Privacy and Confidentiality.
It is the policy of ABC Multilingua to comply with all privacy and confidentiality obligations and requirements pursuant to all relevant laws, including the 13 Australian Privacy Principles contained in the Privacy Act 1988.
Employees must comply with the guidelines outlined in the employment contract in relation to the gathering, use and security of confidential information. Specifically;
- Personal information may be collected only by lawful and fair means and not in an unreasonably intrusive way.
- Personal and sensitive information about customers is only available to those employees who need that information to provide a service for that customer.
- All employees will ensure that electronic data is kept within secure network storage and undertake to only access that data which is necessary to perform their role.
- Information will not be disclosed to a third party without the written consent of the customer concerned except in the following circumstances:
- Where required by law, information may be given to the appropriate authority without the prior consent of the person concerned. Where this occurs will be placed on the customers record
- Where the company reasonably believes that the use or disclosure is necessary to less or prevent serious and imminent threat to an individual’s life, health or safety, or a serious threat to public health or public safety.
- Information and customer records will be kept in secure storage and matters of long-term storage or disposal will comply with industry standards.
- In all cases, prior to documents being sent out of the office to third parties, the customer’s tax file number will be removed.
If an employee becomes aware of any explicit confidential information that does not concern them in regard to the company, a customer or another employee, the employee in possession of the confidential information must alert management immediately. Management will then take action to determine how to manage the situation correctly.
Failure to comply with the policy could result in disciplinary action being take including dismissal.
For further information, contact: Privacy Act Enquiries Line 1300 363 992 (local call charge)
13 Australian Privacy Principles. (Privacy Act 1988)
Principle 1 – Open and transparent management of personal information.
An entity must manage information in an open and transparent way
Principle 2 – Anonymity and pseudonymity
Individuals must have the right to identify themselves via pseudonym unless prohibited to by law or unless it is impracticable for the entity to deal with individuals who have used a pseudonym.
Principle 3 – Collection of personal information
Personal information may only be collected that is relevant for the function of the entity.
Principle 4 – Dealing with unsolicited personal information
Information that an entity receives about a person that is unsolicited must deal with that information in specific ways. Refer to the link above.
Principle 5 – Notification of the collection of personal information
The principle explains the obligations on the entity in the event that personal information is collected that the person may not know about.
Principle 6 – Use or disclosure of personal information
Relates to the requirement for personal information to not be disclosed for any purpose other than that for which it was given. (Unless consent has been gained)
Principle 7 – Direct Marketing
An entity may not use personal information for direct marketing. However there are exceptions.
Principle 8 – Cross-border disclosure of personal information
Before passing on personal information to an overseas recipient steps must be taken to ensure that the recipient does not breach the Australian Privacy Principles.
Principle 9 – Adoptions, use or disclosure of government related identifiers
An organization must not adopt a government related identifier of an individual as its own identifier unless certain criteria are met.
Principle 10 – Quality of personal information
An entity must take steps to ensure that the personal information that they hold is accurate, up to date and complete.
Principle 11 – Security of personal information
Steps must be taken to keep the information secure from loss, misuse or unauthorized access. When information is no longer needed it should be destroyed or de-identified.
Principle 12 – Access to personal information
If an entity holds personal information about a person, the entity must give the individual access to the information.
Principle 13 – Correction of personal information
If an entity holds personal information they must take reasonable steps to ensure that that information is accurate, up to date, complete, relevant and not misleading.