Privacy

1
Privacy

• Training Guide

2
Aim of this training guide

• To provide an overview of the Queensland
  Governments privacy policy in Information
  Standard 42
• To explain the 11 Information Privacy Principles
  in relation to the collection, storage, use and
  disclosure of personal information
• To ensure staff are aware of and understand the
  Privacy Policy

3
The Privacy Policy

• Is contained in Information Standard 42 (IS 42)
• Contains 11 Information Privacy Principles for
  the collection, storage, use and disclosure of
  personal information
• Is mandatory
• Will not override legislation

4
What is the Privacy Policy?

• Information Standard 42 states that
• Personal information held by the University must
  be responsibly and transparently collected and
  managed in accordance with the IPPs.
• The policy applies to the transfer or sale of
  personal information to other agencies, other
  levels of government or the private sector.

5
What is personal information?

• Information or an opinion
• Whether true or not, and whether recorded or not
• About an individual
• Who is or who can be identified from the
  information or opinion

6
Is it personal information?Questions to ask
yourself

• Is the information or opinion about an
  individual?
• Could a person identify the individualfrom the
  information?
• Could someone find out to whom the information
  refers?

7
Examples of personal information

• Name
• Address
• Date of birth
• Phone number
• Education details
• Employment details
• Financial details

8
Information Privacy Principles (IPPs)

• IPPs 1, 2 and 3 Collection
• IPP 4 Storage and Security
• IPPs 5,6, and 7 Access and Amendment
• IPP 8 Accuracy
• IPPs 9, 10 and 11 Use and Disclosure

9
Collection IPP 1

• Only collect personal information for a lawful
  purpose that is directly related to a function or
  activity of the University
• The personal information must be necessary for or
  directly related to the lawful purpose
• Collection must be fair and lawful

10
Collection IPP 2
When asking a person for personal information
about themselves you must tell the person

• Why the University is collecting the personal
  information
• What the personal information will be used for
• Any law that authorises the University to collect
  the personal information
• To whom the information is usually disclosed

11
Collection IPP 3
When collecting personal information you must
make sure that

• It is up to date, relevant and complete and
• The collection does not unreasonably intrude on
  the individual.

12
Storage and Security IPP 4

• The University must store personal
  information in a safe and secure manner and take
  reasonable steps to ensure that it is protected
  against
• Loss
• Unauthorised access, use or disclosure
• Unauthorised modification
• Any other misuse

13
Access, Alteration andAmendment IPPs 5, 6 and 7

• The University must tell people what type of
  personal information it holds about them and how
  they can access that personal information
• Access to or amendment of personal information is
  dealt with under the Freedom of Information Act
  1992.

14
Accuracy IPP 8

• You must take reasonable steps toensure that
  before using it, personal information is
  accurate, up to date and complete
• What is reasonable will depend on what the
  information is to be used for.

15
Use of personal information IPP 9

• The University can only use personal information
  for the purpose for which the University
  collected the information.
• There are some exceptions to this rule.

16
Use exceptions IPP 10
The University can use personal information for a
purpose other than the purpose that it was
collected for if

• The person consents
• The use is authorised or required by law
• It is reasonably necessary to prevent or lessen a
  serious and imminent threat to the life or health
  of an individual
• It is necessary for the enforcement of the
  criminal law or of a law imposing a pecuniary
  penalty, or for the protection of the public
  revenue or
• The use is for a purpose directly related to the
  purpose for which the information was obtained.

17
IPP 11 Disclosure
Personal information can only be disclosed to
another person or agency if

• The individual is aware that the disclosure would
  be made
• The person has consented
• The disclosure is authorised or required by law
• It is reasonably necessary to prevent or lessen a
  serious and imminent threat to the life or health
  of an individual
• It is necessary for the enforcement of the
  criminal law or of a law imposing a pecuniary
  penalty, or for the protection of the public
  revenue.

18
Complaints about breaches of Privacy

• Complaints are to be made in writing to
• The Privacy Contact Officer
• Office of the Pro-Vice Chancellor
  (Administration)
• Griffith University Nathan Qld 4111
• or by emailing the Privacy Contact Officer at
• c.mcandrew_at_griffith.edu.au
• For more information about the Universitys
  complaint procedures, see Procedures for Access
  to and Amendment of Personal Information/Complaint
  s and Internal Review Procedures

19
Privacy in Practice

• The following scenarios provide examples of how
  privacy principles are applied in the workplace.
• Click here to access scenarios