If you wish to complain about a CTP Insurer’s privacy policy or how they handle your personal information you can contact the CTP Insurer directly following the instructions within their privacy policy.

If you are not satisfied with how the CTP Insurer handled your complaint, you can contact the CTP Regulator for information about steps you can take.

If you make a complaint to the CTP Insurer about their privacy policy and the use of your personal information, and do not receive a response within 30 days, or are not satisfied with the response, you can lodge a complaint with the Australian Privacy Commissioner as explained on our Feedback and Complaints page.

The Commonwealth Privacy Commissioner is the appropriate person to investigate complaints about any breaches of the Commonwealth Privacy Act 1988 and the Australian Privacy Principles.

The CTP Regulator’s role

The Regulator’s role is to monitor CTP Insurer performance against state based legislation and the CTP Insurer’s contracts with the State. The Regulator’s role does not include regulating and monitoring behaviour against Commonwealth privacy laws, including the Australian Privacy Principles.

Response to breaches of privacy under the Regulator Rules

CTP Insurers are required to immediately inform the Regulator of any actual or suspected unauthorised access, use, disclosure or loss of personal information.

The Regulator reviews the details of the situation and determines if there has been a breach of contractual obligations about managing personal information.

If the Regulator determines a privacy breach has occurred, depending on the circumstances and severity, it may impose a financial sanction on the CTP Insurer.