Privacy and Data Protection Policy
The Privacy and Data Protection Act 2014 (Vic) (Act) governs the way in which Council needs to responsibly collect, handle and protect personal information and ensure data security. This policy outlines the requirements for the capture and ongoing management of personal and health information and will set clear expectations for its appropriate use.
This policy applies to all Council Employees, Councillors, Contractors and Volunteers. This policy applies to personal information and health information held by Council. The data protection sections of the Act only applies to services contracted by Federal and State Government bodies and does not apply to Council information at this stage.
To responsibly manage any personal or health information Council handles; • Provides a framework for the collection, use and disclosure of personal and health information of all individuals; • Comply with the Act and the Health Records Act 2001; • To ensure Council adheres to the Information Privacy Principles contained within the Act.
Council is committed to protecting individual’s right to privacy with the responsible and fair handling of personal and health information, consistent with the Act and the Health Records Act 2001.
Information Privacy Principles
Council’s Information Privacy Principles (Appendices 2); outline the way in which Council captures, manages, uses and discloses personal and health information in accordance with the Act.
Council may outsource some of its functions to third parties (contractors). This may require the contractor to collect, use or disclose certain personal information. Council will take reasonable steps to ensure that contractors comply with the Act and this Policy in all respects.
If an individual feels aggrieved by Council's handling of his or her personal information, the individual may make a complaint to Council’s Privacy Officer. The complaint will be investigated as soon as possible from date of receipt (but no later than 5 business days) and the person will be provided with a written response. Alternatively, the person may make a complaint to the Commissioner for Privacy and Data Protection
Reference to other documents
- • Privacy and Data Protection Act 2014 (Vic)
- • Freedom of Information Act 1982 • Health Records Act 2001
- • Electronic Transactions Act 2000 (Vic)
- • Public Records Act 1973
This Policy is to be reviewed by Council every three years of it coming into operation or within 6 months of any changes to the Act. Council may amend this Policy at any time
All Council Employees, Councillors, Contractors and Volunteers are responsible for adhering to and implementing this policy. Adherence to the Act will be overseen by the Chief Executive Officer. The Information Privacy Officer is responsible for the review of this policy and development of any associated procedures
For more information see Privacy and Data Protection Policy on our website.