We only collect personal information that is reasonably necessary for, or directly related to, one or more of our functions or activities under the legislation we administer. For further information, see The laws ASIC administers.
How we collect information
We collect personal information from individuals, or their authorised representatives.
In some circumstances we may collect personal information about individuals from third parties. These include:
personal information collected from third parties about individuals who are the subject of reports of misconduct made to us
personal information collected from third parties about individuals in the course of our compliance or investigation activities
information provided to us in the course of our registration, licensing and other statutory functions may contain personal information about individuals
other documents provided to us, such as tender documents and curriculum vitaes, may contain personal information about individuals.
The Australian Privacy Principles place a general obligation on Australian Government agencies to inform individuals when they collect personal information about them from third parties. However, in many cases where we collect information from third parties, we do not inform the individuals because one of the following exceptions applies:
we expect that the individual will have consented to us collecting the information
we are required or authorised to collect the personal information from third parties by law
it would not be reasonable for the individual to know that we have collected the information because, for example, it may relate to the investigation of a report of misconduct.
Use and disclosure
We only use personal information for the purpose for which it was collected unless one of the following applies:
the individual consents to, or would reasonably expect us to use the information for a different purpose
we are required or authorised by law to use the information
we reasonably believe that the use or disclosure is necessary for our or other agencies' enforcement activities.
We only disclose personal information to bodies or persons if one of the following applies:
the individual has consented
the individual would reasonably expect us to disclose the personal information
we are required or authorised by law to disclose the information
we reasonably believe that the use or disclosure is necessary for our enforcement activities.
Security of information
We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. These steps include password protection and access privileges for accessing our electronic IT systems, securing paper files in locked cabinets and physical access restrictions.
Access, correction and complaints
You are entitled seek access to personal information we hold about you and request that we make corrections to that information. You may also make a complaint about our handling of your personal information.