The cyber.gov.au website, including the cyber incident reporting portal (ReportCyber), is operated by the Australian Cyber Security Centre (ACSC). The ACSC is part of the Australian Signals Directorate (ASD), an Australian Government agency.
Rules binding persons accessing data stored on this site
The ACSC staff who operate this website and/or access any of the data collected by or through this website are subject to the Intelligence Services Act 2001 (Cth) and Rules to Protect the Privacy of Australians issued by the Minister responsible for ASD pursuant to section 15 of the Intelligence Services Act 2001 (Cth). The Privacy Act 1988 (Cth) does not apply to ASD with respect to the personal information you submit to, or is collected by, this website.
Information collected through this website
When visiting this site, a record of your visit is logged. This ‘clickstream data’ is collected for statistical purposes and is used to help improve this website. The following information is supplied by your browser (for example, Google Chrome) and collected by us:
- the operating system and browser you are using
- the address of the referring site (the previous site you visited that linked to ours, typically a search engine)
- your IP address (the network address of your internet connection)
- the date and time of your visit
- the pages you visited and files you downloaded.
This information is recorded for statistical purposes and is used by us to monitor the use of the site, and to make improvements.
Personal information (other than information submitted through ReportCyber)
When you email us personal information, or provide it to us via contact us:
- we will record your email address and any other information submitted
- we will use this information for the purpose for which you provide it
- we will not disclose the information without your consent
- we will not add your email address to a mailing list, unless provided by you specifically for that purpose.
If you fail to provide us with a minimum level of information (usually marked with an asterisk and, generally, including an email address) we may not be able to respond to you.
Personal information submitted through ReportCyber
When you make a cyber incident report through ReportCyber, the ACSC only collects as much personal information as is reasonably necessary to understand the incident that you are reporting. We collect that information so we are able to assess whether your report should be referred to a law enforcement agency or other entity and to enable us to provide the most effective mitigation advice.
Use and disclosure
By submitting a cyber incident report, you acknowledge your personal information may be provided to other government agencies and private sector organisations in Australia. These include Australian law enforcement (e.g. police) and regulatory agencies (e.g. ACCC), along with relevant companies (e.g. banks or telecommunications providers). We will only use or disclose your personal information for the purposes of detecting, investigating and preventing criminal activity and analysing cybercrime data. We choose who we share information with carefully and they may change over time.
The cyber incident reporting portal is not designed for reporting emergencies where an immediate police presence is required. However, if initial analysis of a cyber incident report indicates there may be an immediate threat to life, the report will immediately be referred to the appropriate police force for priority assessment and appropriate action.
Some of the organisations that we share your personal information with may contact you to gather further information or make further investigations. Any information you provide to those organisations outside the ReportCyber portal is governed by the privacy policies of those agencies.
In some cases we may need to provide your personal information to overseas law enforcement agencies as part of the criminal investigation process. We may also disclose your personal information to recipients overseas, under international agreements that relate to information between Australia and other countries.
Storage of information by ACSC
Personal information that you provide to the ACSC may be stored in cloud storage services operated by third parties, which could be located in Australia or overseas.
Links to other websites
This website contains links to other websites. We are not responsible for the privacy practices or the content of these linked sites and have no knowledge of whether cookies or other tracking devices are used on these linked sites.
Feedback is important and is used to evaluate and improve the website and the cyber incident reporting portal. To provide feedback, please contact us.