Draft Privacy Management Plan

Share Draft Privacy Management Plan on Facebook Share Draft Privacy Management Plan on Twitter Share Draft Privacy Management Plan on Linkedin Email Draft Privacy Management Plan link

Consultation has concluded

People having a discussion beside a computer

In accordance with the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act), the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act), the Government Information (Public Access) Act 2009 (NSW) (GIPA Act), and the Privacy Code of Practice for Local Government (December 2019), Council is required to review its Privacy Management Plan and make such adjustments as it considers appropriate.

See the document here.

You can also see a copy of the plan at:

  • Council’s Administration Building (Customer Relations Section)
  • Cessnock Public Library
  • Kurri Kurri Library

Amendments

The objective of the review of the Privacy Management Plan is to inform the community of the following significant amendments:

  • A summary of the Information Privacy Principles (IPPs) and Health Privacy Principles (HPPs) – clause 5;
  • Extension of the timeframe for amending one’s ‘Name and Address Record’ from 24 hours to 3 business days due to changes in organisational systems and processes –clause 6.6;
  • Clarification about:
    • the difference between privacy complaints and other categories of complaints clause 7.3;
    • Council’s ability to refer internal reviews to the Privacy Commissioner – clause 7.9;
    • Council’s approach to dealing with anonymity and anonymous customers – clauses 5.16 - 5.17, 10.4;
    • Council’s approach to unsolicited information – clause 11.2;
    • Collecting personal or health information directly or indirectly from an individual, and providing relevant examples 11.6 – 11.8;
    • How Council ensures collected personal information is accurate, up-to-date and complete – clauses 11.34 – 11.35, 11.39, 15.4;
    • Council’s default position to not collecting Individual Healthcare Identifiers – clauses 12.4 – 12.6;
    • The General Identifiers Council collects and uses – clause 16.2; and
    • The definition of sensitive information – clause 16.8;
  • Elaboration of:
    • the functions and operations Council performs, in particular around committees and unreasonable customers, including provision of an example – clauses 11.3 - 11.4, 11.22 – 11.23, 11.36;
    • the documents via which Council collects personal and health information – clause 11.5;
    • the requirement for Council to inform individuals how their information is being used – clause 11.44;
    • the general uses of personal and health information collected by Council – clause 15;
    • Council’s right to seek legal counsel in the context of disclosing personal information – clauses 16.15 – 16.66;
    • additional systems and databases Council uses for information management – clause 17.5;
    • additional Public Registers which contain personal information Council holds – clause 18.5;
    • Council’s approach to receiving personal information via its social media channels – clause 19;
  • Outline of the operations and provision of services by Cessnock Youth Centre & Outreach Service (CYCOS) in the context of collection, use and disclosure of personal and health information – clause 23;
  • Outline of the functions performed by Rangers (clause 24) and Executive Assistants (clause 25) in the context of collection, use and disclosure of personal and health information;
  • Outline of the arrangement Council has entered into with other agencies for the exchange, use and disclosure of personal and health information – clause 26; and
  • Council may refer an internal review to the Privacy Commissioner under section 54(3) PIPP Act to be undertaken by the Privacy Commissioner. This may occur due to a lack of resources, the privacy complaint being concurrent with another type of complaint, or if the complaint relates to actions of senior Council Officials or the Privacy Contact Officer.
  • Updated templates titles, clauses, document categories, timeframes and other references (all throughout the Plan).

See the document here.

How to make a submission

You can make a submission using the online form located below or clicking this link.

Should you intend to make a submission on the draft Plan in writing you, may do so by 5:00pm on 17 January 2023 . Please quote “Privacy Management Plan Review 2022". Submissions should be addressed to The General Manager and can be submitted via:

Ask a question to the team

If you have a question regarding the updated policy, you can ask a question directly to the team using this link.

In accordance with the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act), the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act), the Government Information (Public Access) Act 2009 (NSW) (GIPA Act), and the Privacy Code of Practice for Local Government (December 2019), Council is required to review its Privacy Management Plan and make such adjustments as it considers appropriate.

See the document here.

You can also see a copy of the plan at:

  • Council’s Administration Building (Customer Relations Section)
  • Cessnock Public Library
  • Kurri Kurri Library

Amendments

The objective of the review of the Privacy Management Plan is to inform the community of the following significant amendments:

  • A summary of the Information Privacy Principles (IPPs) and Health Privacy Principles (HPPs) – clause 5;
  • Extension of the timeframe for amending one’s ‘Name and Address Record’ from 24 hours to 3 business days due to changes in organisational systems and processes –clause 6.6;
  • Clarification about:
    • the difference between privacy complaints and other categories of complaints clause 7.3;
    • Council’s ability to refer internal reviews to the Privacy Commissioner – clause 7.9;
    • Council’s approach to dealing with anonymity and anonymous customers – clauses 5.16 - 5.17, 10.4;
    • Council’s approach to unsolicited information – clause 11.2;
    • Collecting personal or health information directly or indirectly from an individual, and providing relevant examples 11.6 – 11.8;
    • How Council ensures collected personal information is accurate, up-to-date and complete – clauses 11.34 – 11.35, 11.39, 15.4;
    • Council’s default position to not collecting Individual Healthcare Identifiers – clauses 12.4 – 12.6;
    • The General Identifiers Council collects and uses – clause 16.2; and
    • The definition of sensitive information – clause 16.8;
  • Elaboration of:
    • the functions and operations Council performs, in particular around committees and unreasonable customers, including provision of an example – clauses 11.3 - 11.4, 11.22 – 11.23, 11.36;
    • the documents via which Council collects personal and health information – clause 11.5;
    • the requirement for Council to inform individuals how their information is being used – clause 11.44;
    • the general uses of personal and health information collected by Council – clause 15;
    • Council’s right to seek legal counsel in the context of disclosing personal information – clauses 16.15 – 16.66;
    • additional systems and databases Council uses for information management – clause 17.5;
    • additional Public Registers which contain personal information Council holds – clause 18.5;
    • Council’s approach to receiving personal information via its social media channels – clause 19;
  • Outline of the operations and provision of services by Cessnock Youth Centre & Outreach Service (CYCOS) in the context of collection, use and disclosure of personal and health information – clause 23;
  • Outline of the functions performed by Rangers (clause 24) and Executive Assistants (clause 25) in the context of collection, use and disclosure of personal and health information;
  • Outline of the arrangement Council has entered into with other agencies for the exchange, use and disclosure of personal and health information – clause 26; and
  • Council may refer an internal review to the Privacy Commissioner under section 54(3) PIPP Act to be undertaken by the Privacy Commissioner. This may occur due to a lack of resources, the privacy complaint being concurrent with another type of complaint, or if the complaint relates to actions of senior Council Officials or the Privacy Contact Officer.
  • Updated templates titles, clauses, document categories, timeframes and other references (all throughout the Plan).

See the document here.

How to make a submission

You can make a submission using the online form located below or clicking this link.

Should you intend to make a submission on the draft Plan in writing you, may do so by 5:00pm on 17 January 2023 . Please quote “Privacy Management Plan Review 2022". Submissions should be addressed to The General Manager and can be submitted via:

Ask a question to the team

If you have a question regarding the updated policy, you can ask a question directly to the team using this link.

Consultation has concluded

You can ask a question regarding the Privacy Management Plan Review 2022 here to get a response from the team. Your question may be answered privately via email, or publicly posted on the webpage. Please let us know if you prefer your question to be answered privately. 

Council is committed to safeguarding the privacy of individuals and handling of personal information in accordance with the Privacy and Personal Information Act 1998 (NSW) and Information Privacy Principles, the Health Records and Information Privacy Act 2002 (NSW) and Health Privacy Principles, and any subordinate legislation.

Purpose

The personal information (e.g. Name, address and contact details) provided in your submission is being collected in the processing of your submission relating to this amendment to the Draft Privacy Management Plan. The information collected will be used for the purpose outlined, related administrative functions, compliance and complaint handling, internal auditing, and in accordance with Council's Privacy Management Plan and Privacy Statement which can be found on Council's website.

Intended Recipients

Relevant Council officers and councillors.

Supply

Supplying personal information in your submission is required.

Consequence of non-provision

If you do not supply your personal information, Cessnock City Council cannot receive the submission or update you on the progress of the Plan.

Storage and Security

Your personal information will be kept in Council's Information Management System in accordance with the relevant legislation. Council's address is62-78 Vincent Street CESSNOCK NSW 2325.

Access

You may access, correct or update your personal information by visiting Council’s website, contacting Council's Privacy Contact Officer on 4993 4100 or by sending an email tocouncil@cessnock.nsw.gov.au.

If you want to know more about Council's obligations regarding your personal information or what rights you have, contact the Information and Privacy Commission or visit their website ipc.nsw.gov.au.