1. About this policy
This Privacy Policy outlines the Department of Local Government, Industry Regulation and Safety’ (LGIRS) ongoing obligations and commitment to you in respect to how we handle your personal information (including sensitive personal information).
We collect and handle personal information to enable us to perform our functions in accordance with relevant legislation, policy and legal requirements and to support the delivery of operational activities.
Depending on how you engage with us, you may also be provided with more specific information about how we collect and handle your personal information in that context. This may occur, for example, when you complete a form, access a service, or participate in a particular activity, and will help you understand how your information is handled in that specific interaction.
This policy complies with the Privacy and Responsible Information Sharing Act 2024 (PRIS Act), Information Privacy Principle 5, and should be read in conjunction with the WA.gov.au Website Privacy Statement.
2. What we do
LGIRS supports a safe, fair and resilient economy where Western Australian industries, workers, consumers and communities thrive. Our responsibility is to ensure individuals, businesses, industries and local governments know their rights and obligations under the laws we administer and respond when these laws are not followed.
We keep people safe, make sure businesses compete fairly, protect the community, and prevent workplace accidents, fraud, or unsafe behaviour before they happen.
Our services include WorkSafe, industry regulation and consumer protection, labour relations, building and energy regulation, support of local government, regulation of the gambling and liquor industries and corporate support services.
3. Personal and sensitive personal information
Personal information
Under the PRIS Act, personal information is defined as "information or an opinion, whether true or not, and whether recorded in a material form or not, that relates to an individual, whether living or dead, whose identity is apparent or can reasonably be ascertained from the information or opinion "
It includes name, date of birth, address, contact information, location information, unique identifiers (e.g. drivers licence number or IP address), information that relates to features specific to an individual’s physical, genetic, cultural or behavioural identity. It can include information based on inferences made about an individual (e.g. predictions of behaviour).
This list is not exhaustive. The full definition of personal information is in section 4 of the PRIS Act.
Sensitive personal information
Sensitive personal information is a type of personal information. It includes information that relates to an individual’s racial or ethnic origin, gender identity, sexual orientation, political opinions and associations, religious beliefs, membership of a political, professional or trade association or trade union, or criminal record. It includes health, genetic or genomic and biometric information (e.g. photograph or fingerprints).
This list is not exhaustive. The full definition of sensitive personal information is in section 4 of the PRIS Act.
4. Collection of your personal information
Personal information may be collected through a range of methods, including:
- over the telephone
- through our online services (such as websites, portals, or email)
- by completing paper-based forms
- during face-to-face interactions or meetings
The types of personal information we collect about you will depend on the nature of your engagement with us.
We may collect sensitive personal information where it is reasonably necessary for our functions or activities. We will generally only collect this information with your consent, unless the collection is required or authorised by law, or another exception applies.
Where practicable, unless otherwise authorised to do so, we will collect personal information directly from you, and you will be informed of the purpose of collection at the time your information is collected, or soon afterwards.
In all circumstances, we will only collect the personal information required to fulfil the relevant purpose or meet our legislative and operational obligations.
4.1 Choosing not to identify yourself
Where practicable, you may choose to remain anonymous when interacting with us, such as when making a general enquiry.
However, in most circumstances, we will require your personal information to enable us to carry out our functions and activities in relation to a matter effectively, for instance to assess your request, investigate the matter, or provide a service.
If you choose not to provide the sufficient personal information, this may limit our ability to respond to your enquiry or provide a service.
4.2 Social media
When you engage with our official accounts on social media, channels such as Facebook, LinkedIn, X, YouTube or Instagram, we may collect limited personal information, such as your username, comments, and any content you choose to share publicly.
We encourage you to avoid sharing sensitive personal information through our social media channels. By interacting with our social media channels, you acknowledge that information you provide may be handled by these platforms according to their terms and privacy policies and is not controlled by LGIRS.
4.3 Indirect collection and third parties
Where reasonable and practicable to do so, unless otherwise authorised, we will collect your personal information directly from you.
However, in some circumstances we may collect personal information about you from publicly available sources, or we may be provided with information about you by third parties. Examples of third parties may include but is not limited to, other government agencies, service providers, or third parties involved in regulatory, compliance or enforcement activities, and you have provided your consent, or the information is required or authorised under the law.
For instance, we may collect information about you from:
- your authorised representative or agent, if you have one;
- registered medical practitioners, or your employer (for example when responding to WorkSafe health monitoring, injury, illness or dangerous incident reporting requirements);
- third parties involved in occupational licensing processes (for example, authorised representatives or agents, business partners or associates, authorised entities, registered training organisations, authorised assessment entities, credit history check providers, third-party endorsers, Nationally Coordinated Criminal History Check (NCCHC) providers, and accountants);
- referees, business partners, associates, or any other person or entity you have authorised, if you apply for a job or contract with us. With your consent, we may also use third-party services to verify your employment, education and identity records; and
- other government agencies, including State, Territory and local government authorities, where information sharing is permitted.
5. Use and disclosure
5.1 Use of your personal information
We will only use your personal information for the purpose for which it was collected, and for related purposes, where permitted which may include but is not limited:
- to provide, manage and deliver the services or transactions you have requested;
- to provide technical support or respond to service-related issues;
- to respond to your enquiries, feedback or complaints about our services or functions;
- to assess your eligibility, verify information, and administer licences, permits or approvals;
- to manage our employment, contractual or business relationship with you;
- to undertake research, analysis and evaluation to improve our services, programs and operations;
- to inform you about relevant programs, initiatives or services that may be of interest to you (you may opt out of receiving these communications at any time);
- to comply with our legal, regulatory and operational obligations, including reporting and auditing requirements;
- where the use or disclosure is otherwise required or authorised by law; and
- for other purposes where you have provided your consent, unless that consent is withdrawn.
5.1.2 Use of personal information to support research activities
We may use your personal information to support research activities aimed at improving our services, programs and service delivery. This may include seeking your feedback through activities such as customer surveys, consultations or other research initiatives.
Where appropriate, we will contact you directly to participate in research. In some cases, we may engage a trusted third-party research provider to conduct research on our behalf.
Where a third-party provider is engaged:
- The provider will only collect, use and handle personal information for the specific research activity authorised by us.
- We will take reasonable steps to ensure that contractual arrangements are in place, including privacy and confidentiality obligations, to protect your personal information.
- The provider will only be given the minimum amount of personal information necessary to conduct the research, typically limited to basic contact details.
Your personal information:
- will only be used to contact you for the relevant research activity;
- will not be used for marketing or any unrelated purposes; and
- will not be disclosed to other parties without your consent, unless required or authorised by law.
Where research findings are reported, the results will be de-identified and presented in a way that does not identify you as an individual.
5.1.3 De-identifying personal information
De-identification refers to the process where we take steps to ensure that you as an individual cannot be identified through the personal information we have collected.
We may de-identify personal information we collect and hold for the purposes such as research, service improvement or reporting.
When we de-identify information for these purposes, or for any other purpose connected with our functions and activities, we will take reasonable steps to protect the
de-identified information from misuse or loss and from unauthorised re-identification, access, modification or disclosure.
5.1.4 Recruitment and employment
We collect and use personal information to establish and maintain records for recruitment and employment purposes. Refer to our recruitment and employment Privacy Collection Notice for more details.
5.2 Disclosure of your personal information
Your personal information may be disclosed in the following circumstances:
- for a purpose related to that for which it was collected or if –
a. you have consented to that disclosure; or
b. you would reasonably expect the personal information would be used for that related purpose;
- if permitted or required by law; and/or
- for other purposes with your consent.
5.2.1 Disclosure of personal information overseas
We do not ordinarily disclose personal information to recipients located outside Australia. However, in some circumstances this may occur where necessary to support our functions or activities, including through the use of cloud‑based or other service providers. While many of these providers store and process information within Australia, some may be located overseas or may process information outside Australia.
Where personal information is disclosed in connection with overseas recipients, we will take reasonable steps to ensure the information will be handled by the recipient in a manner consistent the Information Privacy Principles under the PRIS Act.
5.3 Use or disclosure of personal information for a secondary purpose
There are some limited exceptions or circumstances under the PRIS Act that permit use and disclosure of personal information for a secondary purpose without your consent. This may occur where it is required or authorised by or under law, or where we reasonably believe that the use or disclosure for the secondary purpose is necessary to lessen or prevent a serious threat to the life, health, safety or welfare of an individual or the public.
6. Storage, disposal and security of personal information
We take reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.
6.1 Storage and disposal of your personal information
We store personal information in secure systems and environments that are appropriate to the nature and sensitivity of the information.
We ensure that personal information is:
- accessible to authorised personnel when required for lawful purposes;
- protected in accordance with its classification and level of sensitivity; and
- retained and securely disposed of in accordance with approved records retention and disposal schedules, consistent with the requirements of the State Records Act 2000 (WA).
6.2 Security of your personal information
We undertake a number of security measures to protect your personal information. These measures include, but are not limited to:
- providing training and guidance to personnel to ensure they understand their legal and ethical obligations when handling personal information;
- applicable access controls applied within business systems;
- monitoring and auditing system access and use;
- maintaining secure IT systems, including the use of protective technologies and regular security updates;
- requiring third party service providers and contractors to have appropriate security controls and comply with relevant privacy and security obligations; and
- maintaining physical security measures, including secure premises, controlled access, and secure storage of physical records.
We regularly review and update our security practices to address emerging risks and to ensure continued compliance with applicable standards and obligations.
7. Links to other sites
Our website may contain links to other websites. While we aim to link to reputable sources, we are not responsible for the privacy practices of external sites, which may have different privacy policies.
We take reasonable care when including links, but we do not have direct control over the content of other websites or any changes that may occur over time. We encourage you to view the privacy policies of those external websites and make your own assessment about the accuracy, currency, reliability and correctness of the information they contain.
8. Privacy Complaints
If you think we have not handled your personal information correctly and that has interfered with your privacy, you can make a complaint. Our Privacy Complaint Handling Procedure explains how to lodge a complaint, how we will assess and investigate it, and what you can expect during the process.
How to make a complaint
You can:
- complete our Privacy Complaint Form; or
- contact our PRIS Consultant (see “Contacting us”).
You can also make a complaint on behalf of someone else if you are authorised to do so.
Anonymous complaints
You can make a complaint anonymously. However, if you do not provide your identity or contact details, we may not be able to fully investigate your complaint, and we will not be able to provide you with a response. In some cases, we may decide not to investigate the complaint further.
If you are not satisfied
You should raise your complaint with us, however you can then lodge your complaint with the Office of the Information Commissioner (OIC) if:
- you are not satisfied with our response; or
- you have not received a response within a reasonable timeframe.
The OIC can only investigate privacy complaints about acts or practices that took place on or after 1 July 2026.
9. Accessing or correcting your personal information
There are multiple ways you can seek correction of the personal information we hold about you.
In some cases, you can update or correct your information quickly and easily without making a formal request. For example, when you contact us or use our online services and when your identity can be readily verified, you may be able to update details such as your contact information. These types of simple updates are handled as part of our normal business processes.
In most other situations, a formal request will be required. In these circumstances, you can request access to or correction of your personal information under the Freedom of Information Act 1992 (FOI Act) or the PRIS Act.
You can make a request by submitting a Freedom of Information application. Alternatively, you can submit a request to our PRIS Consultant (see “Contacting us”). There is no application fee for these requests.
10. Contacting us
We welcome your privacy requests, complaints and feedback about the way we handle your personal information. Enquiries or concerns can be emailed to pris@lgirs.wa.gov.au.
You may also write to:
PRIS Consultant
Department of Local Government, Industry Regulation and Safety
Locked Bag 14
Cloisters Square WA 6850
11. Privacy Policy updates
Revised versions of our Privacy Policy will be posted here.
This Privacy Policy is effective as at July 2026.
12. Privacy Forms
LGIRS privacy complaint handling procedure