Privacy Policy

Purpose

MBSA (Multiple Birth SA Inc) is committed to protecting the privacy of its members. This policy defines the mandatory privacy requirements for the way in which MBSA collect, use, disclose, store, secure and dispose of Personally Identifiable Information (PII).

Scope of this Document

This policy applies to all MBSA’s information being stored, processed, and transmitted including electronic and hard copy information, within MBSA, between MBSA and other parties including those information assets managed by a related party or a third party.

All MBSA employees, contractors and volunteers acting for or on behalf of MBSA that have access to MBSA information, systems and technology-related assets must follow this policy.

All MBSA employees and volunteers agree to abide by this Policy when they sign the Code of Conduct, and shall not do an act or engage in a practice that is in breach of or is a contravention of the Principles and Requirements.

MBSA contractors must abide by the Information Security requirements as specified in their agreement with MBSA.

Definitions

  • Availability – obtaining access to information when needed by an authorised entity.
  • Confidentiality – how sensitive the information is and limiting access and disclosure to authorised personnel and preventing access and disclosure to unauthorised personnel.
  • Handling – any processes for accessing, transmitting, transferring, storing or disposing of official information.
  • Information asset – a piece of information stored in any manner, which is recognised as ‘valuable to the organisation’.
  • Information owner – the individual or group responsible and accountable for a set of information. The information owner may, at their discretion, assign responsibility for management of the information to another person or group, also known as information custodian.
  • Integrity – how accurate and complete the information needs to be.
  • Personal information – means information or an opinion, whether true or not, relating to a natural person or the affairs of a natural person whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Privacy Principles

This Policy is based on six guiding principles; these principles, in practice, will contribute to the efficient achievement of information security across MBSA.

  1. Collection of Personal Information
  2. Storage of Personal Information
  3. Access to Records of Personal Information
  4. Correction of Personal Information
  5. Use of Personal Information
  6. Disclosure of Personal Information

MBSA shall ensure that the following principles are implemented, maintained and observed for and in respect of all personal information for which MBSA is responsible.

Privacy Requirements

The six guiding principles are reinforced by the following policy statements.

For the purposes of the principles, personal information shall be taken to be collected by MBSA from a person if the person provides that information to MBSA in response to a request by MBSA for that information or for the kind of information in which that information is included.

Collection of Personal Information

  • Personal information should be not collected by unlawful or unfair means, nor should it be collected unnecessarily.
  • MBSA should take reasonable steps to ensure that, before it collects personal information, if that is not practicable, as soon as practicable after it collects personal information, the person is told:
    • the purpose for which the information is being collected (the “purpose of collection”), unless that purpose is obvious;
    • if the collection of the information is authorised or required by or under law – that the collection of the information is so authorised or required; and
    • in general terms, of its usual practices with respect to disclosure of personal information of the kind collected.
  • MBSA should not collect personal information that is inaccurate or, having regard to the purpose of collection, is irrelevant, out of date, incomplete or excessively personal.

Storage of Personal Information

  • MBSA should take such steps as are, in the circumstances, reasonable to ensure that personal information in its possession or under its control is securely stored and is not misused.

Access to Records of Personal Information

  • Where MBSA has in its possession or under its control records of personal information, the record-subject should be entitled to have access to those records in accordance with the Freedom of Information Act 1991.

Correction of Personal Information

  • Where MBSA has in its possession or under its control records of personal information about another person, MBSA should correct it so far as it is inaccurate or, having regard to the purpose of collection or to a purpose that is incidental to or connected with that purpose, incomplete, irrelevant, out of date, or where it would give a misleading impression in accordance with the Freedom of Information Act 1991.

Use of Personal Information

  • Personal information should not be used except for a purpose to which it is relevant.
  • Personal information should not be used by MBSA for a purpose that is not the purpose of collection or a purpose incidental to or connected with that purpose (the secondary purpose) unless:
    • the record-subject would reasonably expect MBSA to use the information for the secondary purpose and the secondary purpose is related to the primary purpose of collection;
    • the record-subject has expressly or impliedly consented to the use;
    • MBSA believes on reasonable grounds that the use is necessary to prevent or lessen a serious threat to the life, health or safety of the record-subject or of some other person;
    • the use is required by or under law;
    • the use for that other purpose is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty or for the protection of the public revenue or for the protection of the interests of the government, statutory authority or statutory office-holder as an employer;
    • MBSA has reason to suspect that unlawful activity has been, is being or may be engaged in, and discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities; or
    • MBSA reasonably believes that the use relates to information about an individual that suggests that the individual has engaged or may engage in illegal conduct or serious misconduct in relation to a person; and
    • MBSA reasonably believes that the use is appropriate in the circumstances; and
      • MBSA reasonably believes that the use is appropriate in the circumstances; and
      • the use complies with any guidelines issued by the Office of the Australian Information Commissioner (OAIC) for the purposes of this clause.
    • MBSA should take reasonable steps to ensure that, having regard to the purpose for which the information is being used, the information is accurate, complete and up to date.

Disclosure of Personal Information

  • MBSA should not disclose personal information about some other person to a third person for a purpose that is not the purpose of collection (the secondary purpose) unless:
    • the record-subject would reasonably expect MBSA to disclose the information for the secondary purpose and the secondary purpose is related to the primary purpose of collection;
    • the record-subject has expressly or impliedly consented to the disclosure;
    • the person disclosing the information believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious threat to the life, health or safety of the record-subject or of some other person;
    • the disclosure is required or authorised by or under law;
    • the disclosure is reasonably necessary for the enforcement of the criminal law, or of a law imposing a pecuniary penalty or for the protection of the public revenue or for the protection of the interests of the government, statutory authority or statutory office-holder as an employer;
    • MBSA has reason to suspect that unlawful activity has been, is being or may be engaged in, and discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities; or
    • MBSA reasonably believes that the disclosure relates to information about an individual that suggests that the individual has engaged or may engage in illegal conduct or serious misconduct in relation to a person; and
      • MBSA reasonably believes that the disclosure is appropriate in the circumstances; and
      • the disclosure complies with any guidelines issued by the Office of the Australian Information Commissioner (OAIC) for the purposes of this clause.