Module One Legislation, Definitions & Key Exemptions
Activity Pair Activity
Module Two Collection, Use & Disclosure
Module Three Management & Access
Module Four Complaints/ Post -Quiz
Today you will learn about Victorian
This session will better equip you to
•collection, use & disclosure,
management and access to personal
•Perform your job functions in a manner
consistent with privacy requirement; &
•where to go for privacy related help.
Icebreaker - PrYvacy Bingo
As quickly as you can complete
a line of the pryvacy bingo card
The first person to get a vertical
or horizontal line will win a prize
Note you may only use a name
Module 1 Privacy legislation
Information Privacy Act State government agencies,
(Vic) 2000 local councils, Ministers &
Health Records Act (Vic) 2001 Health information in Victorian
public and private sectors,
hospitals, doctors & employers.
Module 1 Privacy – Key definitions
Personal information Recorded information about a living
identifiable or easily identifiable
Health information Information able to be linked to a living or
deceased person about a person’s physical,
mental or psychological health.
Sensitive information Includes information about a person’s race
or ethnicity and criminal record.
Is a photo personal information? Are details of a person’s position and salary
recorded on their personnel file? Small Group activity
Module 1 Relationship to other laws
Privacy laws What they say Examples
Information If there is, any inconsistency • Section 30 of the
Privacy Act between the Information Corrections Act 1991.
(section 6). Privacy Act and a provision in
another Act, the other Act’s • Section 141 of the Fair
provision prevails to the Trading Act 1999.
extent of the inconsistency.
Are you familiar with what your primary legislation states you
can do with personal information? Pair Activity
Module 1 Court Services
Courts & Tribunals are partially
exempted from privacy laws in
exercising their judicial or quasi-
Are human resources functions covered?
What about filming inside a court room?
Would a court-issued subpoena be a judicial function?
Module 1 Law enforcement exemption
Who is covered? How does it work? Examples
If there is a reasonable
Corrections (Prisons, belief that non-compliance Police checks of the
CCS & CORE); CAV; is necessary for law Register of Births and
RAJAC; enforcement purposes; Deaths for name changes.
Business Licensing then exempt from
In emergency situations,
Agency; & main collection, use, locating next of kin.
Enforcement disclosure and transfer
Management. obligations, but still must Inspectors investigating
comply with some motor car traders.
Module 1 Law enforcement agencies
IPP8 IPP1.1 & IPP2.2 IPP3 IPP4 IPP5
If lawful Collect Record uses Be Be Have
and personal & disclosures accurate secure privacy
practicable information between law policies &
offer responsibly enforcement processes
Module 2 other functions?
• For all other non-judicial and non-law
enforcement functions employees must
comply with the 10 information privacy
• The IPPs are connected and guide how
personal information should be handled:
• Collection (IPPs 8, 1, and 10);
• Use and Disclosure (IPPs 2 and 9);
• Management of personal information
(IPPs 3,4, 5, & 7); and
• Access and Correction (IPP6 and FOI)
Module 2 Collection
Collection (IPPs 8, 1, and 10)
Preserve anonymity if you can. Collect only what you need.
Do it lawfully, fairly, directly and not unreasonably intrusively.
Tell people you are doing it and why through a privacy statement.
Be extra careful with sensitive information.
Photos are taken at the end of year staff party. The
photos are added to a bank of stored images used for
promotional purposes in newsletters and the website.
Are there any collection issues?
Module 2 Tips for compliance
• When drafting or handling forms
check for a privacy statement.
Think of a statement as a food label.
• Be able to justify why you need
personal information if asked.
• Do not over collect personal
• Be mindful, if investigating crimes, to
act within the law and collect fairly.
Module 2 Use and Disclosure
Think of a traffic light when
disclosing personal information.
you must you may you can’t
Disclosure is You have choice No choice
Module 2 You may disclose under IPP2
Under IPP2 you may disclose: to law enforcement agencies for the
purpose of prevention, detection,
• with consent. investigation, prosecution or
punishment of criminal offences or
breaches of a law.
• if information is from a publicly
where the information is reasonably
• information for statistical or research believed to be necessary to lessen or
purposes; no identifiers. prevent a serious threat to public
health / safety / welfare.
• investigation of unlawful activity.
• other reasons in IPP2.
Use & Disclosure Scenario
In 2003 the Arthurs Seat chairlift collapsed
and 18 people were injured. The chairlift
managing director was quoted in the media
saying that he wished to extend his best
wishes to those injured however was
prevented from doing so as privacy laws
prohibited the police releasing the names of
the people involved.
Considering the use and disclosure
principle, what options exist for providing an
apology to the victims?
Module 3 Management of personal information
Module 3 Management & Access
Access and Correction
(IPP6 & FOI Act)
People have a right to access & correct
personal information. Assume people will
see what you write. If involved in
discovering documents respond promptly.
(IPPs 3, 4, 5 & 7)
Keep personal information accurate &
secure. Follow Departmental policies.
• When watching the DVD consider –
– What the privacy issues might be?
– Whether you or your work area may have
experienced a similar situation?
Module 4 Complaints
What constitutes a privacy complaint?
• A breach of a privacy principle
• A complainant may be concerned
– a mix up in correspondence
– gossiping about them in their community
– a facsimile or email sent to the wrong
– their information being out of date or
incorrect on a database
• Anyone can complain using the privacy
complaint form available on J-NET
• In the first instance you need to refer any
potential privacy complaint to your business
unit privacy coordinator
• The Coordinator will follow the
department’s privacy complaint handling
policy and procedure
Recap & Key Messages
• Most information held by the department will be capable of
being personal information
• The privacy principles are about the right information to
the right people for the right reason at the right time
• Build privacy protections into your work area and work
• Follow privacy policies and bring privacy incidents to your
Where to go for help?
• Privacy, Records Management & Freedom of Information
materials are on J-NET>Our Business>Knowledge Management
• Each of the Dept’s business units has a Privacy Coordinator
– Gaming & Racing- Mai Hua 8684 6401
– Human Resources – Bree Tozer 8684 0052
– Corrections Victoria - Lina Marrocco & Joanna Richardson
- Crime & Violence Prevention – Georgia Dodds 8684 1717
- Brent Carey, Senior Privacy Adviser can be contacted on 8684 0071
or by e-mail firstname.lastname@example.org
• EDRMS (records) helpdesk 8684 0555; the FOI unit 8684 0063
• Privacy Victoria www.privacy.vic.gov.au