Cancer Council understands the importance the community places
on confidentiality of individuals' personal and/or sensitive
information. This extends to the collection and management of
information held in our records regarding individuals.
The Privacy Amendment (Private Sector) Act 2000, effective 21
December 2001, sets out guidelines that regulate how private sector
organisations should treat personal and/or sensitive information they
collect, use, handle or store.
What do the National Privacy Principles do?
The NPPs set minimum standards for:
- collection, use and disclosure of personal information which could identify a person
- quality, security and storage of that information
- giving an individual access to their information
- transferring information offshore, and
- special categories of information such as 'sensitive' information and 'health' information.
What's personal information?
- Information or an opinion about an individual whose identity is
apparent or can be ascertained from that information or opinion.
- This includes names, addresses, telephone numbers, age and email address.
What's sensitive information?
This includes information about:
- racial or ethnic origin
- political opinion or association
- trade union or professional association membership
- religious beliefs or philosophical beliefs
- sexual preferences
- criminal record
- health information.
What are the National Privacy Principles?
The National Privacy Principles establish 10 principles to which an
organisation must comply in regard to personal and sensitive
- Collecting information
- Using and disclosing information
- Data quality
- Data security
- Access and correction
- Transborder data flow
- Sensitive information
1. Collecting information
Personal and sensitive information is only collected as is reasonably
necessary to enable Cancer Council to maintain its activities
and deliver services to the community.
Personal information about an individual should only be collected with
the individual's consent. Collection will be undertaken by a method
which is fair, lawful and not unreasonably intrusive. Individuals from
whom personal information is collected are to be made aware of:
- Cancer Council contact details
- the primary purpose for which the information is collected
- any possible secondary purpose for which the information may be used
- the names of the organisations or types of organisations to which we disclose information of any nature (if any)
- the ability of individuals to access the information held on themselves.
2. Using and disclosing information
Information will only be used or disclosed for the primary purpose for
which it was collected. In some instances, information provided by
individuals may be used to keep them better informed about Cancer
Council activities and services, such as by way of a
newsletter. Individuals have the right to opt out of receiving such
Personal information about an individual will not be used or disclosed for a secondary purpose unless:
- the purpose is closely related to the primary purpose and the
individual would reasonably expect the information to be used in that
- the information is health information and its use is necessary for
records or statistical analysis relevant to public health; or
- the individual has consented (recognising the competence to consent); or
- Cancer Council has a legal obligation to disclose personal
information which overrides the provisions of the primary legislation.
Cancer Council will not sell or exchange or release personal information about an individual for commercial gain.
3. Data quality
Reasonable steps will be taken to ensure information collected and used is complete, accurate and up-to-date.
4. Security of information
- Reasonable steps will be taken to protect personal information from misuse, loss, unauthorised use, modification or disclosure.
- Personal information will be destroyed or permanently de-identified
when it's no longer needed for the purpose for which it was collected.
- Cancer Council's website uses secure technology for online transactions to protect credit card information.
- Our websites contain links to other websites. Cancer Council does not accept responsibility for the privacy practices or the
content of linked websites.
5. Openness of information
- Reasonable steps will be taken to allow any person, on request, to
ascertain generally what sort of personal information is held, for what
purpose, how it was collected, stored and used.
6. Accessibility of information
Information held on individuals is accessible to them on request (except
where frivolous and vexatious) and will generally be available free of
charge. Reasonable steps will be taken to ensure the information
provided is accurate and up-to-date.
Identifiers used will be unique to Cancer Council.
To the extent possible, individuals will be given the option of not
identifying themselves when dealing with Cancer Council.
9. Transborder data flow
Cancer Council will not sell, exchange or release personal
information (except when we transfer this information to our national
Cancer Council body or other state Cancer Council organisations for the
purposes of collaborative work).
10. Sensitive information
Cancer Council doesn't collect sensitive information about individuals unless:
- we have the consent of the individual; or
- the information is collected in the course of Cancer Council
activities where the individual is in regular contact in relation to
those activities and the individual understands that the information
will not be disclosed without consent; or
- the information is necessary for research relevant to public
health, compilation or analysis of public health statistics, or the
management or monitoring of a health service and that purpose cannot be
served by collection of non-identified information and it's
impracticable to seek the individual's consent.
- Personal and/or sensitive information will be collected and
maintained on confidential databases maintained by Cancer Council in support of its activities and service provision.
- Staff and volunteers who may have access to personal and/or
sensitive information in the course of their duties will respect its
confidentiality and not disclose the information to any non Cancer
Council third party.
- Breaches of confidentiality by staff will be dealt with in
accordance with the conditions of appointment to the staff of Cancer
Grievance procedure relating to the Privacy Act
- Complaint registered by an individual. This must be in writing.
- Complaint given to the Privacy Manager for assessment
and investigation in consultation with the Chief Executive Officer.
- Written response sent to individual within 7 days of complaint being received.
- If our response is found to be unacceptable to the individual, we may suggest conciliation or arbitration on the matter.
- If the individual makes a formal complaint to the Privacy
Commissioner, the Chief Executive Officer is to be the respondent on
behalf of Cancer Council.