Privacy Statement

The Public Interest Advocacy Centre (PIAC) is committed to protecting the privacy of your information. 

Privacy and PIAC: privacy promise

PIAC’s privacy obligations

The Public Interest Advocacy Centre (PIAC) complies with three NSW and Australian Acts that protect privacy:

  • the Privacy Act 1988 (Cth)
  • the Privacy and Personal Information Protection Act 1998 (NSW) and
  • the Health Records and Information Privacy Act 2002 (NSW).

These three laws establish a number of privacy principles, as well as exemptions to those principles.  PIAC has written a plain language summary of the privacy principles below.

The types of personal information PIAC holds

PIAC collects personal information about:

  • people who are legal clients or potential clients
  • people who are seeking advice or referral services
  • third parties involved in legal matters with PIAC’s clients or potential clients
  • individuals’ life stories or experiences for use in policy reports and submissions
  • people who recieve PIAC’s publications, and
  • people who attend PIAC’s training courses.

So that PIAC can assess a person’s eligibility for its services, PIAC may need to know information about a potential client’s income, housing, caring and support situation, language background, indigenous status, and/or disability.

So that PIAC’s lawyers can advise potential clients whether PIAC can act for them, the lawyers also need to know some information about the potential client’s identity, the nature of their matter, and who the other parties are.

When PIAC acts for a client, its lawyers may need to collect personal information about the client from other people, including the client’s health service providers, or government agencies.  PIAC obtains the client’s authority before collecting personal information on their behalf.

PIAC may need to share a client’s personal information with other people, such as the Public Interest Law Clearing House (PILCH), barristers, experts, or other parties to the matter.

PIAC also holds personal information about staff, contractors, student placements and volunteers.

PIAC’s privacy promise

PIAC’s privacy promise is that it will aim for best practice in the handling of personal information, by following the privacy principles below unless authorised by law to depart from them.

Limiting collections

PIAC will only collect personal information if:

  • it is for a lawful purpose that is directly related to one of its functions, and
  • it is reasonably necessary for PIAC to have the information.

PIAC will only collect sensitive* personal information or health information if:

  • PIAC can meet the above tests, and
  • one or more of the following applies:
  • the person has consented
  • the collection is required by law
  • to deal with a serious and imminent threat to any person (and the subject is incapable of giving consent)
  • to establish, exercise or defend a claim
  • to provide a health service
  • it is for research or statistics (and other requirements are met), or
  • it is for the management, funding or monitoring of a health service (and other requirements are met).

Anonymity

PIAC will allow people to receive services from it anonymously, where lawful and practicable.

Unique identifiers

  • PIAC will only identify people by using unique identifiers if it is reasonably necessary for its functions
  • PIAC will only use government-issued identifiers (like unique patient numbers) as its own where required by law or with the person’s consent.

How PIAC collects personal information

  • PIAC will collect personal information directly from the person unless it is authorised, unreasonable or impractical
  • PIAC will not collect personal information by unlawful means
  • PIAC will not collect personal information that is intrusive or excessive
  • PIAC will ensure that the personal information it collects is relevant, accurate, up-to-date, complete, and not misleading.

Notification when collecting

When collecting personal information, PIAC will endeavour to tell the person:

  • who will hold and/or have access to their personal information
  • what it will be used for
  • what other organisations (if any) routinely receive this type of personal information from PIAC
  • whether the collection is required by law
  • what the consequences will be for the person if they do not provide the information to PIAC
  • how the person can access their personal information held by PIAC.

Security safeguards

  • PIAC will take reasonable security measures to protect personal information from loss, unauthorised access, use, modification or disclosure
  • PIAC will ensure personal information is stored securely, not kept longer than necessary, and disposed of appropriately

Transparency

PIAC will enable anyone to know:

  • whether PIAC is likely to hold their personal information
  • the purposes for which PIAC uses personal information
  • how they can access their own personal information

Access

  • PIAC will allow people to access their personal information within 30 days and without unreasonable delay
  • PIAC will only refuse access where authorised by law, and PIAC will provide written reasons

Correction

  • PIAC will allow people to update or amend their personal information, to ensure it is accurate, relevant, up-to-date, complete or not misleading
  • Where possible, PIAC will notify any other recipients of any changes
  • You can let PIAC know if you need your address suppressed

Accuracy

Before using personal information, PIAC will take appropriate steps to ensure that the information is relevant, accurate, up-to-date, complete, and not misleading

Use and disclosure

  • If the personal information is sensitive*, PIAC may use or disclose it:
  • for the primary purpose for which it was collected
  • for another purpose if the person has consented
  • to deal with a serious and imminent threat to any person, or
  • where authorised or required by another law.

If the personal information is not ‘sensitive’, PIAC may use or disclose it:

  • for the primary purpose for which it was collected
  • for a directly related secondary purpose within the reasonable expectations of the person
  • for another purpose if the person has consented
  • to deal with a serious and imminent threat to any person, or
  • where authorised or required by another law.

Disclosure outside NSW

PIAC will only disclose health information outside NSW in limited circumstances.

PIAC will only disclose personal information outside Australia in limited circumstances.

* Sensitive personal information means information about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or union, sexual preferences or practices or criminal record.

More information

For more information about privacy law in Australia, see www.privacy.gov.au

If you have a query about how PIAC handles privacy matters, contact PIAC and ask to speak to the Privacy Officer.

Training

Pin It on Pinterest