|In line with the Victorian Information Privacy Act, 2000 and the Health Records Act, 2001, the City of Kingston considers the privacy of all personal and health information to be an integral part of its commitment towards information accountability. |
To meet the information privacy principles (IPPs) and health privacy principles (HPPs) set out in the Information Privacy Act, 2000 and the Health Records Act, 2001 in relation to the management and handling of personal and health information within the public sector.
This policy applies to all employees, Councillors, contractors and volunteers of the City of Kingston.
This policy covers all personal and health information held by the City of Kingston, that is, information, or an opinion about an individual, whose identity is apparent, or can be reasonably ascertained, from that information or opinion. This includes information we have collected in any format including correspondence, in person, over the phone, and over the Internet.
The policy also covers personal information that we have sourced from third parties.
Personal Information Ė means information or an opinion (including information or an opinion forming part of a database), whether true or not about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include information about an individual who has been dead for more than 30 years.
Health Information Ė means information or an opinion about the physical, mental, psychological health of an individual, disability of an individual or a health service provided or to be provided to an individual.
IPPs Ė Information Privacy Principles. Set of principles that regulate the handling of personal information.
HPPs Ė Health Privacy Principles. Set of principles that regulate the handling of health information.
Sensitive Information - personal information or an opinion about an individualís:
|Race or ethnic origin: or|
|Political opinions; or|
|Membership of a political association: or|
|Religious beliefs or affiliations; or|
|Philosophical beliefs; or|
|Membership of a professional trade association; or|
|Membership of a trade union; or|
|Sexual preferences or practice; or|
|4. Privacy Statements |
4.1 A general statement outlining Councilís position on the handling of personal information will be used at all points of collection and all outgoing correspondence that may request personal or health information. This will include Kingstonís web site, advertising material, standard forms and correspondence requesting personal or health information.
4.2 Forms collecting information that is to be used for a specific purpose will include a privacy statement on the form including the purpose of collection.
4.3 Councilís privacy statements will be published in the relevant publications (e.g. forms, websites), confirming Councilís commitment to the information and health privacy principles.
4.4 Councilís privacy policies, will be adopted at an Ordinary Council meeting.
5. Councilís Information Privacy Principles
The City of Kingston will manage personal information as outlined in the following principles.
5.1.1 The City of Kingston will only collect personal information that is necessary for specific and legitimate functions of Council. Information will be collected by fair and lawful means.
5.1.2 Council will advise individuals, where possible, of the purposes for which their personal information is being collected, and of those third parties to whom the information is usually disclosed.
5.1.3 Sensitive information will only be collected where the individual has consented or collection is required or permitted by law.
5.1.4 Sensitive information (as defined in this policy) will be treated with the upmost security and confidentiality and only used for the purpose for which it was collected.
5.2 Use and Disclosure of Information
5.2.1 The City of Kingston will not use or disclose information about an individual other than for the primary purpose for which it was collected unless one of the following applies:
|It's for a related purpose that the individual would reasonably expect;|
|Where Council have the consent of the individual to do so;|
|If, as defined in the Health Records Act 2001, the individual is incapable of giving consent;|
|As required or permitted by the Information Privacy Act 2000 or any other legislation.|
|5.3 Data Quality |
Council will take reasonable steps to ensure that all personal information collected, used or disclosed is accurate, complete and up to date.
5.4 Data Security and Retention
5.4.1 Council will take all reasonable measures to prevent misuse or loss or unauthorised access, modification or disclosure of personal and health information.
5.4.2 Personal and Health information will be managed confidentially and securely and destroyed or archived in accordance with the Victorian Local Government General Disposal Schedule.
5.4.3 Council will monitor and implement reasonable and appropriate technical advances or management processes, to provide an up to date ongoing safeguard for personal information.
5.6 Access and Correction to Information
5.6.1 Individuals have a right to request access to any personal or health information held about them, and may request any incorrect information be corrected.
5.6.2 Council may decide not to allow access to personal information in accordance with the exemptions contained within Information Privacy Act 2000 and Health Records Act 2001.
5.6.3 The process for requesting access to recorded personal and health information, i.e. documents, is through a Freedom of Information application.
5.7 Unique Identifiers
5.7.1 Council will not assign, adopt, use, disclose or require unique health or other identifiers from individuals except for the course of conducting normal business or if allowed or required by law.
5.8.1 Council will, where it is lawful and practicable, give individuals the option of not identifying themselves when entering into transactions with council.
5.8.2 Council will ensure that individuals are aware of all, if any, limitations to services if the information required is not provided.
5.9. Transborder Data Flows
5.9.1 The City of Kingston will only transfer personal or health information outside of Victoria in accordance with the provisions outlined in the Information Privacy Act 2000 and Health Records Act 2001.
5.10 Sensitive Information
5.10.1 The City of Kingston will not collect sensitive information unless an individual has consented or collection is required or permitted by law, or when necessary for research or statistical purposes as permitted under the Information Privacy Act 2000.
5.11. Transfer or Closure of Health Service
5.11.1 Health Information relating to a discontinued Council Health Service will be managed in accordance with the Health Records Act 2001.
5.12 Making Health Information available to another service provided
5.12.1 Councilís Health Services will provide health information to other health providers in accordance with the Health Records Act 2001.
6. The Role of the Information Privacy Officer and Committee
6.1 The Councilís Chief Executive Officer is responsible for appointment of the City of Kingstonís Privacy Officer and Committee.
6.2 The Privacy Officer is required to inform all Council officers of their obligations under the Information Privacy and Health Records Acts and to handle difficult enquiries, complaints or adjustments concerning personal or health information.
6.3 The Privacy Officer is required to maintain all documentation relating to the management and implementation of the Information Privacy Act 2000 for the City of Kingston.
6.4 The Privacy Officer has discretion to apply normal photocopying or administrative charges for information requested.
6.6 Complaints are to be addressed to Councilís Privacy Officer in the first instance. Upon receipt of a complaint the Privacy Committee will be notified and Councilís Complaints Manager will review the case. If the complainant is not satisfied with Councilís response they may approach the Victorian Governmentís Privacy Commissioner for resolution.
6.7 Requests for health information must be managed by the Information Privacy Officer in accordance with the Freedom of Information Act 1982 and the Health Records Act 2001.