Privacy & Breaches Policy
This Policy has been developed to address how MS Australia (MS Australia ) complies with the:
- Federal Privacy Act 1988 (Aust)
- Privacy Amendment (Private Sector) Act 2000 (Aust)
- Information Privacy Act 2000 (Vic)
- Health Records Act 2001(Vic)
- Privacy and Personal Information Protection Act 1998 (NSW)
- Health Records and Information Privacy Act 2002 (NSW)
This legislation regulates the way private sector organisations can collect, use, keep secure and disclose personal information. These Acts give consumers the right to know why a private sector organisation is collecting their personal information, what information is collected, how it will be used and who has access to that information. MS Australia has adopted the twelve Information Privacy Principles (incorporating the National Privacy Principals) developed by the Department of Human Services in Victoria to govern how organisations should handle personal information. MS Australia subscribes to these Principles and is bound by the various Acts.
MS Australia is strongly committed to protecting the privacy of its members, their carers and families, volunteers, donors and all members of the public who deal with MS Australia. MS Australia will take reasonable steps to collect relevant information from individuals in a lawful and fair manner.
Collecting Information (Principals 1 - 4)
Principle 1 - Purpose of Collection of Personal Information
Limits the information which can be collected by MS Australia to that which is relevant to a function or activity of the MS Australia . The onus is placed on the collector to justify why certain information is being collected.
Principle 2 - Source of Personal Information
Ensures an individual maintains control over their personal details by stating the information should only be collected from the individual concerned (except in certain circumstances).
Principle 3 - Providing Notification when Personal Information is Collected
Ensures that individuals are aware of how their information will be used, who will have access and their own right of access. This assists in achieving an appropriate level of openness about how an individual's information is handled.
Principle 4 - Manner of Collection of Personal Information
Prevents undue pressure or coercion being placed on the individual when information is being collected, and ensures that staff are sensitive to the particular circumstances when information is collected.
Storage and Security Issues (Principal 5)
Principle 5 - Storage, Security and Transmission of Personal Information
Prevents other individuals and organisations from obtaining unauthorised access to personal information. Without adequate security safeguards, there is the risk that personal information could be misused or inappropriately disclosed.
Openness, Access and Correction Issues (Principles 6 - 8)
Principle 6 - Maintaining a Policy of Openness
Makes explicit the requirement for personal information to be handled in an open and accountable manner.
Principle 7 - Right of Access to Personal Information
Ensures the individual is able to access the information MS Australia holds through following due process. A small fee may be charged for this.
Principle 8 - Correction and Accuracy of Personal Information
Permits individuals to seek correction of information held about them where they believe it is incorrect. There is an onus on the MS Australia to keep any information they hold up-to-date, accurate, complete and is not misleading. This ensures that all decisions are based on information which is both current and correct.
Use and Disclosure of Personal Information (Principle 10)
Principle 10 - Limits on Use and Disclosure of Personal Information
Places limits on the extent to which information can be used within MS Australia and also the circumstances in which information can be released to other organisations.
Unique Identifiers (Principal 11)
Principle 11 - Unique Identifiers
Provides guidance on assigning and using unique identifiers which ensure they are used appropriately when referring to an individual.
Compliance Audits (Principal 12)
Principle 12 - Compliance Audits
Assesses the extent to which the Department and the funded sector are complying with the Information Privacy Principles.
In addition and with respect to Sensitive Information, an individual's consent will be sought, as required at law, prior to collection this information. This also applies in other special specified circumstances relating to provision of health services and an individuals or public health safety situation.
Complaints Policy for Breaches of the Various Privacy Acts
If an individual believes MS Australia has interfered with their privacy they can complain to the Privacy Commissioner. Advice about making a complaint can be obtained from the Privacy Hotline 1300 363 992. For individuals who are hearing or speech impaired contact can be made via TTY 1800 620 241.
When the Privacy Commissioner receives a complaint the individual will in most cases be referred back to MS Australia for a chance to resolve the complaint directly. The complaint will be referred to the Chief Executive Officer.
If the complaint cannot be resolved the Office of the Federal Privacy Commissioner conciliates the complaint using various methods of communications. Generally the complaint will be resolved through this process but as a last resort the Privacy Commissioner can make a formal determination. This determination is enforceable at law.
For further information in relation to this policy document do not hesitate to contact:
The Nerve Centre
54 Railway Road
Blackburn, VIC 3130
Phone: 1300 010 158