• Contact details
• Employment at the RTA
• RTA Board
• Organisational structure
• Corporate publications
  • Strategic Plan
  • Annual Report
  • Client Service Charter
• Right to Information
  • How do I access information?
  • How do I amend or update my personal information?
  • Published information
  • Requested information (disclosure log)
  • Information requests from other organisations
  • RTA's Administrative Access Scheme
  • Corporate Governance Framework
• RTA Privacy Plan
• Public Grants Scheme
  • Grants recipients 2007
  • Grants recipients 2006
  • Grant recipients 2005
  • Grant recipients 2004
  • Grants recipients 2003
  • Grants recipients 2002
  • Grants recipients 2008
  • Grants recipients 2009
• Monthly operational activity
• Information workshops
• Subscribe to e-Bulletins
• Financial Statements
• Media Releases

RTA Privacy Plan

On 1 July 2009, the Information Privacy Act 2009 (Queensland) was enacted to give all members of the public a legally enforceable right to access and amend their personal information. The Act also requires the RTA to safeguard the personal information that it holds and only disclose such information to the individual that the information relates to, where consent has been provided or it is required and authorised under law.

The Privacy Act is based on 11 Information Privacy Principles (IPP's) which establish the rules by which agencies, such as the RTA, may collect, use, store and disclose personal information and how members of the public may seek access and/or amend their personal information.

The Residential Tenancies Authority (RTA) is committed to protecting our clients privacy. This plan outlines the RTA's privacy processes in terms of:

1. Definition of personal information
2. Legislative environments of the RTA
3. Types of personal information held by the RTA
4. Existing contracts, licences and outsourcing arrangements
5. List of public registers managed within the RTA
6. Information Privacy Principles and RTA implementation
7. Access to personal information about self
8. Access to personal information about others
9. Amendment of personal information held
10. Internal review
11. Internal agency review procedure
12. External review

The RTA necessarily collects personal information from clients to perform key functions in accordance with the Residential Tenancies and Rooming Accommodation Act 2008, such as:

• information and education services 
• dispute resolution services
• rental bond management services (including e-services)
• statistical and research services
• policy development and advice services
• an investigations service.

Further information about the range of RTA services is contained in the RTA's Annual Report.

Without personal information the RTA cannot provide secure and relevant client services, particularly for bond custodial services and dispute resolution. Protecting the privacy of clients has always been a key part of normal RTA operations when performing services and has been further formalised through the development of the RTA Privacy Plan.

This Privacy Plan outlines what type of personal information the RTA collects, how it is handled and how clients can access and amend personal information held by the RTA. It has been developed in accordance with Queensland Government requirements.

For the purpose of identifying information to be managed in accordance with the requirements of the Information Privacy Act 2009 "personal information" is defined as:
"information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion."

The RTA administers the Residential Tenancies and Rooming Accommodation Act 2008.

The RTA operates within the confines of other legislation governing public sector organisations such as: 

• Right to Information Act 2009
• Information Privacy Act 2009
• Financial Accountability Act 2009
• Auditor General Act 2009
• Public Records Act 2002

The RTA is also subject to other legislation which may legally require the RTA to provide information to external organisations on request, such as the Queensland and Federal Police Services and Office of State Revenue.

The RTA collects, stores and uses personal information in the following ways.

3.1 Personal information about employees and prospective employees

This is required so that human resource management functions can be carried out for prospective and current staff. These functions include leave details, performance management, training, staff selection and information required for reporting against public sector requirements such as target groups.

Types of information collected include: names, dates of birth, contact details, work histories, tax file numbers and bank account details, referee reports, photographs, internet and email usage, and relevant medical histories.

Collection is authorised under the Residential Tenancies and Rooming Accommodation Act, relevant legislation (such as taxation and financial administration requirements) and internal policies and procedures.

3.2 Personal information about clients

This is required for rental bond management services (bond lodgements, refunds and transfers), dispute resolution services, telephone information services and investigations services.

Types of information collected include: names and contact details, rental bond amounts, bank account details, rent payments, details of claims, details of disputes, Tribunal outcomes, supporting evidence as required (such as management agreements), invoices and quotes.

Collection is authorised under the Residential Tenancies and Rooming Accommodation Act, relevant legislation (such as taxation and financial administration requirements) and internal policies and procedures. Specific provisions relate to conciliation conducted through the dispute resolution service, which protects the confidentiality of the conciliation process and prevents any information from being released about the process.

3.3 Personal information about vendors

This information allows normal business processes to take place. Examples of information collected include: names, addresses for payment, bank account details to allow for electronic payment of accounts and Quality Management processes to monitor Rental Bond Direct Credit and Email Notification Statement of Agreement and ensure business processes are aligned.

Collection is authorised under the Residential Tenancies and Rooming Accommodation Act, relevant legislation (such as taxation and financial administration requirements) and internal policies and procedures.

3.4 Other personal information

This is collected in the process of fulfilling other RTA activities, such as statistical research, community education activities, policy work and corporate communications. Examples of information collected include: names and addresses of clients to receive information from the RTA, generic information to provide statistics and analysis of the industry, opinions (such as client feedback) and photographs for use in publications and displays. No personal details are released to external organisations for unsolicited mailing lists.

The RTA has in place agency agreements, outsourcing arrangements and contracted suppliers to deliver services on behalf of the RTA more cost-effectively. These include an agency agreement with Australia Post to process bond lodgements and refunds at approved agencies, outsourcing to a mail house to generate and post receipts for rental bonds, Notices of Claim and receive general RTA mail, and an agency contracted to distribute RTA forms.

Any third party organisations which have been, or will be, contracted to perform services on behalf of the RTA will be required to be bound by the same privacy principles to which the RTA adheres.

The RTA does not maintain any public registers.

As the Information Privacy Act is still relatively new, coming into force on 1 July 2009, the RTA is working towards reviewing its current privacy regime to ensure that it is in line with the requirements of the Act. We make every endeavour to ensure that the information provided in this document and on the website is correct however should you identify any information that is of concern please do not hesitate to contact us.

RTA staff are made aware of their responsibilities to uphold privacy requirements and to comply with the requirements of Information Privacy Act and related guidelines through training sessions and changes to documented procedures and policies.

6.1 Collection (IPPs 1 to 3)

RTA service areas continually review all forms and monitor processes for requests to collect information from clients or employees to ensure that notification requirements (as per IPP 2) are met, and authorisation for further disclosures is covered where necessary to the operation of the RTA service. The RTA's website is similarly noted.

Staff in service areas which collect personal information by telephone (such as the Client Contact Centre and Dispute Resolution Services) will notify clients of matters and obtain consent to further disclosure, where necessary. As well, letters confirming notification and consent can be forwarded to clients following telephone contact, if required. Where telephone conversations are monitored by recording for quality control, training or supervision purposes, clients are advised of this at the outset of the conversation, such as through the messages-on-hold service.

6.2 Storage (IPP 4)

The RTA has policies regarding information storage and will further develop and review separate policies for storage of electronic and paper information to safeguard information in line with the RTA's and whole-of-government policies.

6.3 Access and Amendment (IPPs 5-7)

The RTA has in place processes allowing clients to access their personal information and request amendments to be made. This is detailed in sections 7 to 12.

6.4 Use (IPPs 8 to 10)

Where information is to be used for research purposes, this will take into account guidelines including those prepared by the Officer of the Federal Privacy Commissioner, Office of the Information Commissioner Queensland or with a relevant Privacy Code of Practice if such code exists. Where information is stored in a computerised database, service areas ensure that appropriate descriptions are used to avoid errors or misinterpretation of data and standards are adopted which allow consistent transfer of information between areas within the RTA.

Standards have been adopted, in relation to the functions and purposes of the particular service area, to ensure personal information is used only for the authorised purposes for which it was collected. Authorised purposes include the delivery of rental bond services, dispute resolution, investigations, policy and research, community education and information services. It may be used internally to improve service delivery and to directly target clients, for example information and education campaigns, to research emerging issues in the rental sector and to establish client satisfaction levels with RTA services.

Where information is to be used for research purposes, this will take into account guidelines including those prepared by the Office of the Federal Privacy Commissioner or with a relevant Privacy Code of Practice when such Codes come into existence. For example, in specific research projects authorised by the RTA, clients will be contacted by the RTA and asked whether or not they want to participate in identified research projects, and will be given the opportunity to opt out of the research group if desired.

6.5 Disclosure (IPP 11)

Service areas have written procedures to cover the main kinds of personal information staff can be expected to disclose and identified the authority for such disclosures. Staff with frequent contact with RTA clients are given additional training in the application of the IPPs to disclosure in the context of their service area's functions.

Information disclosed by the RTA or any of its service areas for research purposes generally will not contain personally identifying information. In instances where clients are to be contacted by a contracted external research company, for example, the RTA will send out a letter providing clients with the opportunity to "opt out" of the selection pool.

The RTA also abides by Queensland Government protocols for the disclosure of personal information in Ministerial correspondence.

Clients have the right to access and amend their own personal information in accordance with IPP 6 & 7 of the Information Privacy Act.

To access personal information held by the RTA clients are to provide a written notice:

• containing your address and ideally your contact details so that we can discuss your request and arrange access
• containing details of what information you require
• using the application form available from our offices or on the internet 
• containing acceptable proof of identity
• marking your request to the attention of the privacy officer.

Requests may be lodged:

• in person at 33 Herschel St, Brisbane between 8.30am-5.00pm Monday to Friday
• by posting to GPO Box 390, Brisbane Qld 4001
• by faxing to (07) 3236 0337.

There is no charge to lodge a request for your own personal information. If you require another person's information or documents of a non-personal nature (with their consent), fees will be payable. Information will not be provided to any applicant until acceptable proof of identity is provided.

The RTA controls access, use and disclosure of personal information through a variety of mechanisms including physical, electronic and system security controls and by providing its staff with training.

The RTA is committed to protecting the personal information that it holds and will not release an individual's personal information to any other person or agency unless authorised under IPP 11.

Such circumstances where personal information may be disclosed under IPP11 include:

• where consent has been provided by the person that the personal information relates. Commonly this will either be through an IPP2 Privacy Collection Notice or through a later consent notice or instruction
• if it is authorised under a law, such as the Income Tax Assessment Act 1936 & 1997, Social Security Act 1991 etc
• where it is necessary for law enforcement purposes, such as by the Qld or Federal Police, ASIO etc
• if the RTA beliefs that it is required to prevent a serious threat to an individuals life, safety or welfare or public health, safety of welfare
• where there is a very strong public interest in using the information for research, analysis or compilation of statistics.

Where a third party, such as a contracted service provider, is acting on behalf of the RTA, the third party organisation will be required to comply with the same privacy rules (for example Australia Post Offices that are authorised to act on the RTA's behalf).

Where one party to a bond or dispute, requests personal information relating to another party (to a bond or dispute), the RTA will only disclose non-personal information unless consent has been provided, that is, the RTA will mask, delete or black out personal information. The RTA does not provide any information to other agencies for direct or commercial marketing purposes unless consent has been provided.

Applicants may request amendment to their personal information if they believe the information is inaccurate, and, given the purpose of the information, irrelevant, incomplete, out-of-date or misleading.

If it is decided to amend the information the amendment may be carried out by making a correction, deletion or addition to the information.

Application for amendment must:

• be in writing
• contain your address and ideally your contact details so that we can discuss your request if necessary
• contain details of the information you believe to be inaccurate, irrelevant, incomplete, out-of-date or misleading
• specify the amendments required
• use the application form available at our offices or on the website
• contain acceptable proof of identity
• be addressed to the attention of the privacy officer.

Requests may be lodged:

• in person at 33 Herschel St, Brisbane between 8.30am-5.00pm Monday to Friday
• by posting to GPO Box 390, Brisbane Qld 4001
• by faxing to (07) 3236 0337.

Any individual that is dissatisfied with a privacy access or amendment decision may request an internal review except where the decision has been made by the General Manager of the RTA. An internal review may only be made:

• by an individual
• about a decision made by the RTA or a third party (contracted service provider) acting on behalf of the RTA
• about the personal information of the individual making the complaint
• where the complainant believes that the RTA decision does not comply with the IPP's or Information Privacy Act 2009; and 
• within 20 business days after the decision was made.

Requests may be lodged: 

• in person at 33 Herschel St, Brisbane between 8.30am-5.00pm Monday to Friday
• by posting to GPO Box 390, Brisbane Qld 4001
• by faxing to (07) 3236 0337.

The RTA is required to make a decision in regard to an internal review request within 20 business days from the date the application is made and inform the complainant in writing of the decision including any further appeal (external review) rights.

The internal review will be undertaken by a person more senior than the original decision maker and will consider the original access or amendment application as if it where a fresh application.

Should an applicant remain aggrieved by a privacy access or amendment decision after internal review they may seek external review through the Office of the Information Commissioner. Refer to OIC website for further information.

More information about privacy

• Contact the Coordinator, Recordkeeping on (07) 3361 3112.
• Office of the Information Commissioner website.