1. Introduction
The Insurance Commission of Western Australia (the Insurance Commission) is a statutory authority and Government Trading Enterprise owned by the State Government. It is responsible for delivering sustainable insurance and risk management services that safeguard the interests of the State and the people of Western Australia.
The Insurance Commission administers the Compulsory Third Party motor injury insurance scheme, ensuring fair and timely compensation for those injured in motor vehicle crashes. It also manages the RiskCover Fund, providing self-insurance for government agencies to safeguard public assets, employees, and services.
Through prudent investment and sound governance, the Insurance Commission supports the State’s financial resilience and advises government on insurance and risk policy to promote community confidence and long-term sustainability.
2. Purpose
The Insurance Commission takes its privacy obligations seriously and is committed to meeting the highest standards when collecting and handling personal information. This Privacy Policy outlines how the Insurance Commission collects and handles personal information responsibly and transparently in accordance with the Privacy and Responsible Information Sharing Act 2024 (the PRIS Act) and its prescribed 11 Information Privacy Principles (IPPs).
This Policy:
- outlines what kind of personal and sensitive personal information the Insurance Commission collects, why it is collected, and how it is handled;
- explains the circumstances in which personal information may be shared with WA Government agencies or other authorised entities including contracted service providers (CSPs);
- outlines individuals’ privacy rights, including their right to access and correct their personal information, and how to make a privacy complaint; and
- covers all personal information collected and handled by the Insurance Commission, whether it relates to members of the public, WA Government agencies, Insurance Commission employees, contractors, or individuals applying for employment.
3. Scope
This Policy applies to all individuals and organisations that work for or on behalf of the Insurance Commission, including employees, CSPs and the Insurance Commission’s Board of Commissioners. It covers all personal information collected and handled by the Insurance Commission in delivering its services and meeting legal obligations, including information shared by claimants, insured parties and CSPs.
4. What Is Personal Information and Sensitive Personal Information?
Personal information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable.
Sensitive personal information means personal information that relates to, for example, an individual’s racial or ethnic origin, religious beliefs, sexual orientation, gender identity, or health information.
The types of personal information the Insurance Commission collects depend on the circumstances and may include the following:
- name, address, and contact details;
- date of birth and identification details;
- bank account and payment information;
- employment details; and
- health information required in managing insurance claims.
5. Legal Basis
The Insurance Commission collects and handles personal information in the course of performing its statutory functions and legal obligations under the Insurance Commission of Western Australia Act 1986, which include assessing and managing insurance claims, administering government insurance schemes, and promoting best practices in recovery and rehabilitation.
6. Collection of Personal Information
The Insurance Commission collects personal information directly from individuals and from various sources such as government agencies, CSPs, and other third parties. This enables the Insurance Commission to perform its functions and deliver its services effectively. It does so in strict compliance with the PRIS Act, which sets clear standards for the responsible, secure, and transparent collection and handling of personal information across the WA public sector.
Personal information is collected via a range of mechanisms including face to face interactions, online and paper-based forms, and on-line applications (such as the Online Crash Reporting Facility). The Insurance Commission will notify an individual at or before the time their personal information is collected, or as soon as practicable afterwards, about the purposes for which the information is collected, how it may be used, and their rights in relation to it, in accordance with the IPPs.
The Insurance Commission also collects personal information through closed‑circuit television (CCTV) systems for safety, security, and asset protection purposes. CCTV footage is immediately destroyed when it is no longer required.
The information collected may be used for various purposes including:
- identity verification;
- meeting legal, regulatory, and reporting obligations.
- managing employment-related matters such as recruitment, onboarding, performance management, payroll, and superannuation;
- processing and assessing insurance claims;
- conducting research, analysis, and policy development; and
When an individual visits, browses, or interacts with the Insurance Commission’s website, the following technical and usage information may be collected:
- browser type and operating system;
- number of visitors, pages viewed, and navigation paths;
- date, time, and duration of visits;
- referring website addresses; and
- Internet Protocol address.
The above information may be collected for statistical analysis, reporting, system maintenance, and continuous improvement of the Insurance Commission’s online services.
The Insurance Commission’s website may also use cookies and analytics tools to enhance user experience. These tools do not personally identify users unless personal information is voluntarily provided.
Personal information collected by the Insurance Commission will not be disclosed to third parties without the individual’s consent unless the disclosure is required or authorised by law.
7. Storage and Information Security
The Insurance Commission implements robust administrative, technical, and physical safeguards to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.
The Insurance Commission’s practices align with the Privacy and Responsible Information Sharing Act 2024 (WA), the State Records Act 2000 (WA) and the Western Australian Government Cyber Security Policy (2024).
The Insurance Commission does not store personal information outside of Australia.
All CSPs and third parties handling personal information on behalf of the Insurance Commission must comply with the following security requirements:
- demonstrate compliance with relevant security standards;
- undergo due diligence and risk assessments;
- implement contractual obligations for data protection; and
- participate in regular audits and reviews.
The Insurance Commission has established procedures to detect, respond to, and recover from information security incidents. In the event of a serious information breach, the Insurance Commission will notify affected individuals and the WA Information Commissioner in accordance with the PRIS Act’s mandatory information breach notification scheme (effective 1 January 2027).
8. Information Sharing and Disclosure
In accordance with the PRIS Act and the applicable IPPs, the Insurance Commission may disclose personal information where necessary to perform its statutory functions, support service delivery or comply with legal obligations.
Personal information may be shared with a broader range of authorised entities, including but not limited to:
- WA government agencies and Ministerial Offices (such as the Department of Health, Road Safety Commission and Department of Transport) where the disclosure supports service delivery, policy development, public safety outcomes or Ministerial inquiries;
- health care providers and medical professionals, including treating practitioners, independent medical examiners, allied health providers, hospitals, and rehabilitation specialists, where information is required to verify, assess, or manage medical aspects of an insurance claim;
- investigators, including internal and external investigation specialists, to support claim verification, fraud prevention, compliance activities, or other lawful investigative functions;
- CSPs including to verify or clarify medical information relevant to a claim;
- Actuaries, auditors and reinsurers for compliance, financial reporting, actuarial analysis and reinsurance related purposes;
- legal representatives, where necessary to manage or defend legal proceedings on behalf of the Insurance Commission;
- employee related matters, including:
- external service providers contracted to assist with the selection, placement and onboarding process of successful employment candidates, including conduct of criminal history and referee checks; and
- the Australia Tax Office and Superannuation Funds for tax and superannuation purposes; and
- law enforcement, regulators or oversight bodies when required or authorised by law, such as the WA Office of the Information Commissioner when dealing with privacy complaints.
All disclosures are made in a manner that upholds the privacy and confidentiality of personal information, consistent with the obligations under the PRIS Act.
9. Data Retention and Disposal
Personal information is retained only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Records are managed in accordance with the State Records Act 2000 and approved retention and disposal schedules. Personal information that is no longer required is securely destroyed or de-identified.
10. De-Identification and Research
Where appropriate, the Insurance Commission may de-identify personal information for research, policy development, or service improvement. De-identification ensures that individuals cannot be reasonably re-identified, and once de-identified, the information is no longer considered personal information under the PRIS Act.
11. Anonymity and Pseudonymity
Where lawful and practicable, individuals will be provided with the option to interact with the Insurance Commission anonymously or by using a pseudonym. This may apply in circumstances such as:
- obtaining general information or making non-specific enquiries;
- where the interaction does not require personal information; or
- reporting suspected fraud or health and safety concerns.
In most cases, the Insurance Commission requires identification to deliver statutory functions including:
- assessing and managing insurance claims;
- meeting legislative and regulatory obligations; and
- preventing fraud and maintaining scheme integrity.
When anonymity or pseudonymity is not possible, the reason for requiring identification will be communicated at the point of collection.
12. Access to and Correction of Your Personal Information
Individuals have the right to request access to personal information held about them and to request corrections if the information is inaccurate, incomplete, or misleading.
Requests for access to or correction of personal information should be directed to:
The Privacy Officer
Insurance Commission of Western Australia
Phone: 9264 3333. Ask to speak to the Privacy Officer.
Email: privacy@icwa.wa.gov.au
Postal Address: Mia Yellagonga Tower 2, Level 15, 5 Spring Street Perth WA 6000
13. Privacy Complaints
If an individual is not satisfied with how their personal information has been collected, used, or disclosed, they may make a formal complaint to the Privacy Officer.
Privacy complaints should be directed to:
The Privacy Officer
Insurance Commission of Western Australia
Email: privacy@icwa.wa.gov.au
Postal Address: Mia Yellagonga Tower 2, Level 15, 5 Spring Street Perth WA 6000
Phone: 9264 3333. Ask to speak to the Privacy Officer.
Or via the Contact Us webform at https://www.icwa.wa.gov.au/contact-us
If the individual remains unsatisfied, they may also contact the WA Information Commissioner, whose contact details are as follows, for further assistance:
Office of the Information Commissioner
Albert Facey House
469 Wellington Street, PERTH WA 6000
Phone: 61 8 6551 7888
Email: info@oic.wa.gov.au
Website:https://www.wa.gov.au/organisation/office-of-the-information-commissioner
14. Supporting Information
15. Policy Review
This Privacy Policy is reviewed regularly to ensure continued compliance with legislation and best practices. Updates will be published on the Insurance Commission’s website, and the current version will be clearly marked with its effective date.
16. Contact Us
All questions or concerns about this Privacy Policy or how personal information is handled by the Insurance Commission should be directed to:
The Privacy Officer
Insurance Commission of Western Australia
Phone: 9264 3333. Ask to speak to the Privacy Officer.
Email: privacy@icwa.wa.gov.au
Postal Address: Mia Yellagonga Tower 2, Level 15, 5 Spring Street
PERTH WA 6000
17. Document Control
Accountable | Executive Committee |
Delegated Authority | General Manager Governance and Stakeholder Relations |
Effective Date | 01/07/2026 |
Version | 3.0 |
Last Review Date | - |
Next Review Date | 01/07/2027 – or as required |

