Privacy Code of Practice: NSW Police Service
This Privacy Code of Practice was approved by the Attorney General on 28th June 2000 and Gazetted in Part 2 of the Government Gazette of 30 June 2000 at page 5981.
New South Wales Police Service
Privacy Code of Practice
CONTENTS
1. Code of Practice
2. Definitions and Acronyms
3. Information Protection Principles
- Principle 1
- Principle 2
- Principle 3
- Principle 4
- Principle 5
- Principle 6
- Principle 7
- Principle 8
- Principle 9
- Principle 10
- Principle 11
- Principle 12
4. Memorandums of Understandings etc
5. Existing Research Arrangements
6. Freedom of Information (FOI)
7. Compliance
8. Complaints/Concerns
9. Review of Code of Practice
1. CODE OF PRACTICE
1.1 This Code has been prepared by the Police Service to satisfy the requirements of Part 3 Division 1 of the Privacy and Personal Information Protection Act 1998. The Code documents the extent to which the Police Service's collection, storage, use and disclosure of personal information departs from the Information Protection Principles under Part 2 of the PPIP Act.
1.2 This Code may be read in conjunction with the Police Service's Privacy Management Plan.
2. DEFINITIONS & ACRONYMS
Terms used in this Code are defined as follows:
"Code" means or is a reference to this Code of Practice.
"Information Protection Principle(s) or Principle(s)" is a reference to any principle or principles referred to in sections 8 to 19 of the Privacy and Personal Information Protection Act 1998.
"Law Enforcement Agency" includes the Police Service, the New South Wales Crime Commission, the Australian Federal Police, the National Crime Authority, the Director of Public Prosecutions of New South Wales, the Department of Corrective Services and the Department of Juvenile Justice, the Police Service or police force of another state or territory, or other agency defined under the Privacy and Personal Information Act 1998.
"PPIP Act" means the Privacy and Personal Information Protection Act 1998.
"Personal Information" is defined under section 4 of the Privacy and Personal Information Act 1998 as information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.
"Police Service or Service" means the New South Wales Police Service.
"Public Sector Agency" includes the Police Service, government departments, the Education Teaching Service, any statutory body representing the Crown, any local government authority, or any other agency so defined under the Privacy and Personal Information Protection Act 1998.
3. INFORMATION PROTECTION PRINCIPLES
As a law enforcement agency the Police Service is granted broad exemptions under the PPIP Act. The Service is nevertheless required to comply with the Information Protection Principles in respect of its administrative and educative functions. The manner in which the principles are to be applied by the Service are as follows:
3.1 Principle 1:
Section 8 Collection of personal information for lawful purposes
(1) A public sector agency must not collect personal information unless:
(a) the information is collected for a lawful purpose that is directly related to a function or activity of the agency, and
(b) the collection of the information is reasonably necessary for that purpose.
(2) A public sector agency must not collect personal information by any unlawful means.
3.1.1 It is not intended that the Police Service will depart from Principle 1 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
3. 2 Principle 2:
Section 9 Collection of personal information directly from individual
A public sector agency must in collecting personal information, collect the information directly from the individual to whom the information relates unless:
(a) the individual has authorized collection of the information from someone else, or
(b) in the case of information relating to a person who is under the age of 16 years the information has been provided by a parent or guardian of the person.
3.2.1 It is not intended that the Police Service will depart from Principle 2 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
3.2.2 Roads and Traffic Authority - The Police Service departs from Principle 2, and also from Principles 10 and 11, to the extent that the Service exchanges information with the Roads and Traffic Authority in regard to motor vehicle accidents and other road and traffic related data.
(The Police Service undertakes to review its arrangements with the Roads and Traffic Authority within 12 months of the proclamation of this code)
3.2.3 National Motor Vehicle Theft Reduction Council The Police Service departs from Principle 2, and from Principles 10 and 11, to the extent that the Police Service exchanges data with the National Motor Vehicle Theft Reduction Council, and in particular, the disclosure of data for the Comprehensive Auto-Theft Research System (CARS) database.
3.3 Principle 3:
Section 10 Requirements when collecting personal information
If a public sector agency collects personal information from an individual, the agency must take such steps as are reasonable in the circumstances to ensure that, before the information is collected or as soon as practicable after collection, the individual to whom the information relates is made aware of the following:
(a) the fact that the information is being collected,
(b) the purposes for which the information is being collected,
(c) the intended recipients of the information,
(d) whether the supply of the information by the individual is required by law or is voluntary, and any consequences for the individual if the information (or any part of it) is not provided,
(e) the existence of any right of access to, and correction of, the information,
(f) the name and address of the agency that is collecting the information and the agency that is to hold the information.
3.3.1 It is not intended that the Police Service will depart from Principle 3 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
3.4 Principle 4:
Section 11 Other requirements relating to collection of personal information
If a public sector agency collects personal information from an individual, the agency must take such steps as are reasonable in the circumstances (having regard to the purposes for which the information is collected) to ensure that:
(a) the information collected is relevant to that purpose, is not excessive, and is accurate, up to date and complete, and
(b) the collection of the information does not intrude to an unreasonable extent on the personal affairs of the individual to whom the information relates.
3.4.1 It is not intended that the Police Service will depart from Principle 4 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code.
3.5 Principle 5:
Section 12 Retention and security of personal information
A public sector agency that holds personal information must ensure:
(a) that the information is kept for no longer than is necessary for the purposes for which the information may lawfully be used, and
(b) that the information is disposed of securely and in accordance with any requirements for the retention and disposal of personal information, and
(c) that the information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use,
modification or disclosure, and against all other misuse, and
(d) that, if it is necessary for the information to be given to a person in connection with the provision of a service to the agency, everything reasonably within the power of the agency is done to prevent unauthorised use or disclosure of the information.
3.5.1 It is not intended that the Police Service will depart from Principle 5 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
3.6 Principle 6:
Section 13 Information about personal information held by agencies
A public sector agency that holds personal information must take such steps as are, in the circumstances, reasonable to enable any person to ascertain:
(a) whether the agency holds personal information, and
(b) whether the agency holds personal information relating to that person, and
(c) if the agency holds personal information relating to that person:
(i) the nature of that information, and
(ii) the main purposes for which the information issued, and
(iii) that person's entitlement to gain access to the information.
3.6.1 It is not intended that the Police Service will depart from Principle 6 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
3.7 Principle 7:
Section 14 Access to personal information held by agencies
A public sector agency that holds personal information must, at the request of the individual to whom the information relates and without excessive delay or expense, provide the individual with access to the information.
3.7.1 It is not intended that the Police Service will depart from Principle 7 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
3.8 Principle 8:
Section 15 Alteration of personal information
(9) A public sector agency that holds personal information must at the request of the individual to whom the information relates, make appropriate amendments (whether by way of corrections, deletions or additions) to ensure that the personal information:
(a) is accurate, and
(b) having regard to the purpose for which the information was collected (or is to be used) and to any purpose that is directly related to that purpose, is relevant up to date, complete and not misleading.
(2) If a public sector agency is not prepared to amend personal information in accordance with a request by the individual to whom the information relates, the agency must if so requested by the individual concerned, take such steps as are reasonable to attach to the information, in such a manner as is capable of being read with the information, any statement provided by that individual of the amendment sought.
(3) If personal information is amended in accordance with this section, the individual to whom the information relates is entitled, if it is reasonably practicable, to have recipients of that information notified of the amendments made by the public sector agency.
3.8.1 It is not intended that the Police Service will depart from Principle 8 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
3.9 Principle 9:
Section 16 Agency must check accuracy of personal information before use
A public sector agency that holds personal information must not use the information without taking such steps as are reasonable in the circumstances to ensure that, having regard to the purpose for which the information is proposed to be used, the information is relevant accurate, up to date, complete and not misleading.
3.9.1 It is not intended that the Police Service will depart from Principle 9 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
3.10 Principle 10:
Section 17 Limits on use of personal information
A public sector agency that holds personal information must not use the information for a purpose other than that for which it was collected unless:
(a) the individual to whom the information relates has consented to the use of the information for that other purpose, or
(b) the other purpose for which the information is used is directly related to the purpose for which the information was collected, or
(c) the use of the information for that other purpose is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual to whom the information relates or of another person.
3.10.1 It is not intended that the Police Service will depart from Principle 10 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
3.11 Principle 11:
Section 18 Limits on disclosure of personal information
(1) A public sector agency that holds personal information must not disclose the information to a person (other than the individual to whom the information relates) or other body, whether or not such other person or body is a public sector agency, unless:
(a) the disclosure is directly related to the purpose for which the information was collected, and the agency disclosing the information has no reason to believe that the individual concerned would object to the disclosure, or
(b) the individual concerned is reasonably likely to have been aware, or has been made aware in accordance with section 10, that information of that kind is usually disclosed to that other person or body, or
(c) the agency believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another person.
(2) If personal information is disclosed in accordance with subsection (9) to a person or body that is a public sector agency, that agency must not use or disclose the information for a purpose other than the purpose for which the information was given to it.
3.11.1 It is not intended that the Police Service will depart from Principle 11 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
3.11.2 Department of Housing - The Police Service departs from Principle 11 to the extent that the disclosure of personal information to the Department of Housing may be permitted in the following circumstances:
(a) where the Department of Housing is investigating a complaint about a particular tenant and the information held by the Police Service is directly relevant to that investigation; or
(b) where the Police Service has obtained information about an offence and there is reasonable cause to believe that the offence committed is in breach of a Department of Housing tenancy agreement.
3.11.3 Insurance Claims - The Police Service departs from Principle 11 to the extent that it may supply motor vehicle accident or crime incident reports to an insurance company or insurer, or to the agent of an insurance company or insurer, in circumstances where a claim has been lodged against the insurance company or insurer and the report sought relates to that claim.
3.11.4 Motor Vehicle Accident Reports - The Police Service departs from Principle 11 to the extent that it may supply motor vehicle accident reports to any person directly involved in the accident to which the report sought relates.
3.11.5 Police Association of NSW - The Police Service departs from Principle 11 to the extent that the Service allows the Police Association of NSW access to the 'POL' function of the Eagle mainframe system to obtain member, work location, work contact and rank details.
3.12 Principle 12:
Section 19 Special restrictions on disclosure of personal information
(1) A public sector agency must not disclose personal information relating to an individual's ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual activities unless the disclosure is necessary to prevent a serious or imminent threat to the life or health of the individual concerned or another person.
(2) A public sector agency that holds personal information must not disclose the information to any person or body who is in a jurisdiction outside New South Wales unless:
(a) a relevant privacy law that applies to the personal information concerned is in force in that jurisdiction, or
(b) the disclosure is permitted under a privacy code of practice.
(3) For the purposes of subsection (2), a relevant privacy law means a law that is determined by the Privacy Commissioner, by notice published in the Gazette, to be a privacy law for the jurisdiction concerned.
(4) The Privacy Commissioner is, within the year following the commencement of this section, to prepare a code relating to the disclosure of personal information by public sector agencies to persons or bodies outside New South Wales.
(5) Subsection (2) does not apply:
(a) until after the first anniversary of the commencement of this section, or
(b) until a code referred to in subsection (4) is made, whichever is the later.
3.12.1 It is not intended that the Police Service will depart from Principle 12 except in accordance with any exemption provided under the PPIP Act or as otherwise addressed in this Code or any other privacy code of practice which applies to the Police Service.
4. MEMORANDUMS OF UNDERSTANDING ETC
4.1 Subject to exemption under the PPIP Act or contrary provision in this Code or any other privacy code of practice which applies to the Police Service, any
memorandum of understanding, agreement, instrument or other formal arrangement entered into by the Police Service with another party or parties shall continue to operate to the extent that such memorandum, agreement, instrument or other formal arrangement complies with the information protection principles of the PPIP Act.
5. EXISTING RESEARCH ARRANGEMENTS
5.1 The Police Service departs from the Principles to the extent that any existing research arrangement entered into by the Police Service prior to the commencement of Parts 2, 5 and 6 of the PPIP Act shall continue to operate in accordance with the original research arrangement entered into by the Police Service.
6. FREEDOM OF INFORMATION (FOI)
6.1 The Freedom of Information Act 1989 operates independently of this Code. This Code can not be applied to prevent the disclosure of information otherwise able to be lawfully accessed through FOI legislation.
6.2 An application received by the Police Service under the PPIP Act may be processed in the same manner as if the application was made under the
Freedom of Information Act 1989.
7. COMPLIANCE
7.1 Once an order making the Code is published in the New South Wales Government Gazette (or on such later date as may be specified in the order), a public sector agency, person, or body to whom this Code of Practice applies must comply with its provisions.
7.2 Failure to comply with this code could lead to action being taken in accordance with established Police Service/public sector managerial and disciplinary processes. Allegations regarding breaches of the privacy legislation are to be dealt with in accordance with the grievance handling procedures of the PPIP Act.
7.3 Breaches of the privacy legislation and/or this Code can give rise to a right of review involving an investigation of the conduct complained of.
8. COMPLAINTS/CONCERNS
8.1 Complaints or concerns regarding possible breaches of the PPIP Act or this Code may be addressed in the first instance to the General Manager, Court and Legal Service, NSW Police Service, Level 14, 14 24 College Street, Darlinghurst NSW 2010. *
8.2 Alternatively, complaints or concerns may be directed to the Privacy Commissioner, Privacy New South Wales, PO Box A123, Sydney South NSW 1235. *
9. REVIEW OF CODE OF PRACTICE
9.1 This Code is to be reviewed at regular intervals by the General Manager, Court and Legal Services to ensure that it reflects the processes whereby the Police Service collects, stores, uses and discloses personal information.
* Note: The postal address for NSW Police is now Locked Bag 5102, Parramatta, NSW 2124.
The postal address of Privacy NSW is now GPO Box 6, Sydney NSW 2001.
|
|
