Privacy Policy

Australian Computer Society (ACS) trading as Institute of Analytics Professionals of Australia (IAPA).

ACS Privacy Policy

This Privacy Policy is based on the Australian Privacy Principles contained in Schedule 1 in the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which amends the Privacy Act 1988.

Protecting personal information is important to ACS and personal information will be held in strictest confidence.

Personal information will only be used for the purposes it was collected or in the way that the provider has given ACS permission to use it.


Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  a) whether the information or opinion is true or not; and

  b) whether the information or opinion is recorded in a material form or not.

We generally ask for all or some of the following types of personal information:

  • Title, name, address and contact details
  • Gender
  • Date of birth

(NB some of the information asked for is optional).

Depending on the service you select we may also ask for other types of personal information such as:

  • Employment information
  • Educational qualifications
  • Academic transcripts
  • Current course of study in ICT at an Australian institute or RTO
  • Passport details
  • Birth certificate

Credit card information is collected by ACS but is processed using a secure gateway therefore this information is not held.

ACS does not collect sensitive information as such, noting however that membership to ACS as a Professional Association is in itself sensitive information.


ACS collects personal information for the purposes of:

  a) providing members with a comprehensive range of membership products and services and with valuable information regarding relevant products and services from ACS and appropriate ACS contracted third parties;

  b) performing its role as a ‘Skills Assessment for Migration’ agency;

  c) providing professional development events (courses, conferences, seminars, workshops etc) for members and the general public;

  d) conducting the ACS Professional Year Program in ICT;

  e) seeking a better understanding of member needs in order to continually develop relevant membership products and services; and

  f) meeting its legal obligations.

When collecting personal information by whichever means, ACS will ensure that appropriate notices are given and consents obtained in accordance with the Australian Privacy Principles. Most information is collected directly from the individual. ACS may also obtain some personal information from third party sources. In such cases ACS will require a warranty from the third party that the information has been collected in accordance with Australian Privacy Principle, including notification that the information may be disclosed to organisations such as ACS.


The personal information we require to deliver our products and services is usually collected directly from you:

  • using written forms
  • via the internet including websites and social media
  • via email
  • via telephone
  • via face-to-face contact (eg at forums, trade shows and events)
  • through security surveillance cameras (installed in some ACS offices)

We also collect personal information from third parties eg migration agents acting on your behalf.

We may keep unsolicited personal information (personal information we receive that we have taken no active steps to collect) if the information is reasonably necessary for one or more of our functions or activities.

Our website uses cookies to provide a number of services to you and to us, such as data on user access on webpages. Cookies in use may identify individuals who log into our website. You can reject cookies but doing so may limit your functionality and user experience within our site.

Note: Cookies provide information which is not classified as personal information.


Our website uses a range of data analytics platforms for marketing intelligence purposes. These do not identify individual users or associate member and customer IP addresses with any other data held by those platforms. The type of information that is collected includes:

  • type of device being used to access the website
  • country where user is located
  • time on a page
  • bounce rate - the number of users that enter and leave the same page (expressed as a percentage).
  • channel
  • other metrics as required


Personal information provided to ACS will not be disclosed to other organisations or individuals without the provider's permission or when obliged to provide such information by lawful authority.

ACS may disclose personal information for secondary purposes that are related to the primary collection purpose but only in situations where it is reasonable to expect such information to be disclosed. Typically this would be for internal business practices (auditing, product development etc).

ACS is represented on a number of international bodies (including IFIP, SEARCC and IP3) and is a signatory to the Seoul Accord. It does not disclose any personal information to these bodies other than that of the ACS’s appointed representatives.

ACS is a Registered Training Organisation (RTO) within the Australian Skills Quality Authority (ASQA) framework and as such is required to comply with the National VET Provider Collection Data Requirements Policy. This includes providing reports which reveal personal information. This information is presented in aggregated form and used by VET regulators to better support the VET sector and will not identify individuals.

ACS is obligated by statute (Associations Incorporation Act 1991) to make available for inspection by the members of ACS the Prescribed Information in its Register of members. Prescribed Information includes the name and address of each member.

Marketing ACS products and services is important for us to fulfil our role. We use a number of direct marketing strategies and channels including email, mail, SMS, social media and telephone.

ACS will from time to time enter into contractual agreements with other organisations to provide services/benefits to ACS members. On occasion, personal information on ACS members will be released to those contracted third parties for the purposes that the contract was entered into. Our contracted third parties may use similar marketing strategies and channels as ACS. Members have an Opt In option on ACS' website to grant consent to receive such third party communications. Also, ACS will be expanding its options for members to choose which third party communications they would like to receive and the frequency. Non-members can use the unsubscribe option available on marketing communications.

Likewise, members and others who have registered for an ACS event have an Opt In option to receive SMS communications (typically reminders for events).

ACS will never sell, trade, lease or rent any personally identifiable information to other organisations except as stated and agreed when collecting information from members or other persons.
ACS reserves the right to communicate with members about the substantive affairs of the organisation.


Securing and protecting data is an issue that ACS takes very seriously. We have implemented technology and security processes to protect the personal information that we collect and we take all reasonable steps to protect it. Our websites have electronic security systems in place, including the use of firewalls and data encryption. User identifiers and passwords are also used to control access to your personal information.


  • data is encrypted at rest in all our systems
  • data is encrypted in transit
  • audit records track access to data stored in the cloud
  • two-factor authentication is required for member and customer data access
  • access is restricted to only those members of staff who require access for their role
  • strict policies govern how and when member and customer data is accessed and under what circumstances

ACS member and customer data is held in the Cloud by a number of providers. Our CRM provider stores data outside of Australia, so potentially Privacy Principle 8 (cross-border disclosure of personal information) applies. However, the ACS maintains effective control of what, where and when its data is disclosed and to whom, as this provider is a ‘user’ not a ‘discloser’. This, in combination with technical controls mentioned above, means that the requirements of Privacy Principle 8 do not apply. This does not lessen our vigilance on privacy. (Note that our CRM provider has been certified by the Australian Signals Directorate through their ASD Certified Cloud Services program).

ACS' agreements with our cloud providers address compliance with Australian Privacy Laws and any amendments to those laws. We are confident that the providers will maintain administrative, technical, and physical safeguards to help protect the security, confidentiality and integrity of member and customer data consistent with applicable requirements of Australian Privacy Laws.

ACS limits physical access to its offices. We maintain all personal information, including membership and 'in-house’ mailing lists, subscriber details and web server logs, in controlled environments that are secured against unauthorised access. Proof of identity is required before information is released to any person, including a member.

ACS servers are located in an ISO 27001 (Information Security Management System) certified facility.


Every effort is made to ensure that personal information held is current, accurate and complete. In particular, members can access, and are expected to update as necessary, their contact details and professional development activities through the ACS website.

ACS acknowledges that ICT professionals may suspend and reactivate their ACS membership as they move through experiences and employment and ACS will retain personal information for reasonable periods to assist in this process. Additionally, ACS acknowledges the merit in keeping metrics on the assessment of ICT skills and will also retain personal information on skills assessment applicants for reasonable periods. Outside of reasonable retention, we will destroy or permanently de-identify personal information. We will also do the same on lawful request.


Any individual has the right to seek access to personal information we hold on them.
Members can readily access and amend as necessary their own personal information by visiting MyACS on the ACS website.

Non-members can access the personal information we hold on them by contacting the ACS Privacy Officer (details above), either in writing or by email. The person seeking access will be asked to verify their identity before the information is released.


Contracts with all service providers/consultants whose service involves access to personal information must be subject to contract terms that are compliant with the ACS Privacy Policy and Office of the Australian Information Commissioner guidelines and rules that are legally binding. Where necessary, formal Non Disclosure Agreements are in place. Also, third parties such as mailing houses, which receive personal information in order to provide a service for ACS, are required to sign an undertaking that the information will only be used for the purpose for which the information was provided.


Complaints concerning the collection, disclosure or handling of your Personal Information by ACS should be addressed to the ACS Privacy Officer (details above). Any complaint should include the date, time and circumstances of the matter, how you believe your privacy has been invaded and how you would like your complaint resolved.

The Privacy Officer will attempt to resolve the complaint within 5 business days but this timeframe may be extended if further information is required from the complainant and/or an involved third-party. In managing the complaint, the Privacy Officer will follow principles of procedural fairness.

If the complaint is not resolved to your satisfaction you can refer it to the Office of the Australian Information Commissioner. Such complaints generally are resolved through conciliation.


Terms and Conditions

Welcome to our website. If you continue to browse and use this website, you are agreeing to comply with and be bound by the following terms and conditions of use, which together with our privacy policy govern IAPA's relationship with you in relation to this website. If you disagree with any part of these terms and conditions, please do not use our website.

The term 'IAPA' or 'us' or 'we' refers to the owner of the website. The term 'you' refers to the user or viewer of our website.

The use of this website is subject to the following terms of use:

  1. The content of the pages of this website is for your general information and use only. It is subject to change without notice. While we do our utmost to ensure the accuracy of all information presented here, we will not be held responsible for any inaccuracies.
  2. This website uses cookies to monitor browsing preferences. If you do allow cookies to be used, these cookies will be used to customise content based on your account preferences.
  3. Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
  4. Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.
  5. This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
  6. All trademarks that are not held by IAPA are recognised as being owned by their respective owners.
  7. By publishing content on this site (either through syndication or directly) you grant IAPA a non-transferable license to reproduce said material within IAPA publications.
  8. Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.
  9. This website may also include links to other websites and content from non-IAPA-affiliated organisations. These links and related information are provided for your convenience to provide further information. They do not signify that we endorse the website(s) or organisation(s). We take no responsibility for the content of the linked website(s) or content published by non-IAPA organisations.
  10. IAPA Blog and Group Guidelines for Users:
  11. You are personally responsible for the content you publish on-line, whether in a blog or comment thread. Be mindful that what you publish will be public for a long time - protect your privacy and take care to understand the implications.
  12. Identify yourself - name and, when relevant, your employer - when you discuss specific employer-related matters. You must make it clear that you are speaking for yourself and not on behalf of your employer (unless you have approval from your employer).
  13. If you publish content online relevant to your employer in your personal capacity use a disclaimer such as this: "The postings on this site are my own and don't necessarily represent your employer's positions, strategies or opinions."
  14. Respect copyright, fair use, libel and financial disclosure laws.
  15. Don't provide confidential or other proprietary information or other sensitive matters publicly.
  16. Don't cite or reference clients, partners or suppliers without their approval. When you do make a reference, link back to the source. Don't publish anything that might allow inferences to be drawn which could embarrass or damage another party.
  17. Respect your audience. Don't use ethnic slurs, personal insults, obscenity, or engage in any conduct that would not be acceptable in a typical workplace. You should also show proper consideration for others' privacy and for topics that may be considered objectionable or inflammatory - such as politics and religion.
  18. Respect all IAPA members - individuals, corporates, vendors and consultants. Be objective and don't engage in inflammatory vendor-specific discussion particularly around specific functionality (go to vendor websites and forums instead)
  19. Don't pick fights, be the first to correct your own mistakes.
  20. Try to add value. Provide worthwhile information and perspective.
  21. Your use of this website and any dispute arising out of such use of the website is subject to the laws of Australia.

Notification Statement

IAPA collects and uses your personal information in a number of ways. You authorise IAPA to collect your personal information whenever you provide your information by completing an enquiry, application to join or download a document. IAPA shall then use the personal information that you provide in order to communicate with you. We shall communicate with you either by mail, phone or electronically. We do this in order to keep you up to date with changes within the industry, invite you to industry events, provide you with general information by way of marketing communications, advise of changes to our member services and any related activities.