The Victorian Public Sector Commission is aligned with the Victorian Government Privacy Statement.
The Commission is committed to ensuring it maintains responsible and transparent information handling practices. This policy refers to the use and management of personal and health information collected by the Commission.
Personal and health information held by the Commission is managed in accordance with the Public Records Act 1973, Privacy and Data Protection Act 2014, Health Records Act 2001 and as required by other laws.
This policy is reviewed and updated every 5 years or earlier if required. It was last reviewed in May 202
Definitions
Personal information
Personal information is information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Examples of personal information include a person’s name, sex, date of birth, address, financial details, marital status and education and employment history.
Personal information does not include information of a kind to which the Health Records Act 2001 applies.
Sensitive information
Sensitive information is information about an individual’s racial or ethnic origin, political opinions and membership of political associations, religious or philosophical beliefs, sexual preferences or practices, criminal record, or membership of a professional or trade association. The law puts special restrictions on its collection.
Health information
Health information is personal information or an opinion about a living or deceased individual’s:
- physical, mental or psychological health
- disability
- expressed wishes about the future provision of health services to them
- access of a provided health service, or service to be provided to an individual
Principles contained in the Health Records Act 2001 will apply to the collection, use, storage and disclosure of health information.
Our function
The Victorian Government has vested the Victorian Public Sector Commission with functions designed to enhance the performance of the public sector in line with the Public Administration Act 2004 (Vic). The key functions of the Commission are to:
- strengthen the efficiency, effectiveness and capability of the public sector in order to meet existing and emerging needs and deliver high-quality services; and
- maintain and advocate for and report on public sector professionalism and integrity.
The Commission programs and services include data collection and analysis, research, reporting, organisational and industry segment reviews, formulation of public sector codes and standards, workforce strategy and management and, executive leadership assessment and development. To undertake these functions, the Commission collects, holds and uses personal and health information as necessary.
Some of the Commission’s functions are carried out in consultation with other public sector organisations or contracted service providers.
Who this policy applies to
This policy applies to all Commision employees and contractors. The Commission undertakes that all its employees and contractors will:
- collect, use and disclose only personal or health information that is necessary for the performance of their work or required by law. For sensitive information employees will first seek the consent of the individual(s) concerned and make sure that the information is accurate, complete and up to date
- take reasonable steps to protect personal or health information from misuse and loss, and from unauthorised access, modification or disclosure
- advise people that they have a right to access their personal or health information and make corrections to it
- not act in a way or engage in a practice that contravenes the Privacy and Data Protection Act 2014, the Health Records Act 2001 or any other relevant law.
How we comply with privacy legislation
All areas of the Commssion must comply with privacy legislation at all times, except in certain situations. These situations include where:
- the provisions of another governing Act are more specific about how information should be managed
- information relates to a generally available publication, for example, websites, or publicly accessible directories
Specific areas of the Commission may have additional privacy policies that explain in more detail their information management practices and how records are managed in accordance with privacy legislation.
What information we collect
The Commission collects personal and health information for statutory and administrative reasons. Typical collections include:
- solicited and unsolicited correspondence from the public
- applications, enquiries, submissions, surveys and complaints
- details of staff, volunteers, visitors, committee members and statutory office holders
- research data
Where lawful and practicable an individual may be anonymous when interacting with the Commission, no identifying details will be collected.
How we use collected information
The Commission uses and provides to other people or organisations, personal or health information for the purposes it collected it.
Occasionally, the Commission may be authorised by law to use or provide personal or health information to others for other purposes. In other situations, an individual’s consent may be sought to use or provide personal information to others.
The Commission only assigns or adopts a unique identifier (e.g. employee number) for an individual if it is necessary, authorised by law or with consent. The Commission ensures any transfer of personal or health information outside Victoria is in accordance with privacy legislation.
The Commission takes reasonable steps to ensure that personal and health information held is accurate, complete and up-to-date. Usually, the Commission relies on individuals to provide accurate and current information to the Commission in the first instance, and to notify when circumstances or details change.
How we keep information secure
All areas of the Commission have security measures aimed at protecting personal and health information from misuse, loss, unauthorised access or disclosure.
The stored information is also archived in accordance with the Public Records Act 1973, which determines when it is appropriate to retain or dispose of it.
The Commission periodically reviews its ongoing need to collect and keep personal information.
Accessing information held by us
Where appropriate an individual may ask for access to their personal or health information, without having to make a formal request under the Freedom of Information Act 1982 (Vic) (FOI Act).
In some situations, such access outside the FOI Act will not be appropriate, and an individual will have to make a formal FOI request. (For example, if a third party’s privacy is involved).
Individuals can access information held about them by the Commission by:
- directly contacting the area of the Commission that has the information
- contacting the Commission’s Corporate Services team
- under the Freedom of Information Act 1982 where appropriate.
Breaches of this policy
Information privacy complaints can be made verbally or in writing to the Commission’s Corporate Services Manager. If the complaint is complex, the complainant will be invited to submit their complaint in writing.
Following receipt of a privacy complaint, the below actions will occur simultaneously or in quick succession:
- breach containment and preliminary assessment/investigation
- evaluation of the risks associated with the breach
- notification to appropriate delegates and authorities.
The Commission will endeavour to make a decision on all verbal complaints within 5 working days, and written complaints within 20 working days. The Corporate Services Manager will confirm the assessment and outcome to the complainant in writing. This may include accepting the complaint in full or part, declining to allow the complaint or referring the complaint to the Office of the Victorian Information Commissioner.
Information privacy complaints are recorded in a Privacy Complaints Register, maintained by Commission’s Corporate Services branch.
Any breach of the policy by Commission employees may result in disciplinary action being taken by the Commission. In addition, a breach of this policy may constitute a breach of the Code of Conduct.
To find out more or make a complaint
The Commission undertakes to investigate and resolve privacy complaints with fairness, integrity and respect for the rights of the individual.
If you have a privacy complaint or wish to discuss our information handling practices further please contact the Corporate Services Manager:
Manager, Governance and Corporate
Victorian Public Sector Commission
Postal: 3 Treasury Place, East Melbourne, Victoria 3002
Phone: (03) 9651 1842
Email: info@vpsc.vic.gov.au
Detailed information and resources, including how to make a complaint about an act or practice regarding interference with information privacy, are available from:
Office of the Victorian Information Commissioner
Postal: PO Box 24274, Melbourne, Victoria 3001
Phone: 1300 006 842
Email: enquiries@ovic.vic.gov.au
Website: www.ovic.vic.gov.au
Health Complaints Commissioner
Postal: Level 26, 570 Bourke Street, Melbourne Victoria 3000
Phone: 1300 582 113
Email: hcc@hcc.vic.gov.au