PURPOSE
LEAD Loddon Murray has a statutory obligation to comply with the Privacy Act 1988 (COA), the Privacy Amendment (Private Sector) Act 2000 (COA) and Information Privacy Act (Vic) 2000 in its treatment of personal and health information regarding participants, employees and management.
SCOPE
The organisation’s Board, Executive Officer and all staff members, contractors , volunteers and program participants are responsible for the implementation of this policy.
The organisation’s Privacy Officer is responsible for ensuring compliance with the policy which may be delegated i.e to the LMCLP Program Manager for aspects of participant data collection.
DEFINITIONS
Information privacy: The protection of personal information and the individuals’ right to control how information about them is handled.
Privacy Officer: The Executive Officer acts as liaison for all privacy issues and implements and monitors adherence to all privacy legislation in this organisation.
Personal information: Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive information: Information or an opinion about an individual’s:
- State of health
- Racial or ethnic origin
- Political, philosophical or religious opinions, beliefs or affiliations
- Membership of a professional or trade association or union
- Sexual preferences or practices
- Criminal record
Information Privacy Act 2000 (Vic) The objects of the IPA are to balance the public interest in the free flow of information with the public interest in respecting privacy and protecting personal information in the public sector; and promote the responsible and transparent handling of personal information in the public sector and promote awareness of these practices.
Privacy Act 1988 (Commonwealth) covers the handling of personal information (including health information) by Federal government organisations, credit reporting organisations and parts of the private sector (excluding small businesses). The Australian Privacy Commissioner regulates the Privacy Act.
POLICY
LEAD Loddon Murray is a not for profit incorporated association and is thereby held responsible according to the Information Privacy Act 2000, which imposes specific obligations when it comes to handling information. The organisation has adopted the respective Privacy Principles contained in these Victorian Privacy Laws as minimum standards in relation to handling personal information.
LEAD Loddon Murray is committed to protecting the privacy of personal information, which the organization collects, holds and administers, as well as maintaining high standards of confidentiality as outlined in the Victorian Privacy Principles. The purpose of this document is to provide a framework for LEAD Loddon Murray in dealing with privacy considerations. It applies to
Personal information, which directly or indirectly identifies a person, to all personal information held by the organisation, in paper and electronic formats including information relating to staff, current and past program participants.
What we collect and why
LEAD Loddon Murray collects information about active participants, past participants, employees and management for a number of purposes, including:
- Enable proper administration of an individual’s role within the organisation
- Contacting participants;
- Assessing eligibility for the program;
- Fostering alumni relations and promoting the LEAD Loddon Murray activities; and to
- Facilitate internal planning.
LEAD Loddon Murray is constrained by the Acts to collect information where it is necessary for one or more of our functions or activities. When we collect information about an individual, we will take reasonable steps to inform the individual of:
- The purposes for which the information is collected;
- To whom the LEAD Loddon Murray usually discloses information of that kind;
- Any law that requires the particular information to be collected; and
- The main consequences (if any) for the individual if all or part of the information is not provided.
Information gathered may include:
- Personal information including
- Name, DOB, Address, Contact numbers, Email, family, occupation, career history, hobbies, personal goals, references, skills and networks, medical history/health problems and/or disabilities.
- Data Quality
- LEAD Loddon Murray will take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date and relevant to required activities.
- Data Security
- LEAD Loddon Murray will take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access modification or disclosure. This includes electronically or hard copy retained film, photos, audio or video.
- Personal information is only disposed of in accordance with relevant law.
PROCEDURE
Information Collection
Digital and paper forms will comply with the privacy principles (see page 4).
Participants and staff will be informed about data collected and the use of their information. The data base will have authorised access only, be used for its primary purpose only and updated regularly.
Physical security
Paper files will be kept in the LEAD Loddon Murray office in a secure filing cabinet. Private information will not be left on desks or in cars. When LEAD Loddon Murray staff work at home, private information will not be available for non staff to see.
Electronic security
Where possible, all LEAD Loddon Murray records should be stored electronically. Digital information will be protected by passwords (on computers or other devices), internet security programs and only accessed by authorised persons. Cloud programs used for data storage will have industry standard security.
Administrative security
Require all staff to sign a privacy, confidentiality and security agreement.
Program participants are formally informed about privacy and confidentiality expectations. Chatham House Rules are explained and reinforced.
Incorporate privacy clauses in participant information, Board information and contracts with outside contractors
Data disposal
Digital or paper records will be disposed of in a safe and secure management when no longer required.
RELATED POLICIES & PROCEDURES
- Risk Management
- Employment
- Finance & Purchasing Occupational
- Health & Safety
- Freedom of Information legislation
Date Approved: 15 July 2016
Version: Two
Next Review Date: July 2018
Owner Community Leadership Loddon Murray Inc.
Author Scott Mclarty
Contact person: Executive Officer