The Information Privacy Act 2009 (Qld) (IP Act) provides for the protection of personal information collected and held by Queensland government agencies and provides rules for what those agencies must and may do with personal information.
Queensland government agencies are increasingly providing access to information and services online. Interacting online can include:
Interacting online with a government agency typically will require you to provide some personal information, such as your name, contact details or your credit card number.
While an agency has obligations under the IP Act to protect your personal information, it is also important that you are aware of what steps you can take to safeguard your personal information when interacting online. Protecting yourself online is about more than how you set up and use your computer or mobile device. It’s also about being smart in what you do and the choices you make when using the internet.
This information sheet provides practical tips for protecting yourself online when interacting with a Queensland government agency, as well as tips for general internet use. For detailed advice on staying safe online, please see the Australian government online safety and security website: Stay Smart Online.1
When you provide your personal information2 to an agency the IP Act requires that the agency takes all reasonable steps to make you generally aware of certain information. This will usually happen through a ‘collection notice’ – sometimes called a privacy notice.
The collection notice sets out why your personal information is being collected, the legislative requirement or authority for this collection (if any) and to whom the agency routinely passes on your personal information.
If you have any queries about the collection notice, you should contact the agency and seek clarification before providing any personal information.
Some online services require that you agree to their terms and conditions – for example, before you create a user account or download an app. Not only do the terms and conditions inform you of your rights and responsibilities when using that service, they will often explain how your personal information will be handled.
By agreeing to the terms and conditions, you are entering into a contract with the agency or business which may involve the ongoing collection, use or disclosure of your personal information. It is particularly important to read the terms and conditions when providing personal information to a private sector organisation. As private sector organisations may not be obliged to provide a collection notice, the terms and conditions are where you will find the purposes for which your information will be used (for example, whether your information will also be used marketing or promotional purposes) and to whom it will be given.
Most government agencies provide a ‘privacy’ link in the footer of their website. This page explains in broader terms how personal information collected through the website is used and disclosed. It may also explain how you can access and amend personal information held by the agency or how to make a privacy complaint.
The website privacy statement should tell you whether the agency’s website uses cookies3 and for what purpose. Cookies allow a website to ‘remember’ things such as what items are in your shopping cart or your login status.4 Cookies are also commonly used to collect information about how the website is accessed5 for the purpose of analysing how the website could be improved. While cookies can collect relatively sophisticated information about the device you use to access the website, your identity is not necessarily readily identifiable through this information.
A third party cookie may be created if the web page you open loads any content from another website, such as an advertising banner. This third party cookie is then used by the advertiser to track your visits to other websites on which they advertise and send you targeted advertising.
If you are uncomfortable with this, most browsers can be configured to block some or all cookies, or delete cookies that have already been set, but you should be aware that you might lose some functions of that website. One approach is to set your browser to accept cookies only from the website you are currently visiting, or to start by blocking all cookies, then allow cookies as needed for websites that you trust.
Other steps you can take are to set your browser to private mode, install do not track software and/or use an ad blocker utility – such as an ‘add-on’ feature for your browser.
Malware, such as viruses or spyware, is software designed to ’infect’ a computer system to cause harm. Steps you can take to secure your computer against malware include:
Backing-up your data on a regular basis can also help you recover your information if a virus destroys your files, or your device is stolen or damaged or exposed to ransomware.8
An unprotected internet connection can result in unauthorised use and potential harm unless certain steps are taken. If you use a modem or router:
If you have set up a wireless network:
A ‘wi-fi hotspot’ is public wireless network that offers a shared internet connection. Even where the wi-fi hotspot is provided by a Queensland government agency, your personal information could still be at risk as public wi-fi access is by its very nature, an unsecured network.
Steps you can take to protect your personal information when using a public wi-fi hotspot include:
Did you know that an expert hacker can crack the average password in under three minutes?9 Steps you can take to protect the security of your online accounts include:
Phishing is a form of fraud in which the scammer tries to trick you into providing personal information, such as your login details, by masquerading as a reputable entity. Phishing emails are commonly associated with banks, however scammers have been known to target customers of government agencies to trick you into providing information that can then be used to steal money or gain other benefits.10
Although some phishing emails are poorly written and clearly fake, others can look real, using agency logos, ‘spoofed’ email addresses or links to genuine looking websites.
If you receive a message asking for personal information such as your username, password, or credit card details - never respond by replying to the message, clicking on the provided link or opening an attachment as this may install malware or direct you to a malicious website. Instead, contact the organisation by telephone to confirm that the request is legitimate. Alternatively, you could contact the organisation by typing the address of their website directly into your browser and sending them an enquiry, or answer with a new email message using an email address that you have used before or trust.
Many agencies use social media as a channel for service delivery and engagement with the public. If you choose to post a comment, think before you make your personal information public:
Most social networking accounts include privacy settings. These settings set the rules for who can view your contact information, see what you post, and see what others post about you.
Many networks have default privacy settings which are applied when you create your account. In some cases, the default setting is the most open setting available and can allow a high degree of access to your personal information. It is important that you make sure each privacy setting is right for you.
The Office of the Children’s eSafety Commissioner12 provides a guide to popular social media sites and apps which explains the default privacy settings and how you can adjust them.
Current as at: February 24, 2016