ECIA VC collects and administers a range of personal information for its designated purposes. The association is committed to protecting the privacy of personal information it collects, holds and administers. Personal information is information that directly or indirectly identifies a person.
ECIA VC recognises the essential right of individuals to have their information administered in ways that they would reasonably expect – protected on one hand, and made accessible to them on the other.
This document sets out a framework for ECIA VC in dealing with privacy considerations.
ECIA VC is bound by Victorian Privacy Laws; the Information Privacy Act 2000; the National Privacy Principles, as well as other laws that impose specific obligations. The association has adopted the National Privacy Principles as minimum standards in relation to handling personal information.
This means that ECIA VC will:
- Collect only information which the association requires for its primary function
- Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered
- Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent
- Store personal information securely, protecting it from unauthorised access
- Provide stakeholders with access to their own information, and the right to seek its correction.
1.The Board will:
- Retain overall responsibility for adopting this policy.
2.The Chief Executive Officer will:
- Ensure that all staff members, contractors and volunteers are aware of this policy.
- Monitor changes in Privacy legislation and for reviewing this policy as and when the need arises.
- All staff at all levels will ECIA VC will adhere to the principles outlined below:
- Only collect information that is necessary for the performance and primary function of ECIA VC.
- Notify stakeholders about why we collect the information and how it is administered.
- Notify stakeholders that this information is accessible to them.
- Give stakeholders the option of not identifying themselves when completing evaluation forms or opinion surveys.
Use and Disclosure
- Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
- For other uses we will obtain consent from the affected person.
- Take reasonable steps to ensure the information we collect is accurate, complete, up-to-date, and relevant to the functions we perform.
Data Security and Retention
- Safeguard the information we collect and store against misuse, loss, unauthorised access and modification.
- Destroy obsolete records in accordance with the designated guidelines.
Access and Correction
- Make this information freely available in relevant publications and on the organisation’s website.
- Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up-to-date.
Making information available to other service providers
- Can only release personal information about a person with that person’s expressed permission. For personal information to be released, the person concerned must sign a release form.
- Can release information to third parties where it is requested by the person concerned.