The Privacy Act
From 12 March 2014, the Australian Privacy Principles (APPs) replaced the National Privacy Principles and Information Privacy Principles and will apply to organisations, and Australian Government (and Norfolk Island Government) agencies. The 13 APPs from Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amends the Privacy Act 1988, provide the framework to the amendments of this policy.
The Act details how businesses and organisations must manage personal information of customers. It regulates what personal information can be kept, in addition to how businesses collect, use, secure and disclose that information.
Individuals will have the right to know why an organisation is collecting their personal information, what information it holds about them, how it will use the information, and who else will get the information.
Individuals will also have the right to verify that personal information held by an organisation is accurate and may complain to the ALWS Privacy Officer and/or Information Commissioner if they think their information is not being handled correctly.
The Privacy Act and ALWS
ALWS is an auxiliary of the Lutheran Church of Australia. Under the Privacy Act, an entity that is related to another entity will be able to share and transfer personal information. However, ALWS and the LCA must still comply with the Australian Privacy Principles (APPs) in relation to the shared personal information. This means that ALWS must comply with the Privacy Act, in order that movement of information within the LCA can take place. This is particularly important for movement of details between ALWS and congregations (for example, donor addresses when forwarding receipts, collation of Appeal returns by Treasurers that may include information such as credit card details).
Information held by Australian Lutheran World Service
Personal information that is held by Australian Lutheran World Service includes personal and sensitive information about:
- Donors, who almost exclusively are members of LCA congregations;
- Staff, job applicants, volunteers and contractors; and
- Loan applicants and borrowers.
Personal and sensitive information may be collected by way of forms, email, facsimile, telephone, face to face meetings and interviews.
What is Personal and Sensitive Information?
Personal information is information or an opinion that allows someone to reasonably identify the individual that the information or opinion is about. Within ALWS, personal information is likely to be collected on donors, employees, prospective employees, volunteers, board members and loan applicants. This information could include:
- Date of birth and age;
- Country of birth and nationality;
- Telephone numbers and email addresses;
- Details of next of kin; and/or
- Emergency contact numbers.
The use of personal information refers to the handling of personal information within ALWS and the LCA including ‘the inclusion of information in a publication’.
Sensitive Information is personal information about an individual’s race or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information (that is not health information), biometric information that is used for the purpose of automated biometric verification or biometric identification or biometric templates.
Sensitive information must be treated with additional care. Within ALWS, sensitive information will only be collected for employment-related purposes. It is not the policy of ALWS to seek sensitive information from donors or loan applicants.
To the extent sensitive information is collected, it will be used only for the purpose for which it is provided, unless law allows the disclosure of such information.
Use of Information
ALWS uses personal information it collects for the primary purpose for which it is collected, and for secondary purposes reasonably expected to be related to the primary purpose. The information may also be used for purposes for which consent has been gained.
Generally speaking the primary purposes for the collection of information are usually that:
- ALWS may contact donors and prospective donors, interact with them, and provide relevant information;
- Appropriate people and administrative sections within the Church (Boards, Committees, Pastors, Treasurers) can be contacted;
- ALWS can effectively and efficiently administer its human resources (employment processes and appraisals);
- ALWS can exercise due diligence in the distribution of economic resources (loans and grants); and/or
- ALWS can undertake referee checks when recruiting new staff or screening individuals for suitability for study tours or other activities which require screening. Refer to the ALWS Child Protection Policy.
Information that is collected about volunteers assists ALWS to properly assess the capacity and appropriateness of volunteers and staff and to help it to meet duty of care requirements.
Personal information which is obtained in relation to employees, job applicants, and contractors is used to:
- Satisfy legal requirements;
- Administer contracts; and
- Provide insurance cover.
Disclosure of personal information
Personal information may be disclosed to:
- LCA Officials, Boards and Committees of the LCA (with the permission of the individual – the circumstances for sharing of such information would usually be very limited);
- Pastors and Congregational Treasurers with the permission of the individual;
- Outsourced service providers who manage services provided to donors;
- ALWS professional advisers, including the ALWS auditors;
- Anyone the provider authorises to receive it; and/or
- Government and regulatory authorities and other authorities, as required or authorised by law.
ALWS is not generally likely to disclose personal information to overseas recipients.
The Privacy Officer
The duties of the Privacy Officer, or his/her delegated authority, are to:
- Promote the privacy plan to all relevant parties within ALWS;
- Familiarise ALWS staff and Board with the APPs; and
Update of Personal Information
ALWS endeavours to maintain personal information so that it is kept up-to-date, complete and accurate. A person may update personal information by contacting ALWS which holds the information, during office hours.
The Privacy Officer will endeavour to:
- Identify (and address) any systemic or ongoing compliance problems;
- Increase donor confidence in the ALWS’ privacy procedures;
- Build a good reputation of ALWS; and
- Address complaints quickly and effectively.
Any person who believes their personal information has been inappropriately handled by ALWS may lodge a complaint with the Privacy Officer. This complaint must be in written form and clearly identify the circumstances surrounding the alleged inappropriate handling and any remedy sought. There is no prescribed form for this purpose.
If that person is dissatisfied with the handling of the complaint by the Privacy Officer or if, due to the sensitive nature of the complaint, it is inappropriate to submit the complaint to the Privacy Officer in the first instance, the matter may be referred directly to the Information Commissioner. The Information Commissioner may then investigate the complaint.
The Information Commissioner has discretion to instigate an investigation into any interference with privacy even if no complaint has been lodged by any party involved.
The Information Commissioner is empowered to order that ALWS redress any loss or damages to the aggrieved member. As a legal process, failure to comply with these directions may result in the matter being referred to the Federal Courts.
Although court action may be an end result, the complaints process emphasises a preference to resolution through mediation and conciliation.
Accessing personal information
Persons are entitled to access and examine personal information relating to them that is held by ALWS, subject to the provisions of the Privacy Act. Requests to access personal information must be addressed to the ALWS Privacy Officer.
If, upon examination of the personal information, any person identifies information that is inaccurate, incomplete or out-of-date, that person should request that the information be corrected by contacting:
- ALWS if the inaccuracy pertains to name and contact detail changes; or
- The Privacy Officer if the inaccuracy pertains to the representation of a individual character.
If the inaccuracy is established, ALWS must take reasonable steps to correct and/or update that information.
If the person or ALWS disagrees as to the accuracy of the personal information, the person can request that a statement outlining the perceived discrepancies be associated and kept with the relevant information. ALWS must take reasonable steps to comply with any such request.
Security of Personal Information
ALWS has put in place measures to protect personal information held by ALWS from modification, loss, unauthorised access and misuse or disclosure to unauthorised persons. Personal information is stored in locked filing cabinets and computers requiring password access.
Staff are trained in the correct methods of dealing with personal information to ensure privacy/confidentiality. Knowledge of this policy is a critical element of that training.
If any person requires further information about the way ALWS manages personal information, the Privacy Officer can be contacted.