1. BCAC will comply with the National Privacy Principles (NPP’s). If there is any inconsistency between this policy and the NPP’s, then the NPP’s prevail.
2. BCAC will only use personal information for the primary purpose for which it is collected. In most cases, the purpose will relate to the spiritual, pastoral, social, educational and administrative functions of the BCAC.
3. BCAC will only use personal information about an individual for a secondary purpose (i.e. something beyond the scope of the primary purpose) if that individual has consented or the use is otherwise permitted by the NPP’s.
4. BCAC will take reasonable steps to keep personal information secure and will, subject to the NPP’s, comply with any request from a person to correct or remove his or her information. BCAC has appointed a Privacy Officer who is responsible for storing, correcting and giving people access to personal information collected about them.
5. Personal information collected by the BCAC may be sensitive information for the purpose of the NPP’s (e.g. information about a person’s religious beliefs). As a non-profit organisation, BCAC is permitted to collect sensitive information without a person’s express consent. However, BCAC will endeavour to seek consent from a person if sensitive information is sought for something other than the primary functions of BCAC described in paragraph 3.
6. The BCAC operating procedures (whether or not they are formalised in a manual) will comply with this policy and the NPP’s.
7. We protect the personal and sensitive information that we have under our control from unauthorised access, improper use or alteration by restricting access to our files and database to only those personnel responsible for their maintenance and use. This is particularly important for personal information relating to children and vulnerable people.
8. The BCAC Privacy Officer will be empowered to receive and deal with any complaint that BCAC has not complied with this policy or the NPP’s.
If you have any questions about this Policy, please contact the BCAC’s Privacy Officer.
The Privacy Officer for the BCAC is Peter Cheung who can be contacted on 0433 643391.
Summary of the National Privacy Principles:
This is only a summary of the National Privacy Principles as they apply to a church but full details can be found on the website: http://www.privacy.gov.au/materials/types/infosheets/view/6583
National Privacy Principles
1. Collection: Collection of personal information must be fair, lawful, not intrusive, necessary for the church’s functions/activities and collected from the individual who has been told the name of the church, the purpose of collection, how to access their personal information and any consequences of not supplying the information.
2. Use and disclosure: Information should only be used or disclosed for the (primary) purpose for which it is collected unless the person has consented, or a person would reasonably expect the information to be used for a secondary purpose that is related to the primary purpose.
3. Data quality: Reasonable steps must be taken to ensure that the personal information collected, used or disclosed is accurate, complete and up-to-date.
4. Data security: Reasonable steps must be taken to protect the personal information held from misuse, loss and unauthorised access, modification or disclosure. Any personal information no longer needed should be destroyed or permanently de-identified.
5. Openness: The church must have a document, available on request, of its personal information management policy.
6. Access and correction: If a church holds personal information about an individual, it must provide the individual with access to the information on request. (There are certain exceptions to this rule relating to any serious threat/unreasonable impact on others, legal proceedings/ investigations etc.)
7. Identifiers: The church must not adopt, use or disclose any identifier assigned by a government agency e.g. a Tax File number, Medicare number.
8. Anonymity: Individuals must be given the option of operating anonymously wherever lawful and practicable.
9. Trans-border data flows: The church must not transfer personal information to someone in a foreign country without the individual’s consent or if it would not have protection consistent with the NPP’s.
10. Sensitive information: An organisation must not collect sensitive information about an individual unless the individual has consented, the collection is required by law; or the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual.