- What do the National Privacy Princples do?
- What is personal information?
- What is sensitive information?
- What are the National Privacy Principles?
- Collection of information
- Use and disclosure of information
- Quality of information
- Security of information
- Openness of information
- Accessibility of information
- Transborder data flow
- Sensitive information
- Grievance procedure relating to the Privacy Act
Cancer Council Australia supports the importance the community places on the maintenance of confidentiality of individuals' personal and/or sensitive information. This extends to the collection and management of information held in its records regarding individuals.
Cancer Council Australia is a non-government, not-for-profit organisation whose core business is cancer control. Cancer Council Australia also takes a lead role in national fundraising on behalf of its members, which are the eight state and territory Cancer Councils. In order to pursue these areas of activity, Cancer Council Australia assures the community of its commitment to privacy of personal information.
The Privacy Amendment (Private Sector) Act 2000, effective December 21 2001, sets out guidelines which regulate how private sector organisations should treat personal and/or sensitive information they collect, use, handle or store.
The NPPs set minimum standards for:
- collection, use and disclosure of personal information which could identify a person;
- quality, security and storage of that information;
- giving an individual access to their information;
- transferring information offshore;
- special categories of information such as 'sensitive' information and 'health' information.
- Information or an opinion about an individual whose identity is apparent or can be ascertained from that information or opinion.
- This includes names, addresses, telephone numbers, age and e-mail address.
This includes information about:
- racial or ethnic origin;
- political opinion or association;
- trade union or professional association membership;
- religious beliefs or philosophical beliefs;
- sexual preferences;
- criminal record;
- health information.
The National Privacy Principles establish 10 principles to which an organisation must comply in regard to personal and sensitive information.
- NPP1 Collecting information
- NPP2 Using and disclosing information
- NPP3 Data quality
- NPP4 Data security
- NPP5 Openness
- NPP6 Access and correction
- NPP7 Identifiers
- NPP8 Anonymity
- NPP9 Transborder data flow
- NPP10 Sensitive information
- Personal and sensitive information is only collected as is reasonably necessary to enable Cancer Council Australia to maintain its activities and deliver services to the community.
- Personal information about an individual should only be collected from that individual with their consent.
- Collection will be undertaken by a method which is fair, lawful and not unreasonably intrusive.
- Individuals from whom personal information is collected are to be made aware of:
- Cancer Council Australia's contact details;
- the primary purpose for which the information is collected;
- any possible secondary purpose for which the information may be used;
- the names of the organisations or types of organisations to which we disclose information of any nature (if any);
- the ability of individuals to access the information held on themselves.
- Information will only be used or disclosed for the primary purpose for which it was collected. In some instances, information provided by individuals may be used to keep them better informed about Cancer Council Australia activities and services, such as by way of a newsletter. Individuals have the right to opt out of receiving such additional mailings.
- Personal information about an individual will not be used or disclosed for a secondary purpose unless:
- the purpose is closely related to the primary purpose and the individual would reasonably expect the information to be used in that way; or
- the information is health information and its use is necessary for records or statistical analysis relevant to public health; or
- the individual has consented (recognising the competence to consent); or
- Cancer Council Australia has a legal obligation to disclose personal information which overrides the provisions of the primary legislation.
- Cancer Council Australia will not sell or exchange or release personal information about an individual for commercial gain.
Reasonable steps will be taken to ensure information collected and used is complete, accurate and up-to-date.
- Reasonable steps will be taken to protect personal information from misuse, loss, unauthorised use, modification or disclosure.
- Personal information will be destroyed or permanently de-identified when it is no longer needed for the purpose for which it was collected.
- Cancer Council Australia website uses secure technology for on-line transactions to protect personal details including credit card information.
- Cancer Council Australia website contains links to other websites. Cancer Council Australia does not accept responsibility for the privacy practices or the content of linked websites.
- Reasonable steps will be taken to allow any person, on request, to ascertain generally what sort of personal information is held, for what purpose, how it was collected, stored and used.
Information held on an individual is accessible to them on request (except where frivolous and vexatious) and will generally be available free of charge. Reasonable steps will be taken to ensure the information provided is accurate and up-to-date.
Identifiers used will be unique to Cancer Council Australia.
Individuals have the option of not identifying themselves when dealing with Cancer Council Australia.
Cancer Council Australia will not sell, exchange or release personal information except when we transfer this information to our member bodies as noted elsewhere in this policy.
Cancer Council Australia does not collect sensitive information about individuals unless:
- we have the consent of the individual; or
- the information is collected in the course of Cancer Council Australia activities where the individual is in regular contact in relation to those activities and the individual understands that the information will not be disclosed without consent; or
- the information is necessary for research relevant to public health, compilation or analysis of public health statistics, or the management or monitoring of a health service and that purpose cannot be served by collection of non-identified information and it is impracticable to seek the individual's consent.
- Personal and/or sensitive information will be collected and maintained on confidential databases maintained by Cancer Council Australia in support of its activities and service provision.
- Staff and volunteers who may have access to personal and/or sensitive information in the course of their duties will respect its confidentiality and not disclose the information to any non Cancer Council third party.
- Breaches of confidentiality by staff will be dealt with in accordance with the conditions of appointment to the staff of Cancer Council Australia.
- Complaint registered by an individual. This must be in writing.
- Complaint given to Privacy Officer for assessment and investigation in consultation with the Chief Executive Officer.
- Written response sent to individual with seven (7) days of complaint being received.
- If our response is found to be unacceptable to the individual, we may suggest conciliation or arbitration on the matter.
- If the individual makes a formal complaint to the Privacy Commissioner, the Chief Executive Officer is to be the respondent on behalf of Cancer Council Australia.
This page was last updated on: Wednesday, August 15, 2012