NCOSS is committed to protecting and upholding the right to privacy of staff, volunteers, Board members and representatives of agencies we deal with.
This policy conforms to the NSW Privacy and Personal Information Protection Act (PPIP) Act which governs the collection, use and storage of personal information across all NSW Government agencies. The terms of NCOSS funding agreement with the Department of Human Services requires that NCOSS observe the Act as if it were a government agency.
NCOSS is required to follow the 12 Information Protection Principles in the legislation and to prepare a Privacy Management Plan detailing:
- the policies and practices that ensure compliance by the agency with the requirements of the PPIP Act
- how these policies and practices are disseminated to persons within the agency
- the procedures which NCOSS proposes to follow in relation to internal reviews under Part 5 of the PPIP Act
- any other matters which NCOSS considers relevant to privacy and to the protection of personal and health information.
NCOSS’ Privacy Management Plan is outlined in the procedures below.
This policy will apply to all records, whether hard copy or electronic, containing personal information about individuals, and to interviews or discussions of a sensitive personal nature.
Note: The Federal Privacy Act contains similar requirements and principles to the NSW PPIP, but does not apply to NCOSS while NCOSS’ annual turnover remains under $3 m, or does not hold contracts with the Commonwealth government . However, NCOSS commits to the principles of the Act in this policy.
1.8.1 Dealing with personal information
In dealing with personal information , NCOSS staff will:
- ensure privacy for staff, volunteers or Board members when they are being interviewed or discussing matters of a personal or sensitive nature
- only collect and store personal information that is necessary for the functioning of the organisation and its activities
- use fair and lawful ways to collect personal information
- collect personal information only by consent from an individual
- ensure that people know what sort of personal information is held, what purposes it is held it for and how it is collected, used , disclosed and who will have access to it
- ensure that personal information collected or disclosed is accurate, complete and up- to-date , and provide access to any individual to review information or correct wrong information about themselves
- take reasonable steps to protect all personal information from misuse and loss and from unauthorised access, modification or disclosure
- destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired.
- NCOSS staff will not release the contact details for people or their members of any NCOSS forum
- participants in the NCOSS Community cover
- attendees at an NCOSS workshop or conference
- purchasers of NCOSS products or publications
organisations that are:
The NCOSS Director must approve the release of contact details for any individual whose details were obtained by NCOSS through the above activities.
1.8.2 Responsibilities for managing privacy
- All staff: are responsible for the management of personal information to which they have access, and in the conduct of research, consultation or advocacy work. Staff members should raise any concerns they have regarding privacy with their supervisor or the NCOSS Privacy Contact Officer
- Communications staff: Staff responsible for content in NCOSS publications, communications and website must ensure the following:
- appropriate consent is obtained for the inclusion of any personal information about NCOSS personnel
- information being provided by other agencies or external individuals conforms to privacy principles
- that the website contains a privacy statement that makes clear the conditions of any collection of personal information from the public through their visit to the website.
- Corporate services staff: Are responsible for safeguarding personal information relating to NCOSS staff, Board members, volunteers, contractors and NCOSS members.
- The Director and Deputy Directors: Are responsible for over sighting the organisation’s Privacy Management Plan.
- The NCOSS Privacy Contact Officer: The NCOSS Privacy Contact Officer will be the Corporate Services Coordinator. The CSC will be responsible for:
- handling any queries or complaint about a privacy issue
- acting as the point of contact for liaison with Privacy NSW.
1.8.3 Internal review
A person wishing to complain about the handling of their personal information or about a breach of their privacy will be requested to lodge their concern with the NCOSS Privacy Officer who will conduct an investigation according to the requirements under the legislation and:
- notify Privacy NSW that they have received the application for internal review
- keep Privacy NSW informed of the progress of the internal review
- consider any relevant material submitted by the applicant or by Privacy NSW
- complete the review as soon as possible
- once the review is finished, notify the applicant and Privacy NSW of the findings of the review (and the reasons for those findings), and the action proposed to be taken
- notify the applicant of any other rights they may have.
Once the review is finished, NCOSS may take no further action, or it may do one or more of the following:
- make a formal apology
- take remedial action
- provide undertakings that the conduct will not occur again
- implement administrative measures to ensure that the conduct will not occur again.