on this page
An incident may include behaviour or events that pose a risk to the safety, wellbeing or security of staff, customers or others.
What we collect
When a customer is involved in an incident, we may collect personal information, such as:
- your name and customer identifier
- details of the incident, including the date, time, location and what happened
- information about any actual or alleged aggressive, threatening or inappropriate behaviour
- information provided by staff, witnesses or third parties, such as security guards
- any follow up-actions taken in response to the incident.
Definition of incident
For the purpose of this notice, an incident is any event or behaviour connected with the delivery of our services that involves:
- customer aggression
- counterproductive behaviour
- Workplace Health and Safety (WHS) incidents, injuries and hazards
- reports of suicide, self-harm, child abuse, inappropriate images and communications.
This includes incidents that occur in person, over the phone, in writing or through digital channels.
Why we collect this information
We collect and use personal information when an incident happens so we can:
- record, assess and manage customer aggression and other incidents
- protect the health, safety and wellbeing of staff, customers and the public
- respond appropriately to incidents
- help establish prevention strategies
- support staff to deliver services safely
- inform risk management, management of ongoing behaviour and the development and implementation of Managed Service Plans
- take action for offences against our staff or on our premises.
How we’re authorised to collect your information
We collect personal information where it’s reasonably necessary or directly related to one of our functions or activities. Authorisation to collect your personal information will depend on the services you access or are seeking at the time of the incident.
We collect, use and disclose your personal information relating to incidents, in line with:
- the National Health Act 1953
- the Health Insurance Act 1973
- the Student Assistance Act 1973
- the Child Support (Registration and Collection) Act 1988
- the Child Support (Assessment) Act 1988
- the Privacy Act 1988
- the Social Security Act 1991
- the Social Security (Administration) Act 1999
- A New Tax System (Family Assistance) (Administration) Act 1999
- the Paid Parental Leave Act 2010
- the National Health (Privacy) Rules 2025
- other relevant legislation as applicable.
Who we may share your information with
We only share your personal information with other parties where you’ve agreed, or where the law allows or requires it.
In certain circumstances, we may share your information with:
- other parts of the agency, such as Medicare or Child Support
- staff and business areas responsible for incident management and staff safety
- senior executive officers, when escalation or oversight is needed
- external agencies, such as the Department of Employment and Workplace Relations
- law enforcement or emergency services, where appropriate.
How to view or correct your personal information
Our Privacy Policy has details about how you can access your personal information. It also tells you how you can ask us to correct your information, if it’s wrong.
How to make a complaint or give feedback
Our Privacy Policy outlines how to complain about a breach of the Australian Privacy Principles in the Privacy Act 1988. It also outlines how we deal with such a complaint.
Where to find more information
You can read more about:
- your right to privacy, including why we collect, use and when we share your information
- our Privacy Policy, which includes more information about how we handle your personal information
- your responsibilities, which includes more information about your responsibilities when dealing with us.