|
Where am I now? Lawlink > Anti-Discrimination Board > About Us > Privacy Management Plan
|
Print page
|
Privacy Management Plan
The Board's Privacy Management Plan is available as a word document
 Privacy Management Plan (57.856 KB)
1. Introduction
2. Role of Anti-Discrimination Board of NSW
3. Existing Policies relating to personal information
4. Strategies for Compliance with the PPIP Act
5. Procedures for requests for Internal Reviews under the PPIP Act
6. Dissemination of policies and procedures regarding compliance
Appendix A
(Section 33 Privacy and Personal Information Protection Act, 1998)
1. Introduction
1.1. This Privacy Management Plan sets out how the Anti-Discrimination Board of NSW complies with the principles and requirements of the Privacy and Personal Information Protection Act 1998 (PPIP Act).
1.2. This plan adopts the Privacy Management Plan of the NSW Attorney General’s Department (the Department) and should be read in conjunction with the Department’s plan. Where the Department’s plan is inconsistent with this plan, this plan has precedence. More information about the Department’s Privacy Management Plan available on the Attorney-General’s Department Website Privacy Management Plan
1.3 In addition, this plan addresses particular matters that affect personal information held by the Anti-Discrimination Board of NSW. This plan gives officers of the Anti-Discrimination Board of NSW guidance on compliance with the requirements of the PPIP Act with respect to these matters, and sets out policies and procedures that have been or will be adopted by the Anti-Discrimination Board of NSW to minimise or eliminate the risk of non-compliance.
1.4 This plan will be reviewed in January 2005. The review will include consideration of any amendments made since the date of this plan to the Department’s existing Privacy Management Plan.
2. Role of Anti-Discrimination Board of NSW
The ADB exists to administer the NSW Anti-Discrimination Act. It has three main statutory functions:
- helps resolve formal complaints of discrimination,
- prevents both systemic and one-off incidents of discrimination by educating the people of NSW about their rights and responsibilities under anti-discrimination law,
- advises the government of NSW about any changes necessary to law and policy in order to help eliminate discrimination.
Anti-Discrimination Board of NSW collects, holds, uses and discloses personal information for the purpose of carrying out its functions. For instance Anti-Discrimination Board of NSW may handle personal information for the purpose of providing assistance to individuals and public sector agencies about discrimination related matters, investigating complaints about the alleged breaches of the Anti-Discrimination Act, and conducting research about discrimination related matters.3. Existing Policies relating to personal information
3.1 In addition to the PPIP Act, a range of other legislation and policies apply generally to the way in which Anti-Discrimination Board of NSW handles personal information (see Appendix A).
3.2 The PPIP Act itself contains specific powers and obligations concerning personal information handled by the President and staff of the Anti-Discrimination Board of NSW:
- The President can request, in connection with the exercise of his or her functions, any person or public sector agency to provide information to the President ;
- The President and staff of Anti-Discrimination Board of NSW are prohibited from disclosing personal information unless the disclosure is made with the consent of the person the subject of the information or for the purpose of discharging functions of the President.
3.3 The Anti-Discrimination Board of NSW has signed an Information Sharing Arrangement and Complaint Referral Arrangement with the NSW Ombudsman, Privacy NSW, Health Care Complaints Commission and Legal Services Commission. These Arrangements allow the sharing of personal information between Anti-Discrimination Board of NSW and these agencies in certain circumstances. For example, if Anti-Discrimination Board of NSW receives a complaint that is more appropriately dealt with by another agency, it may refer that complaint to the agency with the express consent of the complainant.
Information Sharing and Complaint Referral Arrangements
3.4 The Anti-Discrimination Board of NSW is a business unit of the Attorney-General’s Department which means that under certain circumstances the Anti-Discrimination Board has to provide officers of the Attorney-General’s Department who have appropriate authority, access to information held by the Anti-Discrimination Board of NSW.
4. Strategies for Compliance with the PPIP Act
4.1 Classes of personal information held by Anti-Discrimination Board of NSW
The main classes of personal information held are:
- Records of advice, including written, e-mail and telephone advice;
- Records of complaints, including written correspondence and file notes of telephone conversations;
- Records of investigations;
- Administrative records containing personal information about staff or contractors, including personnel records.
4.2 Compliance with the Information Protection Principles
4.2.1 All personal information held by Anti-Discrimination Board of NSW is subject to the Information Protection Principles (IPPs) under the PPIP Act. Anti-Discrimination Board of NSW adopts the general strategies identified in the Department’s Privacy Management Plan in relation to the collection, storage, use and disclosure of personal information.
4.2.2 In addition, Anti-Discrimination Board of NSW has identified the retention and security of personal information (IPP 5) as requiring specific policies and procedures to ensure compliance by Anti-Discrimination Board of NSW with the requirements of the PPIP Act.
4.3 IPP 5: Retention and Security of Personal Information: compliance risks
4.3.1 Co-location
The office of ADB is co-located with the Office of Privacy NSW. Privacy NSW has a shared corporate services arrangement with the ADB. The relevant features of this arrangement, in terms of potential compliance risks, are:
- Staff of ADB (24) are located adjacent to staff of Privacy NSW (11).
- There is no designation of ADB ‘space’ from Privacy NSW ‘space’ by use of petitions or doors.
- Amenities (reception, meeting rooms, toilets and kitchen) are shared between staff of Privacy NSW and the ADB
- ADB provides Information Technology and Reception Support services to Privacy NSW. The I.T Support Officer has access to
- Privacy NSW electronic information storage systems (no other ADB staff have access to Privacy NSW’s electronic storage systems)
4.4 IPP 5: Retention and Security of Personal Information: policies and procedures to minimise or eliminate compliance risks
4.4.1 Co-location
- Action is proceeding towards stand-alone tenancy of ADB on Level 17 of the Pacific Power building. The space to be vacated by Privacy NSW is to be sub-let in a way such that ADB will have self contained occupancy.
- Shared compactus space has been altered such that separate lockable areas are used by ADB exclusively.
- Protocol established for daily locking/unlocking of file storage facilities.
- AGD’s Confidential Information Policy in place and signed upon employment
- AGD’s Code of Conduct and Ethics in place and circulated to all ADB staff
- Circulars issued to all Anti-Discrimination Board staff regarding ‘clean desk’ policy.
4.4.2 Electronic storage of personal information
- AGD’s Confidential Information Policy in place and signed upon employment
- AGD’s Code of Conduct and Ethics in place and circulated to all Anti-Discrimination Board of NSW staff
- Security vetting of new staff occurs to determine / authorise levels of access to storage systems
5. Procedures for requests for Internal Reviews under the PPIP Act
Individuals who wish to make a complaint about the way in which Anti-Discrimination Board has handled their personal information may request that Anti-Discrimination Board conduct an Internal Review of the conduct complained about.
Requests for an Internal Review should be marked “confidential” and addressed to:
The President
Anti-Discrimination Board of NSW
PO Box A2122
SYDNEY SOUTH NSW 1235
For further information about making a request for an Internal Review, complainants can contact the ADB on telephone (02) 9268 5555.
Upon receipt of a request for an Internal Review, the Special Projects Officer, Community Relations Division of the Attorney-General’s Department will be contacted to address the Internal Review procedures in accordance with Attorney-General’s Department Privacy Management Plan.
6. Dissemination of policies and procedures regarding compliance
A number of specific policies and procedures in this plan have been the subject of circulars provided to all staff, as outlined above. This plan will be circulated to all the staff of Anti-discrimination Board of NSW once finalised and will also be the subject of staff circulars and meetings.APPENDIX A
LEGISLATION AFFECTING PROCESSING OF INFORMATION
Legislation with General Application
Crimes Act 1900. Part 6 creates offences for unauthorised obtaining of access to or interference with data in computers. There are higher penalties for accessing certain categories of sensitive government information eg law enforcement information or for alteration or destruction of data.
Criminal Records Act 1991: restricts access to and disclosure of spent and quashed convictions. BOCSAR and the DPP are exempted from restrictions on disclosure.
Freedom of Information Act 1988: deals with applications for access to cost centre documents which may contain personal information and applications for amendment of operational records of information relating to the personal affairs of the applicant. The Act creates an alternative means of accessing personal information but the Department may use limitations and conditions affecting access under the FOI Act when responding to applications for access and correction made under the Privacy and Personal Information Protection Act.
Independent Commission against Corruption Act 1988: defines corrupt conduct in a way which has been found to relate to unauthorised disclosures of information for personal benefit.
Privacy and Personal Information Protection Act 1998: in addition to the requirements covered in this Plan the Act prohibits disclosures of personal information by public sector officers which are not done in accordance with the performance of their official duties. These provisions are primarily directed against corrupt or irregular disclosure of personal information staff may have access to at work and not to inadvertent failure to follow policies and guidelines.
Protected Disclosures Act 1994: the definition of personal information under the Privacy and Personal Information Protection Act excludes information contained in a protected disclosure. This means that a person cannot seek review of the use or disclosure of a protected disclosure or be prosecuted for unauthorised disclosure of protected disclosure information under the Privacy and Personal Information Protection Act. However, the Privacy Management Plan is still able to address strategies for the protection of personal information disclosed under the Protected Disclosures Act.
State Records Act 1998: defines the circumstances under which the Department can dispose of its records and authorises the State Records Authority to establish policies, standards and codes to ensure adequate records management by the Department. Compliance with requests to delete irrelevant, inaccurate, or out-of-date information under section 15 of the PPIP Act appears to override the restrictions on destruction under the State Records Act (section 20(4)).
POLICIES AFFECTING PROCESSING OF INFORMATION
Attorney General’s Department Policies
- Code of Conduct reinforces and supplements the requirements of the Act, in particular:
- Part 5 dealing with use and disclosure of information obtained in the course of employment
- Part 13 setting out the confidentiality obligations of staff who have left the Department
- Policy for the Use of Electronic Mail and the Internet
- Information Technology Strategic Plan (draft)
- Security of Information Systems Policy
- Security of Electronic Information
External Policies
The following external documents provide guidance on appropriate ways of collecting, storing, using and disposing of personal information:
NSW Ombudsman's Office
Ombudsman's Effective Complaint Handling Guidelines
Office of Information Technology,
IM&T Blueprint Memorandum Number 3.3: Security of Electronic Information available at Office of Information Technology
Premiers Department
Policy and Guidelines for the Use by Staff of Employer Communication Devices (defines the responsibility of public sector employees in relation to the use of the Internet and electronic mail, available at the Premiers Department
The Public Sector Personnel Handbook August 1999
State Records New South Wales
Destruction of Records: A Practical Guide, 1996
General Disposal Authority Administrative Records (authorises routine disposal of commonly held categories of administrative records in accordance with approved schedules)
General Records Disposal Schedule - Personnel Records 1992 (authorises routine disposal of commonly held categories of personnel records in accordance with approved schedules)
|
|
