 |
|
|
|
|
|
Privacy Policy
The Privacy Amendment (Private Sector) Act 2000 came into force
on 21 December 2001.
Privacy is a different notion to confidentiality. This Act deals
with information privacy only and covers all types of personal information
not commonly available. The purpose of the Act is the protection
of the individual with regard to the processing of personal data
and the free movement of such data.
Central to the new legislation are the ten National Privacy Principles
which establish minimum standards for organisations to comply with
relating to the collection, storage and security of personal information.
ITIM is committed to and abides by the National Privacy Principles
and Guidelines endorsed by the Office of the Federal Privacy Commissioner.
ITIM is committed to protecting the privacy of all personal information
collected.
Personal information is defined as information or an opinion that
can identify a person.
All personnel engaged by ITIM are required to be aware of the Privacy
Act and their obligations under this legislation.
1. Information Collection
1.1 ITIM will routinely collect only that information that is required
to perform its core business functions. Any collection will be by
lawful and fair means. (Note: Fair is defined by the Privacy Commissioner
as “without intimidation or deception”.)
1.2 When personal information is collected about an individual,
ITIM personnel will take all reasonable steps to ensure that the
individual is aware that their information has been collected, how
it will be used, that the individual may access information held
about them and the likely consequences of failing to provide the
information. This applies even if the information is collected from
someone else.
2. Use and Disclosure
ITIM will not use or disclose personal information for reasons that
are not consistent with the primary, or related purposes, of its
collection, unless:
i. the individual has consented to its use or disclosure for a secondary
purpose; or
ii. ITIM has fully complied with the relevant National Privacy Principle
for the specific purpose (eg use of personal information for research,
statistics or direct marketing).
3. Data Quality
ITIM will take all reasonable steps to ensure that personal information
collected is accurate, complete and up-to-date.
4. Data Security
ITIM will take all reasonable steps to protect the information it
holds from misuse or unauthorised access.
Every area within ITIM is responsible for ensuring that personal
information (of individual clients and ITIM personnel, including
external service providers) is kept physically secure and only able
to be accessed by authorised personnel. This includes information
kept on computer databases or that which is transmitted electronically.
Information that is no longer needed will be destroyed or permanently
de-identified.
5. Openness
ITIM will make this policy available to any interested person upon
request. In addition, a summary of the key points is available:-
i. in the ITIM privacy brochure, and
ii. on ITIM's web site.
ITIM will, on request, provide details about the type of personal
information which is held and what is done with it.
6. Access and Correction
An individual may request access to personal information which ITIM
holds about him/her provided that:-
i. such access would not pose a serious threat to the life or health
of any individual;
ii. access would not have an unreasonable impact on the privacy
of other individuals;
iii. the request is not frivolous or vexatious;ie
. Trivial and made for amusement’s sake; or
. Made as a means of pursuing some unrelated grievance against the
organisation;
. Repeated requests for access to the same personal information.
iv. the information does not relate to existing or anticipated legal
proceedings;
v. the information would not prejudice negotiations with the individual
(eg commercial);
vi. there is not another legal requirement for denying access as
specified in the National Privacy Principles.
Individuals are only able to view their own information. The privacy
of others will not be compromised to facilitate this.
If an individual is able to establish that personal information
held by ITIM is inaccurate, incomplete or out-of-date, ITIM will
take all reasonable steps to correct the information.
Exception: information collected prior to 21/12/01. Requests for
access to exempted information will be considered according to individual
circumstances.
7. Identifiers
ITIM will not use identifiers issued by Commonwealth agencies (eg
Medicare numbers, tax file numbers, Social Security numbers) for
identification of any individual.
Note: an individual's name or ABN (as defined in A New Tax System
(Australian Business Number) Act 1999) is not an identifier.
8. Anonymity
Individuals may remain anonymous during interactions with ITIM (eg
enquiries regarding ITIM's services) provided that this is lawful
and practicable.
9. Transborder Data Flows
ITIM will not transfer personal information about an individual
to someone in a foreign country unless certain requirements are
complied with, as outlined in the National Privacy Principles.
i. It is reasonably believed that the recipient of the information
is subject to a law, binding scheme or contract which effectively
upholds principles for fair handling of the information that are
substantially similar to the National Privacy Principles;
ii. the individual consents to the transfer; or
iii. the transfer is necessary for the performance of a contract
between the individual and the organisation, or for the implementation
of pre-contractual measures taken in response to the individual's
request; or
iv. the transfer is necessary for the conclusion or performance
of a contract concluded in the interest of the individual between
the organisation and a third party; or
v. all of the following apply:
(a) the transfer is for the benefit of the individual;
(b) it is impracticable to obtain the consent of the individual
to that transfer;
(c) if it were practicable to obtain such consent, the individual
would be likely to give it; or
vi. reasonable steps have been taken to ensure that the information
transferred will not be held used or disclosed by the recipient
of the information inconsistently with the NPPs.
10. Sensitive Information
Sensitive information is a subset of personal information. It means:
i. information or an opinion about an individual's:
(a) racial or ethnic origin;
(b) political opinions;
(c) membership of a political association;
(d) religious beliefs or affiliations;
(e) philosophical beliefs;
(f) membership of a professional or trade association;
(g) membership of a trade union;
(h) sexual preferences or practices;
(i) criminal record.
that is also personal information; or
ii. health information about an individual.
ITIM will not collect sensitive information about an individual
unless the individual has consented or such collection is required
by law or in the case of health information, specific requirements
of the NPPs are complied with.
In the course of its activities as a not-for-profit religious organisation,
ITIM may collect sensitive information about individuals whose services
it engages but undertakes not to disclose this information without
the individual's consent.
See also:
1. The Privacy Act 1988 (Commonwealth), incorporating the Privacy
Amendment (Private Sector) Act 2000. Refer in particular to the
National Privacy Principles contained within that legislation.
2. The Guidelines to the National Privacy Principles (September
2001) and the Health Privacy Guidelines, prepared by the Office
of the Federal Privacy Commissioner.
Note: Documents 1 and 2 are freely accessible from the Australian
Privacy Commissioner’s website at www.privacy.gov.au
3. ITIM HR Manual - "Privacy Guidelines and Procedures"
(currently being formulated)
4. ITIM HR Manual - "Privileged Position and Confidentiality"
- Section 4:4.1.1.
January 2002
|
|
|
|
|
|
