Privacy Policy
Introduction
The Central Tablelands Regional Landcare Network (CTRLN) is committed to protecting the privacy of personal information which it collects, holds and administers by preventing wrongful access, collection, disclosure or release of personal information by verbal, written or electronic means.
Purpose
The purpose of this document is to provide a framework for CTRLN in dealing with privacy considerations and to ensure that the CTRLN staff, members and volunteers comply with and observe the statutory requirements of the Privacy Act 1988.
Policy
All staff, members, volunteers and committee of the CTRLN shall be aware and observant of the 13 Australian Privacy Principles (AAPs), outlined in the Privacy Act 1988, which are summarised below:
1 Open and transparent management of personal information
Personal information must be managed in an open and transparent way. This includes having a clearly expressed and up to date privacy policy.
2 Anonymity and pseudonymity
Individuals have the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.
3 Collection of solicited personal information
This principle outlines when an organisation can collect personal information that is solicited. It applies higher standards to the collection of sensitive information.
4 Dealing with unsolicited personal information
Outlines how organisations must deal with unsolicited personal information.
5 Notification of the collection of personal information
Outlines when and in what circumstances an organisation that collects personal information must tell an individual about certain matters.
6 Use or disclosure of personal information
Outlines the circumstances in which an organisation may use or disclose personal information that it holds.
7 Direct marketing
An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.
8 Cross-border disclosure of personal information
Outlines the steps an organisation must take to protect personal information before it is disclosed overseas.
9 Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.
10 Quality of personal information
An organisation must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. It must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
11 Security of personal information
An organisation must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An organisation has obligations to destroy or de-identify personal information in certain circumstances.
12 Access to personal information
Outlines an organisation’s obligations when an individual requests to be given access to personal information held about them by the organisation. This includes a requirement to provide access unless a specific exception applies.
13 Correction of personal information
Outlines an organisation’s obligations in relation to correcting the personal information it holds about individuals.
CTRLN is bound by laws that impose specific obligations when it comes to handling information. The organisation has adopted the following principles contained as minimum standards in relation to handling personal information:
Collect only information which the organisation requires for its primary function.
Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered.
Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent.
Store personal information securely, protecting it from unauthorised access.
Provide stakeholders with access to their own information, and the right to seek its correction.
Responsibilities
CTRLN’s Steering Committee is responsible for developing, adopting, and reviewing this policy.
The Regional Landcare Coordinator (RLC) and Regional Administration Support Officer (RASO) are responsible for the implementation of this policy, monitoring changes in Privacy legislation, and advising on the need to review or revise this policy as and when the need arisese or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
Procedures
1. Open and transparent management of personal information
The CTRLN will:
Ensure stakeholders are aware of this policy and make this information freely available.
Take reasonable steps to implement practices, procedures and systems that will ensure it complies with all APPs and deal with related enquiries and complaints.
2. Anonymity and Pseudonymity
The CTRLN will give stakeholders the option of not identifying themselves or of using a pseudonym when dealing with the group in relation to a particular matter.
3. Collection of solicited personal information
The CTRLN will:
Only collect information that is reasonably necessary for the functions or activities The CTRLN. Where practicable, collection of personal information will only occur from interaction with that individual.
Only collect sensitive information where the above conditions are met and the individual concerned consents to the collection.
Notify stakeholders about why we collect information and how it is administered and that it is accessible to them.
4. Dealing with unsolicited personal information
Unsolicited personal information is any personal information received by the group that has not been requested by the group. In relation to this information, The CTRLN will decide whether it could have collected the information under APP3 or whether the information is contained in a Commonwealth record and:
if the answer to both these questions is no, The CTRLN will destroy or de-identify the information as soon as practicable if it is lawful and reasonable to do so under APP4.3;
If the answer to one of these questions is yes, The CTRLN may keep the information but must deal with it in accordance with APPs 5-13.
5. Notification of the collection of personal information
The CTRLN will take reasonable steps before, at the time or as soon as practicable after it collects personal information about an individual to notify the individual of certain matters including, The CTRLN’s identity and contact details, the purposes and circumstances of collection, whether collection is required by law and the consequences if personal information is not collected.
6. Use or disclosure of personal information
The CTRLN will:
Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
Obtain consent from the affected party for all other uses.
7. Direct marketing
The CTRLN will not disclose personal information for direct marketing purposes.
8. Cross-border disclosure of personal information
The CTRLN will not disclose personal information to an overseas recipient.
9. Adoption, use or disclosure of government-related identifiers
The CTRLN will not adopt as its own identifier the identifier of other agencies or service providers, eg Centrelink identification number.
10. Quality of personal information
The CTRLN will take reasonable steps to ensure the information we collect, use or disclose is accurate, up-to-date and complete and relevant to the functions we perform.
11. Security of personal information
The CTRLN will safeguard the information we collect against misuse, interference and loss, unauthorised access, modification and disclosure. Reasonable steps will be taken to destroy or permanently de-identify personal information no longer needed.
12. Access to personal information
The CTRLN will ensure individuals are granted access upon request to any personal information held about them.
13. Correction of personal information
The CTRLN will correct any personal information to ensure that it is accurate, up-to-date, complete, relevant and not misleading.
Parties
Can only release personal information about a person with that person’s expressed permission. For personal information to be released, the person concerned must sign a release form.
Can only release information to a third person where it is requested by the person concerned.
If the information is required in order to inform members of opportunities or events that are in line with our organisation’s mission or vision, we may provide a third party with name and address labels only. We are never to provide the information in electronic format.
Complaints
All complaints against the CTRLN staff, employees, committee or volunteers in respect of privacy must be reviewed and investigated within 10 working days of the complaint being received.
All responses to privacy requests and complaints shall be reviewed by the Steering Committee.
Responsibilities
It shall be the responsibility of the RLC and RASO to ensure that all requirements of this policy are complied with for the CTRLN Steering Committee.
The CTRLN Steering Committee staff and volunteers are responsible for the implementation of this policy.
These policy and procedures shall be reviewed every year by the CTRLN Steering Committee.
This initiative is made possible by the NSW Landcare Enabling
Program. A collaboration of Local Land Services and Landcare
NSW, supported by the NSW Government.