Inappropriate Workplace Behaviour Line is an independent complaints reporting service provided by Worklogic Pty Ltd for employees of The University of Melbourne.
Worklogic Pty Ltd values the privacy of every individual’s personal and health information and is committed to protecting the information it holds and uses about all individuals who provide personal information to Worklogic Pty Ltd.
This policy outlines how Worklogic Pty Ltd intends to handle personal and health information. Worklogic Pty Ltd is required to comply with a number of privacy laws operating throughout Australia, including the Privacy Act 1988 (Cth), and the Health Records Act 2001 (Vic) (“Privacy Laws”). The Privacy Laws regulate how personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal. It applies to any personal information or health information that a person provides to Australian campuses of Worklogic Pty Ltd.
The policy is based on the following principles:
- Worklogic Pty Ltd supports responsible and transparent handling of information;
- Worklogic Pty Ltd respects an individual’s right to know how his or her personal information will be used, stored and disposed; and
- It is a necessary condition for Worklogic Pty Ltd to participate in global e-communications and e-transactions.
The Privacy Act 1988 (Cth) sets out ten National Privacy Principles (NPPs) and the Health Records Act 2001 (Vic) sets out 11 Health Privacy Principles (HPPs). These principles concern the way in which information is collected, used, handled, disclosed and disposed.
Worklogic Pty Ltd has established a privacy regime that strives to:
- Ensure that Worklogic Pty Ltd and its staff comply with the privacy laws;
- Promote an understanding and acceptance of the privacy principles and their objectives throughout the Worklogic Pty Ltd community
- Educate people within Worklogic Pty Ltd about information privacy
- Handle any complaints received in an efficient and appropriate manner
- Monitor privacy compliance and keeps Worklogic Pty Ltd informed of updates to procedures
This policy explains Worklogic Pty Ltd’s approach towards protecting the privacy of an individual’s personal and health information.
All employees of and consultants to Worklogic Pty Ltd.
Operative from 1 January 2008.
1.1 Health Information:
Personal Information or an opinion about
- the physical, mental or psychological health (at any time) of an individual
- a disability (at any time) of an individual
- an individual’s expressed wishes about the future provision of health services to him or her
- a health service provided or to be provided to an individual
and also includes
- other personal information collected to provide or in providing, a health service
- other personal information about an individual collected in connection with the donation or intended donation by the individual of his or her body parts, organs or body substances
- other personal information that is genetic information about an individual in a form which is or could be predictive of the health (at any time) of the individual or of any of his or her descendents
An identifying name or code (usually a number) assigned by an organisation to an individual to uniquely identify that individual for the purposes of the operations of the organisation. This does not include an identifier that consists only of the individual’s name
1.3 Personal Information:
Information or an opinion (including information or an opinion forming part of a database) that is recorded in any form and whether true or not about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.
The Health Records Act excludes from its definition of personal information, information about anyone who has been dead for more than 30 years.
The Health Records Act includes information that is not recorded in a material form.
1.4 Primary Purpose:
A primary purpose is one for which the individual concerned would expect their information to be used. Using the information for this purpose would be within their reasonable expectations.
1.5 Secondary Purpose:
A secondary purpose may or may not be apparent to the individual concerned, or within their reasonable expectations. Collecting the information may be mandatory (because required by law) or optional. The main distinction is that the service could still be provided even if the secondary purpose were not served.
1.6 Sensitive Information:
Information or an opinion about an individual’s-
- Racial or ethnic origin
- Political opinions
- Membership of a political association
- Religious beliefs or affiliations
- Philosophical beliefs
- Membership of a professional or trade association
- Membership of a trade union
- Sexual preferences or practices
- Criminal record
that is also personal information.
2.0 Collection of Personal Information
2.1 To the extent required by the Privacy Laws:
- Worklogic Pty Ltd will not collect personal information about an individual unless that information is necessary for one or more of its functions.
- Worklogic Pty Ltd will collect personal information about an individual only by lawful and fair means and not in an unreasonably intrusive manner.
2.2 When Worklogic Pty Ltd collects personal information directly from an individual (for example in the course of a workplace investigation), Worklogic Pty Ltd will take reasonable steps at or before the time of collection to ensure that the individual is aware of:
- certain key matters, such as the purposes for which Worklogic Pty Ltd is collecting the information;
- the organisations (or types of organisations) to which Worklogic Pty Ltd would normally disclose information of that kind;
- the fact that the individual is able to access the information; and
- how to contact Worklogic Pty Ltd.
2.3 Worklogic Pty Ltd will collect personal information directly from an individual where it is reasonable and practicable to do so. Where Worklogic Pty Ltd collects information about an individual from a third party (for example if a witness authorises a spouse or partner to provide information on their behalf), Worklogic Pty Ltd will still take reasonable steps to ensure that the individual is made aware of the details set out above
2.4 While Worklogic Pty Ltd generally collects personal or health information directly from the relevant individual, in some cases we may collect it from a third party, such as a temporary employment agency or a contractor.
2.5 The main function of Worklogic Pty Ltd is to provide consultancy services. Some information collected by Worklogic Pty Ltd is used for internal and confidential statistical purposes.
2.6 If an individual chooses not to provide the information requested, Worklogic Pty Ltd may not be able to provide services to that individual or their employer.
Use and Disclosure
3.0 Use and Disclosure of Personal Information
3.1 Worklogic Pty Ltd has a duty to maintain the confidentiality of personal and health information of all individuals. To the extent required by the Privacy Laws, Worklogic Pty Ltd will only use or disclose personal information for a secondary purpose other than the primary purpose for which it was originally collected where:
- the secondary purpose is related to the primary purpose (or is directly related, in the case of sensitive information or health information), and a person would reasonably expect Worklogic Pty Ltd to use or disclose the personal information for that secondary purpose; or
- a person has consented to the use or disclosure of their personal information for the secondary purpose; or
- the use or disclosure is required or authorised by or under law; or
- the use or disclosure is otherwise permitted by the Privacy Laws.
4.0 Security and Quality of Personal Information
4.1 Worklogic Pty Ltd is committed to ensuring that personal information is held securely. To the extent required by the Privacy Laws, Worklogic Pty Ltd will take reasonable steps to:
- ensure that any personal information Worklogic Pty Ltd collects, uses and discloses is accurate, complete and up to date;
- protect the personal information that Worklogic Pty Ltd holds from misuse, loss, unauthorised access, modification or disclosure: and
- destroy or permanently de-identify personal information when required by the Privacy Laws.
4.2 Personal information may be stored in hard copy documents, as electronic data, or in Worklogic Pty Ltd’s software or systems. Some of the ways Worklogic Pty Ltd seeks to protect personal information include the following:
- confidentiality requirements on the use of information by Worklogic Pty Ltd’s employees
- policies on document storage and security
- security measures for access to Worklogic Pty Ltd’s computer systems
- controlling access to Worklogic Pty Ltd’s premises
- web site protection measures.
4.3. Employees must help Worklogic Pty Ltd keep the personal information that it holds accurate, complete and up to date.
5.0 Access to Personal Information
5.1 To the extent required by the Privacy Laws, Worklogic Pty Ltd will, on request, provide individuals with access to information it holds about them, unless there is an exception that applies under the National Privacy Principles or Health Privacy Principles such as:
- access would pose a serious threat to the life or health of any individual;
- access would have an unreasonable impact on the privacy of others;
- the request is frivolous or vexatious;
- the information relates to commercially sensitive decision making process;
- access would be unlawful or denying access is required or authorised by law (e.g. Worklogic Pty Ltd has a duty of confidentiality and will not provide access to personal information about you if it will breach that duty);
- access would prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security function, or negotiations with the individual; or
- the information is to be used for legal dispute resolution proceedings
5.2 If Worklogic Pty Ltd doesn’t provide an individual with access, the individual will be provided with written reasons for the refusal and informed of any exceptions relied upon.
5.3 Any request to provide information will be dealt with in a reasonable time and Worklogic Pty Ltd may recover from an individual the reasonable cost of accessing and supplying this information.
6.0 Commonwealth and State Government Identifiers
6.1 Except to the extent permitted by the Privacy Laws, Worklogic Pty Ltd will not use Commonwealth or State government identifiers as its own identifier nor will it disclose such identifiers to anyone else.
6.2 Worklogic Pty Ltd will only assign identification numbers or other identifiers to individuals if the assignment of identifiers is reasonably necessary to enable it to carry out its functions efficiently. For example, an acronym or initials might be assigned to an individual in an investigation report, to protect that individual’s privacy.
7.1 Worklogic Pty Ltd will provide an individual with the option of not identifying who they are when it is lawful and practicable to do so. The nature of the business carried on by Worklogic Pty Ltd means that, generally, it is not possible for Worklogic to provide services to its clients or otherwise deal with witnesses or other individuals in an anonymous way.
Transborder Data Flows
8.0 Transborder Data Flows
8.1 Worklogic Pty Ltd may transfer your personal information overseas where it is necessary to do so, for example where an investigation is commissioned by an employer that resides overseas. If Worklogic Pty Ltd transfers personal information outside Victoria, Worklogic Pty Ltd will comply with the relevant requirements of those Privacy Laws that relate to transborder data flows outside Victoria.
8.2 This stipulates that the recipient of the information must protect privacy of personal information to a similar standard as the NPPs.
Obligations of Staff
9.0 Obligations of staff
9.1 When a staff member provides Worklogic Pty Ltd with personal and health information about other individuals, Worklogic Pty Ltd relies on that person to have made the other individuals aware:
- That their information will or may be provided to Worklogic Pty Ltd
- Of the types of third parties to whom Worklogic Pty Ltd may provide that information,
- Of the relevant purposes of the information, and
- How they can access it.
If it is sensitive information Worklogic Pty Ltd relies on the staff member to have obtained consent from the other individuals to the above uses.
9.2 If a staff member collects, uses, discloses or handles personal information on Worklogic Pty Ltd’s behalf, the staff member must meet the relevant requirements of the National Privacy Principles set out in the Privacy Act 1988 (Cth), and the Health Privacy Principles set out in the Health Records Act 2001. Staff members must only collect, handle, use, disclose and store the information for the agreed purposes only.
To stop receiving Worklogic material
10.0 Opting out of receiving material produced by Worklogic Pty Ltd
10.1 If a staff member does not wish to receive Worklogic Pty Ltd’s publications, then the staff member can opt out by sending an email to Worklogic Pty Ltd’s Privacy Officer on firstname.lastname@example.org or by contacting Worklogic Pty Ltd’s Privacy Officer on 03 9981 6577.
Contacting and/or complaining to Worklogic Pty Ltd about its privacy practices
11.0 How to contact Worklogic Pty Ltd regarding privacy issues
11.1 Contact details for the Privacy Officer are as follows:
Worklogic Pty Ltd
Level 3, 620 Bourke Street, Victoria 3000
Phone: 03 9981 6577
Fax: 03 9640 0742
11.2 If a staff member or other individuals has any privacy issues that he or she would like considered by Worklogic Pty Ltd, the person may contact the Worklogic Privacy Officer (above). The Privacy Officer will undertake a preliminary investigation of the issue and report back to the person who raised the issue, and his or her view of whether there has been a breach of this policy or one or more of the National Privacy Principles or Health Privacy Principles. The Privacy Officer will also indicate what action, if any, Worklogic Pty Ltd will take to rectify the situation.
11.3 If the staff member or other individual is not satisfied with the response of the Privacy Co-ordinator, the individual should write a formal complaint setting out the details of the alleged breach and send it to Worklogic Pty Ltd’s Privacy Officer for consideration. The Privacy Officer will conduct a further investigation and will report back to the person who raised the issue, his or her view of whether there has been a breach of this policy or one or more of the National Privacy Principles or Health Privacy Principles. The Privacy Officer will also indicate what action, if any, Worklogic Pty Ltd will take to rectify the situation.
12.0 Breach of this policy
12.1 If a staff member breaches this policy, depending on the circumstances, it may be regarded as misconduct or poor performance and this may result in action being taken in accordance with the provisions set out in the employee’s contract of employment.
Change of Policy
13.0 Change of Policy
Relevant Australian Legislation, Policies and Associated Documentation
- Privacy Act 1988 (Cth)
- Health Records Act 2001 (Vic)
14.2 Associated Documentation
- Worklogic Pty Ltd employment agreements
- Worklogic Pty Ltd Terms of Engagement for clients
- Worklogic Pty Ltd “Guide for Participants in Investigations” and other pro-forma information provided to participants in Pty Ltd projects