Privacy Management Plan

Secure

Council will ensure personal information is secure and we will only keep it for as long as appropriate. We will secure your information by:

• monitoring network traffic using industry standard practice, processes, procedures and tools;
• undertake penetration testing annually;
• complying with State Records Act in relation to safe custody, preservation, accuracy, maintenance and disposal of state records; and
• ensuring staff compliance with the Computer Resource Usage Policy.

In the event of a data breach, Council will:

• follow the guidance issued by the Information & Privacy Commission NSW (IPC) relating to the Voluntary Reporting Scheme; and
• if the breach relates to Tax File Number information, following the protocols of the Office of the Australian Information Commissioner (OAIC) relating to Notifiable Data Breaches.

Transparent

Council will take reasonable steps to enable a person to determine whether we hold personal and health information about them. If Council holds any information about a person, upon request it will advise them the nature of that information, the main purposes for which it is held, and that person’s entitlement to access.
In this regard, Council will consider any conditions or limitations contained in the Government Information (Public Access) Act 2009 (NSW).

Accessible

Council will ensure that individuals are provided access to personal and health information held by Council without unreasonable delay or expense. Requests for access should be made in writing and addressed to the General Manager. You can do this by filling in the Access to Personal Information form - PDF - 49 KB.
The right to access personal information does not extend to information held about other people. Applications will need to be made under the Government Information (Public Access) Act 2009 (NSW) if:

• an individual’s personal information is in documents which also have information about other people
• access is sought for information about someone else

If an employee seeks access to personal information held about them they should make this request to the Manager People & Culture.

Correct

Council will allow the amendment of personal and health information to ensure that all information is current, accurate, complete and relevant for the purpose for which it was collected.
Any request for change will require appropriate supporting documentation. The type of documentation required will depend on the type of change being made which may include a statutory declaration.
This supporting documentation must accompany the appropriate application form.

Accurate

Council will ensure that health information is relevant and accurate before using it.

Accurate

Council will take reasonable steps to ensure that personal and health information is relevant, accurate, up-to-date and complete before using it.
These steps will depend on the age of information, its likelihood for change and the particular function for which the information was collected.

Limited

Council will only use personal information for purposes for which it was collected unless:

• Consent has been given by the individual whom the information relates to;
• The other purpose is directly related to the purpose for which it was collected;
• Use of the information is necessary to prevent or lessen a serious threat and imminent threat to the life or health of the individual or another person; and
• The other purpose is in pursuance of the lawful and proper functions of Council as mandated by the Privacy Code of Practice for Local Government.

Council will only use health information for the purpose which it was collected or for a directly related purpose that the individual to whom the information relates would expect. Otherwise, Council will obtain the individual’s consent.

Restricted

Council will not disclose personal information to any other person (other than the individual to whom the information relates) or other body (including a public sector agency), unless:

• an individual provides consent;
• an individual would be reasonable likely to have been aware that that kind of information is disclosed to another body;
• Council believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned; and
• Council is authorised to disclose personal information for other purposes as mandated by the Privacy Code of Practice for Local Government.

Safeguarded

Council will not disclose personal information relating to an individual’s ethnic or racial origin, political opinions, religious or philosophic beliefs, trade union membership, health or sexual activities unless the disclosure is necessary to prevent a serious or imminent threat to the life or health of the individual concerned or another person.

Limited

Council will only disclose health information under the following circumstances:

• with the consent of the individual to whom the information relates;
• for the purpose for which the health information was collected or a directly related purpose that the individual to whom in relates would expect; and/or
• if an exemption applies

Not Identified

Council will only give an identification number to health information if it is reasonably necessary for Council to carry out its functions effectively

Anonymous

Council will provide health services anonymously where it is lawful and practical

Controlled

Council will only transfer personal information out of New South Wales if the requirements of Health Privacy Principle 14 are met.

Authorised

Council does not currently use a health records linkage system. Council will obtain consent from individuals if this is introduced in the future.