- What do the National Privacy Principles do?
- What is personal information?
- What is sensitive information?
- What are the National Privacy Principles?
- Collection of information
- Use and disclosure of information
- Quality of information
- Security of information
- Openness of information
- Accessibility of information
- Transborder data flow
- Sensitive information
- Grievance procedure relating to the Privacy Act
IBIS supports the importance the community places on the maintenance of confidentiality of individuals’ personal and/or sensitive information. This extends to the collection and management of information held in its records regarding individuals.
IBIS is an Australian University-funded, not-for-profit website whose core business is to operate as an open-source, strategic intelligence gathering and analysis tool for use in the field of plant and animal biosecurity. In order to pursue this activity, IBIS assures the community of its commitment to privacy of personal information.
The Privacy Act 1988, sets out guidelines which regulate how organisations should treat personal and/or sensitive information they collect, use, handle or store.
What do the National Privacy Principles do?
The NPPs set minimum standards for:
- collection, use and disclosure of personal information which could identify a person;
- quality, security and storage of that information;
- giving an individual access to their information;
- transferring information offshore;
- special categories of information such as ‘sensitive’ information and ‘health’ information.
What is personal information?
- Information or an opinion about an individual whose identity is apparent or can be ascertained from that information or opinion.
- This includes names, addresses, telephone numbers, age and e-mail address.
What is sensitive information?
This includes information about:
- racial or ethnic origin;
- political opinion or association;
- trade union or professional association membership;
- religious beliefs or philosophical beliefs;
- sexual preferences;
- criminal record;
- health information.
What are the National Privacy Principles?
The National Privacy Principles establish 10 principles to which an organisation must comply in regard to personal and sensitive information.
- NPP1 Collecting information
- NPP2 Using and disclosing information
- NPP3 Data quality
- NPP4 Data security
- NPP5 Openness
- NPP6 Access and correction
- NPP7 Identifiers
- NPP8 Anonymity
- NPP9 Transborder data flow
- NPP10 Sensitive information
Collection of information
- Personal and sensitive information is only collected as is reasonably necessary to enable IBIS to maintain its activities and deliver services to the registered IBIS user community and non-registered site visitors.
- Personal information about an individual should only be collected from that individual with their consent.
- Collection will be undertaken by a method which is fair, lawful and not unreasonably intrusive.
- Individuals from whom personal information is collected are to be made aware of:
- IBIS’s contact details;
- the primary purpose for which the information is collected;
- any possible secondary purpose for which the information may be used;
- the names of the organisations or types of organisations to which we disclose information of any nature (if any);
- the ability of individuals to access the information held on themselves.
Use and disclosure of information
- Information will only be used or disclosed for the primary purpose for which it was collected. In some instances, information provided by individuals may be used to keep them better informed about IBIS’s activities and services, such as by way of an electronic newsletter, a daily news digest, or an alert via email. Individuals have the right to opt out of receiving such additional mailings.
- Personal information about an individual will not be used or disclosed for a secondary purpose unless:
- the purpose is closely related to the primary purpose and the individual would reasonably expect the information to be used in that way; or
- the individual has consented (recognising the competence to consent); or
- IBIS has a legal obligation to disclose personal information which overrides the provisions of the primary legislation.
- IBIS will not sell or exchange or release personal information about an individual for commercial gain.
Quality of information
Reasonable steps will be taken to ensure information collected and used is complete, accurate and up-to-date.
Security of information
- Reasonable steps will be taken to protect personal information from misuse, loss, unauthorised use, modification or disclosure.
- Personal information will be destroyed or permanently de-identified when it is no longer needed for the purpose for which it was collected.
- IBIS’s website uses secure technology for on-line transactions to protect personal details.
- IBIS’s website contains links to other websites. IBIS does not accept responsibility for the privacy practices or the content of linked websites.
Openness of information
- Reasonable steps will be taken to allow any person, on request, to ascertain generally what sort of personal information is held, for what purpose, how it was collected, stored and used.
Accessibility of information
Information held on an individual is accessible to them via the IBIS website at all times (a registered IBIS membership log in username and password is required) and is available free of charge. Reasonable steps will be taken to ensure the information provided is accurate and up-to-date. Information held on an individual can be updated at any time by that individual.
Identifiers used will be unique to IBIS.
Individuals have the option of not identifying themselves when dealing with IBIS, such as when commenting on collected articles appearing on the IBIS website, submitting articles to IBIS, using the “contact us” form, or contributing to research and/or analysis activities.
Transborder data flow
IBIS will not sell, exchange or release personal information except when we transfer this information to our member bodies as noted elsewhere in this policy.
IBIS does not collect sensitive information about individuals unless:
- we have the consent of the individual; or
- the information is collected in the course of IBIS’s activities where the individual is in regular contact in relation to those activities and the individual understands that the information will not be disclosed without consent; or
- the information is necessary for analysis and research relevant to plant and animal biosecurity, or compilation or analysis of related research statistics.
- Personal and/or sensitive information will be collected and maintained on confidential databases maintained by IBIS in support of its activities and service provision.
- Staff and volunteers who may have access to personal and/or sensitive information in the course of their duties will respect its confidentiality and not disclose the information to any non-IBIS third party.
- Breaches of confidentiality by staff and volunteers will be dealt with in accordance with the conditions of appointment to the staff and volunteers of IBIS.
Grievance procedure relating to the Privacy Act
- Complaint registered by an individual. This must be in writing.
- Complaint given to Research Project Manager for assessment and investigation in consultation with the CEBRA Director.
- Written response sent to individual with seven (7) days of complaint being received.
- If our response is found to be unacceptable to the individual, we may suggest conciliation or arbitration on the matter.
- If the individual makes a formal complaint to the Privacy Commissioner, the CEBRA Director is to be the respondent on behalf of IBIS.
This page was last updated on: 18 November, 2013