Privacy

Privacy

Introduction

The Information & Health Privacy Policy has been prepared for council staff/contractors and members of public who may request this document. This document forms part of Ballarat City Councils compliance to Information Privacy.

Compliance Purpose

This Council complies with the Victorian Government Information Privacy Act No. 98/2000 and the Health Records Act 2001.

The main purposes of these Acts are:

  • To establish a regime for the responsible collection, storage, handling and disclosure of personal information; (definition of personal information on page 2)
  • To provide individuals with rights of access to information about themselves which is held by council;
  • To provide individuals with the right to request an organisation to correct, amend and transfer information about them held by council, including information held by contracted service providers.
  • To protect the Privacy of an individuals health information that is held in council


Council will conform with the privacy principles contained in the Act, listed as follows:

  • Principle 1 - Collection
  • Principle 2 - Use and Disclosure
  • Principle 3 - Data Quality
  • Principle 5 - Openness
  • Principle 6 - Access and Correction
  • Principle 7 - Unique Identifiers
  • Principle 8 - Anonymity
  • Principle 9- Trans-border Data Flows
  • Principle 10- Sensitive Information
  • Principle 11 - Transfer/Closure of the practice of a health service provider
  • Principle 12 - Making information available to another health service provider

Definition of Personal Information

"personal information" means information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the. information or opinion, but does not include information of a kind to which schedule 2 of the information Privacy Act 2000 applies (ie. Health information which is regulated by the Health Records Act 2001) For example, "personal information"' includes:

  • name, age, weight, height;
  • income, purchases and spending habits;
  • blood type, DNA code, fingerprints;
  • marital status and religion;
  • education;
  • home address and phone number;
  • employee details


In other words "personal information" is information directly related to the personal affairs of an individual that enables or could enable the person to be identified. This includes personal information relating to both clients of Council and Council staff. While the definition of personal information is broad, the Act excludes certain types of information from the definition. The most significant exceptions relate to health information such as the physical, mental or psychological health of an individual) and personal information that is contained in a document that is a generally available publication.

PRINCIPLE 1 - Collection

  • Council shall only collect personal information that is necessary for specific and legitimate functions and activities. This information will be collected by fair and lawful means and not in an unreasonably intrusive way. Council will indicate:
    • why it is collecting personal information;
    • how that information can be accessed;
    • the purpose for which the information is collected;
    • with whom the Council shares this information;
    • any relevant laws; and
    • the consequences for the individual if all or part of the information is not collected.
  • Under normal circumstances Council will collect personal information about an individual only from that individual. However, if Council collects personal information about an individual from someone else, Council will take all reasonable steps to ensure that individual is informed of his or her rights relating to the information collected. The exception is when making the individual aware of the matters would pose as serious threat to the life or health of an individual. Council provides a wide range of services to the community within a broad legislative environment. Council holds personal information for the purposes of enabling subsequent contact, ascertaining correct property ownership within Councils' boundaries and allocating rate liability and further, undertaking specific client functions within various service environments.

PRINCIPLE 2 - Use and Disclosure

Council will not use or disclose personal information for a purpose other than the primary purpose except for those conditions specified in the Act or where the use or disclosure is specifically authorised under an Act.

  • the secondary purpose is related to the primary purpose of collection
  • the individual would reasonably expect council to use or disclose the information for the secondary purpose which is related to the primary purpose or
    • the individual has consented to council to use and disclosure the information; or
    • if the use or disclosure is necessary for research, or compilation or analysis of statistics in the public interest, other than for publication in a form that identifies the individual
    • the use or disclosure is for the purpose of funding, management, planning, monitoring, improvement or evaluation of health services
    • if a serious imminent threat to an individuals life, health, safety or welfare or a serious threat to public health, public safety, or public welfare or
    • council has reasons to suspect that unlawful activity has been or is being engaged under law enforcement

PRINCIPLE 3 - Data Quality

Council will take reasonable steps to make sure that the personal information it collects, uses or discloses, is accurate, complete and up-to-date.

PRINCIPLE 4 - Data Security & Data Retention

Council will take reasonable steps to protect all personal information it holds from misuse, loss, unauthorised access, modification or disclosure. Council will take reasonable steps to lawfully and responsibly destroy or permanently de-identify personal information when it is no longer needed for any purpose taking into consideration the Public Records Act and the Health Records Act.

PRINCIPLE 5 - Openness

Council will make publicly available its policies relating to the management of personal information. Council will, on request, take reasonable steps to provide individuals with general information on the types of personal information it holds and for what purposes and how it collects, holds, uses and discloses that information.

PRINCIPLE 6 - Access and Correction

Council will provide access to information held by Council about an individual on request except in specific circumstances as outlined within the Act.

  • providing access would pose a serious and imminent threat to life or health of any individual
  • providing access will have an unreasonable impact on the privacy of other individuals; or
  • the request is frivolous or vexatious; or
  • the information relates to existing legal proceedings between council and the individual
  • providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
  • denying access is required by law; or
  • providing access would likely to prejudice an investigation
  • the information is subject to confidentiality (under section 27 of the Act)


Where Council holds personal information about an individual and the individual is able to establish that information is incorrect) Council will take reasonable steps to correct information as soon as practicable but within 45 days of the request. If, however, Council denies access or correction, Council will provide reasons. In the event that Council and an individual disagree about the accuracy of personal information held by Council, Council will take reasonable steps to record a statement relating to the disputed information if requested by the individual.

PRINCIPLE 7 - Unique Identifiers

Council will not assign, adopt, use, disclose or require unique identifiers from individuals except for the course of conducting normal Council business or if required by law. Council will only use or disclose unique identifiers assigned to individuals by other organisations if the individual consents to the use and disclosure or the conditions for use and disclosure set out in the Act are satisfied.

PRINCIPLE 8 - Anonymity

Council will, where it is lawful and practicable, give individuals the option of not identifying themselves when entering into transactions with Council.

PRINCIPLE 9 - Transborder Data Flows

Council may transfer personal information outside of Victoria only if the recipient of the information is subject to a law that is substantially similar to the Privacy Principles or other conditions outlined in the Act.

PRINCIPLE 10 - Sensitive Information

Council will not collect sensitive information about an individual except for circumstances specified under the Act or is required by law (this principle doe's not apply to the Health Records (Act 2001)

"Sensitive Information" means information or an opinion about an individual's -

  1. race or ethnic origin; or
  2. political opinions; or
  3. membership of a political association; or
  4. religious beliefs or affiliations; or
  5. philosophical beliefs; or
  6. membership of a professional or trade association; or
  7. membership of a trade union; or
  8. sexual preferences or practices; or
  9. criminal record - that is also personal information (Schedule 1)


Council will not collect sensitive information about an individual unless:

  1. the individual has consented; or
  2. the collection is required by law; or
  3. the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:
  4. is physically or legally incapable of giving consent to the collection; or
  5. physically cannot communicate consent to the collection; or
  6. the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.

However, Council may collect sensitive information about an individual if the collection:

  1. is necessary for research, or the compilation or analysis of statistics, relevant to government funded targeted welfare or educational services; or
  2. is of information relating to an individual's racial or ethnic origin and is collected for the purpose of providing government funded targeted welfare or educational services; and
  3. there is no reasonably practicable alternative to collecting the information for that purpose; and
  4. it is impracticable for the organisation to seek the individual's consent to the collection.

PRINCIPLE 11 - Transfer/Closure Of The Practice Of A Health Service Provider

If council transfers or closes the practice of Health Services without continuing to provide the services, council shall give notice of the transfer or closure of past service users.

PRINCIPLE 12 - Making Information Available To Another Health Service Provider


Any health records kept by council can be made available to another Health Service provider:

  1. If an individual requests that their health information be made available to another health service provider; or
  2. If an individual authorises another health service provider to request their health information from council

Legislation Under Which Council Operates

If the Information Privacy Act 2000 is inconsistent with a particular piece of legislation, the other legislation will take precedence.

Building Act 1993
Cemeteries Act 1958
Children's Services Act 1996
Country Fire Authority Act 1958
Crown Land (Reserves) Act 1978
Disability Services Act 1991
Domestic (Feral & Nuisance) Animals Act 1994
Electronic Transactions Act 2000
Environment Protection Act 1970
Fences Act 1968
Food Act 1984 Health Act 1958
Freedom of Information Act1982
Health Records Act 2001
Heritage Act 1995
Impounding of Livestock Act 1994
Intellectually Disabled Person's Services Act 1986
Libraries Act 1988
Litter Act 1987
Local Government Act 1989
Magistrate's Court Act 1989
Occupational Health & Safety Act 1985
Ombudsman Act 1973
Planning & Environment (Planning Schemes) Act 1996
Planning & Environment Act 1987
Prevention of Cruelty to Animals Act 1986
Road Safety Act 1986
Second-hand Dealers & Pawnbrokers Act 1989
Subdivision Act 1988
Summary Offences Act 1966
Tobacco Act 1987
Transfer of Land Act 1958
Transport Act 1983
Unclaimed Monies Act 1962
Valuation of Land Act 1960
Victorian Civil & Administrative Tribunal Act 1998
Whistleblowers Protection Act 2001

ENQUIRIES AND COMPLAINTS HANDLING

Ballarat City Councils Privacy Officer
Council encourages individuals to send written complaints direct to Council about a breach, or perceived breach, of privacy.

Ballarat City Councils Information Privacy Office is where all enquiries/complaints about Personal Privacy can be referred. The Privacy Office is responsible for maintaining councils Policy on its management of personal information and ensures that the Policy document is made available to anyone who asks for it.

Privacy Officer
Ballarat City Council
PO Box 655
Ballarat 3353

Telephone (03) 5320 5500
Facsimile (03) 5332 8122
Email PrivacyOfficer@Ballarat.vic.gov.au


Access to personal files can be made under Freedom of Information (FOI)

Freedom of Information Officer
Ballarat City Council
PO Box 655
Ballarat 3353

Telephone (03) 5320 5500
Facsimile (03) 5332 8122
Email FOI@Ballarat.vic.gov.au

Complaint Handling under Information Privacy

Victorian Privacy Commissioners Office
An individual can forward a complaint to the Privacy Commissioners Office in regards to an act or practice in Council that the person claims is an interference with his or her Privacy, and is a breech of one or more the Privacy Principle outline in this document. If the personal information was collected prior to 1st of September 2001 and used or disclosed after the 1st of September 2002, this can be grounds for a complaint to be put forward. The commissioner can decline a complaint as listed in section 29 of the Information Privacy Act Some of the grounds include:

  1. The complaint has not been brought to the attention of Ballarat City Council prior to the complaint being forwarded to the commissioners office
  2. If the complaint has been brought to the attention of Ballarat City Council, but insufficient time has been given for council to respond.
  3. A complaint has already been made under anther Act and has been dealt with
  4. The complaint is flippant and is lacking substance
  5. The complaint was not made within 45 days of the person being aware of the Privacy breach.

The commission has 90 days to decide the outcome of the complaint. If the complaint is declined the person may within 60 days take the matter to the Victorian Civil and Administrative Tribunal (VCAT)

The commissioner will encourage practical solutions together with Ballarat City Council and the person to resolve the matter. If reconciliation can not be met with both parties, the person can have the complaint referred to the Victorian Civil and Administrative Tribunal (VCAT) within 60 days.

If the breach is proven VCAT can

  1. An order that the City of Ballarat to cease repeating or continuing the breach
  2. An order that the City of Ballarat review the loss or damage suffered by the person
  3. An order that the City of Ballarat pay compensation


Office of the Victorian Privacy Commissioner
GPO Box 5057
Melbourne 3001
Telephone Local Call 1300 666 444
Telephone (03) 8619 8719
Facsimile (03) 8619 8700
E-mail enquiries@privacy.vic.gov.au