|
|
|
Home>Corporate Publications, Policies & Strategies>Policies, Strategies & Plans>Information Privacy Policy
 Purpose
Objectives
Scope
Definitions
Policy
Procedure
Responsibilities
Related Legislation
Review
| Purpose | | | To establish a policy for the management of the personal and health information the Shire collects, holds, uses and discloses.  Top
| |
| Objectives | | | To comply with the Information Privacy Act 2000 (No.98/2000) and the Health Records Act 2001 (No. 2/2001) Top
| |
| Scope | | | All personal and health information held or collected by the Shire Top
| |
| Definitions | | 1.Personal information:
Information or an opinion, other than certain health or generally available information, about an individual whose identity is apparent, or can reasonably be ascertained, that is recorded in any form, whether true or not.
2. Sensitive information:
Information or an opinion about an individual’s:
(i) racial or ethnic origin,
(ii) political opinion,
(iii) membership of a political association,
(iv) religious belief or association,
(v) philosophical beliefs,
(vi) membership of a professional or trade association,
(vii) sexual preferences or practices,
(viii) criminal record.
3. Health information:
(a) information or opinion about:
(I) the physical, mental or psychological health (at any time) of an individual,
(II) a disability (at any time) of an individual,
(III) an individual’s expressed wishes about the future provision of health services to him or her,
(IV) a health service provided, or to be provided, to an individual that is also personal information,
(b) other personal information collected to provide, or in providing a health service
(c) other personal information about an individual collected in connection with the donation, or intended donation, of his or her body parts, organs or body substances,
(d) other personal information that is genetic information about an individual in a form which is or could be predictive of the health (at any time) of the individual or of any of his or her descendants.
4. Health Service Provider:
In some instances Council may be a health service provider, e.g. immunisation. There are particular Health Privacy Principles (HPP’s) that govern their handling of health information.
5. Unique identifiers:
An identifier (usually a number) assigned by an organisation to an individual uniquely to identify that individual for the purposes of the operations of the organisation but does not include an identifier that consists only of the individual’s name.
6. Public register:
A document held by the Shire and open to inspection by members of the public (whether or not on payment of a fee) by force of a provision made by an ActTop
| |
| Policy | | The responsible handling of personal and health information is a key aspect of democratic governance, and the Shire is strongly committed to protecting an individual’s right to privacy. The Shire is committed to full compliance with its obligations under the Information Privacy Act 2000 (Vic) and the Health Records Act 2001 (Vic). In particular, the Shire will comply with the Information and Health Privacy Principles contained in the Acts.
The ten information privacy principles (IPP’s) contained in the Information Privacy Act, are:
Principle 1 Collection
Principle 2 Use and disclosure
Principle 3 Data quality
Principle 4 Data security
Principle 5 Openness
Principle 6 Access and correction
Principle 7 Unique identifiers
Principle 8 Anonymity
Principle 9 Trans-border Data Flows
Principle 10 Sensitive information
The first nine of the eleven health privacy principles (HPP’s) are similar to IPP’s 1-9 the two different HPP’s are:
Principle 10 Transfer or closure of the practice of a health service provider
Principle 11 Making information available to another health service provider.
Collection
The Shire will only collect personal information that is necessary for its functions and activities. In some instances, the Shire is required by law to collect personal information. The Shire will only collect sensitive information or health information (see s. 85 Health Records Act 2001) where consent has been given or as permitted under the Acts.
If it is reasonable and practicable to do so, the Shire will only collect personal information directly from the individual. When doing so, it will inform the individual of the purposes for which the information is being collected, and will use lawful and fair means. If the Shire collects personal information about an individual from someone else, it will take reasonable steps to make sure the individual is aware of these matters.
Use and Disclosure
The Shire will only use personal information internally, or disclose it externally, for the purpose for which it was collected or in accordance with the Information Privacy Act 2000 eg. where the individual has consented or it is reasonably expected to occur.
The Shire will only use health information internally, or disclose it externally in accordance with the Health Records Act 2001.
Data Security
The Shire will endeavour to maintain a secure system for storing personal information. It will have technological and operational policies and procedures in place to protect personal information from misuse and loss and from unauthorised modification or disclosure. The Shire will dispose of personal and health information when it is no longer necessary to fulfil the purposes for which the information was collected or as required by law.
Access and Correction
Should a person wish to access their personal information they should contact the Shire’s Privacy Officer by letter. Access will be provided except in the circumstances outlined in the Act, eg., where the information relates to legal proceedings or where the Freedom of Information Act 1982 (Vic) applies.
If a person believes their personal or health information is inaccurate, incomplete or out of date, they may request the Shire to correct the information. The request will be dealt with in accordance with the Acts.
Anonymity
Where lawful and practical, the Shire will give a person the option of not identifying themselves when supplying information or entering into a transaction with it.
External Contractors
The Shire may outsource some of its functions to third parties. This may require the contractor to collect, use or disclose certain personal information (eg. Garbage collection). It is the Shire’s intention to require contractors to comply with the Act in all respects.Top
| |
| Procedure | | Grievance procedure
If a person feels aggrieved by the Shire’s handling of their personal or health information, they may make a complaint in writing to the Shire’s Privacy Officer. Their complaint will be investigated as soon as practicable and they will be provided with a written response within 15 working days. Alternatively, the person may make a complaint to the Privacy Commissioner or Health Commissioner (although the Commissioner may decline to hear the complaint if they have not first made a complaint to the Shire).Top
| |
| Responsibilities |
| Information Privacy Officer |
Councillors, Shire Offices & Contracted Service Providers |
CEO, Directors & Managers |
|---|
| 1. Respond to community requests & complaints 2. Provide information & advice 3. Manage audits of compliance 4. Manage compliance strategy |
Comply with the Acts. |
Ensure their units comply with the policy, guidelines and information and health privacy principles. |
|
|
|
Top
|
| Related Legislation | | Freedom of Information Act 1982
Public Records Act 1973Top
| |
| Review | | | This policy is current Top
| |
| |
|