This Council complies with the Victorian Government Information Privacy Act No. 98/2000 and the Health Records Act 2001.
The main purposes of these Acts are:
- To establish a regime for the responsible collection, storage, handling and disclosure of personal information; (definition of personal information on page 2)
- To provide individuals with rights of access to information about themselves which is held by council;
- To provide individuals with the right to request an organisation to correct, amend and transfer information about them held by council, including information held by contracted service providers.
- To protect the Privacy of an individuals health information that is held in council
Council will conform with the privacy principles contained in the Act, listed as follows:
- Principle 1 – Collection
- Principle 2 – Use and Disclosure
- Principle 3 – Data Quality
- Principle 5 – Openness
- Principle 6 – Access and Correction
- Principle 7 – Unique Identifiers
- Principle 8 – Anonymity
- Principle 9- Trans-border Data Flows
- Principle 10- Sensitive Information
- Principle 11 – Transfer/Closure of the practice of a health service provider
- Principle 12 – Making information available to another health service provider
Definition of Personal Information
“personal information” means information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the. information or opinion, but does not include information of a kind to which schedule 2 of the information Privacy Act 2000 applies (ie. Health information which is regulated by the Health Records Act 2001) For example, “personal information”‘ includes:
- name, age, weight, height;
- income, purchases and spending habits;
- blood type, DNA code, fingerprints;
- marital status and religion;
- home address and phone number;
- employee details
In other words “personal information” is information directly related to the personal affairs of an individual that enables or could enable the person to be identified. This includes personal information relating to both clients of Council and Council staff. While the definition of personal information is broad, the Act excludes certain types of information from the definition. The most significant exceptions relate to health information such as the physical, mental or psychological health of an individual) and personal information that is contained in a document that is a generally available publication.
PRINCIPLE 1 – Collection
Council shall only collect personal information that is necessary for specific and legitimate functions and activities. This information will be collected by fair and lawful means and not in an unreasonably intrusive way. Council will indicate:
- why it is collecting personal information;
- how that information can be accessed;
- the purpose for which the information is collected;
- with whom the Council shares this information;
- any relevant laws; and
- the consequences for the individual if all or part of the information is not collected.
Under normal circumstances Council will collect personal information about an individual only from that individual.
However, if Council collects personal information about an individual from someone else, Council will take all reasonable steps to ensure that individual is informed of his or her rights relating to the information collected. The exception is when making the individual aware of the matters would pose as serious threat to the life or health of an individual. Council provides a wide range of services to the community within a broad legislative environment. Council holds personal information for the purposes of enabling subsequent contact, ascertaining correct property ownership within Councils’ boundaries and allocating rate liability and further, undertaking specific client functions within various service environments.
PRINCIPLE 2 – Use and Disclosure
Council will not use or disclose personal information for a purpose other than the primary purpose except for those conditions specified in the Act or where the use or disclosure is specifically authorised under an Act.
- the secondary purpose is related to the primary purpose of collection
- the individual would reasonably expect council to use or disclose the information for the secondary purpose which is related to the primary purpose or
- the individual has consented to council to use and disclosure the information; or
- if the use or disclosure is necessary for research, or compilation or analysis of statistics in the public interest, other than for publication in a form that identifies the individual
- the use or disclosure is for the purpose of funding, management, planning, monitoring, improvement or evaluation of health services
- if a serious imminent threat to an individuals life, health, safety or welfare or a serious threat to public health, public safety, or public welfare or
- council has reasons to suspect that unlawful activity has been or is being engaged under law enforcement
PRINCIPLE 3 – Data Quality
Council will take reasonable steps to make sure that the personal information it collects, uses or discloses, is accurate, complete and up-to-date.
PRINCIPLE 4 – Data Security & Data Retention
Council will take reasonable steps to protect all personal information it holds from misuse, loss, unauthorised access, modification or disclosure. Council will take reasonable steps to lawfully and responsibly destroy or permanently de-identify personal information when it is no longer needed for any purpose taking into consideration the Public Records Act and the Health Records Act.
PRINCIPLE 5 – Openness
Council will make publicly available its policies relating to the management of personal information. Council will, on request, take reasonable steps to provide individuals with general information on the types of personal information it holds and for what purposes and how it collects, holds, uses and discloses that information.
PRINCIPLE 6 – Access and Correction
Council will provide access to information held by Council about an individual on request except in specific circumstances as outlined within the Act.
- providing access would pose a serious and imminent threat to life or health of any individual
- providing access will have an unreasonable impact on the privacy of other individuals; or
- the request is frivolous or vexatious; or
- the information relates to existing legal proceedings between council and the individual
- providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
- denying access is required by law; or
- providing access would likely to prejudice an investigation
- the information is subject to confidentiality (under section 27 of the Act)
Where Council holds personal information about an individual and the individual is able to establish that information is incorrect) Council will take reasonable steps to correct information as soon as practicable but within 45 days of the request. If, however, Council denies access or correction, Council will provide reasons. In the event that Council and an individual disagree about the accuracy of personal information held by Council, Council will take reasonable steps to record a statement relating to the disputed information if requested by the individual.
PRINCIPLE 7 – Unique Identifiers
Council will not assign, adopt, use, disclose or require unique identifiers from individuals except for the course of conducting normal Council business or if required by law. Council will only use or disclose unique identifiers assigned to individuals by other organisations if the individual consents to the use and disclosure or the conditions for use and disclosure set out in the Act are satisfied.
PRINCIPLE 8 – Anonymity
Council will, where it is lawful and practicable, give individuals the option of not identifying themselves when entering into transactions with Council.
PRINCIPLE 9 – Transborder Data Flows
Council may transfer personal information outside of Victoria only if the recipient of the information is subject to a law that is substantially similar to the Privacy Principles or other conditions outlined in the Act.
PRINCIPLE 10 – Sensitive Information
Council will not collect sensitive information about an individual except for circumstances specified under the Act or is required by law (this principle doe’s not apply to the Health Records (Act 2001)
“Sensitive Information” means information or an opinion about an individual’s –
- race or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual preferences or practices; or
- criminal record – that is also personal information (Schedule 1)
Council will not collect sensitive information about an individual unless:
- the individual has consented; or
- the collection is required by law; or
- the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:
- is physically or legally incapable of giving consent to the collection; or
- physically cannot communicate consent to the collection; or
- the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.
However, Council may collect sensitive information about an individual if the collection:
- is necessary for research, or the compilation or analysis of statistics, relevant to government funded targeted welfare or educational services; or
- is of information relating to an individual’s racial or ethnic origin and is collected for the purpose of providing government funded targeted welfare or educational services; and
- there is no reasonably practicable alternative to collecting the information for that purpose; and
- it is impracticable for the organisation to seek the individual’s consent to the collection.
PRINCIPLE 11 – Transfer/Closure Of The Practice Of A Health Service Provider
If council transfers or closes the practice of Health Services without continuing to provide the services, council shall give notice of the transfer or closure of past service users.
PRINCIPLE 12 – Making Information Available To Another Health Service Provider
Any health records kept by council can be made available to another Health Service provider:
- If an individual requests that their health information be made available to another health service provider; or
- If an individual authorises another health service provider to request their health information from council
Legislation Under Which Council Operates
If the Information Privacy Act 2000 is inconsistent with a particular piece of legislation, the other legislation will take precedence.
- Building Act 1993
Cemeteries Act 1958
Children’s Services Act 1996
Country Fire Authority Act 1958
Crown Land (Reserves) Act 1978
Disability Services Act 1991
Domestic (Feral & Nuisance) Animals Act 1994
Electronic Transactions Act 2000
Environment Protection Act 1970
Fences Act 1968
Food Act 1984 Health Act 1958
Freedom of Information Act1982
Health Records Act 2001
Heritage Act 1995
Impounding of Livestock Act 1994
Intellectually Disabled Person’s Services Act 1986
Libraries Act 1988
Litter Act 1987
Local Government Act 1989
Magistrate’s Court Act 1989
Occupational Health & Safety Act 1985
Ombudsman Act 1973
Planning & Environment (Planning Schemes) Act 1996
Planning & Environment Act 1987
Prevention of Cruelty to Animals Act 1986
Road Safety Act 1986
Second-hand Dealers & Pawnbrokers Act 1989
Subdivision Act 1988
Summary Offences Act 1966
Tobacco Act 1987
Transfer of Land Act 1958
Transport Act 1983
Unclaimed Monies Act 1962
Valuation of Land Act 1960
Victorian Civil & Administrative Tribunal Act 1998
Whistleblowers Protection Act 2001
ENQUIRIES AND COMPLAINTS HANDLING
Ballarat City Councils Privacy Officer
Council encourages individuals to send written complaints direct to Council about a breach, or perceived breach, of privacy.
Ballarat City Councils Information Privacy Office is where all enquiries/complaints about Personal Privacy can be referred. The Privacy Office is responsible for maintaining councils Policy on its management of personal information and ensures that the Policy document is made available to anyone who asks for it.
Ballarat City Council
PO Box 655
Telephone (03) 5320 5500
Facsimile (03) 5332 8122
Access to personal files can be made under Freedom of Information (FOI)
Freedom of Information Officer
Ballarat City Council
PO Box 655
Telephone (03) 5320 5500
Facsimile (03) 5332 8122
Complaint Handling under Information Privacy
Victorian Privacy Commissioners Office
An individual can forward a complaint to the Privacy Commissioners Office in regards to an act or practice in Council that the person claims is an interference with his or her Privacy, and is a breech of one or more the Privacy Principle outline in this document. If the personal information was collected prior to 1st of September 2001 and used or disclosed after the 1st of September 2002, this can be grounds for a complaint to be put forward. The commissioner can decline a complaint as listed in section 29 of the Information Privacy Act Some of the grounds include:
- The complaint has not been brought to the attention of Ballarat City Council prior to the complaint being forwarded to the commissioners office
- If the complaint has been brought to the attention of Ballarat City Council, but insufficient time has been given for council to respond.
- A complaint has already been made under anther Act and has been dealt with
- The complaint is flippant and is lacking substance
- The complaint was not made within 45 days of the person being aware of the Privacy breach.
The commission has 90 days to decide the outcome of the complaint. If the complaint is declined the person may within 60 days take the matter to the Victorian Civil and Administrative Tribunal (VCAT)
The commissioner will encourage practical solutions together with Ballarat City Council and the person to resolve the matter. If reconciliation can not be met with both parties, the person can have the complaint referred to the Victorian Civil and Administrative Tribunal (VCAT) within 60 days.
If the breach is proven VCAT can
- order that the City of Ballarat to cease repeating or continuing the breach
- order that the City of Ballarat review the loss or damage suffered by the person
- order that the City of Ballarat pay compensation
Office of the Victorian Privacy Commissioner
GPO Box 5057
Telephone Local Call 1300 666 444
Telephone (03) 8619 8719
Facsimile (03) 8619 8700