyers and other service providers who we engage to assist us with our functions
- other law enforcement agencies (such as the Australian Federal Police)
- other government agencies (such as the Australian Taxation Office)
- the Australian Securities Exchange
- courts and tribunals
- foreign regulators (for further details of our arrangements with foreign regulators, see International activities)
- the public, if the personal information is required to be published in a register that can be searched by the public, in the Government gazette or on our website
- parliamentary committees exercising their oversight functions
- applicants under the Freedom of Information Act 1982.
We only disclose personal information for the purpose for which it was collected, or for another purpose if one of the following applies:
- the individual consents to us using or disclosing, or
- would reasonably expect us to use or disclose, the personal information
- we are required or authorised by law to use or disclose the information
- we reasonably believe the use or disclosure is necessary for our or other agencies' enforcement activities.
Storage and security of information
We store personal information in both electronic IT systems as well as paper files.
We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and other misuse. These steps include password protection and access privileges for accessing our IT systems, securing paper files in locked cabinets, and physical access restrictions.
When no longer required, personal information is destroyed in a secure manner after it has met the destruction date identified in a records authority issued by the National Archives of Australia.
Visiting our website
When you browse our website, our service provider logs the following information for statistical purposes – your server address, top level domain name (for example, .com, .gov, .au, .uk), the date and time of your visit, the pages accessed, documents downloaded, the previous site visited, and the type of browser used.
We do not identify users or their browsing activities except, in the event of an investigation, where a law enforcement agency may be entitled to inspect the service provider's logs.
If you make a payment by credit card online, we will collect information such as your email address, name and credit card details to enable us to process your payment and provide you with a payment receipt.
The Privacy Act allows individuals to seek access to records containing their personal information. The Freedom of Information Act 1982 at s48 also sets out the process by which you can access, change or annotate records we hold that contain your personal information.
You can obtain further information about how to request access to the information by emailing us at email@example.com or writing to us:
Commission Counsel (Privacy Team)
Australian Securities and Investments Commission
GPO Box 9827
SYDNEY NSW 2001
The Privacy Act also allows individuals to request correction of records containing their personal information. You can make a request for correction or a complaint about breaches of the Australian Privacy Principles by us by submitting a complaint online or writing to us:
Complaints Officer (Privacy)
Australian Securities and Investments Commission
GPO Box 9827
SYDNEY NSW 2001