Directions collects and administers a range of private information for the purposes of board appointment, staff employment and client service delivery.
For the purpose of this policy, private information includes:
- Personal information – demographic information or opinion which may directly or indirectly identify a person, regardless of whether the information is true.
- Sensitive information – particulars such as health and genetic information; race or ethnicity; religious or philosophical beliefs; gender or sexual orientation; criminal record; political opinions or associations; and membership of trade unions or professional associations.
Sensitive information may only be collected with the person’s consent, or if required or authorised by law, and requires a higher standard of privacy protection.
The organisation is committed to protecting the privacy of private information it collects, holds and administers.
The purpose of this policy is to provide a framework for Directions that supports appropriate collection and safeguarding of private information, and outlines the action required if a privacy breach occurs.
Directions recognises the essential right of individuals to have their private information administered in ways in which they could reasonably expect, protects their privacy and ensures their information is accessible to themselves.
Directions is bound by laws that impose specific obligations when it comes to handling information, including the Australian Privacy Act 1988. Amendments to the Act with regard to reporting of privacy breaches came into effect 22 Feb 2018. A data breach, according to the Act, is an unauthorised access or disclosure of personal information, or loss of information. A data breach may be caused by malicious action (by an external or insider party), human error, or a failure in information handling or security systems. Directions’ response to data breaches is outlined in the Privacy Procedure.
In compliance with the Australian Privacy Principles (APPs), and in order to minimise the risk of privacy breaches occurring, Directions has adopted a set of minimum standards in relation to handling personal information.
- Collect only information which the organisation requires for its primary functions
- Ensure that stakeholders are informed as to why the information is collected and how information is administered
- Use and disclose personal information only for Directions’ primary functions or a directly related secondary purpose, or for another purpose with the person’s consent
- Store personal information securely, protecting it from unauthorised access
- Provide stakeholders with access to their own information, and the right to seek its correction
- Obtain consent from the individual before disclosing their personal information, except where that disclosure is required by law
- Not keep information that is no longer required unless required to by law
- Keep personal information accurate and up to date
Directions response to potential privacy breaches is outlined in the Privacy Procedure