We are the National Blood Authority, a statutory agency established by the National Blood Authority Act 2003(Opens in a new tab/window) (Cth).

We are also governed by the:

Learn more about us.

Our privacy policy: summary

The NBA is required to comply with the Privacy Act 1998(Opens in a new tab/window) (Cth) (Privacy Act). This governs how we treat personal information.

In particular, we comply with the Australian Privacy Principles (APP)(Opens in a new tab/window) in the Privacy Act. These principles require us to have a clear, up-to-date policy on how we manage personal information.

Our privacy policy covers:

  • who we are
  • who needs to read our policy
  • the kinds of personal information we collect and store
  • how we collect this information
  • how our website collects personal information
  • how we store this information
  • why we collect this information
  • how we use this information
  • the situations in which we will disclose this information
  • how to access your information
  • how to ask us to correct your information
  • how to complain about a privacy breach
  • how to contact us for anything that relates to privacy.

Read the policy in full on this page, or download it to read offline.

Privacy Impact Assessment register

Under the Privacy (Australian Government Agencies – Governance) APP Code 2017(Opens in a new tab/window) (Cth), we must conduct a Privacy Impact Assessment for all high-privacy risk projects.

To comply, we maintain a register of the Privacy Impact Assessments we have completed since 1 July 2018. We last updated this register in October 2023.

Reference number


Date of completionTitle
D22/22112November 2022Privacy Impact Assessment for Microsoft 365 and Azure implementation (pdf)

Our privacy policy: full text

About the NBA

The NBA operates as an Australian Government agency within the Commonwealth legislative framework. The NBA is accountable to the Minister for Health for the performance of the agency and in particular compliance with the Australian Government’s policies and regulations. In addition to the National Blood Authority Act 2003 (Cth) (NBA Act), the operations of the NBA are governed by the Public Governance, Performance and Accountability Act 2013 and the Public Service Act 1999 (Cth). For more information about the NBA you can visit: www.blood.gov.au(Opens in a new tab/window).

The NBA is required to comply with the Australian Privacy Principles (APP) contained within the Privacy Act. This includes APP 1, which imposes 3 separate obligations upon the NBA. In particular, it requires the NBA to have a clearly expressed and up-to-date APP Privacy Policy about how the entity manages personal information and to take reasonable steps to make that privacy policy available free of charge in an appropriate form and, upon request, in a particular form. The purpose of this document is to set out how the NBA manages personal information. Each category of personal information handled by the NBA is set out below.

Who this privacy policy applies to

You should read this privacy policy if you are:

  • an employee or ex-employee or independent contractor working for the NBA
  • a person seeking employment with the NBA
  • an individual whose personal information is held or provided to the NBA
  • a contractor, consultant or supplier of goods or services provided to the NBA
  • a member of a committee, board or working group administered by the NBA.

Types of personal information we collect and hold

The NBA collects and holds personal information and sensitive personal information. Sensitive personal information includes health information; racial or ethnic origin; political opinions; membership of a political association; religious beliefs or associations; philosophical beliefs; sexual orientation; genetic information; biometric information; biometric templates. We will limit the collection of sensitive information to the minimum amount required to perform our functions or activities. A more detailed list of the categories of information that the NBA maintains which contain personal information is included below:

  • Personnel records
  • Work health and safety database
  • Contractor and consultancy details
  • Committee and Board details
  • Grants information
  • Mailing lists
  • Public consultation
  • Freedom of Information requests
  • Legal Branch files and advising
  • Representations to the agency and minister
  • Security clearance records
  • Stakeholder, supplier and approved healthcare provider information
  • Approved recipients of blood products travelling overseas
  • Blood and blood products order and receipt data (BloodNet)
  • Clotting factor use data (Australian Bleeding Disorder Registry (ABDR), MyABDR)
  • Immunoglobulin usage data (BloodSTAR).

How we collect your personal information

Where possible, the NBA will collect your personal information directly from you. This may be via a form completed by you or with your clinician for input into an NBA Blood Sector Information System (such as ABDR), on the telephone (for example, if you contact the NBA Information and Communications Technology (ICT) Support Line for advice about a user account), or online (for example, if you choose to sign up to a mailing list operated by the NBA via our website).

We also obtain personal information from third parties, such as referees if you are seeking employment with us and health professionals who place orders for a blood product directly for you. If we collect personal information about you, we will take reasonable steps to inform you of that collection, including whether it will involve a third party, the reasons for collection and what usual uses and disclosures may occur. Where sensitive personal information is concerned, we will also seek your express consent for that collection unless a legal exception under the Privacy Act applies.

How our website collects your personal information

The NBA uses a 'cookie' for maintaining contact with a user through a website session. A cookie is a small file supplied by the NBA and stored by the web browser software on your computer when you access the NBA site. The cookie allows the NBA to recognise you as an individual as you move from one page to another.

The cookie used by the NBA will be immediately lost when you end your internet session and shut down your computer. Our copy of your information will be automatically deleted twenty minutes after you last used the system. This information is only used to help you use our website systems more efficiently, not to track your movements through the internet, or to record private information about you.

Any system on this website that records information about you will specifically ask your permission first.

The NBA makes a record of your visit and logs the following information for statistical purposes:

  • the user's server address
  • the user's top-level domain name
  • the date and time of access to the site
  • pages accessed and documents downloaded
  • the previous site visited.

This information is analysed to show broken links in our website, bottlenecks, and other site problems. We use this information to redesign for efficiency of use.

No attempt will be made to identify anonymous users or their browsing activities unless legally compelled to do so, such as in the event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider's log files.

How we store your personal information

The NBA is concerned with protecting personal information it collects. We will take all reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Your personal information will only be stored on a password-protected ICT system, which complies with the Australian Government Protective Security Policy Framework and the Australian Signals Directorate’s Information Security Manual. This includes ensuring that information we store is only accessed by authorised officers that require access to undertake their official functions and roles and safeguarding the accuracy and completeness of information provided to us.

The NBA holds the information it collects on digital systems and where appropriate, in paper format. The NBA has an electronic document and record management system that complies with government and legislation and standards.

The NBA holds its personal information on a cloud-based system and on premises. Where cloud services are used, the service will have been subject to an NBA risk assessment and be compliant with the privacy and security standards required by the NBA in protecting personal information.

Sensitive personal information will have very restricted access placed on it and will be managed under strict governance requirements, which will vary depending on the nature of the information.

Why we collect personal information and how we use it

The key role of the NBA is to:

  • provide an adequate, safe, secure and affordable supply of blood products, blood-related products and blood-related services, and
  • promote safe, high-quality management and use of blood products, blood-related products and blood-related services in Australia.

Section 8 of the NBA Act sets out the various functions of the NBA. Several of the agreed roles of the NBA require the NBA to liaise with and continuously gather blood sector data in order to:

  • monitor the demand for blood and blood products
  • undertake annual supply and production planning and budgeting
  • undertake or facilitate national information management, benchmarking and cost and performance evaluation for the national blood supply.

At times the NBA needs to collect and use personal information to undertake our functions and activities. For example, we may need to use information so we can create demand models in order to estimate demand for particular products over time. Such estimates are critical for contract negotiations with product suppliers and for Government budget planning purposes. We will only collect your personal information where it is reasonably necessary for, or directly related to, one or more of our functions or activities (‚Äòpurpose test’). Where sensitive personal information is concerned we will only collect that information where you consent to that collection and the purpose test is satisfied or where a legal exception under the Privacy Act arises.

If we collect personal information for a specific purpose, then we will only use it for that purpose. The exception to this is where you consent or you would reasonably expect us to use the information for that purpose and it relates to the primary purpose of collection. For example, if you order a publication from us, then we may contact you if our contact details change so you can re-order that publication in the future.

When we will disclose your personal information

The NBA will notify you at the point of collection or as soon as practicable afterwards about disclosures that apply to particular collections of personal information so you have a reasonable expectation of what disclosures may occur for that collection.

Since the NBA is a national body that represents the interests of all governments in Australia, there may be a need at times to communicate personal information to State or Territory representatives on a limited basis in order to make decisions and get input directly related to our functions and activities. However, in general, the NBA will not share personal information about you with any other party without your permission.

Exceptions to this general rule arise where we are required or authorised by law to make a disclosure, where it will lessen or prevent a serious and imminent threat to someone’s life or health or where another limited exception may apply under the Privacy Act. The NBA will not usually disclose personal information overseas.

How to access and correct your personal information

You have a right to request access to personal information that the NBA holds about you and to request its correction under the Privacy Act. Access and correction requirements in the Privacy Act operate alongside and do not replace other informal or legal procedures by which you can be provided with access to, or correction of, your personal information, including the Freedom of Information Act 1982 (Cth).

Your rights to access your personal information are not absolute. Please note that we are not required to grant access in certain circumstances such as where access would have an unreasonable impact on the privacy of other individuals. If we refuse to grant you access to your personal information, we will provide you with reasons for that decision and the avenues available for you to complain about the refusal.

How to complain about a privacy breach

If you wish to make a complaint about an apparent breach of your privacy by the NBA, you should, in the first instance set out your complaint in writing to the NBA Privacy Officer on the details indicated below. The NBA will respond in writing within 30 days of receiving your complaint. If you are dissatisfied with the response you receive you can contact the Office of the Australian Information Commissioner (OAIC). Further information about making privacy complaints through the OAIC can be found by visiting https://www.oaic.gov.au/privacy/privacy-complaints(Opens in a new tab/window).

Get in touch

You can contact the NBA using the details indicated below to request access or correction of your personal information, to make a complaint or for any other privacy queries:

Phone: 02 6151 5000 (general enquiries number)

Email: privacy@blood.gov.au


Privacy Officer
National Blood Authority
Locked Bag 8430

Last updated: 27 Mar 2024

Back to top