Collecting Personal Information
Personal Information is defined as information or opinion, whether true or not, about whose identity can be ascertained from the information or opinion. Personal information will not be collected without the individual’s consent. Questions cannot be asked nor information gained just for personal interest, nor can they be gained for a purpose that has not been disclosed to the individual. Only lawful and fair means must be used to collect information. Personal information can only be collected directly from an individual when it is reasonable and practical to do so, and is not unduly inconveniencing the individual, and only when it is necessary for service activities.
At the time the personal information is being collected the individual must be informed of:
Even if an individual’s personal information is collected from someone else the individual must still be made aware of all the information stated above.
Use and Disclosure
Information can only be used or disclosed for its original purpose of collection. Information will only be used or disclosed for other or secondary purposes when: The individual has consented to its use for a secondary purpose;
The secondary purpose is related to the primary purpose and the individual would reasonably expect the service or worker to use or disclose the information for that secondary purpose;
Information given indicates potential or intent to harm others or self or commit a criminal act;
Information given results in the disclosure of a child protection issue
The use or disclosure is required by law.
If disclosure of personal information is necessary the person involved must make a written note of such a disclosure.
All information will be recorded without bias, feeling, assumption and undue subjectivity; the office will ensure all information collected is complete and up-to-date. The worker recording the personal information will always be identifiable on the record.
BARS Training Australia will take reasonable precautions to protect personal information so that it is not misused, lost, accessed by unauthorised people, modified or disclosed. Filing cabinets containing personal and sensitive information need to be locked when not in use, and keys to these filing cabinets held only by relevant authorised employees. Files and information should be filed away when not in use, and should never be left on desks or in areas where other people can read or access it. Computers that store, or can access other computers that store personal information should have password access. Each computer user should have a password.
Offices and rooms with personal and sensitive information should be locked when not in use. Archive areas must be secured. Proper records of where files are archived must be held. All personal and sensitive information should be securely destroyed when no longer needed or statutory times for holding have passed. Personal and sensitive information should never be disposed of by general disposal methods. Reasonable steps must be taken to destroy or de-identify personal information that is no longer needed.
Practices of security will be monitored to ensure compliance with policies and are as follows:
Access and Correction
a) Providing access would pose a serious or imminent threat to the life or health of any individual;
b) The privacy of others would be unreasonably affected;
c) The request is shown to be frivolous or vexatious;
d) The personal information relates to existing or anticipated legal proceedings with the individual and the information would not be discoverable through discovery;
e) Providing access would be unlawful or denying access is required and authorised by law;
f) Providing access would be likely to prejudice an investigation of unlawful activity or law enforcement, public revenue protection, prevention and remedying of seriously improper conduct, or preparation or conduct of court or tribunal proceedings, either by or on behalf of an enforcement body.
g) An enforcement body performing a lawful security function requests denial of access to protect national security.
a) Racial or ethnic origin;
b) Political opinions;
c) Membership of a political association;
d) Religious beliefs or affiliations;
e) Philosophical beliefs;
f) Membership of a professional or trade association;
g) Membership of a trade union;
h) Sexual preferences or practices;
i) Criminal record;
j) Health, including information or an opinion about the health or a disability of an individual, an individual’s expressed wishes about the future provision of their health services, a health service provided or to be provided to an individual, other personal information about an individual collected in connection with their donation or intended donation of body parts, organs or body substances;
k) Any other information deemed sensitive by Agency policies.