Skip to main content
Go to search page


What is this privacy policy?

This policy applies to personal information collected by the Murray–Darling Basin Authority (the MDBA).

The MDBA is bound by the Australian Privacy Principles (the APPs) in the Privacy Act 1988 (Cth) which set out how we should collect, use, secure, or disclose personal information and how you can access records containing your personal information. We also follow the APP guidelines issued by the Office of the Australian Information Commissioner (OAIC).

The MDBA uses a multi-layered privacy notice format in line with the OAIC guidelines. This is a condensed version of our Privacy Policy and gives you an overview of how we handle your personal information. See our Complete Privacy Policy for more detailed information on each part of this policy.

This condensed Privacy Policy was last updated in December 2015. 

Visiting our website and social media accounts

Visiting our website

We do not collect identifiable personal information about you if you only browse our website to read or download information.

If you send a message to us through our contact us page, or subscribe to one of our publications or request one of our services, we only record or use the personal information you provide to us to respond to you or provide you with the requested service.

Your email address will not be added to a mailing list or used for any other purpose. If we wish to use your email address for another purpose we will seek your prior consent by way of a specific request in writing to you.

When you visit our website to read or download information, we may record through our web server log files or Google Analytics statistical information such as your server address, pages you access or download, search terms you used.

This data helps us manage our website efficiently and securely and no attempt is made to identify you or your browsing activities, except in the unlikely event of a criminal investigation authorised by law.


Cookies are pieces of information that a website can transfer to your web browser. Parts of our website may store cookies on your browser in order to service you better when you next visit the site. You can change your web browser's settings to reject cookies.

Links to external web sites

The MDBA's website contains links to other web sites. The MDBA is not responsible for the content or the privacy practices of other external web sites.

Visiting our social media accounts

When using Facebook, Twitter or YouTube, the information posted on these pages is used only to administer the pages and to consider and respond to any comments you make.

Kinds of personal information collected and held by the MDBA

The main kinds of personal information we collect and hold relate to:

  • personnel, payroll, and recruitment, Fringe Benefits Tax return, worker's compensation returns
  • program records
  • procurement and contracts, including tenders
  • contact and mailing lists
  • requests for publications
  • Freedom of Information requests and responses
  • access to ICT equipment and security passes.

How personal information is collected and held by the MDBA


The MDBA collects personal information only where it is reasonably necessary for, or directly related to, the MDBA's functions or activities, or if collecting sensitive information, if the person concerned expressly consents to the collection.

We only collect personal information directly from the person concerned, unless this is unreasonable or impracticable, and we only collect it by lawful and fair means.

When we receive personal information that we did not ask for we deal with it as if we had requested it.

Dealing with us anonymously or using a pseudonym

You have the option of dealing with us without revealing your identify. You may remain anonymous or use a pseudonym, unless we are required or authorised by law to deal only with an identified person, or it is impracticable for us to respond to you if you have not identified yourself, eg. to deliver a publication to you, or provide you with feedback.

Storage and security

The MDBA uses a range of physical and electronic systems to store the personal information and takes all reasonable steps to secure the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

These measures include, but are not limited to, restricted physical access to our offices; secure cupboards and storage containers for paper records; secure computer systems and networks for electronic records; controlled access to databases by authorisation, training and passwords; workplace policies; and regular review and testing of our physical and electronic systems.

Personal information is stored in paper and electronic form. Paper records are held in secure cabinets with restricted access. Our electronic records are stored in secured computer servers or networks with restricted access.

Records containing personal information are kept or disposed of in accordance with the section 24 of the Archives Act 1983 (Cth). No personal information is stored overseas.

The purposes for which the MDBA collects, holds, uses and discloses personal information

The MDBA only collects, holds, uses or discloses personal information for purposes which are reasonably necessary for, or directly related to, one of our functions or activities. The MDBA is not likely to disclose personal information to overseas recipients.

The purposes for which the MDBA might collect personal information include:

  • for the management of our employees, contractors and service providers
  • to engage with and educate stakeholders and the Basin community in the planning, management and use of the Basin's resources
  • to implement the Murray–Darling Basin Plan, including public consultation, water resource planning and water trading rules
  • to construct and operate River Murray assets such as dams and weirs
  • for environmental water planning and delivery
  • and for river and ecosystem health.

How you can access or seek correction of your personal information held by the MDBA

You have the right to see what information we hold about you and to request that it be corrected if it is inaccurate, out-of-date, incomplete, irrelevant or misleading, having regard to the purpose for which it is held.

There is no charge for making a request for either access to, or correction of, your own personal information.

You also have access and correction rights under the Freedom of Information Act 1982 (Cth).

How you can complain if we breach the Australian Privacy Principles, and how the complaint will be handled

If you have any concerns about the way we handle your personal information and wish to make a complaint, please contact the Privacy Contact Officer by mail, phone, fax or phone (contact details provided at the end of this policy statement).

The MDBA is committed to the consistent, fair and confidential handling of a complaint. We are also committed to resolving complaints as quickly as possible, generally within 20 working days. You can also expect us to acknowledge your complaint and to keep you advised of progress.

If you are not satisfied with our response, you may request us to reconsider it. You may also make your complaint directly to the Office of the Australian Information Commissioner. However, in most cases the Office of the Australian Information Commissioner will refer you to us to make the complaint in the first place.

How to contact us

Privacy Contact Officer
Murray–Darling Basin Authority
GPO Box 1801


Phone: (02) 6279 0100 and ask for the Privacy Contact Officer

You have the option to contact us without identifying yourself or of using a pseudonym.