Privacy statement

This privacy statement describes and demonstrates our commitment to protecting your personal privacy.

Your privacy while using this website

When you visit, our internet service provider automatically records your visit and logs information such as the following:

  • your server address
  • date and time of visit
  • time spent on individual pages and the overall site
  • pages accessed
  • previous site visited (if referred)
  • browser type used.

No attempt will be made to identify individual users or their browsing activity except, in the unlikely event of an investigation, if a law enforcement agency exercises a warrant to inspect the internet service provider's logs.

Please be aware that when you transmit information over the internet, eg to email us or apply for a training course, there is a risk that your information could be intercepted. The online lodgment part of this site, however, is secure.

Any personal information you provide to ORIC through this website will be treated with the utmost care. We will not knowingly use it in any way that you (or any other person you refer to) have not explicitly consented to.

If you subscribe to our email updates or submit an online form (such as a training course application, or a request to advertise a corporation job) we will only use the information you submit for the purpose for which you provide it. We will not use your personal information from these online requests and forms for any other purpose, and will not disclose it to any third party without your consent, unless required by law to do so.


From time to time we use cookies to streamline or personalise our service to you. Cookies are small pieces of information exchanged between a web browser and a web server. Where we use an external provider, eg to host an online survey, that provider could use cookies. If that is the case you will be directed to information on the provider's website explaining the use of cookies.

Our privacy obligations

As an Australian Government agency, ORIC is bound by the standards, rights and obligations in relation to the handling and maintenance of personal information set out in the Privacy Act 1988 (Privacy Act). The Privacy Act defines personal information as information or an opinion about an identified individual, or an individual who is reasonably identifiable whether it is true or not and whether it is recorded in a material form.

The Australian Privacy Principles (APPs) contained in the Privacy Act set out ORIC’s obligations in relation to the collection, storage, use, disclosure, quality and security of personal information and access and correction rights of individuals in relation to their personal information.

Our privacy policy

Under the APPs and the Privacy (Australian Government Agencies-Governance) APP Code 2017 (the Code), ORIC is required to have a clearly expressed and up-to-date policy about its management of personal information. ORIC’s privacy policy is set out in Policy Statement 15: Privacy (PS-15).

The Attachment to PS-15 outlines the kinds of personal information (including sensitive information) collected and held by ORIC and the purposes for which the personal information is collected, held, used and disclosed.

How ORIC handles your personal information

ORIC takes steps to protect information, including personal and sensitive information as specified in the Privacy Act and the APPs, against loss, unauthorised access, use, modification or disclosure, and against other misuse. These steps include password protection for accessing ORIC’s electronic system, paper files in locked cabinets and physical and electronic access restrictions based on a ‘need to know basis’.

Under the Notifiable Data Breach Scheme in Part IIIC of the Privacy Act, officers are also required to assess the consequences of damage from unauthorised compromise or misuse of information and apply appropriate security classifications to documents they create or handle. ORIC has developed a data breach response plan for the purposes of Part IIIC of the Privacy Act, which sets out the roles and responsibilities of officers in ORIC is identifying and managing a data breach, and step this agency will take if a data breach occurs.

When personal information collected by ORIC is no longer required, it is stored, managed or destroyed in accordance with the Archives Act 1983.

Officers and members of registered corporations

Some personal information about officers and members is part of the public Register of Aboriginal and Torres Strait Islander Corporations. Further information is available in policy statement PS-12: Registers and use and disclosure of information held by the Registrar. Generally the personal information that is collected under the Corporations (Aboriginal and Torres Strait Islander) Act 2006 (CATSI Act) and disclosed on this public register includes:

  • the names of directors
  • the names and addresses of contact persons/secretaries
  • the names of members.

All of this information is publicly available. Some of this information is also publicly available from the corporation—for example, under section 180-20 of the CATSI Act the register of members must be open for inspection by any person at the corporations registered office if it is a large corporation or at the document access address if it is a small or medium corporation.

Concerns have been raised that publishing certain documents of corporations on the website may be a breach of individuals' privacy rights, and may put some people on members' lists at risk. If the members of your corporation have a justifiable concern about personal information being made available on this website, you may call ORIC and discuss the matter. If you are still unhappy after discussing the matter with ORIC, the Privacy Commissioner is the appropriate person to approach. ORIC will then work cooperatively with the Commissioner to make any adjustments that are necessary. The Privacy Commissioner is contactable through the Office of the Australian Information Commissioner (OAIC) at

You can still request public register documents, including members' lists, through our email or phone service. When a personal request is made ORIC may inquire about the purpose of this request before releasing the list. The main purpose of members' lists is to provide certainty about membership and associated rights such as voting at meetings.

If you have a justifiable concern about personal information being published on this website, please contact us on:

freecall: 1800 622 431 (not free from mobiles)
mail: PO Box 29

Access and correction

You have a right to request access to the personal information ORIC holds about you and to request its correction in accordance with Australian Privacy Principles 12 and 13.

The Privacy Act permits access to be refused in certain cases, including where an exemption under the Freedom of Information Act 1982 (FOI Act) would apply.

To request access or correction to your personal information held by ORIC, you can contact ORIC’s privacy officer at either or by telephone on freecall 1800 622 431 (not free from mobiles). Discussing the nature of your request with the privacy officer will enable ORIC to provide guidance on whether your request is better dealt with under the Privacy Act, the FOI Act or another arrangement.

Requests under ‘freedom of information’ law

Please note that any information you supply ORIC with may be subject to a request under the Freedom of Information Act 1982. For example, if your corporation applies for training or assistance recruiting for a senior position or assistance to resolve a legal matter, anything you tell ORIC may be subject to an FOI request. However, prior to releasing it, ORIC would consider whether any information falling within the scope of the FOI request contains material exempt from release under the FOI Act, such as:

  • information provided in confidence,
  • material relating to personal privacy or business affairs, or
  • protected information under the CATSI Act.

More information

Further information is available: