CWA of NSW collects personal information relating to members, and maintains a database in the Association’s office.
Personal information is defined by the NSW Privacy and Personal Information Protection (PPIP) Act (1998) as: “any information or opinion about an individual or which is reasonably capable of identifying an individual”.
The purpose of this policy is to protect the privacy of individuals and organisations about whom CWA collects and/or holds information. The policy outlines the guidelines which must be observed when collecting, storing and using personal and confidential information.
The NSW PPIP Act governs the collection, use and storage of personal information across NSW.
The PPIP Act sets out 12 specific Information Protection Principles to guide the collection and use of personal information. CWA of NSW adopts these principles:
1. Lawful - when an organisation collects your personal information, the information must be collected for a lawful purpose. It must also be directly related to the organisation's activities and necessary for that purpose.
2. Direct - your information must be collected directly from you, unless you have given your consent otherwise. Parents and guardians can give consent for minors.
3. Open - you must be informed that the information is being collected, why it is being collected and who will be storing and using it. The organisation should also tell you how you can see and correct this information.
4. Relevant - the organisation must ensure that the information is relevant, accurate, up-to-date and not excessive. The collection should not unreasonably intrude into your personal affairs.
5. Secure - your information must be stored securely, not kept any longer than necessary, and disposed of appropriately. It should be protected from unauthorised access, use or disclosure.
6. Transparent - the organisation must provide you with enough details about what personal information they are storing, why they are storing it and what rights you have to access it.
7. Accessible - the organisation must allow you to access your personal information without unreasonable delay and expense.
8. Correct - the organisation must allow you to update, correct or amend your personal information where necessary.
9. Accurate - agencies must make sure that your information is accurate before using it.
10. Limited - agencies can only use your information for the purpose for which it was collected, for a directly related purpose, or for a purpose to which you have given your consent. It can also be used without your consent in order to deal with a serious and imminent threat to any person's health or safety.
11. Restricted - the organisation can only disclose your information with your consent or if you were told at the time they collected it from you that they would do so. The organisation can also disclose your information if it is for a related purpose and they don't think that you would object. Your information can also be used without your consent in order to deal with a serious and imminent threat to any person's health or safety.
12. Safeguarded - the organisation cannot disclose your sensitive personal information without your consent, for example information about your ethnic or racial origin, political opinions, religious or philosophical beliefs, health or sexual activities or trade union membership. It can only disclose sensitive information without your consent in order to deal with a serious and imminent threat to any person's health or safety.
2.9.3 Responsibilities for managing privacy
Responsibilities for the management of personal information are the domain of any individual within the organisation with access to, or responsibilities for, such information. However CWA promotes specific responsibilities to certain individuals/positions. Those individuals will then be in a position to ensure that all staff are suitably instructed either through training or the introduction of policies and procedures, as to their obligations in relation to the protection of personal information in their handling.
Privacy Contact Officer
As a matter of good practice, an organisation should have a designated officer to whom members of the public can direct any queries or complaints in the first instance. Privacy Contact Officers are also the primary point of contact for liaison with Privacy NSW.
CWA of NSW appoints this role and responsibilities to the Executive Officer.