ECIA NSW/ACT collects and administers a range of personal information for its designated purposes. The association is committed to protecting the privacy of personal information it collects, holds and administers. Personal information is information that directly or indirectly identifies a person.
ECIA NSW/ACT recognises the essential right of individuals to have their information administered in ways that they would reasonably expect – protected on one hand, and made accessible to them on the other.
This document sets out a framework for ECIA NSW/ACT in dealing with privacy considerations.
ECIA NSW/ACT is bound by the NSW Privacy and Personal Information Protection Act 1998; the National Privacy Principles, as well as other laws that impose specific privacy obligations. The association has adopted the National Privacy Principles as minimum standards in relation to handling personal information.
This means that ECIA NSW/ACT will:
- Collect only information which the association requires for its primary functions.
- Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered.
- Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent.
- Store personal information securely, protecting it from unauthorised use or access.
- Provide individuals with access to their own information, and the right to seek its correction.
1. The Board will:
Retain overall responsibility for adopting this policy.
2. The Executive Officer will:
Ensure that all staff members, contractors and volunteers are aware of this policy
Monitor changes in Privacy legislation and for reviewing this policy as and when the need arises.
3. All staff members, contractors and volunteers of ECIA NSW/ACT will adhere to the principles outlined below:
- Only collect information that is necessary for the performance and primary function of ECIA NSW/ACT.
- Notify individuals about why we collect the information and how it is administered.
- Notify individuals that this information is accessible to them.
Use and Disclosure
- Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
- For other uses we will obtain consent from the affected person.
- Take reasonable steps to ensure the information we collect is accurate, complete, up-to-date, and relevant to the functions we perform.
Data Security and Retention
- Safeguard the information we collect and store against misuse, loss, unauthorised access and modification.
- Destroy obsolete records in accordance with the designated guidelines.
Access and Correction
Make this information freely available in relevant publications and on the organisation’s website.
- Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up-to-date.
Making Information Available to Others
- Can only release personal information about a person with that person’s expressed. permission. For personal information to be released, the person concerned must sign a release form.
- Can release information to third parties where it is requested by the person concerned.
- Exemption is if information is required or authorised by or under law.