Definitions
The term "privacy policy" is a specific term used in the Privacy Act. All organisations that are subject to the Act must "have a clearly expressed and up-to-date policy(the APP privacy policy)" that addresses all the elements within the APP1.3. This document, the “Privacy Policy”, has been created to disseminate information within Red Dust about compliance with the Privacy Act.
Who does this apply to?
All Red Dust personnel, and in particular those involved in the collection, use, disclosure, and storage of personal (including sensitive) information. Note: This policy does not address specific privacy obligations associated with State or Territory Legislation or contracted funding obligations. Such specific obligations are additional to this policy.
Legislation 1988 Commonwealth Act
In 1988 the Commonwealth Government enacted the Privacy Act 1988 (Privacy Act) which established eleven “Information Privacy Principles” that Commonwealth Government departments and agencies were obliged to follow in handling personal information.
In December 2000, the Privacy Amendment (Private Sector) Act 2000 (Cth) was passed with the effect that all organisations (including a company, trust, unincorporated association, individual, or partnership) would be required to comply with ten “National Privacy Principles”.
2012 Amendment and Australian Privacy Principles
The Privacy Act was substantially amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which came into effect in April 2014 and introduced 13 Australian Privacy Principles (APPs).
These Principles apply to the handling of personal information by most Australian and Norfolk Island Government agencies and qualifying private sector organisations.
2017 Notifiable Data Breaches Scheme
In February 2017, the Privacy Amendment (Notifiable Data Breaches) Act 2017 was passed with effect from 22 February 2018. This scheme required regulated entities to notify individuals and the Australian Information Commissioner about data breaches that are likely to result in serious harm to any of the individuals to whom the information which was the subject of the breach, relates.
The Australian Privacy Principles (APPs)
The Australian Privacy Principles (APPs) are the cornerstone of the privacy protection framework in the Privacy Act. Red Dust strives to adhere to these principles.
There are 13 APPs that govern standards, rights, and obligations of agencies around:
• The collection, use, and disclosure of personal information
• The integrity and correction of personal information
• The rights of individuals to access their personal information
• Personal information is defined in the Privacy Act to mean:
‘Any information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.’
While Red Dust must apply all 13 APPs, the following most commonly affect the core work of Red Dust.
APP 1 — Open and transparent management of personal information Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up-to-date privacy policy.
APP 3 — Collection of solicited personal information Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of sensitive information. Red Dust may only collect personal information if it is reasonably necessary for, or directly related to, one of Red Dust’s functions. Sensitive information may only be collected with the individuals’ consent or if the collection is authorised by or under an Australian law or a court/tribunal order. Similarly, personal information must be collected only from the individual unless the individual consents to the collection by other means.
APP 6 —Use or disclosure of personal information outlines the circumstances in which an APP entity may use or disclose personal information that it holds. For Red Dust to use (analyse) or disclose (share or release) personal information that we hold, either the individual must have consented to us doing so or the use or disclosure is authorised by or under an Australian law or a court/tribunal order.
APP 11 — Security of personal information An APP entity must take reasonable steps to protect the personal information it holds from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. An entity has obligations to destroy or de-identify personal information it no longer needs.
Policy
Red Dust manages and delivers its compliance with the Privacy Act through two specific documents:
• This document
• Privacy Policy APP Australia - the public document published on the web which is required under the legislation
Red Dust may collect a broad range of personal information which includes but is not limited to:
• Red Dust personnel
• Clients
• Family and family support
• Child/children
• Financial, health or other case notes and records
• Historical records
• Donations
• Events and camps
• Rolls, registers, records, and corps directories
• Newsletters
All personal information, whether hardcopy or electronic, must be collected, used, disclosed, and stored in accordance with the APPs. Personal information that fits the definition of sensitive information generally requires a higher level of privacy protection than other personal information. The APPs are the minimum standards for the collection, use, disclosure, and storage of personal information by organisations including Red Dust. They also give an individual the right to know what information an organisation holds about them and the right to correct information that is held. This policy does not address specific requirements associated with State or Territory Legislation or contracted funding obligations. All Red Dust personnel must ensure they understand and comply with any additional contractual obligation and/or State or Territory legislative requirement. From time to time Red Dust will review, and may amend, its Privacy Policy APP Australia and it reserves the right to make such changes. These changes will be reflected in this policy and in any related document as soon as practical. We may notify those changes by attaching the updated APP Privacy Policy to this document and/or by circulating the updated version.
Complaints and feedback