A-Z Guide to Good Privacy Practice in Defence Workplaces

A-Z GUIDE TO GOOD PRIVACY PRACTICE IN THE WORKPLACE The A-Z Guide to Good Privacy Practice in the Workplace covers some of the practical privacy issues that might arise during the course of your working in Defence. It does not provide exhaustive advice on every topic. Rather, it clarifies, in non-legalistic terms wherever possible, how practical privacy awareness interrelates with and supports good security practices in the workplace. More detailed guidance on privacy matters is available on the Defence Privacy website at: http://intranet.defence.gov.au/fr/Privacy/privacyhome.htm 2 INDEX A Access control logs Address unknown Attendance diaries G Gazettal of personal information R Referee reports Relocation to another workplace H Home-based work S Security and privacy Sensitive or confidential discussions STAFF-IN-CONFIDENCE papers and files Storage of files Surveillance Survey and census questionnaires C Call Centre 1800 help lines Clean desk policy Complaints – breach of privacy Computers Confidentiality vs privacy Consent Contractors – privacy obligations I Identifiers Information Privacy Principles Investigations– access to personal files L Liability for breaches of privacy M Medical certificates Meta-data Minors Mobile telephones Mobile telephones – deletion of old numbers D Defence Documents and Records Management System Disclosure of personal information - general Disclosure of personal information – Public Service regulation 2.1 Disclosure of personal information – Public Service Regulation 9.2 T Tax File Numbers Telecommunications Telephone enquiries – external callers Telephone numbers Training materials N National Privacy Principles U Unions and employees‟ personal information Use of personal information E E-mail activity – privacy protection E-mail address E-mail transmission of healthrelated information E-mail transmission of personal information Emergency contact numbers Employee family members Employee workplace contact details Exemptions from coverage of the Privacy Act O OH&S reporting Overseas V Verbal disclosures about other employees P Performance Agreements Personal Information – what is it? Photographs PMKeyS PMKeyS Employee Self Service Privacy Act – how do you cite it? Privacy awareness – Defence guidelines Privacy awareness – OPC guidelines Privacy Contact Officer Privacy law jurisdictions Privacy markings Privacy Statements W Waste disposal White boards Working away from your usual workplace Workplace privacy – employee monitoring F Farewells and testimonials Fax transmission of personal information File titles Forms and brochures Freedom of Information 3 Access control logs A Defence pass is issued to Defence personnel subject to their signing acceptance of a set of conditions drawn up by the Defence Security Authority (DSA). The first condition is that you agree to present your pass for inspection or electronic scanning on entering or leaving a controlled Defence area. Electronic scanning leaves an electronic trail, known as an access control log, which can be retrieved for checking purposes if DSA is asked to activate this capability. Use of access control logs would normally only be for specific DSA purposes and in compliance with Information Privacy Principle (IPP) 10.1 in s.14 of the Privacy Act 1988. Any other use of access logs, for example by your supervisor for reconciling times entered in your attendance diary, may breach the Privacy Act unless one of the use exceptions in IPP 10.1 applies. Related topics: Attendance diaries and Use of personal information Address unknown As a general rule, private mail should not be sent to work addresses. However, there may be occasions when your work area may receive private mail intended for a person who has left your work area without leaving a forwarding address. It is good privacy practice to mark the envelope 'no longer at this address' and return it to the Customer Service Centre (CSC) for “return to sender” (if identifiable). Do not open the envelope or attempt to locate the person through PMKeyS. Related topics: E-mail address and Telephone enquiries – external callers Attendance diaries As well as recording times of commencing and ceasing duty, attendance diaries maintained by employees participating in a formal Flextime Scheme contain personal information (employee name and Employee ID number) as defined in section 6 of the Privacy Act. Individual Defence APS employees are responsible for day-to-day management of their attendance diaries and, consistent with current record keeping practice, are responsible for retaining, for up to 7 years, completed attendance diaries in a folder at their work station. The personal information contained in completed attendance diaries is basic and would not normally warrant secure storage. Where an employee has retained hard copies of approved leave forms containing more sensitive personal information (for example, health-related), it is good privacy practice not to store these with completed attendance diaries, but separately in a lockable cabinet at their work station. Call Centre 1800 help lines It is Defence Service Centre – Cooma (DSC-C) practice to record any telephone calls you make to its 1800 help lines, with your knowledge and consent. This is in compliance with the Telecommunications (Interception) Act 1979, which does not regard such a practice as interception. If you do not give consent to DSC-C recording your call, you will be offered alternative means of communicating with DSC-C, for example, by e-mail or surface mail. The IPPs are applicable to the handling of any personal information which DSC-C collects when recording your telephone calls. Related topic: Telecommunications Clean desk policy All STAFF-IN-CONFIDENCE files and papers containing personal information should be locked away after close of business each day. This is consistent with Defence's clean desk policy and the Defence Security Manual (http://intranet.defence.gov.au/dsa/DSM/) requirement to handle STAFF-INCONFIDENCE material as RESTRICTED. 4 Complaints – breach of privacy If you think your privacy has been infringed, you should attempt to resolve the matter at the local level. There are options available to lodge a complaint. Every attempt is to be made to resolve complaints at the lowest, most appropriate level. A complaint may be directed to the manager of the area responsible for the perceived interference with privacy, or a Redress of Grievance or Review of Action (as appropriate) may be submitted. The manager responsible for handling the complaint should seek advice from the Deputy Director Administrative Review in Fairness and Resolution Branch. All privacy complaints are classified as STAFF-IN-CONFIDENCE and managed in accordance with Defence Security Manual (http://intranet.defence.gov.au/dsa/DSM/) requirements. An interim privacy complaint management process is contained on the “Privacy Complaints” page of the Defence Privacy website at http://intranet.defence.gov.au/fr/Privacy/privacycomplaint.htm Related topics: Information Privacy Principles and Liability for breaches of privacy. Computers IT systems have increased the potential for unauthorised access to and use/disclosure of personal information. The DRN will prompt you to change your password regularly. Never write your password down where it can be accessed by other people. Defence personnel who regularly handle sensitive personal information should obtain a privacy screen which can be attached over the screen of their monitor. This is similar to an anti-glare screen but works so that only the operator directly in front of the screen can view the monitor. Lock your computer if you are going to be absent from your work station for any length of time. Confidentiality vs privacy Confidentiality and privacy are mutually exclusive and are not interchangeable terms. “Confidentiality” relates to the nature of the exchange of information between parties. An obligation of confidence is established when the giver and the receiver mutually undertake not to further disclose the information. There are very few conditions in Defence under which an obligation of confidentiality is provided. Examples of situations where a duty of confidence may arise include:  consultations with Equity Advisers (within prescribed limitations)  commercial-in-confidence information supplied during a tender and contracting process  consultations with medical professionals “Privacy” relates to records of personal information which are then governed by the Privacy Act. The obligation not to disclose “confidential information” arises from the common law. Related topic: Sensitive or confidential discussions Consent Use or disclosure of personal information for a purpose other than the original reason it was collected must meet one of the exceptions under IPP10 or IPP 11. The consent of the individual concerned to use or disclose their personal information for a different purpose is an exception under IPP 10 and IPP11. Consent can be implied or express. The Privacy Act defines consent to include “implied consent”. While valid, anyone that relies upon implied consent must make a difficult judgement about what a person may think in particular circumstances or what they might mean by a particular action. As a general rule, the preferred course of action would be to obtain “express consent” from an individual before their personal information is either used or disclosed under the exceptions contained in IPP10 and IPP11. This is particularly applicable when the personal information is of a sensitive nature. Consent – whether implied or express – must be informed and free. Related topics: Disclosure of personal information – general and Use of personal information 5 Contractors – privacy obligations In accordance with section 95B of the Privacy Act, contracted service providers engaged by Defence are to be legally bound by the terms of their contract not to breach the IPPs when handling personal information relating to Defence personnel. For current guidelines on contractor obligations under section 95.B of the Privacy Act, see Section 3, Chapter 3.14 of the Defence Procurement Policy Manual, accessible on the DRN. The practical provisions to use in contracts are set out in clause 9.6 of the ASDEFCON (Services) Handbook. The ASDEFCON Services contract template includes a privacy clause. However, the SP020 Purchase Order and Contract for the Supply of Goods and Services form does not contain a privacy clause and should not be used for services in which the handling of personal information is likely to be required, unless special conditions have been added which address this deficiency. Defence Documents and Records Management System As with PMKeyS, access to the Defence Documents and Records Management System (DRMS) is on a 'need-to-know basis'. Security clearance-based access controls are built into the DRMS. These controls operate in three ways, by:  preventing a user from seeing an object within DRMS if the user does not have a clearance equal to or higher than an object's classification;  not permitting a user to see the object if their codewords and caveats do not match those assigned to the object;  using privileges to determine whether a user or a workgroup can see an object and what they are able to do with it. Defence personnel who are granted access to personal information in electronic documents attached to departmental files in the DRMS are obliged to comply with the use and disclosure provisions of IPP 10 and IPP 11 in section 14 of the Privacy Act. There are DRMS audit trail settings which prevent unauthorised access, modification or destruction of personal information contained in the system . When creating a file containing personal information about an employee, it is good practice to ensure that the file's heading does not compromise the file's STAFF-IN-CONFIDENCE privacy marking. Disclosure of personal information - general Defence is obliged under the Privacy Act to ensure that the personal information it holds is accurate, up-to-date and complete before it is used or disclosed. IPPs 8, 9 and 11 govern the disclosure of personal information. Defence must not disclose (ie. release outside Defence) personal information to any other person or organisation unless at least one of the following IPP 11 exceptions apply: 11.1(a) the person the information is about has been told in a valid Privacy Notice, or is reasonably likely to know that it is common to make such a disclosure 11.1(b) the person the information is about consents 11.1(c) disclosure is considered necessary to protect against a serious and imminent threat to a person‟s life or health 11.1(d) disclosure is required or authorised under law 11.1(e) disclosure is reasonably necessary to enforce the criminal law, or a law imposing a pecuniary penalty, or for the protection of the public revenue If any of these exceptions apply then the personal information may be disclosed. Defence instructions that relate to the handling of personal information may provide further criteria to consider in the matter of disclosure. If information is disclosed under IPP11.1(e) then this must be noted on the relevant file. Disclosure of personal information – Public Service Regulation 2.1 Public Service Regulation 2.1 – Disclosure of information – prohibits an APS employee from disclosing work-related information if the disclosure could prejudice the effective working of government or if the information was, or is to be, communicated in confidence. This includes personal information. This regulation does not prevent a disclosure of information by an APS employee in the course of their duties, or in accordance with an authorisation given by an Agency Head, or that is otherwise authorised by law. Note that this regulation does not affect the existing restrictions on the disclosure of personal information that are contained in the IPP 11 provisions in section 14 of the Privacy Act. Related topic: Disclosure of Personal Information – Public Service Regulation 9.2 6 Disclosure of personal information – Public Service Regulation 9.2 Public Service Regulation 9.2 was made for the purposes of section 76 of the Public Service Act 1999. Under this regulation Defence is authorised:  to disclose personal information (within the meaning of the Privacy Act) where this is necessary for the exercise of the employer powers of the Secretary or another Agency Head; and  to disclose personal information about Defence APS employees to another Agency Head – where an employee moves to that agency - or to an outsourced body contracted to undertake a personnel function for Defence. Disclosures made under this regulation are disclosures authorised under law in accordance with IPP 11.1(d). They cover a range of disclosures for administrative purposes, including to ComSuper, Comcare, medical practitioners (in relation to employee fitness for duty), the Department of Employment and Workplace Relations, the Australian Public Service Commission and Commonwealth Auditors. While this regulation gives Defence a broad power of disclosure to external agencies it is not intended to be exercised as a catch-all power with respect to the use of personal information within Defence. In the specific circumstances detailed in Public Service Regulation 9.2, there are limited delegations for Defence to disclose personal information in its possession or under its control to an external agency. These delegations are held by FASPERS, DGPPEC, DCR and DSG staff with personnel services delivery functions. The delegations cannot be used for releasing personal information for internal Defence purposes. This regulation should not be confused with amended Public Service Regulation 2.1 – Duty not to disclose information – which was made for the purposes of subsection 13(13) of the Public Service Act 1999 and relates to disclosure of work-related official information. Related topic: Disclosure of personal information – Public service Regulation 2.1 E-mail activity – privacy protection While the purpose of your personal password is to prevent unauthorised access to your e-mail account, your e-mail activity on Defence supplied equipment is not private. The e-mails you generate within the Defence environment are Defence property and can be subject to audit by designated staff. Any monitoring of your work-related and personal e-mails must be in accordance with Defence policy stated in DI(G) ADMIN 10-6 – Use of Defence telephone and computer resources – and the Privacy Commissioner's guidelines on workplace e-mail, web browsing and privacy. E-mail address Your workplace e-mail address can identify you and is therefore considered to be personal information, as defined in section 6 of the Privacy Act. Discretion should be exercised when you include the e-mail addresses of other individuals in your e-mail messages. If you receive an e-mail that contains another individual's personal information, you should contact the sender and delete the e-mail. If you know the e-mail address of the intended recipient, you could advise the intended recipient that the sender is attempting to contact them. Related topics: Address unknown and Telephone enquiries – external callers E-mail transmission of health-related information Health-related information that can identify an individual should not be e-mailed over the DRN or the Internet unless it is encrypted. If it is not practicable to encrypt it, health-related information may be transmitted in an e-mail as a 'hypothetical case', so that the identity of the individual cannot reasonably be ascertained. In this way, the hypothetical information is considered to be de-identified information for the purposes of the Privacy Act. 7 E-mail transmission of personal information DRN Wherever practicable, sensitive personal information should not be transmitted by e-mail across the DRN in plain text. The maximum security classification of internal e-mails transmitted across the DRN is RESTRICTED. Enquiries about personal administration or entitlements can be made to the dedicated Defence telephone/e-mail advice lines, as well as those operated by the Defence Service Centre and the Civilian and Military Personnel Administration Centres. However, it is good privacy practice to make such enquiries by telephone. A telephone advice line will let you know in advance whether it can offer you confidentiality, whereas an e-mail advice line cannot guarantee this. An e-mail advice line is usually serviced by more than one person and has no mechanism for filtering any STAFF-INCONFIDENCE information that you might disclose in your e-mail. Related topic: Call centre 1800 help lines Internet The Defence connection to the Internet is UNCLASSIFIED. The security classification of e-mails to external addressees, which will be sent via the Internet or other unsecured networks, will be UNCLASSIFIED only. This means that an UNCLASSIFIED e-mail containing sensitive personal information, whether it bears a STAFF-IN-CONFIDENCE privacy marking or not, can exit the DRN. For example, it would be both a security breach and a breach of IPP 4 to send sensitive personal information in an UNCLASSIFIED e-mail, with no STAFF-IN-CONFIDENCE privacy marking, from a Defence e-mail account to an employee's insecure personal Hotmail account. Related topic: Fax transmission of personal information Emergency contact numbers Some workplaces maintain local data bases (either on-line or paper-based) containing biographical data about their employees. These may include a home address contact list or a list of emergency contact numbers. These records should be marked as STAFF-IN-CONFIDENCE. When collecting personal information for the data base, the data base should incorporate a Privacy Statement in compliance with IPP 2 of the Privacy Act. This statement informs employees why their personal information is collected, the authority for collecting it, and to whom it would usually be disclosed. It would also be good practice to include advice on the arrangements for handling and storing the information. Related topics: PMKeyS Employee Self Service and Privacy Statements Employee family members Some Defence forms ask you to provide personal information about your immediate family, for example, security clearance forms and Financial and Other Private Interest Statements. It is good privacy practice to give that part of any Defence form which asks questions of third parties, such as your spouse/partner or other family members, to those individuals to fill out themselves. Defence cannot generally disclose your personal information to your partner or to another member of your immediate family if you have not given your express permission for this to happen. Likewise, Defence cannot generally disclose personal information about your family without their consent. There are limited circumstances in which Defence may need to make such disclosures, as specified under Disclosure of personal information - general. Employee workplace contact details Lists of employees and their workplace contact details are personal information and should not be disclosed to persons outside Defence – for example, to unions and private sector firms – without the express consent of each employee listed. While the Privacy Commissioner's Guidelines for Federal and ACT Government World Wide Websites do not prevent an agency from publishing employee contact details on its external web site, they provide that this must be done only in circumstances permitted by the IPPs. In practice, agencies only publish on their external web sites the contact details of staff in senior positions or positions of public contact, who would normally expect their contact details to be publicly available in some form. This would be consistent with the IPP 11.1(a) exemption. 8 Exemptions from coverage of the Privacy Act Defence Signals Directorate (DSD), Defence Imagery and Geospatial Organisation (DIGO) and Defence Intelligence Organisation (DIO) are exempt from the operation of the Privacy Act where their acts and practices relate to their functions (that is, in relation to the work they are required to do). For DIGO and DSD, these functions are set out in ss 6B and 7 of the Intelligence Services Act 2001. In the case of DIO, the functions are described in the Defence Intelligence Organisation Mandate, issued by the Secretary of Defence and the Chief of the Defence Force, and endorsed by Cabinet. Records that have originated with, or have been received from these agencies are also excluded. This exemption does not generally extend to the personal information of personnel working in these agencies. Farewells and testimonials A privacy issue can arise when collating information from an individual‟s personal file to include in a farewell speech or testimonial, without first obtaining the consent of the individual. To avoid this situation, you could invite the individual to provide a summary of their career milestones as seen from their perspective or approach the individual to ensure they are happy for such information to be accessed in order to prepare the speech or testimonial. Fax transmission of personal information Avoid sending sensitive personal and STAFF-IN-CONFIDENCE information by fax. The Defence Security Manual, Part 3, Section 3 paragraphs 3.3.105-106 (http://intranet.defence.gov.au/dsa/DSM/) details procedures to follow if transmission of STAFF-IN-CONFIDENCE documents by non-secure fax is judged to be the only practicable alternative to mail, safe hand or courier. Before faxing personal information, use a fax cover sheet to ensure that the name, work location and contact number of both the originator and the addressee are clearly shown. Ensure that the addressee will be ready to receive the fax, to mitigate the risk of someone else receiving the fax first. After sending the fax, check whether the fax transmission report confirms that you have dialled the correct destination fax number. Contact the sender or retransmit any fax that has been sent to you incorrectly. All fax machines in your work area should be cleared before the last person leaves the office at night. File titles When creating a file, in particular a case file, ensure that the file title makes no reference to an identifiable individual. The Records Management Policy Manual (POLMAN3) 6.84-87 provides that the only references permitted in the title are your directorate, the case number, case file type and the year. A register of who the file refers to must be kept for discovery purposes. Access to and visibility of a file with a title that allows an individual to be identified must be restricted to persons who need to know about the file and its title, both physically and electronically (for example, DRMS). This practice ensures compliance with IPP 4. This access needs to be reviewed and possibly modified when a file is sent to Defence Archives to allow them to manage the file correctly. The Defence Records Management Solutions Directorate can assist you in setting this up in DRMS. The reason for this provision is two-fold:  to ensure that sensitive file titles are not included on a list of Defence central office files ('the Harradine Report') which Defence and all other Commonwealth agencies are required to publish on the Internet and update every six months. The Directorate of Records Management Policy (DRMP) coordinates the Defence list, which is vetted by Defence staff and DRMP; and  to minimise the potential for sensitive information being promulgated through Defence. For further advice on file management policy contact DRMP Policy at DRMP.Policy@defence.gov.au Contact the DRMS Service Desk at drms@defence.gov.au for assistance in setting access controls in DRMS. 9 Forms and brochures All paper-based and on-line forms developed within Defence to collect personal information from the person to whom the information relates should incorporate a prominently placed Privacy Statement, in compliance with IPP 2. The statement should state why the information is being collected, the authority for its collection and the parties that would normally use it or to whom it is normally disclosed. Further guidance is available on the “Questions and Answers” page of the Defence Privacy website at http://intranet.defence.gov.au/fr/Privacy/privacyq&a.htm. Freedom of Information Employees (and former employees) have the right to access their own personal information under both the Privacy Act (IPP 6) and the Freedom of Information Act 1982. In practical implementation, the FOI administrative machinery is accepted as the normal channel for an individual to obtain information held on their personal file. Defence APS employees or ADF members should apply for access to their personal information directly to the area holding the record in the first instance. An applicant should seek access from the FOI directorate only if they are not satisfied with their initial approach to the record holder or a decision is not made within 30 days of making the request. See the Defence Freedom of Information Manual (POLMAN 2) for more information. Gazettal of personal information The Public Service (PS) Gazette contains notices of staff movements to APS employment opportunities, promotions and terminations of employment. In doing so, it publishes personal information about APS employees. The PS Gazette can be downloaded from the APSjobs website, which is accessible by members of the public. As a publication that is generally available to members of the public, the PS Gazette is excluded from the definition of a record in section 6 of the Privacy Act. Be aware, however, that the Privacy Act will apply to any disclosures or publications of personal information held by Defence, regardless of whether the personal information is coincidentally publicly available in the PS Gazette. The PS Gazette includes a Privacy Notice informing users that its data is provided only for the purposes of gazettal requirements and that any other use of the data should be in accordance with privacy obligations. Home-based work If you are working from home for short periods, you should not remove documents containing personal information relating to other Defence employees from the workplace. Under such short-term arrangements, secure storage of STAFF-IN-CONFIDENCE material in compliance with IPP 4 may not be practicable. For formal home-based work arrangements, individuals must ensure that they have secure storage facilities for classified and XXX-IN-CONFIDENCE material. Section 2 in Chapter 7, Part 2 of the Defence Workplace Relations Manual and DI (G) PERS 49-1 Temporary Home Located Work for members of the Australian Defence Force addresses this security and privacy matter. Identifiers A variety of numerical identifiers have been/are issued to Defence members, including:  Service number for ADF members  Australian Government Staff (AGS) number for Defence APS employees  PMKeyS Employee ID number for both ADF members and Defence APS employees It is good privacy practice for Defence forms only to collect an individual's PMKeyS Employee ID where there is a legitimate business case for doing so. Related topic: Tax File Numbers 10 Information Privacy Principles The Information Privacy Principles (IPP) are more than statements of good intent or best endeavours. They are the specific mechanisms in section 14 of the Privacy Act that are cited when establishing that an agency's act or practice in handling personal information is unlawful. Section 13 of the Privacy Act provides that a privacy breach occurs when there is found to be a breach of one or more of the eleven IPPs. Section 16 of the Privacy Act states that 'an agency shall not do an act, or engage in a practice, that breaches an Information Privacy Principle'. The IPPs are accessible through the “Privacy Principles” page of the Defence Privacy website at http://intranet.defence.gov.au/fr/Privacy/privacyprinciples.htm Related topic: Privacy awareness – OPC guidelines Investigations – access to personnel files If an investigative body, such as the civilian police or the ADF Investigative Service requests access to personal information for the purpose of an investigation, access should be given only to the relevant part of a Defence member's personal file (IPP 9 refers). Retrieve only the information specifically required for the investigation and be careful not to use any third party information on the file unless it is specifically needed for the investigation. If the information is required for the enforcement of the criminal law, a law imposing a pecuniary penalty or for the protection of the public revenue, notate on the file who accessed the information, to whom it was given, for what purpose and the date. Records relating to misconduct action should not be placed on a Defence member's personal file, but on a separate misconduct action file or, where appropriate, an investigation file held in secure storage. However, ADF personal administrative action, such as administrative warnings and censures, is recorded on personnel files. Liability for breaches of privacy Where a complaint investigation has found that an employee's privacy has been infringed by a breach of one or more of the IPPs, under section 16 of the Privacy Act, Defence would be held accountable. As respondent to a privacy complaint, Defence would generally be requested to accept action that might include a written apology to the complainant, arranging privacy training, or changing procedures for handling personal information. Where an individual has knowingly breached one or more of the IPPs or has developed a pattern of repeated security breaches, Defence could hold that individual directly accountable and invoke other legislative provisions. For example, section 13 of the Public Service Act 1999 could be invoked to impose a range of sanctions against a Defence APS employee for breaching the APS Code of Conduct or Defence Force Discipline Act 1982 action could be taken against a member of the ADF. Medical certificates Medical certificates and any associated medical documentation in support of applications for Personal Leave are a sensitive category of personal information. They must be handled in accordance with STAFF-IN-CONFIDENCE provisions, as a minimum, at all stages of the approval work flow within Defence. Meta-data Be careful with sensitive personal information hidden in draft versions of electronic documents that you do not intend for wider distribution. If you are familiar with Microsoft Word's tracking changes feature, which preserves a file's original wording and shows edits by other persons, you may not be aware that this meta-data will remain embedded in electronic versions of your draft documents, but not visible in soft copies or on your screen, unless you remove it. The privacy issue arises when you e-mail the Word file or post it on-line. Meta-data scanning tools may erase personal data from your files that could be accessed by other people for unauthorised purposes. 11 Minors The Privacy Act makes no distinction between adults and minors as regards individuals and their right to protection of their personal information. The only distinction it makes is between 'natural' (that is, living) persons and deceased persons. Situations in which you may need to be aware that the personal information of minors is also covered by the Privacy Act include those where Defence has a parental/guardian role for persons under age 18, for example:  if you are arranging to have a school student placed on a work experience program with Defence;  if your duties involve interaction with ADF cadets;  recruitment to the ADF of people under the age of 18 years. In practical terms, this means that school students on work experience, ADF cadets and ADF members under 18 years can be assumed to be capable of giving consent to Defence using/disclosing their personal information. The consent of their parent or guardian would not normally be sought. The consent of the person's parent or guardian would only be sought if the person under age 18 was not capable of giving consent, that is, the person lacked sufficient understanding or intelligence to understand fully the effect of the use/disclosure of their personal information. ADF members under 18 years of age are required to sign an acknowledgement form agreeing that in some circumstances, certain personal information will be disclosed to their parent/guardian (see DI (G) PERS 33-4). Mobile telephones Defence-provided mobile phones - If you are allocated a Defence mobile telephone for work-related purposes, be aware that the details – originator, number dialled, date/time, duration and costs of all your telephone calls - (including any for private purposes) are logged and subject to audit analysis. It would, however, be a privacy-intrusive practice if your manager were to access the telephone number of any recipient of your private calls where their details appear on your statements of mobile telephone usage. To protect your privacy and that of your call recipients you should offer to justify those calls if requested by your manager. Personal mobile phones - While you may have an expectation of the right to privacy in making private calls in the workplace from your personal mobile telephone, note that:     an open plan office environment will afford you minimal privacy; using your personal mobile phone in the workplace can distract other employees; Defence security policy prohibits use of a mobile phone incorporating photographic capability in an area in which classified information is on display; in certain industrial-type workplaces there may be OHS grounds for banning the use of mobile phones for private calls during work time. Mobile telephones – deletion of old numbers Many work areas maintain listings of their employees' mobile telephone numbers. Employees should retain the listings only for as long as they are assigned to the particular work area. It is good privacy practice for the employee to shred their copy of the listings when they move on to a new work area, and for the losing work area to remove the employee's mobile number from all its telephone lists. National Privacy Principles The National Privacy Principles (NPP), contained in the Privacy Act, establish the minimum standards for how private sector organisations collect, store, use and disclose personal information. Although Defence contractors must comply with the IPPs, NPPs 7 to 10, which deal with identifiers, anonymity, transborder data flows and sensitive information, also apply to them. Service contract templates contain appropriate clauses to include in contracts. The NPPs are accessible through the “Privacy Principles” page of the Defence Privacy website at http://intranet.defence.gov.au/fr/Privacy/privacyprinciples.htm 12 OH&S reporting Section 68 of the Occupational Health and Safety Act 1991 requires Defence to report certain types of workplace accidents, injuries or illnesses to Comcare. Collection of the required information is lawful under IPP 1.1(a). IPP 1.1(a) also covers first aid officers who report incidents where they have provided assistance. Overseas If you are working overseas on official duty, whether on a long term posting or a short-term mission or visit, your obligations under the Privacy Act as an ADF member or Defence APS employee continue. These obligations impact primarily on your handling of personal information about yourself or other Australian citizens, in the performance of your official duties. The application of the IPPs extends to Defence records wherever they might be held. If you are working overseas on exchange or secondment, you would be subject to the jurisdiction of the host country's privacy or data protection legislation, where this exists (for example the UK, USA, New Zealand), to the extent that the conditions of your exchange or secondment require you to comply with the rules and regulations of the host Defence organisation. Note that the IPPs do not apply to protect the personal information of Australians maintained in records held by foreign governments. Performance Agreements The content of the Performance Agreement form includes personal information as defined under section 6 of the Privacy Act. The part that contains key expected results and leave plans should be accessible on request to the chain-of-command or line management within your Group. However, the parts containing learning and development activities and the performance assessment are STAFF-IN-CONFIDENCE and are to be treated accordingly. Related topics: STAFF-IN-CONFIDENCE papers and files Personal Information – what is it? „Personal information‟ (as defined in Section 6 of the Privacy Act) means: “information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.” The test for whether personal information is identifiable is if the identity of an individual is apparent, or may reasonably be identified, from the item of personal information. Bear in mind that it may be possible to match information with other records to re-establish the identity of individuals. Photographs The Privacy Act regards a photograph that clearly identifies an individual as personal information. Unless expressly authorised by the individuals concerned, on-line use or disclosure of any photographs of employees taken in a work-related context for another purpose beyond their reasonable expectation may be a breach of IPP 10 or IPP 11. Detailed guidance on the disclosure of images is accessible through the “Questions and Answers” page of the Defence Privacy website at http://intranet.defence.gov.au/fr/Privacy/privacyq&a.htm PMKeyS All personal information contained within PMKeyS is subject to the IPPs as regards its collection, storage, access, use and disclosure. If you are granted access to this information, it is on a strictly need-to-know basis, and must be relevant to that work-related purpose. By logging on to PMKeyS, you acknowledge the IPPs and agree that you will only access records required for the performance of your duties. Unauthorised or inappropriate use or disclosure of personal information contained within PMKeyS would be a breach of the APS Code of Conduct in the case of Defence APS employees, or the Defence Force Discipline Act 1982 in the case of ADF members. 13 PMKeyS Employee Self Service An expanding range of personal information has become accessible on PMKeyS Employee Self Service (PSS) since the system was rolled out in early 2004. It includes employees' home address and telephone contact numbers, emergency contact details, annual, personal and long service leave balances, leave history for all leave types, equity and diversity data, and updates for educational qualifications. PSS enables supervisors/leave delegates in an employee's direct reporting line to have access to this information, subject to compliance with the IPPs. When a supervisor/leave manager changes, their PSS access to previous subordinate staff is automatically withdrawn. When entering personal information into PSS, do not provide more information than is required. For example, personal leave reason for absence should not include detailed medical information. Privacy Act – how do you cite it? If you need to make formal reference to the privacy legislation that covers APS agencies such as Defence, the correct citation is the short title, the Privacy Act 1988, as it appears in the statute book. Use the jurisdictional indicator for the Commonwealth (Cth) only when you wish to distinguish it from state and territory privacy legislation. Privacy awareness – Defence guidelines Information about the Privacy Act and how it applies in Defence is contained on the Defence Privacy website at http://intranet.defence.gov.au/fr/Privacy/privacyhome.htm. The website also provides links to a variety of publications relating to privacy in Defence. Privacy awareness – OPC guidelines The Office of the Privacy Commissioner's (OPC) Plain English Guidelines to Information Privacy Principles 1-3, 4-7, and 8-11 are accessible from the OPC's web site at http://www.privacy.gov.au/ or via a link on the Defence Privacy website. While these guidelines are not legally binding, they describe the OPC's view of how the law works. In the absence of a body of privacy case law, the guidelines are the primary reference tool an agency will use in assessing whether a specific act or practice is in compliance with the IPP provisions. You can access the OPC web site for other guidelines and detailed information on a wide range of specific privacy issues. Privacy Contact Officer There are three Privacy Contact Officers (PCO) in Defence:  Deputy Director Privacy  Deputy Director Administrative Review  Executive Officer Privacy The PCOs can provide privacy policy advice on a whole-of-Defence basis. They are identified with the OPC as contact officers for Defence for privacy issues and complaint handling. Privacy law jurisdictions No matter where your workplace is located within Defence, in Australia or overseas, it is the provisions of the federal privacy legislation, the Privacy Act 1988, that apply to you as an ADF member or Defence APS employee. Related topic: Overseas Privacy markings The privacy markings STAFF-IN-CONFIDENCE and MEDICAL-IN-CONFIDENCE equate to the national security classification RESTRICTED for correspondence transmission purposes. The Defence Security Manual (http://intranet.defence.gov.au/dsa/DSM/) includes personal information in its listing of the types of non-national security information that requires increased protection (viz under the Privacy Act), while not meeting the definition of national security information. Use an appropriate privacy marking rather than RESTRICTED if you need to indicate to the intended recipient of your correspondence that it contains sensitive personal information. 14 Most e-mail is insecure unless it has been encoded or encrypted. Privacy markings will not prevent an e-mail transmitted in plain text from being read or intercepted by parties other than the intended recipient. The practical effect of a privacy marking is to warn the sender and recipient of an e-mail that its hard copy must be appropriately filed. Related topics: E-mail transmission of health-related information, E-mail transmission of personal information, Fax transmission of personal information and STAFF-IN-CONFIDENCE papers and files. Privacy Statements A Privacy Statement or Privacy Notice is the means by which Defence meets its legal obligation under IPP 2 to inform individuals, whose personal information is being collected:  why the personal information is being collected,  whether there is legal authority for Defence to collect it; and  to whom Defence normally provides the information. A Privacy Notice should be prominent on every paper form or on-line form in which Defence collects personal information about you, and on every Defence intranet and Internet-based web site you access. Detailed guidance on Privacy Notices is accessible through the “Questions and Answers” page of the Defence Privacy website at http://intranet.defence.gov.au/fr/Privacy/privacyq&a.htm. Referee reports If you are asked, as a current or former supervisor, to provide a referee report for an individual, take account of the following privacy issues:  By including you as one of their referees, the individual would be expecting, or giving implied consent to, their prospective employer contacting you to discuss their work performance in relation to the selection criteria for the position.  You should avoid any comment in the referee report that is not related and not relevant to the individual's work performance, such as their political or religious views and their health information. A selection panel may seek comments from people other than those nominated as a referee (for example the individual‟s clients, subordinate, peers or other managers). Although not required under the Privacy Act, it would be courteous of the selection panel to advise the individual if they intend to do this. Relocation to another workplace When packing to move to a different location, it is good practice to check you have left no personal information at your old workstation, even if the information might seem quite mundane. Types of information include work/home timetables, activity schedules, telephone lists, and any other documents from which third parties might derive inappropriate knowledge about your home/work movements. Security and privacy Defence has a well-established culture of security awareness. This has provided a sound basis for a culture that also respects the privacy of personal information handled within Defence. Adherence to sound protective security practices will help Defence comply with IPP 4 in section 14 of the Privacy Act concerning storage and security of personal information. This principle states, in part that: “A record-keeper who has possession or control of a record that contains personal information shall ensure that the record is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss, against unauthorised access, use, modification or disclosure, and against other misuse”. Sensitive or confidential discussions A private interview room, meeting room or office should be used whenever you need to discuss sensitive issues with or about another employee which may entail making references to their personal information. 15 STAFF-IN-CONFIDENCE papers and files The caveat “STAFF-IN-CONFIDENCE” is used for personnel-related material, in particular sensitive personal information concerning the private details and affairs of individuals. It is used to cover personal information provided to agencies under an assurance/expectation of limited exposure. Ensure that STAFF-IN-CONFIDENCE papers or casework papers containing personal information are not left lying around on your workstation or embedded in unclassified policy files. Related topics: Defence Documents and Records Management System, File titles, Privacy markings. Storage of files Unclassified files used in your day-to-day work may be stored in the locked cabinet by your work station. Depending upon the physical security measures in place for your work location, XXX-INCONFIDENCE and classified files should be stored in an appropriately security classified container or compactus. Detailed information on the storage of files is contained in the Defence Security Manual (http://intranet.defence.gov.au/dsa/DSM/). Surveillance This covers a range of privacy-intrusive matters including:  searches of employees' lockers and personal storage space in their workstations;  surveillance of telephone calls; and  email and internet use monitoring. No overarching Commonwealth legislation currently exists on the issue of workplace surveillance. The Privacy Act is almost entirely concerned with the privacy of personal information rather than the protection of personal privacy. Certain state jurisdictions have developed some specific legislation relating to surveillance, for example:   The Workplace Surveillance Act 2005 (NSW) which prohibits camera surveillance by employers of their employees at work - except where the employer has a covert surveillance authority - and restricts the use and disclosure of covert surveillance records. The Surveillance Devices (Workplace Privacy) Act 2007 (Vic) which bans employers from placing workers under surveillance in workplace toilets, washrooms and change rooms. Survey and census questionnaires You may be invited to respond periodically to various census/surveys, including:   the „Your Say Survey', the 'Defence Attitude Survey' and exit surveys; the Defence Census – four have been conducted since 1991 by the Manager Defence Census; and  the employee survey component of the State of Service Report (SOSR), prepared annually by the Public Service Commissioner, with Defence input coordinated by Personnel Policy and Employment Conditions Branch. While it is mandatory to complete the Defence Census, participation in the other abovementioned surveys is voluntary and by random selection. The anonymity of respondents is assured as no individual is asked to identify themselves on questionnaires – these are destroyed following transcription of data. To encourage ADF members, Defence APS employees and their commanders/managers alike to respond with robust and credible data, Defence and the Australian Public Service Commission ensure that all the abovementioned surveys and the Defence Census are conducted with strict compliance to the promise of anonymity. It is prudent privacy practice, both within the Defence workplace and in the wider community, for employees not to respond to invitations to participate in surveys where privacy measures to protect the anonymity of their responses to questionnaires are not clearly stated. Exercise particular care, for example, where a reader survey incidentally invites an individual to provide their contact details to be in a draw to win a prize. 16 Tax File Numbers Section 17 of the Privacy Act provides for separate, legally binding guidelines limiting the uses of Tax File Numbers (TFN) to authorised purposes. They prohibit any person, including private sector employers, government agencies and investment bodies, from using TFNs as a cross matching device. There are heavy penalties under the Tax Administration Act 1953 for illegally disclosing TFNs. When handling TFNs you should have in place appropriate security safeguards and follow privacy practices such as:     if you need to photocopy information containing a TFN, erase it completely from the copy; shred or place in an approved classified waste bag any hard copies of TFNs, after they have been checked and confirmed and if they are not needed for tax purposes; do not accept a TFN over the telephone; a TFN should only be received in writing from the employee; avoid e-mailing an employee's TFN or faxing it unless it is absolutely necessary. Telecommunications The Telecommunications (Interception) Act 1979 (the Act) prohibits Defence from intercepting your telephone conversations with another party without your knowledge or other authorisation under the Act. It also regulates any Defence monitoring and copying of your personal or business-related emails. Refer to DI(G) ADMIN 10-6 – Use of Defence Telephone and Computer Resources – and DIMPI No 5/2001 – Defence Information Environment Provision of Defence E-mail and Internet Services – for Defence policy on logging of internet transactions and use of e-mail and telephone facilities Telephone enquiries – external callers Ensure that you can verify the identity of the caller before disclosing any personal information to a person calling from outside Defence. Unless there is a clearly established legal requirement to do otherwise, the private telephone number or home address of current or past employees in your workplace should not be disclosed over the telephone without their permission. Related topics: Address unknown and E-mail address Telephone numbers A list of telephone numbers is not personal information unless linked to the names and addresses of individual persons. Training materials Personal information should not be used in case studies/scenarios when conducting workshops or training modules. Use fictitious names and take care to ensure that a real person cannot reasonably be identified from the context presented. Unions and employees' personal information Disclosure of lists of union members to other agencies or lists of non-union members to union representatives or authorised employee representatives would be a breach unless one of the IPP 11 exceptions applies. The Privacy Act defines information about an individual's union membership as a sensitive category of personal information. It is good practice to seek an employee's consent [IPP 11.1 (b)] before disclosing their personal information to a union representative or authorised employee representative who may be acting on behalf of the employee. Use of personal information IPPs 8, 9 and 10 govern the use of personal information. IPP 8 obliges Defence to ensure that the personal information it holds is of a high quality before it is used. All reasonable care must be taken by those keeping the records that the personal information held is accurate, up-to-date and complete. IPP 9 limits the use of a record containing personal information to the purpose to which the record is relevant. 17 In accordance with IPP 10, Defence must not use personal information for reasons other than for that it was collected, unless at least one of the following exceptions apply: 10.1(a) the person the information is about consents 10.1(b) use is considered necessary to protect against a serious and imminent threat to a person‟s life or health 10.1(c) use is required or authorised under law 10.1(d) use is reasonably necessary to enforce the criminal law, or a law imposing a pecuniary penalty or for the protection of the public revenue 10.1(e) use is directly related to the purpose it was originally collected If any of these exceptions apply then the personal information can be used for the different purpose. Verbal disclosures about other employees While the Privacy Act gives 'personal information' a very broad definition, it is not usually a breach of the IPPs if an employee passes on, verbally, personal information about a fellow employee, that has been obtained through:  social interaction within the workplace, or  a social network outside of the workplace. Such disclosures will only be covered by the Privacy Act if they are contained in a Defence record. Discretion should be exercised in making verbal disclosures, to avoid breaching the APS Code of Conduct and contravening policy in DI(G)PERS 35-3 relating to workplace harassment and unacceptable behaviour. Related topic: Mobile telephones Waste disposal Dispose of paper-based STAFF-IN-CONFIDENCE material either by shredding or placing it in classified waste bag which is stored in a secure place, such as a compactus. Never place it in your ordinary waste bin. Dispose of STAFF-IN-CONFIDENCE electronic records by overwriting before they are deleted, and also by deleting back-up files. White boards Client/case appointment details should not be written on whiteboards accessible to all staff. Make sure that white boards containing personal information are cleaned at the end of the meeting. Working away from your usual workplace Take particular care with personal information when you are working away from your usual workplace - both while travelling and when using IT and other office equipment at the establishment you are visiting. Check you have removed all disks, CDs, DVDs and other storage devices from IT equipment and that you have possession of all documents containing personal information. Workplace privacy – employee monitoring Within Defence, employee monitoring mainly concerns e-mail, internet and telephone usage. Any monitoring must be consistent with Defence policy contained in DI (G) Admin 10-6 – Use of Defence telephone and computer resources. Guidance on the use and disclosure of employees‟ images is on the “Questions and Answers” page of the Defence Privacy website at http://intranet.defence.gov.au/fr/Privacy/privacyq&a.htm Related topics: E-mail activity – privacy protection, Mobile Telephones, Photographs and Telecommunications