The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act) was introduced to Parliament on 23 May 2012 and was passed with amendments on 29 November 2012. The Privacy Regulation 2013, made under the Privacy Act, and to also commence on 12 March 2014 was registered on 17 December 2013.
The Privacy Amendment Act includes a set of new, harmonised, privacy principles that will regulate the handling of personal information by both Australian government agencies and businesses. These new principles are called the Australian Privacy Principles (APPs). They will replace the existing Information Privacy Principles (IPPs) that currently apply to Australian Government agencies and the National Privacy Principles (NPPs) that currently apply to businesses. Under the changes, there are 13 new APPs.
APP 1 – open and transparent management of personal information
APP 2 – anonymity and pseudonymity
APP 3 – collection of solicited personal information
APP 4 – dealing with unsolicited personal information
APP 5 – notification of the collection of personal information
APP 6 – use and disclosure of personal information
APP 7 – direct marketing
APP 8 – cross-border disclosures
APP 9 – adoption, use or disclosure of government related identifiers
APP 10 – quality of personal information
APP 11 – security of personal information
APP 12 – access to personal information
APP 13 – correction of personal information
Personal Information Handling Practices: Collection
We usually collect personal information about individuals directly from those individuals or their authorised representative.
We only collect personal information for purposes which are directly related to administration of course enrolments and course operation.
Use and disclosure
We only use personal information for the purposes for which we collected it – purposes which are directly related to one of our functions or activities.
We do not give personal information about an individual to other Government agencies, private sector organisations or anyone else unless one of the following applies:
- the individual has consented
- the individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies
- it is otherwise required or authorised by law
- it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.
We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. When the personal information that we collect is no longer required, we destroy or delete it in a secure manner, in accordance with the ACBC’s record archive policies.
How to contact us
For further information contact us at firstname.lastname@example.org or by telephone 029824 0000.
ACBC Full Policy
This Policy addresses APP’s 1-13.
1) The kinds of personal information that ACBC collects and holds
- ACBC collects and holds information from applicants and enrolled students as required by the Australian Vocational Education and Training Management of Information Statistical Standard (AVETMISS).
- This includes but is not limited to personal details relating to residential address, date of birth, ethnic origin, immigration status, languages spoken at home, level of education achieved. This is a requirement of the Standards for Registered Training Organisations 2011. Academic achievement results from learning activity at ACBC are also collected and held.
- Information related to employees collected and held includes but is not limited to personal details relating to residential address, date of birth, ethnic origin, immigration status, languages spoken at home, level of education achieved and employment history.
2) How ACBC collects and holds personal information
- ACBC collects information through the completion of application forms and templates. Information is held under secure storage and also may be digitised and stored electronically.
2.1) The purposes for which the entity collects, holds, uses and discloses personal information
- Information is collected to determine suitability and capacity of course applicants and staff. Information is not disclosed to any other party unless within the confines of the Privacy Amendment Act 2012. AVETMISS data is reported to the Australian Skills Quality Authority.
2.2) How an individual may access personal information about the individual that is held by ACBC and seek the correction of such information
- An individual may make a request to the college (Campus Manager for students/past students) to view information that is held. Staff members may request access from their line manager.
3) How an individual may complain about a breach of the Australian Privacy Principles, by ACBC, and how ACBC will deal with such a complaint
- An individual may complain about a breach of the APP by writing to the CEO of ACBC (internally). ACBC has a general operational policy in place for handling of complaints which is provided in the student handbook and on the colleges’ website. If unsatisfied with the handling of a complaint, the individual may contact the Office of the Australian Information Commissioner to commence external complaint proceedings. Complaints related to matters other than Privacy are handled in accordance with the guidelines provided in the student and staff handbooks.
4) Disclosure of personal information to overseas recipients
- ACBC will not disclose personal information to overseas recipients without written authority from the individual unless the request is part of a subpoena from a legal authority.
6) Anonymity and pseudonymity
- Individuals have the option of not identifying themselves, or of using a pseudonym, when dealing with ACBC in relation to a particular matter. This does not apply if, in relation to that matter:
(a) ACBC is required or authorised by or under an Australian law, or a court/ tribunal order, to deal with individuals who have identified themselves; or
(b) It is impracticable for ACBC to deal with individuals who have not identified themselves or who have used a pseudonym.
7) Direct Marketing
- ACBC will only use or disclose personal information for direct marketing purposes where the individual has either consented to their personal information being used for direct marketing, or has a reasonable expectation that their personal information will be used for this purpose, and conditions relating to opt-out mechanisms are met.
- ACBC will not use photographic or digital images without the written consent of individuals.
9) CCTV Surveillance
- ACBC operates CCTV surveillance in all areas of its operation. Digital records of this surveillance are held and used in accordance with ACBC’s IT Acceptable Use Policy 2014.
10) Data Quality
- We take steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.
11) Data Security
- We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. These steps include password protection for accessing our electronic IT system and securing paper files in locked cabinets and physical access restrictions. When no longer required, personal information is destroyed in a secure manner, or deleted according to ACBC’s archive policies and procedures.
12) Information collected online by ACBC
In addition to providing a facility for the general public to request further information through our website or to arrange an appointment, it is our usual practice to collect information about all visitors to our online resources including social media platforms. That information is very limited and only used to identify generic behavioural patterns.
There are several methods and packages that we use to collect visitor behaviours on each of our online platforms. We use Google Analytics on our websites. Information and data collected through Google Analytics is stored by Google on servers in the United States of America, Belgium and Finland. You can opt out of the collection of information via Google Analytics by downloading the Google Analytics Opt-out browser add on.
When you visit any of our online resources, our metric tools may collect the following information about your visit for statistical purposes:
- server address
- the date and time of your visit to the site and the length of your visit
- the pages you accessed and documents downloaded during your visit
- the previous site you visited
- if you’ve visited our site before
- the type of browser used.
We record this data to review the effectiveness of our marketing and social media activity and to improve our services. We do not use this information to personally identify anyone.
13) Complaints and reporting of privacy issues
- Where an individual wishes to make a compliant regarding a privacy issue, they should utilise the colleges’ policies and procedures for complaints handling as detailed in the student and staff handbooks.
14) How to contact us
For further information contact us at email@example.com or by telephone 02 9824 0000.