Privacy

    Introduction

    The Information & Health Privacy Policy has been prepared for council staff/contractors and members of the public who may request this document.

    This document forms part of Ballarat City Councils compliance to Information Privacy.

    Commpliance Purpose

    This Council complies with the Victorian Government Information Privacy Act No. 98/2000 and the Health Records Act 2001.

    The main purposes of these Acts are:

    • To establish a regime for the responsible collection, storage, handling and disclosure of personal information; (definition of personal information on page 2)
    • To provide individuals with rights of access to information about themselves which is held by council;
    • To provide individuals with the right to request an organisation to correct, amend and transfer information about them held by council, including information held by contracted service providers.
    • To protect the Privacy of an individuals health information that is held in council

    Council will conform with the privacy principles contained in the Act, listed as follows:

    • Principle 1 - Collection
    • Principle 2 - Use and Disclosure
    • Principle 3 - Data Quality
    • Principle 5 - Openness
    • Principle 6 - Access and Correction
    • Principle 7 - Unique Identifiers
    • Principle 8 - Anonymity
    • Principle 9- Trans-border Data Flows
    • Principle 10- Sensitive Information

    Definition of Personal Information

    "personal information" means information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the. information or opinion, but does not include information of a kind to which schedule 2 of the information Privacy Act 2000 applies (ie. Health information which is regulated by the Health Records Act 2001) For example, "personal information"' includes:

    • name, age, weight, height;
    • income, purchases and spending habits;
    • blood type, DNA code, fingerprints;
    • marital status and religion;
    • education;
    • home address and phone number;
    • employee details

    In other words "personal information" is information directly related to the personal affairs of an individual that enables or could enable the person to be identified. This includes personal information relating to both clients of Council and Council staff. While the definition of personal information is broad, the Act excludes certain types of information from the definition. The most significant exceptions relate to health information such as the physical, mental or psychological health of an individual) and personal information that is contained in a document that is a generally available publication.

    Principle 1 - Collection

    Council shall only collect personal information that is necessary for specific and legitimate functions and activities. This information will be collected by fair and lawful means and not in an unreasonably intrusive way. Council will indicate:

    • why it is collecting personal information;
    • how that information can be accessed;
    • the purpose for which the information is collected;
    • with whom the Council shares this information;
    • any relevant laws; and
    • the consequences for the individual if all or part of the information is not collected.

    Under normal circumstances Council will collect personal information about an individual only from that individual.

    However, if Council collects personal information about an individual from someone else, Council will take all reasonable steps to ensure that individual is informed of his or her rights relating to the information collected. The exception is when making the individual aware of the matters would pose as serious threat to the life or health of an individual. Council provides a wide range of services to the community within a broad legislative environment. Council holds personal information for the purposes of enabling subsequent contact, ascertaining correct property ownership within Councils' boundaries and allocating rate liability and further, undertaking specific client functions within various service environments.

    Principle 2 - Use and Disclosure

    Council will not use or disclose personal information for a purpose other than the primary purpose except for those conditions specified in the Act or where the use or disclosure is specifically authorised under an Act.

    • the secondary purpose is related to the primary purpose of collection
    • the individual would reasonably expect council to use or disclose the information for the secondary purpose which is related to the primary purpose or
      • the individual has consented to council to use and disclosure the information; or
      • if the use or disclosure is necessary for research, or compilation or analysis of statistics in the public interest, other than for publication in a form that identifies the individual
      • the use or disclosure is for the purpose of funding, management, planning, monitoring, improvement or evaluation of health services
      • if a serious imminent threat to an individuals life, health, safety or welfare or a serious threat to public health, public safety, or public welfare or
      • council has reasons to suspect that unlawful activity has been or is being engaged under law enforcement

    Principle 3 - Data Quality

    Council will take reasonable steps to make sure that the personal information it collects, uses or discloses, is accurate, complete and up-to-date.

    Principle 4 - Data Security & Data Retention

    Council will take reasonable steps to protect all personal information it holds from misuse, loss, unauthorised access, modification or disclosure. Council will take reasonable steps to lawfully and responsibly destroy or permanently de-identify personal information when it is no longer needed for any purpose taking into consideration the Public Records Act and the Health Records Act.

    Principle 5 - Openness

    Council will make publicly available its policies relating to the management of personal information. Council will, on request, take reasonable steps to provide individuals with general information on the types of personal information it holds and for what purposes and how it collects, holds, uses and discloses that information.

    Principle 6 - Access and Correction

    Council will provide access to information held by Council about an individual on request except in specific circumstances as outlined within the Act.

    • providing access would pose a serious and imminent threat to life or health of any individual
    • providing access will have an unreasonable impact on the privacy of other individuals; or
    • the request is frivolous or vexatious; or
    • the information relates to existing legal proceedings between council and the individual
    • providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
    • denying access is required by law; or
    • providing access would likely to prejudice an investigation
    • the information is subject to confidentiality (under section 27 of the Act)


    Where Council holds personal information about an individual and the individual is able to establish that information is incorrect) Council will take reasonable steps to correct information as soon as practicable but within 45 days of the request. If, however, Council denies access or correction, Council will provide reasons. In the event that Council and an individual disagree about the accuracy of personal information held by Council, Council will take reasonable steps to record a statement relating to the disputed information if requested by the individual.

    Principle 7 - Unique Identifiers

    Council will not assign, adopt, use, disclose or require unique identifiers from individuals except for the course of conducting normal Council business or if required by law. Council will only use or disclose unique identifiers assigned to individuals by other organisations if the individual consents to the use and disclosure or the conditions for use and disclosure set out in the Act are satisfied.

    Principle 8 - Anonymity

    Council will, where it is lawful and practicable, give individuals the option of not identifying themselves when entering into transactions with Council.

    Principle 9 - Transborder Data Flows

    Council may transfer personal information outside of Victoria only if the recipient of the information is subject to a law that is substantially similar to the Privacy Principles or other conditions outlined in the Act.

    Principle 10 - Sensitive Information

    Council will not collect sensitive information about an individual except for circumstances specified under the Act or is required by law (this principle doe's not apply to the Health Records (Act 2001)

    "Sensitive Information" means information or an opinion about an individual's -

    1. race or ethnic origin; or
    2. political opinions; or
    3. membership of a political association; or
    4. religious beliefs or affiliations; or
    5. philosophical beliefs; or
    6. membership of a professional or trade association; or
    7. membership of a trade union; or
    8. sexual preferences or practices; or
    9. criminal record - that is also personal information (Schedule 1)

    Council will not collect sensitive information about an individual unless:

    1. the individual has consented; or
    2. the collection is required by law; or
    3. the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:
    4. is physically or legally incapable of giving consent to the collection; or
    5. physically cannot communicate consent to the collection; or
    6. the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.

    However, Council may collect sensitive information about an individual if the collection:

    1. is necessary for research, or the compilation or analysis of statistics, relevant to government funded targeted welfare or educational services; or
    2. is of information relating to an individual's racial or ethnic origin and is collected for the purpose of providing government funded targeted welfare or educational services; and
    3. there is no reasonably practicable alternative to collecting the information for that purpose; and
    4. it is impracticable for the organisation to seek the individual's consent to the collection.

    Legislation Under Which Council Operates

    If the Information Privacy Act 2000 is inconsistent with a particular piece of legislation, the other legislation will take precedence.

    • Building Act 1993
    • Cemeteries Act 1958
    • Children's Services Act 1996
    • Country Fire Authority Act 1958
    • Crown Land (Reserves) Act 1978
    • Disability Services Act 1991
    • Domestic (Feral & Nuisance) Animals Act 1994
    • Electronic Transactions Act 2000
    • Environment Protection Act 1970
    • Fences Act 1968
    • Food Act 1984 Health Act 1958
    • Freedom of Information Act1982
    • Health Records Act 2001
    • Heritage Act 1995
    • Impounding of Livestock Act 1994
    • Intellectually Disabled Person's Services Act 1986
    • Libraries Act 1988
    • Litter Act 1987
    • Local Government Act 1989
    • Magistrate's Court Act 1989
    • Occupational Health & Safety Act 1985
    • Ombudsman Act 1973
    • Planning & Environment (Planning Schemes) Act 1996
    • Planning & Environment Act 1987
    • Prevention of Cruelty to Animals Act 1986
    • Road Safety Act 1986
    • Second-hand Dealers & Pawnbrokers Act 1989
    • Subdivision Act 1988
    • Summary Offences Act 1966
    • Tobacco Act 1987
    • Transfer of Land Act 1958
    • Transport Act 1983
    • Unclaimed Monies Act 1962
    • Valuation of Land Act 1960
    • Victorian Civil & Administrative Tribunal Act 1998
    • Whistleblowers Protection Act 2001

    Enquiries And Complaints Handling

    Ballarat City Councils Privacy Officer
    Council encourages individuals to send written complaints direct to Council about a breach, or perceived breach, of privacy.

    Ballarat City Councils Information Privacy Office is where all enquiries/complaints about Personal Privacy can be referred. The Privacy Office is responsible for maintaining councils Policy on its management of personal information and ensures that the Policy document is made available to anyone who asks for it.

    Privacy Officer
    Ballarat City Council
    PO Box 655
    Ballarat 3353

    Telephone (03) 5320 5500
    Facsimile (03) 5332 8122
    Email PrivacyOfficer@Ballarat.vic.gov.au


    Access to personal files can be made under Freedom of Information (FOI)

    Freedom of Information Officer
    Ballarat City Council
    PO Box 655
    Ballarat 3353

    Telephone (03) 5320 5500
    Facsimile (03) 5332 8122
    Email FOI@Ballarat.vic.gov.au

    Complaint Handling Under Information Privacy

    Victorian Privacy Commissioners Office
    An individual can forward a complaint to the Privacy Commissioners Office in regards to an act or practice in Council that the person claims is an interference with his or her Privacy, and is a breech of one or more the Privacy Principle outline in this document. If the personal information was collected prior to 1st of September 2001 and used or disclosed after the 1st of September 2002, this can be grounds for a complaint to be put forward. The commissioner can decline a complaint as listed in section 29 of the Information Privacy Act Some of the grounds include:

    1. The complaint has not been brought to the attention of Ballarat City Council prior to the complaint being forwarded to the commissioners office
    2. If the complaint has been brought to the attention of Ballarat City Council, but insufficient time has been given for council to respond.
    3. A complaint has already been made under anther Act and has been dealt with
    4. The complaint is flippant and is lacking substance
    5. The complaint was not made within 45 days of the person being aware of the Privacy breach.

    The commission has 90 days to decide the outcome of the complaint. If the complaint is declined the person may within 60 days take the matter to the Victorian Civil and Administrative Tribunal (VCAT)

    The commissioner will encourage practical solutions together with Ballarat City Council and the person to resolve the matter. If reconciliation can not be met with both parties, the person can have the complaint referred to the Victorian Civil and Administrative Tribunal (VCAT) within 60 days.

    If the breach is proven VCAT can

    1. An order that the City of Ballarat to cease repeating or continuing the breach
    2. An order that the City of Ballarat review the loss or damage suffered by the person
    3. An order that the City of Ballarat pay compensation

     

    Office of the Victorian Privacy Commissioner
    GPO Box 5057
    Melbourne 3001
    Telephone Local Call 1300 666 444
    Telephone (03) 8619 8719
    Facsimile (03) 8619 8700
    E-mail enquiries@privacy.vic.gov.au