What kinds of personal information does IRS collect and hold?
The kinds of personal information that IRS may collect and may hold include contact details, address, date of birth, driver’s license number, details of insurance claims, details of third parties involved in claims, and other information that is relevant to its functions or activities.
IRS collects personal information for purposes directly related to its functions or activities, including:
- prevention of insurance fraud where the intent in using the IRS Database is to provide added information to confirm the accuracy of information provided by applicants;
- management of insurance claims where the intent in using the IRS Database is to analyse claims and the management of claim payments;
- assessment of risk where the intent in using the IRS Database is to provide complete information to enable insurers to assess material and moral risk;
- benchmarking analysis to show how an individual IRS Member is performing against industry norms (not against named IRS Members as competitors); and
- identity verification.
IRS does not collect, hold, use and disclose sensitive information about individuals such as mental and physical health, disability, racial or ethnic origin, criminal convictions or religious or political affiliation, either directly from the individuals or from third parties.
How does IRS collect and hold personal information?
IRS collects personal information directly from insurance company members as part of policy holder claim history data. This information is provided to IRS in accordance with each member’s Privacy Statements and Privacy Policies.
IRS collects personal information directly from individuals through their use of the website and when they contact IRS by email, telephone, in person or otherwise in connection with IRS's services, functions or activities.
Who has access to personal information collected by IRS?
Use of the IRS Database is restricted to:
- authorised employees and representatives of IRS members including those engaged in underwriting, loss assessment and claims management;
- those law enforcement authorities, who are authorised by the Board of IRS to use the IRS Database pursuant to Legally Enforced Access; and
- an individual in relation to their own My Insurance Claims Report.
IRS Member Obligations
The IRS Member must (and must procure that its Representatives), with respect to Personal Information collected, held, used or disclosed under or in connection with the IRS Membership Deed:
- act, in accordance with the Privacy Law and IRS' privacy policies as notified to the Member from time to time in dealing with any Personal Information provided to the Member to or acquired by the Member from the IRS Database;
- not, collect, use or disclose any Personal Information for any purpose other than fulfilling the Member's obligations under the Membership deed;
- take such steps as are necessary to ensure that all Personal Information collected by it or disclosed to the IRS Database is accurate, up to date and complete and, for the purpose of disclosure, relevant;
- ensure, in respect of any Personal Information it discloses to IRS, that it takes reasonable steps to ensure that the subject of the Personal Information (the Individual) is aware of all matters which are prescribed by the Australian Privacy Principles under the Privacy Law;
- not use or disclose any Personal Information collected from the IRS Database for the purpose of direct marketing;
- not allow, or permit access to, or transfer any Personal Information collected from the IRS Database or which has been collected, accessed or used by the Member with the consent of IRS, outside of Australia, unless it has first obtained IRS' approval in writing;
- take such steps as are reasonable in the circumstances, to destroy or de-identify Personal Information collected by it from the IRS Database once the Member no longer needs it for the purpose for which it was collected or used by the Member, unless otherwise required by Law to retain such Personal Information;
- co-operate with IRS or any other IRS Member to resolve any complaint made under any Privacy Law and in relation to any request by an Individual for access to or correction of Personal Information held by the Member in connection with the IRS Database; and
- co-operate with any reasonable requests or directions of IRS concerning the storage, security, use and disclosure of Personal Information.
IRS may uses "cookies" on the Website. A cookie is a small amount of information which is transferred to the hard drive of your computer and which can identify your web browser but not you. Individuals can disable their web browsers from accepting cookies. If you do so, you can still access the Website, but not all services may be available.
How IRS holds, uses and discloses personal information
IRS holds personal information in a secure online database managed by a third party service provider engaged by IRS (illion) to provide services pursuant to an IRS Outsourcing and Hosting Deed. It may also hold electronic copies of documents containing personal information (e.g. queries, complaints, forms and other relevant documents) in a secure online database.
Where it holds personal information electronically, such information can only be accessed by authorised IRS staff using personal accredited passwords.
The keeping of personal information in hard copy is not encouraged by IRS. Information is held in hard copy only for a reasonable time as necessary and stored securely. IRS’s premises are protected by security access.
IRS only holds and uses personal information for purposes directly related to its functions or activities or for the purposes for which the information was originally collected or otherwise in accordance with the Australian Privacy Principles.
Disclosure of personal information
IRS may disclose personal information provided to it, to the following third parties:
- members of IRS, such as insurance companies, to process queries or complaints received by IRS from individuals;
- Federal, State or Territory police authorities and law enforcement agencies;
- IRS staff for the purposes of their work responsibilities; and
- a company that provides database hosting services to IRS under a IRS Outsourcing and Hosting Deed.
IRS does not disclose personal information to overseas recipients and will only do so in accordance with the Australian Privacy Principles. IRS Members may operate offshore claims processing activities in Philippines, India or New Zealand, in which case personal information may be disclosed to such recipients in these countries.
Accessing and correcting personal information held by IRS
Individuals may access personal information about them that is held by IRS by ordering their own My Insurance Claims Report.
Individuals may make or seek changes to that information, by contacting their insurer in relation to information concerning an insurance claim, or an individual can email IRS@insurancecouncil.com.au.
If IRS does not agree to provide access to personal information or to amend or annotate the information we hold about an individual, the relevant individual may seek a review of the IRS's decision.
Individuals can send written complaints about a breach of the Australian Privacy Principles in relation to their personal information to IRS@insurancecouncil.com.au or to The Privacy Officer, Insurance Reference Services Limited, Level 4, 56 Pitt Street, Sydney NSW 2000.
Complaints will be reviewed by our Privacy Officer and a written response will usually be provided within 30 days of receipt of the complaint by IRS.
If an individual believes that his or her complaint has not been satisfactorily addressed by IRS, after following the procedure set out above, he or she can make a complaint to the Office of the Information Commissioner (OAIC). The OAIC's contact details are available on its website.