||9 June 2015
||9 June 2018
General Manager, Strategy & Performance
||Chief Executive Officer
To meet the requirements of the Privacy and Data Protection Act 2014 in regards to the management and handling of Personal Information.
This Policy applies to all employees, Councillors and contractors of the City of Greater Geelong, specifically those persons responsible for Public Registers and the receipt and management of Personal Information.
- Privacy and Data Protection Act 2014
- Freedom of Information Act 1982
- Public Records Act 1973
- MPR545.1.1 Information Privacy Management Procedure
- Local Government Act 1989
Personal Information – information or an opinion (including information or an opinion forming part of a database) that is recorded in any form, whether true or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.
Public Registers – a register of documents held by a public sector agency or a Council, which is open for inspection by members of the public (whether or not via the payment of a fee) under an Act or Regulation (other than the Freedom of Information Act 1982 or the Public Records Act 1973) containing information that:
- a person or body was required or permitted to give to that public sector agency or Council under an Act or Regulation; and
- would be Personal Information if the document was not generally available.
Unique identifier – an identifier (usually a number) assigned by an organisation to an individual to identify that individual for the purposes of the operations of the organisation, but does not include an identifier that consists only of the individual’s name.
Sensitive Information – personal information or an opinion about an individual’s:
- racial or ethnic origin;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional trade association;
- membership of a trade union;
- sexual preferences or practices;
- criminal record.
5. Council Policy
Council is committed to ensuring that Personal Information received by the organisation is collected and handled in a responsible manner, and also in accordance with the Information Privacy Principles set out in the Privacy and Data Protection Act 2014. In fulfilling these objectives, Council is mindful of the need to balance the public interest in the free flow of information, with the public interest in protecting the privacy of Personal Information.
Collection of Information
Personal Information will only be collected where necessary for one or more of the functions or activities of Council, and will only be collected by lawful and fair means. Council will only collect information about an individual from that individual, and not in an unreasonably intrusive way.
Sensitive Information will only be collected where permitted by the Privacy and Data Protection Act 2014, or where the individual has provided consent.
Storage, Security and Data Quality Issues
Council has measures in place to ensure that there will be no unauthorised access to Personal Information. Council will endeavour to ensure that all data is up to date and accurate. Individuals have a right to access any Personal Information held about them, and they may update any incorrect information. Personal Information which is no longer required will be destroyed or de-identified in accordance with relevant legislation.
Use and Disclosure of Personal Information
Council will not use or disclose Personal Information for a purpose other than the primary purpose of collection, unless required to do so by legislation, or where there is a reasonable assumption that the original information will be used for a related secondary purpose. In other circumstances, Council will contact the individual to obtain consent.
Council will only assign Unique Identifiers to identify a person where the assignment is reasonably necessary to efficiently carry out any of its functions.
Where lawful and practical, Council will provide individuals with the option of not identifying themselves when communicating with Council.
Where external contractors deal with Personal Information on behalf of Council, they will be required to comply with the Privacy and Data Protection Act 2014, along with this Policy..
Role of Privacy Officer
The Privacy Officer will manage enquiries, complaints and requests for amendments to Personal Information. Written requests for information will be responded to within 10 working days of receipt, unless the request is covered by the Freedom of Information Act 1982. Complaints will be directed to Council’s Privacy Officer in the first instance. However, should any person still feel aggrieved, they may contact the Office of the Commissioner for Privacy and Data Protection.
Where practical, a statement outlining Council’s policy regarding the handling of Personal Information will be used at all points of collection, and for all outgoing correspondence which requests Personal Information. This applies to both hardcopy and electronic communication.
6. Quality Records
Quality Records shall be retained for at least the period shown below.
||As per PROV RDA
||As per PROV RDA