Policy and Procedures

  Privacy

South Barwon Community Centre (SBCC) is committed to the principles and practice of respect for all persons to their privacy, in accordance with the Information Privacy Act 2000.

All persons, including SBCC employees, Committee/Board management members, volunteers, students and anyone else who may come into contact with, or have access to, confidential information, have a responsibility to maintain the privacy, security and confidentiality of that information.

(attached to this policy is a Privacy Agreement that briefly explains breaches of privacy, confidentiality and security and will be signed by persons as outlined above).

1.       This policy applies to personal information collected SBCC concerning staff, students, prospective students, individual clients and other individuals.  It does not apply to information about corporations.

For the purpose of this policy “personal information” means information or an opinion that is recorded in any form, about an individual whose identity is apparent from the information or opinion.

2.       This policy must be observed by all SBCC staff, consultants, external contractors and students who have access to personal information held by SBCC.

The purposes of this Policy are to:

Ø       Establish for the responsible collection and handling of personal information by SBCC

Ø       Give individuals a right to access information about them which is held by SBCC and to correct any errors in that information; and

Ø       Establish a complaints procedure for investigation and rectification of breaches of this Policy

New privacy rights come in the form of ten National Privacy Principles (NPPs).  These set the standards organizations are required to observe in collecting, storing, using, disclosing, protecting and transferring personal information.

The following briefly explains what the NPPs mean for your organisation.

NPP1: Collection – describes what an organization should do when collecting your personal information.  The organisation will:

Ø       Only collect personal information relevant to the Centre's activities

Ø       Must collect personal information only by lawful and fair means and not in an intrusive way

Ø       Will ensure that the individual will be informed that:

o        s/he can access the information

o        the purpose for collecting the information

o        who may access the information and for what purpose

o        any consequences for not providing the requested information

NPP2: Use and Disclosure – outlines how organizations can use and disclose your personal information. The organisation will not:

Ø       Use or disclose personal information about an individual for a purpose other than the primary purposes of collection without prior consent

NPP3: Data Quality  – set the standards that organizations must meet for the accuracy, currency and completeness personal information. The organisation will:

Ø       Take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up to date. This places an obligation upon an individual to provide relevant and accurate information to the organisation.

NPP4: Data Security - set the standards that organizations must meet for the security of personal information. The organisation will:

Ø       Take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorized access, modification or disclosure

Ø       Take reasonable steps to destroy personal information if it is no longer needed for any purpose.

NPP5: Openness – requires organizations to be open about how they handle your personal information. The organisation will:

Ø       Make this policy available to anyone who asks for it.

Ø       On request will take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.

NPP6: Access & Correction – gives you a general right of access to your own personal information, and the right to have that information corrected if it is inaccurate, incomplete or out of date. The organisation will provide the individual with access to the information on request, except:

Ø       Where providing access would be unlawful

Ø       Where denying access is required or authorized by law

NPP7: Identifiers – says that generally, Commonwealth government identifiers (such as the Medicare number or the Veterans affairs numbers can only be used for the purposes for which they were issued. The organisation will not:

Ø       Assign identifiers to individuals unless it is necessary for the organisation to carry out its functions efficiently

Ø       Adopt as its own identifier of an individual a unique identifier of the individual that has been assigned by another organization

Ø       Require an individual to provide a identifier in order to obtain a service unless required by law

NPP8: Anonymity – where possible, requires organizations to provide the opportunity for you to interact with them without identifying yourself.

Ø       Wherever appropriate an individual has the option of not providing information about themselves when accessing the service, e.g. is a casual contact or accompanying someone else to the center.

NPP9: Transborder Data Flows – outlines privacy protections that apply to the transfer of your personal information out of Australia. The organisation only transfer personal information if:

Ø       Personal information will only be transferred to another organisation outside Victoria if the recipient is subject to a similar law as the information Privacy Act and consent has been obtained from the individual.

NPP10: Sensitive Information – requires your consent when an organization collects sensitive information about you such as health information, or information about your racial or ethnic background, or criminal record. Sensitive information is a subset of personal information and special protection applies to this information.  The organisation will not collect sensitive information unless:

Ø       The collection is required by law

Ø       The collection is necessary to prevent or lesson a serious and imminent threat to the life or health of any individual, where the individual is physically or legally incapable of giving consent

Ø       The collection is necessary for the establishment, exercise or defense of a legal or equitable claim.

DEFINITIONS:

Sensitive Information

In accordance with the Principles of the Act “sensitive information” means information or an opinion about an individual’s-

-                      Racial or ethnic origin

-                      Political opinions

-                      Membership of a political association

-                      Religious beliefs or affiliations

-                      Philosophical beliefs

-                      Membership of a professional or trade association

-                      Membership of a trade union

-                      Sexual preferences or practices

-                      Criminal record

Unique Identifiers

A “unique identifier” means an identifier (usually a number) assigned by an organization to an individual to identify that individual for the purposes of the operations of the organization.  It does not include an identifier that consists only of the individual’s name.           

What to do when you think your privacy has been infringed

Before making a complaint to the Federal Privacy Commissioner you should attempt to resolve the matter with the organization in question.  What should you do?

1.                   Write a letter or email to the organization, explain the situation and what you would like to see happen.

2.                   Give the organization an opportunity to rectify the situation, 30 days is a reasonable time frame in which they should respond to your initial enquiry.

3.                  If you are not satisfied with the outcome you can complain to our Office, or the Privacy Code Adjudicator (see list on the web site for further information).

Would you like more information?

Contact details:

Web site: www.privacy.gov.au

Enquiries: privacy@privacy.gov.au

Hotline: 1300 363 992 (cost of a local call)

Fax:      02 9284 9666

TTY:     1800 620 241

Mail:      Director of Complaints

Officer of Federal Privacy Commissioner

GPO Box 5218

            Sydney  NSW 2001

Non English Speakers

If you need assistance with other languages call the Translating and Interpreting Service on 131 450 and ask for the Office of the Federal Privacy Commissioner on 1300 363 992. This is a free service.