We believe the responsible handling of personal information is a key aspect of democratic governance. We are strongly committed to protecting an individual's right to privacy. As such, we are committed to full compliance with our obligations under the Privacy and Data Protection Act 2014 and the Health Records Act 2001. In particular, we strive for full compliance with the Information Privacy Principles and the Health Privacy Principles contained within these Acts.
What is considered personal information?
Information or an opinion about an individual whose identity is apparent or can be reasonably ascertained is considered personal information. For example, we hold personal information about ratepayers (names and addresses) to carry out functions, such as planning, valuation and property services. We often need to request personal information to provide community services. In some instances, personal information may be on a public register, for example, on a register of building permits, food premises and animal registration details.
What is health information?
Health information means the information or an opinion about the physical, mental, psychological health of an individual, disability of an individual, or a health service provided or to be provided, to an individual.
What is considered sensitive information?
Sometimes the data we collect can hold sensitive information. Sensitive information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, trade union membership, philosophical or religious beliefs, sexual preferences or criminal record. We always seek consent before collecting sensitive information.
We only collect personal information necessary for specific functions and activities. Information is collected by fair and lawful means. We advise individuals, where possible, of the purposes for which their personal information is being collected, and to those third parties to whom the information may be disclosed. We only collect sensitive information where consent has been permitted under the Acts. If we collects personal information about an individual from a third party, we take reasonable steps to make the individual aware of the matter.
Use and disclosure
We will not use or disclose information about an individual other than for the primary purpose for which it was collected unless one of the following applies:
- It is for a related purpose that the individual would reasonably expect
- Where the Council have the consent of the individual to do so
- If, as defined in the Health Records Act 2001, the individual is incapable of giving consent
- As required or permitted by the Privacy and Data Protection Act or any other legislation.
The records we keep are accurate, complete and up-to-date.
We endeavour to maintain a secure system for storing personal information. Technological and operational policies and procedures are in place to protect personal information from misuse and loss and from unauthorised modification or disclosure.
Our policies about the way we manage personal information are clearly expressed.
Access and Correction
Individuals have a right to request access to their personal or health information held by the Council and can request the correction of inaccurate information. The process for an individual requesting access to their personal and health information is managed through the Freedom of Information Act 1982.
The Council will not assign, adopt, use, disclose or require unique identifiers from individuals except for the course of conducting normal business or if allowed or required by law.
Where lawful and practicable, the Council provides the option of not identifying yourself when supplying information or entering into transactions with it.
Transborder Data Flows
We only transfer personal or health information outside of Victoria in accordance with the provisions outlined in the Acts.
Transfer or Closure of Health Service
Health information relating to a discontinued Council Health Service will be managed in accordance with the Health Records Act 2001. Council’s Health Services will provide health information to other health providers in accordance with the Health Records Act 2001.
While personal information is usually handled by Council staff, the Council may outsource some of its functions to third parties. This may require the contractor to collect, use or disclose certain personal information. It is the Council’s intention to require and ensure contractors comply with the Acts in all respects.
In an emergency situation public safety will override the privacy requirements of the Acts, even where emergency response was not the primary purpose for the collection of the information. Privacy law does not stand in the way of responding to legitimate emergencies. During and after an emergency, data sharing between organisations and emergency services is permitted. Data quality and security will be maintained and arrangements will be made for the return or destruction of this shared personal information.
Complaints concerning the handling of personal information will be handled by Council's Privacy Officer. Complaints will be processed in accordance with Council’s customer service standards. If the complainant is not satisfied with the Council’s response the Victorian Commissioner for Privacy and Data Protection may be contacted for resolution.