Privacy Framework
Purpose
The purpose of this document is to provide a framework for the Sugarloaf Pipeline Alliance (SPA) on dealing with privacy considerations.
1 Introduction
The Sugarloaf Pipeline Alliance (SPA) is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person.
2 Policy
SPA collects and administers a range of personal information for the purposes of resolving enquiries and complaints and keeping stakeholders affected by pipeline construction informed of activities that may impact them. SPA is committed to protecting the privacy of personal information it collects, holds and administers.
SPA is bound by Victorian Privacy Laws, the Information Privacy Act 2000, as well as other laws, which impose specific obligations when it comes to handling information. The organisation has adopted the respective Privacy Principles contained in the Victorian Privacy Laws as minimum standards in relation to handling personal information.
In broad terms this means that we:
- Collect only information which the organisation requires for its primary function;
- Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
- Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent; and
- Store personal information securely, protecting it from unauthorised access.
3 Procedures
SPA will adhere to the Procedures outlined below.
3.1 Collection
SPA will:
- Only collect information that is necessary for the performance and primary function of the Sugarloaf Pipeline Alliance.
- Notify stakeholders about why we collect the information and how it is administered.
3.2 Use and Disclosure
SPA will:
- Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
- For other uses we will obtain consent from the affected person.
3.3 Data Quality
SPA will:
- Take reasonable steps to ensure the information we collect is accurate, complete, up-to-date, and relevant to the functions we perform.
3.4 Data Security and Retention
SPA will:
- Take reasonable steps to protect individuals' personal information from misuse, loss, unauthorised access, modification or disclosure.
- Keep personal information confidential.
3.5 Openness
SPA will:
- Make this Policy freely available in relevant publications and on the organisation’s website.
3.6 Access and Correction
SPA will:
- Respond to access requests in accordance with the Freedom of Information Act 1982.
3.7 Anonymity
SPA will:
- Give stakeholders the option of not identifying themselves when completing evaluation forms or opinion surveys.
- Making information available to other service providers.
3.8 Responsibility
- SPA’s Management Team is responsible for adopting this policy.
- SPA’s Management Team and all staff members are responsible for the implementation of this policy.
- SPA’s Stakeholder Relations Manager is responsible for monitoring changes in Privacy legislation and for reviewing this policy as and when the need arises.
