Get in touch
Fill in the form below to submit an enquiry, feedback or complaint to the Office of the National Data Commissioner. You will receive a copy of your submission to your email.
When an enquiry has been lodged, the ONDC will assess the enquiry. We will reach out you in a timely manner to provide a response or go through any next steps.
Use the Contact Us form on this page and the Office of the National Data Commissioner will be in touch about your request.
Scheme participants or the general public may make a complaint to the Commissioner in relation to issues such as data scheme entity compliance with their obligations, and the administration of the DATA Scheme.
Complaints can be lodged using the Contact Us form or by emailing email@example.com
Once a complaint has been lodged, the Commissioner will assess the complaint and endeavour to advise the complainant on the next steps through the complaints process in a timely manner. The Commissioner may ask the complainant for further information if needed.
The Commissioner will work with the Australian Information Commissioner to protect personal information under the DATA Scheme, with a ‘no wrong door’ approach taken to complaints. Where a complaint is about how personal information has been handled in the DATA Scheme, it may be transferred to the Australian Information Commissioner.
If a complaint is about a specific entity or respondent, the complainant should contact the respondent and attempt to resolve the issue prior to lodging a complaint with the Commissioner, unless it is not appropriate to do so.
The complainant should:
- lodge a complaint with the respondent
- provide a reasonable time for a response
- follow up with the respondent, if no response is received.
If there is no response given or the complainant is not satisfied with the response, the complainant might then make a complaint to the Commissioner.
Under the DATA Scheme, a data breach occurs where there is unauthorised access to or disclosure of data that has been shared under the DATA Scheme, data is lost in circumstances likely leading to such unauthorised access or disclosure, or an event prescribed by the data code occurs.
In circumstances where a Scheme participant reasonably suspects or becomes aware that a data breach has occurred, they have responsibilities under the Act, to:
- take reasonable steps to prevent or reduce any risks resulting from a data breach in a timeframe that is as soon as practicable; and
- if the data breach involves scheme data that is personal information, give the Commissioner a copy of its statement to the Australian Information Commissioner about an eligible data breach under section 26WK of the Privacy Act 1988; or
- if the data breach involves scheme data that is not personal information, notify the Commissioner as soon as practicable after the end of the financial year.
In addition to these requirements, entities are encouraged to inform the ONDC as soon as possible if a data breach occurs, so that we can provide any necessary assistance in managing the risks of the breach.
You can notify the ONDC of a suspected data breach here at our Contact Us form or by emailing firstname.lastname@example.org.