Docstoc

Printing Company Privacy Policy

Document Sample
Printing Company Privacy Policy Powered By Docstoc
					The current official version of this policy is maintained on the CAE Intranet. Downloading and printing of this policy will produce
an uncontrolled copy which may not be current.




POLICY                       INFORMATION PRIVACY POLICY


Procedure:                   Personal and Health Information Privacy

Policy Group:                CORPORATE – Corporate Issues

Relevant                     Information Privacy Act 2000 (Vic)
Legislation:
                             Health Records Act 2001 (Vic)
                             Freedom of Information Act 1982 (Vic)
                             Public Records Act 1973 (Vic)
                             Surveillance Devices Act 1999 (Vic)
                             Telecommunications (Interception) State Provisions Act 1988
                             Privacy Act 1988 (Commonwealth)

Policy Reference             COR 2.01/ Version 1.00
and version
number:

Commencement                 1 September 2006                     Review Date              1 September 2008
date:

POLICY STATEMENT

Intent:                      To outline how CAE will ensure compliance with the Information Privacy
                             Principles (IPPs) in the Information Privacy Act 2000 (Vic) and the Health
                             Privacy Principles (HPPs) in the Health Records Act 2001.

Scope:                       This policy applies to all personal and health information on students,
                             staff and caregivers provided to CAE as well as information about
                             individuals obtained from other sources.
                             This policy is applicable to CAE Board members and all CAE staff.

Objectives:                  To ensure CAE maintains a balance between the need to collect and use
                             personal information to deliver effective and efficient service with the
                             need to protect the privacy of that information
                             To promote awareness of responsible personal information handling
                             practices within CAE
                             To promote the responsible and transparent handling of personal
                             information within CAE

Definitions and              Personal Information is almost any information, including paper and
Acronyms:                    electronic records, photographs and video recordings that can be linked
                             to an identifiable living person. It also includes information that is
                             considered sensitive.
                             Sensitive Information includes information or opinion relating to a
                             person’s racial or ethnic origin, political opinions, religious beliefs,
                             philosophical beliefs, sexual preferences, membership of groups or
                             criminal record.
                             Health Information is information or opinion that can be linked to an
                             identifiable individual, including deceased individuals, which concerns


                                                                                                                                  1
Version 1.00 Information Privacy Policy, Sept 2006
The current official version of this policy is maintained on the CAE Intranet. Downloading and printing of this policy will produce
an uncontrolled copy which may not be current.



                             that individual’s physical, mental or psychological health, disability or
                             genetic makeup. This includes information or opinion about a person’s
                             health status and medical history, whether recorded or not.
                             This policy will use the term ‘personal information’ to cover personal
                             information, sensitive information and health information.
                             Students includes prospective, current and past students
                             Staff includes anyone who carries out a duty on behalf of CAE, paid or
                             unpaid, or who is contracted to, or directly employed by CAE.
                             Information provided to CAE through job applications is also included in
                             this definition.
                             Caregiver includes a parent, a step parent, an adoptive parent, a foster
                             parent, a guardian, and a person who has custody or daily care and
                             control of the young person.
                             Unique Identifier means an identifier (usually a number) assigned by
                             CAE to an individual uniquely to identify that individual for the purposes
                             of the operations of CAE eg; student number or employee number. It
                             does not include an identifier that consists only of the individual’s name
                             or Australian Business Number (ABN).
                             Consent must be voluntary, informed, specific and current to be valid
                             where required for the collection, use or disclosure of personal
                             information. An individual must also have the capacity to consent.
                             Clickstream Data refers to visitor logs and statistics that provide useful
                             information about users’ online experience without identifying individuals
                             eg; visitor’s computer address, times and dates of site visits, pages
                             accessed, files downloaded and browsers and operating systems used
                             by visitors.
                             A Cookie is a block of data that is shared between a web server and a
                             user’s browser that give the server information about a computer’s
                             identity. Cookies can also capture website visiting patterns and
                             preferences.
                             Internet Protocol Address is an address assigned to either a single
                             computer or a private network on the internet to uniquely identify them
                             within the global network. In many cases it is possible to infer country
                             and Internet Service Provider (and sometimes company) from the IP
                             address.


Policy Principles:           Principle 1 Collection of Personal Information
                             CAE will collect only what personal information is necessary to
                                             •    provide its services and carry out its statutory functions,
                                             •    fulfil its duty of care to staff and students,
                                             •    plan, resource, monitor and evaluate its services and
                                                  functions,
                                             •    comply with state and federal government reporting
                                                  requirements,
                                             •    comply with its statutory and or other legal obligations in
                                                  respect of CAE staff,
                                             •    investigate incidents or defend any legal claims against


                                                                                                                                  2
Version 1.00 Information Privacy Policy, Sept 2006
The current official version of this policy is maintained on the CAE Intranet. Downloading and printing of this policy will produce
an uncontrolled copy which may not be current.



                                                     the organisation, its services or its staff; and
                                             •       comply with laws that impose specific obligations
                                                     regarding the handling of personal information.


                             Personal information held by CAE may include:
                                              •      name,
                                              •      date of birth,
                                              •      current and past addresses,
                                              •      telephone/mobile phone number,
                                              •      e-mail address,
                                              •      bank account (staff) or credit card details (students),
                                              •      occupation,      education      and/or     employment         history,
                                                     history,
                                              •      method of payment,
                                              •      concessional status; and
                                              •      clickstream data, IP addresses and, in some cases,
                                                     preferences for using CAE’s websites
                             When collecting personal or health information, CAE will take reasonable
                             steps to advise individuals what information is being sought, for what
                             purpose, whether any law requires the collection of the information and
                             the main consequences, if any of not providing the information.
                             CAE may undertake telephone call monitoring for the purposes of
                             improving the quality of service to individuals and the training of staff or
                             where there is a specific operational, security or technical reason to do
                             so. Individuals will be informed of the reason for call monitoring before
                             such monitoring occurs and will be given the opportunity to request not to
                             have their call monitored.


                             Principle 2 Use and Disclosure of Personal Information
                             CAE will use and disclose personal information when:
                                             •       it is required for general administration duties and
                                                     statutory functions,
                                             •       it relates to the purposes for which it was collected, and
                                             •       for a purpose that is directly related to the reason the
                                                     information was collected and the use would be
                                                     reasonably expected by the individual and there is no
                                                     reason to believe they would object to the disclosure.


                             The purposes for which CAE uses the personal information of students
                             include:
                                                 •    keeping students, and where appropriate guardians,
                                                      informed about matters related to their learning,
                                                 •    looking after students’ educational, social and health
                                                      needs



                                                                                                                                  3
Version 1.00 Information Privacy Policy, Sept 2006
The current official version of this policy is maintained on the CAE Intranet. Downloading and printing of this policy will produce
an uncontrolled copy which may not be current.



                                                 •    celebrating the efforts and achievements of students,
                                                 •    day-to-day administration,
                                                 •    satisfying its statutory or other legal obligations, and
                                                 •    to discharge its duty of care.


                             The purposes for which CAE uses personal information of job applicants,
                             staff members and contractors include:
                                             •       assessing the suitability for employment,
                                             •       administering the individual’s employment or contract,
                                             •       for insurance purposes, such as public liability or Work
                                                     Cover,
                                             •       satisfying its statutory or other legal requirements, and
                                             •       investigating incidents or defending legal claims about
                                                     CAE, its services or staff.


                             CAE can also disclose personal information for another purpose when:
                                             •       the person consents, or
                                             •       it is necessary to lessen or prevent a serious or imminent
                                                     threat to life, health or safety, or
                                             •       is required by law or other regulation or for law
                                                     enforcement purposes
                             Where consent for the use and disclosure of personal information is
                             required, CAE will seek consent from the individual concerned. In the
                             case of a student’s personal information, CAE will seek consent from the
                             student and/or their guardian depending on the circumstances and the
                             student’s maturity and capacity to understand the consequences of the
                             proposed use and disclosure.


                             Principle 3 Data Quality
                             CAE will take reasonable steps to ensure that the personal information it
                             collects, uses or discloses is accurate, complete and up to date.
                             Individuals seeking to update their personal information should contact
                             the Manager Customer Services in the case of students or the Manager
                             Human Resources in the case of staff.


                             Principle 4 Data Security
                             CAE will take reasonable steps to protect the personal information it
                             holds from misuse, from loss, and from unauthorised access,
                             modification or disclosure.
                             Information or data will be restricted to those who need to know and
                             distribution of information will be kept to a minimum.
                             Personal information will be destroyed or permanently de-identified when
                             it is no longer needed for any purpose unless required to be archived in
                             accordance with the Public Records Act 1973.



                                                                                                                                  4
Version 1.00 Information Privacy Policy, Sept 2006
The current official version of this policy is maintained on the CAE Intranet. Downloading and printing of this policy will produce
an uncontrolled copy which may not be current.




                             Principle 5 Openness
                             CAE will, on request by an individual, take reasonable steps to let
                             individuals know what sort of personal information it holds, for what
                             purposes, and how it collects, uses and discloses that information.
                             CAE will clearly document and regularly review its policies and
                             procedures on the management of personal information
                             CAE will take all reasonable steps to promote a greater awareness and
                             understanding of the way in which it manages personal information.
                             CAE will provide a copy of this policy to anyone on request.


                             Principle 6 Access and Correction
                             CAE will support the right of individuals to seek access to their personal
                             information, provided by them to CAE and the right to seek corrections to
                             it wherever possible.
                             Access or amendments to information may require an application and
                             consideration under the Freedom of Information Act 1982 (Vic)
                             CAE will provide reasons for denial of access or a refusal to correct
                             personal information.
                             CAE reserves the right to charge a fee for searching for, and providing
                             access to, an individual’s personal information. CAE will ensure that any
                             fee charged will not be excessive and will not apply to lodging a request
                             for access.


                             Principle 7 Unique Identifiers
                             CAE will only assign a number to identify an individual if the assignment
                             is reasonably necessary to carry out its functions efficiently.
                             CAE does use unique identifiers in its Student Administration and Staff
                             Payroll Systems.
                             CAE may also be required to collect other unique identifiers such as
                             Centrelink numbers, Tax File Numbers or Health Card Numbers. The
                             purposes for collecting these numbers will be explained to individuals and
                             these identifiers will not be used for any purpose other than for which
                             they were collected.


                             Principle 8 Anonymity
                             CAE will respect an individual’s right to anonymity except in
                             circumstances where it is necessary to provide their identity.
                             If an individual chooses not to provide certain personal information, CAE
                             may not be able to provide that individual with the services they require,
                             or the same high standard of service.
                             The CAE external website is hosted by a third party company. The
                             server records anonymous information from each visitor to its site such
                             as the time, date, type of web browser, page/s viewed and Internet
                             Protocol addresses
                             The CAE external website does not use cookies. However, the secure
                             website for CAE Book Groups may use cookies. These cookies are only


                                                                                                                                  5
Version 1.00 Information Privacy Policy, Sept 2006
The current official version of this policy is maintained on the CAE Intranet. Downloading and printing of this policy will produce
an uncontrolled copy which may not be current.



                             used to remember a user during a session and not between sessions.
                             The CAE Intranet also uses cookies for similar purposes.


                             Principle 9 Transborder Data Flows
                             CAE will only transfer personal information about an individual to a
                             person or body outside of Victoria or Australia if:
                                             •    it reasonably believes that person or body is legally
                                                  obliged to protect the individual’s privacy under
                                                  equivalent or higher privacy legislation as itself, or
                                             •    the individual consents to the transfer, or
                                             •    the transfer is necessary to meet CAE’s statutory
                                                  functions or reporting requirements, or
                                             •    CAE has taken reasonable steps to ensure that the
                                                  information to be transferred will not be held, used or
                                                  disclosed by the recipient of the information
                                                  inconsistently with CAE’s Privacy Policy Principles.


                             Principle 10 Sensitive Information
                             CAE will only collect sensitive information about an individual
                                             •    with the consent of the person, or
                                             •    if required by law or other regulation; or
                                             •    if necessary to prevent or lessen a serious or imminent
                                                  threat to the life or health of any individual, where the
                                                  individual about whom the information concerns:
                                                  i) is physically or legally incapable of giving consent; or
                                                  ii) physically cannot communicate consent to the
                                                  collection; or
                                             •    the collection is necessary for the establishment,
                                                  exercise or defence of a legal claim.


                             Complaints
                             If a CAE student or staff member has any concerns with CAE’s handling
                             of personal information or health information about themselves they
                             should contact CAE’s General Manager Support Services on 9652 0611
                             or email privacy@cae.edu.au. Every complaint will be investigated as
                             soon as possible and the complainant will be provided with a written
                             response.
                             Alternatively, any person may make a complaint to the Privacy
                             Commissioner or Health Services Commissioner (although either
                             Commissioner may decline to hear the complaint if it has not first been
                             made to CAE.)




                                                                                                                                  6
Version 1.00 Information Privacy Policy, Sept 2006
The current official version of this policy is maintained on the CAE Intranet. Downloading and printing of this policy will produce
an uncontrolled copy which may not be current.



Supporting/related           CAE Information Technology Use Policy
policy:
                             CAE Staff Code of Conduct
                             CAE Certified Agreement ( No.1) 2006


Key word search :            Privacy, information privacy, health records privacy

Supporting /                 CAE Information Technology Tape Backup and Storage
related
procedures/                  CAE Student Records Management and Administration
guidelines:                  CAE Confidentiality of Student Records

ACCOUNTABILITIES

Implementation:              All CAE staff

Compliance:                  All CAE Managers

Monitoring and               General Manager Support Services
Evaluation:

Development /                Policy Review Committee
Review:

Approval                     Director
authority:

Interpretation and           General Manager Support Services
advice:

WHO SHOULD KNOW THIS POLICY?

      •   All CAE staff
      •   Current and prospective students
      •   Visitors to CAE websites

EFFECTIVENESS OF THIS POLICY

Performance                       •     Demonstrated compliance with the Information Privacy Principles
indicators:                             (IPPs) and the Health Privacy Principles (HPPs)
                                  •     Staff and Student Feedback
                                  •     Effective issue resolution

REVISION HISTORY

Revision            Approved /           Date                 Committee /          Resolution          Document
Ref No.             Rescinded                                 Board                Number              Reference
                                                              Policy               Resolution 1        PRC minutes
1.0                 Approved             July 2006            Review                                   7/2006
                                                              Committee




                                                                                                                                  7
Version 1.00 Information Privacy Policy, Sept 2006

				
DOCUMENT INFO
Description: Printing Company Privacy Policy document sample