 |
A Privacy Code of Practice (for Local Government) has been approved by the Attorney General and is binding on all local government authorities. The Code modifies the privacy principles and the public register provisions of the Privacy Act and will better enable councils to fulfil their statutory duties whilst still complying with the Act.
PlanCouncil’s Privacy Management Plan (PMP) incorporates the departures brought about by the Privacy Code of Practice (Local Government) and details privacy policies and procedures. The Plan deals with;-
Under the Act, personal information means any information or opinion about an individual whose identity is apparent or can be reasonably ascertained from the information. This definition covers not only traditional ideas of data storage such as paper files, but also electronic records, video recordings, photographs and genetic material. A person does not have to be clearly identified by the information, it is only necessary that their identity can reasonably be ascertained from the information. Whilst the definition of personal information is very broad, the Act excludes certain types of information from the definition. The most significant exceptions are:
Information is protected by a number of information protection principles contained within the Act. In general terms, the principles apply to the way material is collected, stored, used and disclosed. A summary of the information protection principles appears at the end of this document. It should be noted that the privacy legislation relates to personal information only.
* Notwithstanding the above, a person may stipulate that access to his/her own personal information be provided under the PPIPA.
The register required to be kept under the Companion Animals Act, 1998 is not considered to be a public register in terms of the PPIP Act.
The Privacy Code allows councils to depart from the requirements of the Act in the following ways.
Council may allow any person to inspect a Public Register (and obtain a copy of a single entry or a page of that register) without requiring the person to provide a reason for access and without having to determine if the proposed use is legitimate
Council may disclose (by way of access, copy or sale) whole or substantial parts of a Public Register, provided the name and addresses of all current and previous property owners and/or applicants are not disclosed
The Code allows some discretion with respect to public access (sale/copy) to whole or substantial parts of a Public Register. However, having regard to the intention of the Act and the potential for inappropriate use, Council will continue with the current practice whereby bulk property data will be made available for purchase but listings will not include personal information.
Whilst staff are no longer required to ask a person why they want personal information from a Public Register, access should still be refused where a particular use is known to be inappropriate. Staff can require the applicant to complete a statutory declaration prior to providing any information if it was thought to be appropriate in any particular case. Statutory declarations are available from Counter Services staff at Nowra and Ulladulla offices. Completed declarations should be forwarded to the Records Section for registration and filing.
According to the Privacy Commission most public concern about privacy breaches from councils relate to personal information disclosed from the Rate Record. Whilst the Rate Record has been used for the purpose of these guidelines the examples of information ‘usage’ given would generally relate to other registers held by Council.
The primary purpose of Rate Record is to record the value of a parcel of land and record rate liability in respect of that land. The secondary purpose includes recording the owner or lessee of each parcel of land. Due to the emphasis on local government processes and information being open and accountable, it is considered that a secondary purpose for which all public registers are held includes the provision of access to members of the public. Of course only the minimum amount of personal information should be disclosed in regard to any request.
Legitimate Council use would include;
Information should continue to be made available to other government agencies where it is to be used for legitimate purposes. Council regularly receives requests for ownership and property details where owner notification or contact (individual or multiple) is required or considered appropriate.
Applications for personal information from a register (bulk listings etc) should be in writing and proposed use should be clearly stated. The use should always relate to activities associated with the functions of that agency. (eg DUAP, Waterways, National Parks & Forestry). Other government agencies such as Centrelink and Veterans Affairs will be provided with information where there is a legal requirement to do so.
One of the main reasons for including public register provisions in privacy legislation was to provide a means of addressing widespread public concerns over the commercial sale of council information. It was generally felt that the information was being used for a reason that had no clear relationship to the reasons for which it was collected. The use of information for marketing purposes therefore needs to be distinguished from legitimate professional use by valuers and real estate agents.
With regard to the sale of bulk data (Rate Record and Building/Development Statistics), Council has taken steps to remove all personal information (names & mailing addresses) from lists and subscribers have been advised accordingly. Lists containing property information only, will continue to be made available for inspection or purchase.
Land transfer notices have traditionally been made available for the inspection of Valuers. It is recognised that the names of vendors and purchasers are required in order that valuers can establish whether the price reflects an arms length sale or not. Whilst councils are not the only source of this information this is considered to be a legitimate use and Council will therefore allow this access to continue.
As mentioned there is no longer any requirement to establish a use prior to disclosing personal information. However there will be occasions where staff will need some guidance in regards to legitimate and inappropriate use. Legitimate uses would include those relating to;
Whilst inappropriate uses are more difficult to define, examples could include;
There will no doubt be occasions when a valued judgement with respect to disclosure will need to be made, however most requests will fall within the examples given. If staff have any difficulty in this regard the advice of the Information Officer should be sought.
The Act gives people a right to have their personal details hidden or removed from a public register where they can show that the safety or well-being of any person might be affected if the information was to remain on the record. Council must suppress the information unless it is satisfied that the public interest in maintaining public access to the information outweighs any individual interest.
A number of legal remedies are available to people who feel they have had their privacy breached. The aggrieved person may lodge a complaint with the Privacy Commissioner or apply to Council for a review of the conduct which is the subject of the complaint. Legal remedies are available when a public sector agency:
There are five possible things an agency can do about a complaint. It can:
If the complainant is not satisfied with the Council’s findings or what Council proposes to do, they can appeal to the Administrative Decisions Tribunal. One of the more significant orders the Administrative Decisions Tribunal can make is awarding damages of up to $40,000 to the person making the complaint, where that person has suffered financial loss or was physically or psychologically injured.
The Act details offences for corruptly dealing with personal information. Harsh penalties (up to a maximum of $11,000 and 2 years in prison) can be given if public sector officials, including former public sector officials, deliberately disclose, or offer to supply personal information outside of their lawful powers. Penalties also apply to any other persons who induce or attempt to induce a public sector official to act in this way (eg bribes and other such conduct).
Further information may be obtained by contacting the Privacy Officer, Rob McLean on extension 3366.
The information protection principles are summarised as follows:-
If collected from an individual reasonable steps must be taken to ensure that, before collection or soon after, the individual is aware of:
In holding information Council must ensure that:-
Council must take such steps as are reasonable to enable any person to ascertain:
Council must provide access to information to an individual to whom the information relates
Personal information (of the individual concerned) must be amended on request (so as to ensure accuracy)
Personal information must not be used unless, prior to use, reasonable steps have been taken to ensure its accuracy
Personal information must not be used for any purpose other than the purpose for which it was collected unless:
