What is Privacy All About?
The Privacy Act?
The Privacy Act will apply to:
- All private sector sporting organisations with an annual turnover of more than $3 million; and
- Some sporting organisations with a turnover of less than $3 million.
If your turnover is less than $3 million, the regime will only apply to you if you are:
- A related body corporate of a larger organisation; or
- A dealer in personal information; or
- Involved in providing services to the Commonwealth; or
- A health service provider.
The above definition of organisations that must comply with the new Privacy Laws effectively exempts Pony Club’s although as many Clubs release individual personal information to third parties to obtain a benefit, service or advantage their obligation to comply with the Privacy Laws does exist.
For example, a local sporting club which has a turnover of less that $3million may be required to comply with the legislation if it discloses the personal information of its members to a State/National Body or a sponsor, in return for a benefit, service or advantage from that State/National Body (membership, insurance, right to participate in sanctioned events) or a sponsor (money, contra product).
Privacy Best Practise?
As there are occasions where Pony Clubs provide individual personal information to benefit the Club it is best to ensure that collection, disclosure, storage and disposal of that information is conducted in accordance with Privacy Law standards.
The National Privacy Principles
A brief overview of the 10 National Privacy Principles (NPPs) is set out below. The full text of the NPPs is available on the Privacy Commissioner’s website at www.privacy.gov.au.
- Ensure that the collection of personal information is necessary, that you use lawful and fair means and (where reasonable and practicable) that it is collected directly from the individual.
- Ensure that the individual is told your organisation’s name, the purpose for collection, the types of organisations to which the information is usually disclosed and that the individual can access the information.
Use and disclosure
- Use and disclose personal information only for the purpose that it was collected for, or for a related (or directly related if the information is sensitive) secondary purpose. Exceptions cover specified direct marketing, law enforcement and public safety purposes.
- Obtain consents for the uses or disclosures of personal information for other unrelated purposes.
- Ensure that the personal information you collect, use or disclose is accurate, complete and up-to-date.
- Ensure that all personal information stored is safe from misuse, unauthorised access or disclosure. Where reasonable, destroy or permanently de-identify personal information if it is no longer needed.
- Have a freely available policy summarising your personal information handling practices. Be able to provide more detailed information about those practices upon request.
Access and correction
- Provide individuals with access to the personal information that you hold about them upon request (some exceptions apply). Give them a reasonable opportunity to correct that information
- Do not use or adopt identifiers assigned by Commonwealth government agencies to individuals, eg Medicare numbers.
- Allow individuals the right to remain anonymous when it is lawful and practicable to.
- Ensure that personal information is transferred overseas only to a country with an equivalent privacy regime, or with the individual’s consent, or if the transfer benefits the individual.
- Do not collect sensitive information without a person’s consent (some exceptions apply) eg information about an individual’s health, racial origin, political opinions or affiliations, religious or philosophical beliefs, professional/ trade union membership, sexual preferences or criminal record.