Who does this apply to?
All Red Dust personnel, and in particular those involved in the collection, use, disclosure, and storage of personal (including sensitive) information. Note: This policy does not address specific privacy obligations associated with State or Territory Legislation or contracted funding obligations. Such specific obligations are additional to this policy.
Legislation 1988 Commonwealth Act
In 1988 the Commonwealth Government enacted the Privacy Act 1988 (Privacy Act) which established eleven “Information Privacy Principles” that Commonwealth Government departments and agencies were obliged to follow in handling personal information.
In December 2000, the Privacy Amendment (Private Sector) Act 2000 (Cth) was passed with the effect that all organisations (including a company, trust, unincorporated association, individual, or partnership) would be required to comply with ten “National Privacy Principles”.
2012 Amendment and Australian Privacy Principles
The Privacy Act was substantially amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which came into effect in April 2014 and introduced 13 Australian Privacy Principles (APPs).
These Principles apply to the handling of personal information by most Australian and Norfolk Island Government agencies and qualifying private sector organisations.
2017 Notifiable Data Breaches Scheme
In February 2017, the Privacy Amendment (Notifiable Data Breaches) Act 2017 was passed with effect from 22 February 2018. This scheme required regulated entities to notify individuals and the Australian Information Commissioner about data breaches that are likely to result in serious harm to any of the individuals to whom the information which was the subject of the breach, relates.
The Australian Privacy Principles (APPs)
The Australian Privacy Principles (APPs) are the cornerstone of the privacy protection framework in the Privacy Act. Red Dust strives to adhere to these principles.
There are 13 APPs that govern standards, rights, and obligations of agencies around:
• The collection, use, and disclosure of personal information
• The integrity and correction of personal information
• The rights of individuals to access their personal information
• Personal information is defined in the Privacy Act to mean:
‘Any information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.’
While Red Dust must apply all 13 APPs, the following most commonly affect the core work of Red Dust.
APP 3 — Collection of solicited personal information Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of sensitive information. Red Dust may only collect personal information if it is reasonably necessary for, or directly related to, one of Red Dust’s functions. Sensitive information may only be collected with the individuals’ consent or if the collection is authorised by or under an Australian law or a court/tribunal order. Similarly, personal information must be collected only from the individual unless the individual consents to the collection by other means.
APP 6 —Use or disclosure of personal information outlines the circumstances in which an APP entity may use or disclose personal information that it holds. For Red Dust to use (analyse) or disclose (share or release) personal information that we hold, either the individual must have consented to us doing so or the use or disclosure is authorised by or under an Australian law or a court/tribunal order.
APP 11 — Security of personal information An APP entity must take reasonable steps to protect the personal information it holds from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. An entity has obligations to destroy or de-identify personal information it no longer needs.
Red Dust manages and delivers its compliance with the Privacy Act through two specific documents:
• This document
Red Dust may collect a broad range of personal information which includes but is not limited to:
• Red Dust personnel
• Family and family support
• Financial, health or other case notes and records
• Historical records
• Events and camps
• Rolls, registers, records, and corps directories
Complaints and feedback