- Purpose and Objectives
- Privacy Act 1988 – Australian law which regulates the way personal information about individuals is handled including the collection, use, storage and disclosure of that information.
- Notifiable Data Breach scheme – The Notifiable Data Breach scheme is the reporting of eligible data breaches to the Office of Australian Information Commissioner (OAIC). The scheme comes into effect from 22nd February 2018 through amendments to the Privacy Act 1988.
- Office of the Australian Information Commissioner (OAIC) – an independent Australian Government agency which acts as the national data protection authority for Australia.
- Australian Privacy Principles – outline how Australian and Norfolk Island Government agencies, all private sector and not for profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses must handle, use and manage personal information.
- Personally Identifiable Information – any data that could potentially identify a specific individual. Any data that can be used to distinguish one individual from another.
- Confidentiality – is the protection of personal information. Maintaining confidentiality means keeping client, patient, customer and or organisation information to yourself and not telling others the information.
- Sensitive Information – the type of personnel information that includes information about an individual’s health, racial or ethnic origin, political opinions, membership of a political association, professional or trade association or trade union, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices, criminal record, biometric information used for certain purposes or biometric templates.
- Spam Act 2003 – the Spam Act 2003 has been implemented to provide guidelines around spam, what is defined as spam, how spammers will be penalised and at what point bulk notifications to others will be identified as spam.
- Policy Content
The Australian Privacy Principles set out how businesses handle individuals’ personal information. It is the policy of SMIKTECK to follow and comply with the privacy principles set out in the Privacy Act 1988.
- Collection of personal information
SMIKTECK may receive and store personal information you enter on our website or through other marketing channels.
Information may be provided through feedback, through the provision of services, response to surveys and promotions, use forms on the website to make contact, customer service/service provision communications. The information collected may be your name, email address, phone number, address details or information related to your service.
Information may be collected electronically, in person or through telephone conversations.
- Open and transparent management of personal information.
SMIKTECK will ensure compliance with the Privacy Act 1988 and Australian Privacy Principles through the implementation of this policy and the sharing of the policy with clients, associates, stakeholder and the general public where requested. SMIKTECK will take all reasonable steps to ensure the transparent management of personal information.
- Use or disclosure of personal information.
SMIKTECK will not disclose any personal information collected or held through the provision of service. It is the policy of SMIKTECK to take all reasonable steps to ensure that all personal information held is secure and accessed only by those who use the information for the provision of service either within the organisation or through the shared delivery with a third party provider. SMIKTECK will only disclose relevant information to another provider for ongoing provision of service and where there has been permission provided or where there is the expectation that the information will be shared with another provider for the ongoing provision of service.
Where information held by SMIKTECK is to be used for compliance, reporting or statistical reasons, all information will be de-identified before it is used in these ways.
- Security of personal information
SMIKTECK will take all reasonable steps to ensure the security of all personal and sensitive information that is collected, used and held within the organisation. SMIKTECK will input all reasonable security solutions to provide best practice security throughout the organisation and its operations. Through the implementation of enterprise grade, best practice security features, SMIKTECK will develop a security culture among all staff and associates of the organisation.
Security measures may include, but not limited to:
- Access controls policies and procedures
- Password policies and protocols
- Business grade virus protection
- Enterprise grade firewall
- Multi-factor authentication
- Regular risk management and assessment policies and procedures
- Managerial procedures
Where third party providers are a part of operations, SMIKTECK will take all reasonable steps to ensure that all data is secure and third party providers operate in a secure, privacy conscious environment.
SMIKTECK has implemented a policy around staff access to data and who has access to what data based on the needs and requirements of their position within the organisation.
Where there is an identified breach of data, SMIKTECK will follow the organisation Notifiable Data Breach policy and any other relevant legislation and guidelines. In brief the steps that will be followed are:
- Contain the breach
- Assess the risks associated with the breach
- Consider notification of the breach if it meets notifiable data breach guidelines
- Review the incident, implement risk minimisation to lower the risk of recurrence.
Where the held data is no longer needed, SMIKTECK will ensure all personal data is de-identified or destroyed in a manner where no identifying part of the data is accessible. SMIKTECK will adhere to the Data Destruction Policy of the organisation.
- Access to your personal information
You may request at any time the details of your personal information that we may hold. Any request may be made in accordance with the provisions of the Privacy Act 1988 (Cth).
If you have any complaints or would like to provide feedback please contact SMIKTECK on 1300 11 7645 or email firstname.lastname@example.org.
- Review Statement
This policy will be reviewed annually as a part of the ongoing review and continuous improvement of all of SMIKTECK policies and procedures. In the case where changes to legislation and regulations that may impact this policy, a review will be carried out within 30 days of the change to legislation, regulation or other regulatory requirements.