Training for managers and supervisors presentation

Uploaded on


  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • The purpose of this session is to introduce you to the topic of privacy and records management laws. The first part of the session considers the context for privacy laws in the regions. I’ll briefly give an overview of the concept of ‘information privacy’ and the main exemptions which are relevant to core business in the regions. This will be followed by an in depth discussion of the collection and use and disclosure principles. I will also discuss the rest of the 10 information principles which set the standards for the handling of personal information that Victorian public sector organisations must comply with. The remainder of the session focuses on record management laws and the final slide contains details about where to go for help about information privacy, records management and freedom of information laws.
  • Secretary & ED PES&C requested merger of CV privacy staff with Technology Services and Executive Services privacy to form the privacy unit CV privacy hotline retention of dedicated CV personnel ( Lina & Evelyn) access to 6 privacy staff Development of more CV resources ( Info Sheet, Privacy Video Tutorials, Case Studies, Forms, E-learning training module) that their information will be protected that prisoners will not be compensated ( Ivan Milat NSW). In 2008 Victoria went part-way to taper compensation to prisoners by giving Courts an oversight role. Privacy complaints by prisoners run the risk of prisoners receiving damages. Money may be held in a quarantine fund and could be payable to victims. Through privacy complaints related to prisoners don’t want to be put in the position of paying any money to prisoners that we train and support staff to comply with confidentiality, security and privacy requirements - that their HR information is protected


  • 1. Southern Region Privacy – Embedding a Privacy Culture “ Privacy Matters” Training for Managers & Supervisors
  • 2. Privacy Culture in Southern Region
    • This session will better equip you to understand:
    • Past Privacy Culture in the department & Southern Region
    • Current Privacy Culture in Southern Region
    • Future Privacy Culture in Southern Region (with your help)
  • 3. Privacy Basics
    • Privacy provides you with rights to:
    • Access and amend records, to ensure they are accurate and complete
    • To balance the free flow of personal information with respect for privacy
    • To make a complaint about a breach of privacy
  • 4. Why the need for training?
    • Past culture
    • Incidents have brought unnecessary, negative attention to the department’s information privacy and security practices
    • Re-education and re-emphasising the need to take responsibility for protecting against privacy incidents
    Photos in Dumpster, Mr C’s Case, Filing Cabinet incidents has made the public skeptical of how government protects personal information
  • 5. Information under your control When dealing with information, think privacy A person’s race, ethnicity, criminal record, trade union membership Sensitive information Medical, Counselling, WorkCover, OHS, information about a living or deceased person - physical, mental or psychological health Health information Financial, Family, Contact details, Clients & HR details – material about a living identifiable or easily identifiable individual Personal information
  • 6. Why do we collect personal information?
    • Common reasons for collection:
      • To hire you
      • To pay you
      • To locate you
      • To train and develop you
      • To provide services to our clients
    Manager’s must limit unnecessary wide collection practices
  • 7. Controls around Collection
    • A privacy statement sets the rules for collecting,
    • using, storing, sharing and safeguarding personal
    • information
    • Collection Statement Generator
    A statement on a form informs the general public of what data is collected, for what purpose, the authority for doing so and who gets to see it and
  • 8. Controls around personal information
    • Ensure you and your staff practice the ‘need to know’ principle
    • - grant access in a database, in a folder, on TRIM only to those specific employees who require the record to perform assigned duties
    • for other individuals ask why they need access?
    • Interoffice mail
    Why do staff need access? How will they use the information
  • 9. Privacy Expectations as a Manager
    • You are responsible for your staff’s data collections
    • Create, manage, oversee files or databases containing personal information
    • Disseminations of personal information
  • 10. New Recruits and Contractors
    • Ensure they understand privacy and comply with all privacy policies
    • Ensure any contract for goods and services has a privacy clause
  • 11. Staff sensitivities
    • Home addresses and telephone numbers (they do not have to agree to share broadly)
    • Being approached by third parties to provide personal information
    • Not receiving an explanation as to why access to a database may be limited
  • 12. Prevent Privacy Payouts
    • What privacy incidents may lead to compensation?
      • Unlawfully or Unfairly collecting personal information
      • Sharing data with unauthorised individuals
      • Inappropriate Access to databases
      • Making decisions on false information
      • Loss of information
  • 13. Loss of information
    • The loss of personal information has major implications for the department.
      • It can erode confidence in the government’s ability to protect information (UK)
      • Impact on budget
      • Lead to major legal action
      • Major implications for the individuals are responsible for the loss/compromise including allegations of serious misconduct
  • 14. Should you have a privacy incident?
    • Alleged privacy
    • incident
    Reported within 30 min via line management Containment measures at location Provide summary of complaint / breach to Privacy Team NB: failure to notify often leads to additional briefing and reporting requirements Inappropriate Access to Personal Information Policy
  • 15. Back to Culture 2007/08 Start of Change
    • Building privacy into practices rather than merely responding to incidents
    • - privacy brochures, website statements
    • - posters, desk tools
    • -warning screens in databases about access
    • Increase privacy staff from .5 to 1.5 to 6
    • Tailoring Requirements and Directives ( 9.7 & 9.18)
    • Face to Face privacy training at all prison locations (ongoing).
    • Establishment of the Privacy Contact Officer network
  • 16. Current Privacy Culture
    • Getting to grips with privacy in a regional and co-location context
    • Increase monitoring & accountability in relation to database access, correspondence control and client welfare
    • Defending practices publicly to regulators and in the media
    Filing Cabinet incident Monitoring & Auditing of access to details in databases Opening & reading of non-exempt prisoner correspondence Mr C’s Case Search and seizure practices LOSE SOME WIN SOME
  • 17. 2009 Current Values
    • In DOJ the importance of managing client and staff information.
    • In our communities that info is protected, rights respected and offenders and prisoners not compensated
    • In the Workforce protect contact details and train and support staff
  • 18. Reflection - your biggest privacy challenges at your location
  • 19. Here’s a list of challenges we prepared
    • Easily distracted shift workers
    • Pub talk & staff gossip
    • E-mails
    • High profile prisoners/clients
    • Data storage [ where to put it]
    • Information sharing – DHS/VIC POL
    • Contracted /outsourced services
    • Staff who forward & circulate info widely
    • ‘ Snoops & Leaks’
    • Faxes going to the wrong person
    • Have a culture of Hoarders and ‘Chuckers’
  • 20. Make a Statement - Southern Region is Privacy Savy!
    • Ensure forms have a privacy statement
    • Demonstrate your commitment to protecting personal information at your location. Use the TR Traffic Cards on J-NET to do a walk around
    • Issue periodic reminders to staff to use caution when posting private information [ mail, email, internet, in shared folders]
    • Register Portable Devices and remind staff to take records off them
    • Ensure documents & photos posted to websites are permissible
  • 21. Where we want to be – Future of Privacy
    • Privacy team – our job is to assist you
    • -have a better understanding of where each other is coming from. Co-location is new for us as well
    • -your help for us to develop practical privacy tools that are easily understood and easy to implement
    • The Department and Other agencies we need to share information with
      • Have a good working relationship - Eg. DHS Fact Sheet, VicPol Release of Information form
    • Privacy Incidents
    • -Fewer results for Same Name, Media, Friend Searches on databases
    • - Awareness around issues with social media
    • -Fewer instances of staff complaints about breaches of their privacy ( if staff know their privacy is protected we have a better chance of protecting others privacy)
      • NB secure staff contact information so as not to put them into any perceived danger
  • 22. Where we want to be at your location
    • Engage with your Privacy Contact Officer and get updates from them after each privacy quarterly meeting
    • Have privacy listed on the agenda, occasionally, at staff meetings
    • Check staff at your location know how to spot and report a privacy incident to you
    • Assess vulnerabilities within your location prior to an incident occurring – e.g. periodically inspect and put in order hot spot areas [ copiers, faxes, rubbish zones, file storage]
    • Engage staff at your location in building your privacy and security culture – e.g. get behind activities year round to talk privacy or have some fun with privacy so staff know its not always about when they might have done the wrong thing
  • 23. Summary
    • Privacy Risk is worth managing
    • Personal Information loss and leakage is a risk at your location
    • Privacy Incident protection is more than just securing the system. People and culture are the key.
    • People can be our strongest or weakest link!
  • 24. Call Us – we’re here to help YOU!
    • Brent (03 8684 0007),
    • Lina (03 8684 0176),
    • Evelyn (03 8684 0173),
    • Melanie (03 8684 0071),
    • Amira (03 8684 0006) or
    • Billie (03 8684 0087)