The Commission is responsible for taking action in relation to compliance with the Aged Care Code of Conduct (Code). The Code describes how registered providers (providers), their responsible persons and aged care workers must behave and treat people accessing funded aged care services.
How we collect personal information
We collect information in exercising our functions and activities under the Aged Care Act 2024, this may include information about the behaviour of providers, responsible persons and aged care workers, who must comply with the Code. We collect this information through various channels, including:
- complaints and feedback about providers, responsible persons and aged care workers
- reportable incident notifications under the Serious Incident Response Scheme
- interviews with individuals such as older people and their families, registered supporters and legal representatives (where applicable)
- the provision of information or documents about compliance with the Code
- compliance, supervision and monitoring
- notifications of provider or responsible person change in circumstances
- assessments of Annual Prudential Compliance Statements and financial reports
- referrals from other regulators such as the NDIS Quality and Safeguards Commission and the Australian Health Practitioner Regulation Agency
- media reports
- concerns raised through monitoring and management of non-compliance action.
How will your personal information be used?
We may use the personal information we collect in exercising our functions for the purpose of taking action in relation to compliance with the Code; this includes when conducting an investigation. We may also use the personal information of a responsible person or aged care worker, such as their name and date of birth, to identify patterns of possible non-compliance with the Code requiring further assessment and response by the Commission. If we find there is non-compliance, we may use personal information to take appropriate regulatory, compliance and enforcement action.
Our collection and use of personal information in this way is required or authorised by or under the Aged Care Act and Aged Care Rules 2025.
When could your personal information be disclosed?
We may share personal information with other regulators or agencies where it is authorised by law and relevant to their statutory functions. For example, these may include:
- the Department of Health, Disability and Ageing
- the NDIS Quality and Safeguards Commission
- state and territory worker screening units
- Australian Health Practitioner Regulation Agency
- Police.
We don't usually use or disclose personal information overseas, except in limited circumstances:
- Email traffic may be assessed by overseas service providers for malicious and harmful content, to mitigate security risks.
- We may send personal information offshore to the person the information is about or with the consent of the individual concerned.
If we intend to disclose personal information to an offshore recipient in other circumstances, we will take reasonable steps to notify you.
More information
We comply with the Privacy Act 1988 and Australian Privacy Principles in handling personal information. Our privacy policy contain detailed information about the type of personal information we collect and when we collect it, how we use and disclose personal information, and the steps we take to keep it safe. If you have questions or concerns about how we handle personal information, you can read our privacy policy, call us on 1800 951 822 or email us.
