POL-G-53, version 6.1, 22 October 2022
The National Museum of Australia (the Museum) is a major cultural institution charged with researching, collecting, preserving and exhibiting historical material of the Australian nation. The Museum focuses on the three interrelated areas of First Nations history and culture, Australia’s history and society since European settlement in 1788 and the interaction of people with the environment.
Established in 1980, the Museum is a publicly funded institution governed as a statutory authority in the Commonwealth Arts portfolio. The Museum’s building on Acton Peninsula, Canberra opened in March 2001.
4. Principles or guidelines
4.1 Why and how the Museum collects personal information
The Museum collects and uses personal information to perform its statutory functions. These functions include developing, maintaining and exhibiting collections of historical material, conducting research into Australian history, and providing information relating to Australian history through education and public programs.
Individuals agree to receive information about the Museum in a number of ways, such as via the Museum website, upon registering to use the visitor wi-fi, or by completing hard copy or digital forms and surveys. As required by the Australian Privacy Principles, the Museum includes privacy collection notices at the time of collecting personal information, which explains how information may be used.
4.2 What types of personal information the Museum collects and what it is used for
Through its activities the Museum engages with a broad cross-section of people, both in Australia and internationally. The personal information collected and used by the Museum is described below. Personal information is usually collected from the individual concerned although in some cases the Museum may receive such information from third parties.
4.2.1 Museum visitor and client information
- Museum customer relationship management system
The Museum maintains two databases with contact details of individuals who regularly engage with the Museum or who wish to receive information about particular Museum activities. This includes members of the general public, donors, Friends, or people with a business-related interest in the Museum (for example, schoolteachers, people working in other cultural institutions, in the media or in tourism). This information is usually collected directly from the people who are interested in receiving information or from a representative of their organisation. In the case of Friends’ family memberships, name and date of birth information relating to minors is collected from their parent or guardian.
Personal information in the customer relationship management database is used to:
- purchase tickets for Discovery Centre or other exhibitions and events – both remotely and onsite
- distribute information about Museum events and activities, including by email
- maintain membership lists of Friends and donors
- retain details of object and cash donors, and (with their consent) to publicly acknowledge those donors
- administer a booking for an event
- request and receive feedback about visitor experiences
- generate invitation lists for Museum events.
- Bookings information
Bookings for venue hire, Museum events, conferences, school visits, tourism experiences and guided tours are regularly taken by the Museum. The personal information usually collected would include name, phone number, email address and postcode. The purpose of collecting this information is to process a booking and to ensure that an event or visit is properly coordinated. This information is not used for any other purpose (such as unsolicited marketing) without the consent of the individual concerned. However, the information may be used to generate broad demographic data.
The Museum uses several online booking systems for events.
The Centaman ticketing system is installed locally on the Museum’s IT servers. Personal information and other data on the Centaman system is stored on Museum premises and is not accessible by others.
The personal information provided by a customer to Eventbrite (excluding any billing or credit card information) is disclosed by Eventbrite to the Museum. The purpose of collecting this information is to ensure that an event is properly coordinated and, if the customer has agreed to receive information about the Museum’s programs, events and activities, to send them that information.
The Museum offers some digital programs such as Friends talks and seminars using the Zoom platform. Participants provide limited personal information including their name and email address to the Museum in order to register their attendance. As a matter of courtesy participants are advised if a Zoom event is being recorded, even though their name and/or image are not publicly visible.
- Visitor information and feedback
In order to improve its services, the Museum collects information from visitors about its programs. This information may be solicited (for example, through visitor surveys) or unsolicited (for example, in letters or emails from members of the public). The majority of evaluation that is initiated by the Museum allows people to respond on an anonymous basis. Visitor surveys, which the Museum regularly uses to seek feedback from visitors, do not involve the collection of information that could lead to a person being identified, although more generic information such as age and city of residence may be collected. Respondents have the option of providing their personal information to the Museum if they wish to join the Museum’s Friends program, subscribe to a mailing list, or continue to provide feedback to the Museum.
Where members of the public provide their personal information to the Museum in the course of making an enquiry or comment, that information will generally only be used by the Museum to deal with the person’s enquiry or comment.
Personal information in the form of photographs or video footage of visitors is collected with the consent of the person or their parent/guardian. Consent forms include the name of the subject and their contact details.
Visitors using Museum property, such as wheelchairs, scooters, iPads or other devices, are asked to leave a form of personal identification (or a photocopy of such identification) to ensure items are returned. Where photocopies are taken, they are only kept for the duration of the visit and, provided the items are returned undamaged, are disposed of immediately.
- Visitor wi-fi
The Museum provides internet access to visitors via its wireless network, with services facilitated by a third-party provider, Skyfii. Visitors who register for this wi-fi service are asked to provide personal information in the form of a name and email address. Both the Museum and Skyfii have access to this personal information in order to manage the wireless network system.
Information about visitors’ use of the wi-fi service while they are on Museum premises (including which parts of the Museum are visited and their browsing history) is automatically collected, however this information is anonymous and will not be linked to individual users unless permission is granted to do so. The purpose of collecting this information is to better understand visitor behaviour at the Museum and, if visitors have agreed to receive material about Museum activities, events and programs, to provide them with that material.
4.2.2 Historical collection, exhibition and research information
The Museum collects personal information relating to objects in its collections and on loan to the Museum. This information includes details about an object’s history, including its current and previous owners and other people connected with the object. The purpose of collecting this information is to assess an object’s ownership and provenance prior to acquisition or loan.
Personal information about an object is obtained from a range of sources including from the donor/vendor and from historical records. The nature of this research is such that personal information is not always collected directly from the person to whom the information relates but from other sources such as third-party oral or written histories, or newspaper or magazine articles.
Personal information may also be collected in the course of historical research conducted by the Museum and for the purposes of exhibition. Such information may not necessarily relate to an object in the Museum’s collection. This information is maintained in a range of forms, for example in writing, as video or sound recordings, or photographs.
The Museum may collect limited personal information for the following purposes:
- to facilitate the management (for example, transportation and insurance) of an object
- to arrange physical access to the collection by researchers, family members, First Nations community members or special interest groups
- to respond to enquiries for information about the collection or the Museum’s activities received from members of the public.
The Privacy Act only applies to personal information which is in a record. An exception to the meaning of a ‘record’ is anything kept in a library, art gallery or museum for the purposes of reference, study or exhibition. Personal information which is kept for the purposes of reference, study or exhibition will not be subject to the Privacy Act. Examples include photographs of individuals used in an exhibition or letters containing personal information kept in the Museum’s collection.
The Museum’s research affiliates, scholars and interns may occasionally access documents containing personal information. As part of their engagement with the Museum they agree to comply with the requirements of the Privacy Act.
4.2.3 Personnel and administrative records
The Museum collects personal information about its employees, volunteers, interns, contractors, and Council or committee members. The purpose of collecting this information is to properly administer matters relating to a person’s employment or duties at the Museum.
- Employee records usually include personal details (such as addresses, next of kin details), bank account details, tax file number, employment history, medical checks, leave, salary and superannuation records. Records may also be kept in relation to rehabilitation or worker’s compensation claims, discipline or code-of-conduct matters, grievances, review of actions and performance management.
- Volunteers provide the Museum with their name, address, employment history and a copy of their driver’s licence. This information is used to assess the suitability of people to become Museum volunteers.
- Some personal information relating to contractors is also collected. This may include information about catering, security and cleaning staff employed under a contract between the Museum and the service provider, performers, IT suppliers, consultants/advisors, and suppliers of products for the Museum shop. The personal information is collected and used for the purposes of managing the Museum’s relationship with the contractor and for security.
4.2.4 The Museum’s corporate website
The Museum has a corporate website and Museum-identified spaces on blogs and social networking sites such as Instagram, Twitter, Facebook and YouTube.
4.2.5 Australia’s Defining Moments Digital Classroom
The Museum has an online teaching resource known as Australia’s Defining Moments Digital Classroom (ADMDC). The ADMDC is a standalone website that was developed for primary and secondary school students and teachers. Users can engage in virtual tours of the Museum and its collections, play games, take quizzes, enter competitions, and undertake online activities to help them explore their family and community histories. The ADMDC can be accessed via the Museum’s corporate website or through a search engine or direct link provided to participating schools.
Personal information is collected at the point of registration of new users for the My Family and My Community timeline activities, and when users upload information while undertaking the timeline activities. The timeline activities invite users to upload information about themselves, their family and their community, which may include names, dates, places, stories and images. Images uploaded to the website are automatically deleted after 30 days. Users have the option of sharing their timeline activities with parents, teachers and others through an email link or URL.
Information contained within the ADMDC is only accessible to the developer of the website, school administrators who provide students with access to the timeline activities section of the website, the individual user that uploaded the information and people with whom the individual user has shared their online activities.
4.2.6 Security records (including CCTV)
The Museum maintains security records in order to manage access to Museum premises, assets and information. These records relate to staff, volunteers, interns, visiting researchers and contractors. They may include, but are not limited to, police record checks and national security clearances. Identification photos are used for security and access control purposes. The Museum’s Agency Security Advisor is responsible for the management of these records.
The Museum uses closed-circuit television (CCTV) systems to monitor and record activity in a range of publicly accessible locations at the Museum. The purpose of this monitoring is to provide a safe and secure environment for Museum staff and visitors and to protect the Museum’s collections and exhibits from damage, theft or loss.
The images recorded by the cameras may include identifiable images of people visiting the Museum. These images are stored in a secure environment and access to these recordings is limited to authorised staff only. Where an incident has occurred warranting further investigation, the Museum may allow the recording to be viewed by people responsible for investigating the incident, both within the Museum and/or external investigative bodies or law enforcement agencies (such as the Australian Federal Police).
Signs have been placed at all public entrances to the Museum advising that the cameras are in operation.
4.2.7 The Museum Shop (including the online shop)
The Museum may in some circumstances collect information from its shop customers or representatives of wholesalers. Personal information is collected for the purpose of fulfilling the order and, if the customer has asked to receive newsletters or other information about the Museum, to provide them with that information. Personal information may be disclosed to couriers or freight providers via Shippit for the purposes of delivering an order. The Museum also retains order details (excluding credit card details) in a secure system to help manage any returns, refunds or exchanges.
Customers in the European Union: The Museum’s online shop has been configured to offer customers the rights afforded by the General Data Protection Regulation (GDPR) to control their personal data and to fulfil GDPR-related requests. This includes the right to delete, correct and access a customer’s personal data.
4.2.8 Collection and storage of sensitive information
Sensitive information may be collected in relation to some employees. For example, employees may formally identify as being culturally or linguistically diverse or being a person with a disability. Health information (for example medical reports or certificates) may also be collected by the Museum where there is a workers’ compensation or other health-related matters affecting an employee. All records are stored in a secure file, with access limited to staff on a need-to-know basis.
National police history checks are conducted on prospective staff members, volunteers, interns, visiting researchers and contractors. The individual’s written consent must be obtained before a check is submitted and processed, and access to relevant personal information is strictly limited to authorised Museum staff. The Museum will retain a person’s informed consent form and the results of a police check in line with the Archives Act 1983. Further details regarding the process for national police history checks and the safeguards in place to protect personal information are available on the Museum’s intranet or from the Agency Security Advisor.
Incident reports are required to be completed when a security incident, injury or hazard has occurred or been identified. These reports may contain information, some of a medical nature, about visitors, volunteers and staff.
The Museum may hold information about a staff member’s union membership if that person has authorised a deduction from pay for their union dues. There may be other records, which would identify union members, such as right of entry permits, email communication between union members, or where union delegates are represented on Museum committees.
4.3 How the Museum holds and protects personal information
Security of personal information is maintained in a number of ways. Where an electronic database containing personal information has been created, the Museum takes steps to ensure that the database may only be accessed by people performing relevant functions. For example, employee records are only accessible by staff performing human resource functions.
The Museum’s information technology systems are based on the high standards defined by the Australian Signals Directorate Information Security Manual. System access is granted to staff only on authority of an appropriate delegate, for the purposes of performing Museum work. Guidance is provided to staff about safeguarding electronic information (including the secure transfer of that information) in the Museum’s information technology policies and procedures.
Technical staff with access to the back end of Museum databases are required to undergo the Museum’s onboarding and clearance process and hold an Australian Government Security Vetting Agency Negative Vetting Level 1 clearance (except in instances where an appropriate waiver is considered and approved by the Museum delegate).
The Museum uses the Australian Government security classification marking system to identify records that contain personal and sensitive information. Disposal of records containing personal information is performed in accordance with the relevant disposal authority under supervision by the records management unit.
Key systems and application software are independently security-audited to identify any potential vulnerabilities and compliance with the revised Essential Eight security levels.
4.4 Disclosure of personal information
The Museum will not disclose personal information to anyone outside the Museum unless the individual concerned has given their consent, or disclosure is otherwise permitted by the Australian Privacy Principles. Examples of exceptions include disclosure being necessary to prevent a serious threat to a person’s life, health or safety, or for law enforcement purposes.
Personal information held by the Museum will only be released to contractors where it is necessary for the contractor to perform their job. Examples include where a security company is responsible for administering security passes to Museum staff, or a third party (such as a mailing house) is contracted to distribute information. If personal information is given to a third party contracted by the Museum, the written contract will contain the appropriate privacy clauses recommended by the Privacy Commissioner.
4.5 How to access personal information or seek correction of information
A person may request access to their personal information held by the Museum or to seek correction of the information. The request should be made to the Museum’s Privacy Contact Officer by mail, email or telephone.
Privacy Contact Officer
National Museum of Australia
GPO Box 1901
Canberra ACT 2601
Tel: +61 2 6208 5216
The Museum will respond to a request within 30 days. Access will be given in the form requested by the person, unless it is impracticable to do so or where the Museum is required to refuse access under the Freedom of Information Act 1982 or other Commonwealth legislation. If the Museum decides not to grant access to personal information or to correct personal information, it must provide written reasons for the refusal.
4.6 How the Museum will handle privacy complaints
Where a staff member receives a complaint relating to the handling of personal information, that complaint must be referred to the Museum’s Privacy Contact Officer for investigation. Alternatively, where a person has concerns about the way the Museum has dealt with their personal information, they may contact the Privacy Contact Officer directly (see details listed above).
The Privacy Contact Officer will investigate the matter in accordance with its complaints handling procedures and determine whether the Museum has breached its privacy obligations. If the Privacy Contact Officer finds that there has been a privacy breach, the Director of the Museum will decide what remedial action should be taken. The Museum will aim to respond within a reasonable time of receiving the complaint.
If the complainant is dissatisfied with the Museum’s investigation of their complaint, they can contact the Office of the Australian Information Commissioner, who is independent of the Museum. Contact details for the Office of the Australian Information Commissioner are available on its website: http://www.oaic.gov.au
5. Definition of terms
Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not
- whether the information or opinion is recorded in a material form or not.
6. Definition of responsibilities
The Museum’s Director is responsible for deciding what remedial action should be taken in the case of a privacy breach.
Privacy Contact Officer
The Museum’s Privacy Contact Officer is responsible for maintaining and implementing this policy. The Privacy Contact Officer is also responsible for providing advice on privacy issues, acting as the point of contact for the federal Office of the Australian Information Commissioner, and investigating any privacy complaints.
Archives Act 1983
Freedom of Information Act 1982 (Cth)
Privacy Act 1988 (Cth)
Privacy (Australian Government Agencies) – Governance APP Code 2017
Australian Privacy Principles (APP) Guidelines
This policy applies to all staff undertaking activities that involve the collection, use, storage and disclosure of personal information.
b. Other related policies
Complaints handling procedures (PRO-021)
Data breach response procedures (PRO-030)
There are no exclusions to this policy.
d. Superseded policies
This policy supersedes:
|Title||Version number||Version date|
This policy will be monitored by the Privacy Contact Officer and will be reviewed in December 2024.
|Version date||25 October 2022|
|Approval dates||Approved by Executive Management|
|Availability||Public and all staff|
|Keywords||Privacy; personal information|
|Responsible officer||Privacy Contact Officer (Manager, Legal Services)|
|Review date||December 2024|
National Museum of Australia|
GPO Box 1901
CANBERRA ACT 2601 Tel: (02) 6208 5000
Privacy Impact Assessment Register
The Privacy (Australian Government Agencies – Governance) APP Code 2017 (Cth) (the APP Code) requires that all agencies, including the National Museum of Australia (the Museum) must conduct a Privacy Impact Assessment (PIA) for all high privacy risk projects.