2. Presentation Overview
Content
Module One Legislation, Definitions & Key Exemptions
Activity Pair Activity
Module Two Collection, Use & Disclosure
Module Three Management & Access
Activity DVD
Module Four Complaints/ Post -Quiz
“Privacy Matters”
3. Learning Objectives
Today you will learn about Victorian
privacy requirements
This session will better equip you to
understand:
•collection, use & disclosure,
management and access to personal
information;
•Perform your job functions in a manner
consistent with privacy requirement; &
•where to go for privacy related help.
“Privacy Matters”
4. Icebreaker - PrYvacy Bingo
Instructions:
As quickly as you can complete
a line of the pryvacy bingo card
with names.
The first person to get a vertical
or horizontal line will win a prize
Note you may only use a name
once
“Privacy Matters”
5. Module 1 Privacy legislation
Information Privacy Act State government agencies,
(Vic) 2000 local councils, Ministers &
Statutory agencies.
Health Records Act (Vic) 2001 Health information in Victorian
public and private sectors,
hospitals, doctors & employers.
“Privacy Matters”
6. Module 1 Privacy – Key definitions
Personal information Recorded information about a living
identifiable or easily identifiable
individual.
Health information Information able to be linked to a living or
deceased person about a person’s physical,
mental or psychological health.
Sensitive information Includes information about a person’s race
or ethnicity and criminal record.
Is a photo personal information? Are details of a person’s position and salary
recorded on their personnel file? Small Group activity
“Privacy Matters”
7. Module 1 Relationship to other laws
Privacy laws What they say Examples
Information If there is, any inconsistency • Section 30 of the
Privacy Act between the Information Corrections Act 1991.
(section 6). Privacy Act and a provision in
another Act, the other Act’s • Section 141 of the Fair
provision prevails to the Trading Act 1999.
extent of the inconsistency.
Are you familiar with what your primary legislation states you
can do with personal information? Pair Activity
“Privacy Matters”
8. Module 1 Court Services
Courts & Tribunals are partially
exempted from privacy laws in
exercising their judicial or quasi-
judicial functions.
Are human resources functions covered?
What about filming inside a court room?
Would a court-issued subpoena be a judicial function?
“Privacy Matters”
9. Module 1 Law enforcement exemption
Who is covered? How does it work? Examples
If there is a reasonable
Corrections (Prisons, belief that non-compliance Police checks of the
CCS & CORE); CAV; is necessary for law Register of Births and
RAJAC; enforcement purposes; Deaths for name changes.
Business Licensing then exempt from
In emergency situations,
Agency; & main collection, use, locating next of kin.
Enforcement disclosure and transfer
Management. obligations, but still must Inspectors investigating
comply with some motor car traders.
requirements.
“Privacy Matters”
11. Module 1 Law enforcement agencies
IPP8 IPP1.1 & IPP2.2 IPP3 IPP4 IPP5
1.2
If lawful Collect Record uses Be Be Have
and personal & disclosures accurate secure privacy
practicable information between law policies &
offer responsibly enforcement processes
anonymity agencies
“Privacy Matters”
12. Module 2 other functions?
• For all other non-judicial and non-law
enforcement functions employees must
comply with the 10 information privacy
principles (IPPs)
• The IPPs are connected and guide how
personal information should be handled:
• Collection (IPPs 8, 1, and 10);
• Use and Disclosure (IPPs 2 and 9);
• Management of personal information
(IPPs 3,4, 5, & 7); and
• Access and Correction (IPP6 and FOI)
“Privacy Matters”
13. Module 2 Collection
Collection (IPPs 8, 1, and 10)
Preserve anonymity if you can. Collect only what you need.
Do it lawfully, fairly, directly and not unreasonably intrusively.
Tell people you are doing it and why through a privacy statement.
Be extra careful with sensitive information.
Scenario
Photos are taken at the end of year staff party. The
photos are added to a bank of stored images used for
promotional purposes in newsletters and the website.
Are there any collection issues?
“Privacy Matters”
14. Module 2 Tips for compliance
• When drafting or handling forms
check for a privacy statement.
Think of a statement as a food label.
• Be able to justify why you need
personal information if asked.
• Do not over collect personal
information.
• Be mindful, if investigating crimes, to
act within the law and collect fairly.
“Privacy Matters”
15. Module 2 Use and Disclosure
Think of a traffic light when
disclosing personal information.
you must you may you can’t
Disclosure is You have choice No choice
mandatory
“Privacy Matters”
16. Module 2 You may disclose under IPP2
Under IPP2 you may disclose: to law enforcement agencies for the
purpose of prevention, detection,
• with consent. investigation, prosecution or
punishment of criminal offences or
breaches of a law.
• if information is from a publicly
available source.
where the information is reasonably
• information for statistical or research believed to be necessary to lessen or
purposes; no identifiers. prevent a serious threat to public
health / safety / welfare.
• investigation of unlawful activity.
• other reasons in IPP2.
“Privacy Matters”
17. Use & Disclosure Scenario
In 2003 the Arthurs Seat chairlift collapsed
and 18 people were injured. The chairlift
managing director was quoted in the media
saying that he wished to extend his best
wishes to those injured however was
prevented from doing so as privacy laws
prohibited the police releasing the names of
the people involved.
Considering the use and disclosure
principle, what options exist for providing an
apology to the victims?
“Privacy Matters”
19. Module 3 Management & Access
Access and Correction
(IPP6 & FOI Act)
People have a right to access & correct
personal information. Assume people will
see what you write. If involved in
discovering documents respond promptly.
Management
(IPPs 3, 4, 5 & 7)
Keep personal information accurate &
secure. Follow Departmental policies.
“Privacy Matters”
20. DVD
• When watching the DVD consider –
– What the privacy issues might be?
– Whether you or your work area may have
experienced a similar situation?
“Privacy Matters”
22. What constitutes a privacy complaint?
• A breach of a privacy principle
• A complainant may be concerned
about:
– a mix up in correspondence
– gossiping about them in their community
– a facsimile or email sent to the wrong
person
– their information being out of date or
incorrect on a database
“Privacy Matters”
23. Complaint intake
• Anyone can complain using the privacy
complaint form available on J-NET
• In the first instance you need to refer any
potential privacy complaint to your business
unit privacy coordinator
• The Coordinator will follow the
department’s privacy complaint handling
policy and procedure
“Privacy Matters”
24. Recap & Key Messages
• Most information held by the department will be capable of
being personal information
• The privacy principles are about the right information to
the right people for the right reason at the right time
• Build privacy protections into your work area and work
practices
• Follow privacy policies and bring privacy incidents to your
manager’s attention
“Privacy Matters”
25. Where to go for help?
• Privacy, Records Management & Freedom of Information
materials are on J-NET>Our Business>Knowledge Management
• Each of the Dept’s business units has a Privacy Coordinator
– Gaming & Racing- Mai Hua 8684 6401
– Human Resources – Bree Tozer 8684 0052
– Corrections Victoria - Lina Marrocco & Joanna Richardson
8684 6576/6572
- Crime & Violence Prevention – Georgia Dodds 8684 1717
- Brent Carey, Senior Privacy Adviser can be contacted on 8684 0071
or by e-mail privacy@justice.vic.gov.au
• EDRMS (records) helpdesk 8684 0555; the FOI unit 8684 0063
• Privacy Victoria www.privacy.vic.gov.au
“Privacy Matters”