IPP1 |
Collection |
- Collect personal information necessary for Council's functions or activities, by lawful, fair and reasonable means and preferably collect it from the individual concerned.
- At or near the time of collection notify the individual of why it is being collected, what usual disclosures may be made, if the collection is required by law and their right to access the information.
|
IPP2 |
Use and disclosure |
- Use or disclose information for the primary purpose collected or for a related secondary purpose an individual would reasonably expect, where the individual consents, for law enforcement purposes, where required by law or for other prescribed exceptions.
- Where disclosure is for law enforcement a written note should be made of the disclosure.
|
IPP3 |
Data quality |
Take reasonable steps to ensure personal information is accurate, complete, up-to-date and relevant. |
IPP4 |
Data security |
- Take reasonable steps to protect personal information held from misuse, loss, unauthorised access, modification or disclosure.
- Destroy or permanently de-identify (if possible) information no longer required.
- Provisions dealing with retention in other Acts, such as Public Records Act, apply to the public sector.
|
IPP5 |
Openness |
- Document clearly expressed policies on the management of personal information and steps individuals have to take to access personal information.
- Make policies available to anyone who asks. On request, take reasonable steps to let the enquirer know, generally, what sort of personal information is held, for what purposes and how Council collects/manages that information.
|
IPP6 |
Access and correction |
- Administrative procedures for access to personal information under the Freedom of Information Act will apply in the public sector.
- Provide the individual with access to personal information on request by the individual, except to the extent that prescribed exceptions apply.
- If an individual establishes that the information is not accurate, complete and up-to-date, take reasonable steps to correct the information.
|
IPP7 |
Unique identifiers |
- May only assign unique identifiers to individuals if it is necessary to carry out functions efficiently.
- Must not adopt as its own a unique identifier assigned to an individual by another organisation unless prescribed exceptions apply.
|
IPP8 |
Anonymity |
Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with an organisation. |
IPP9 |
Transborder data flows |
May transfer personal information about an individual to someone (other than Council or the individual) outside Victoria only if prescribed conditions apply. |
IPP10 |
Sensitive information |
Must not collect sensitive information about an individual, such as ethnicity or criminal record, unless prescribed exceptions apply. |