Draft Privacy Management Plan

Share Draft Privacy Management Plan on Facebook Share Draft Privacy Management Plan on Twitter Share Draft Privacy Management Plan on Linkedin Email Draft Privacy Management Plan link

Consultation has concluded

People having a discussion beside a computer

In accordance with the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act), the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act), the Government Information (Public Access) Act 2009 (NSW) (GIPA Act), and the Privacy Code of Practice for Local Government (December 2019), Council is required to review its Privacy Management Plan and make such adjustments as it considers appropriate.

See the document here.

You can also see a copy of the plan at:

  • Council’s Administration Building (Customer Relations Section)
  • Cessnock Public Library
  • Kurri Kurri Library

Amendments

The objective of the review of the Privacy Management Plan is to inform the community of the following significant amendments:

  • A summary of the Information Privacy Principles (IPPs) and Health Privacy Principles (HPPs) – clause 5;
  • Extension of the timeframe for amending one’s ‘Name and Address Record’ from 24 hours to 3 business days due to changes in organisational systems and processes –clause 6.6;
  • Clarification about:
    • the difference between privacy complaints and other categories of complaints clause 7.3;
    • Council’s ability to refer internal reviews to the Privacy Commissioner – clause 7.9;
    • Council’s approach to dealing with anonymity and anonymous customers – clauses 5.16 - 5.17, 10.4;
    • Council’s approach to unsolicited information – clause 11.2;
    • Collecting personal or health information directly or indirectly from an individual, and providing relevant examples 11.6 – 11.8;
    • How Council ensures collected personal information is accurate, up-to-date and complete – clauses 11.34 – 11.35, 11.39, 15.4;
    • Council’s default position to not collecting Individual Healthcare Identifiers – clauses 12.4 – 12.6;
    • The General Identifiers Council collects and uses – clause 16.2; and
    • The definition of sensitive information – clause 16.8;
  • Elaboration of:
    • the functions and operations Council performs, in particular around committees and unreasonable customers, including provision of an example – clauses 11.3 - 11.4, 11.22 – 11.23, 11.36;
    • the documents via which Council collects personal and health information – clause 11.5;
    • the requirement for Council to inform individuals how their information is being used – clause 11.44;
    • the general uses of personal and health information collected by Council – clause 15;
    • Council’s right to seek legal counsel in the context of disclosing personal information – clauses 16.15 – 16.66;
    • additional systems and databases Council uses for information management – clause 17.5;
    • additional Public Registers which contain personal information Council holds – clause 18.5;
    • Council’s approach to receiving personal information via its social media channels – clause 19;
  • Outline of the operations and provision of services by Cessnock Youth Centre & Outreach Service (CYCOS) in the context of collection, use and disclosure of personal and health information – clause 23;
  • Outline of the functions performed by Rangers (clause 24) and Executive Assistants (clause 25) in the context of collection, use and disclosure of personal and health information;
  • Outline of the arrangement Council has entered into with other agencies for the exchange, use and disclosure of personal and health information – clause 26; and
  • Council may refer an internal review to the Privacy Commissioner under section 54(3) PIPP Act to be undertaken by the Privacy Commissioner. This may occur due to a lack of resources, the privacy complaint being concurrent with another type of complaint, or if the complaint relates to actions of senior Council Officials or the Privacy Contact Officer.
  • Updated templates titles, clauses, document categories, timeframes and other references (all throughout the Plan).

See the document here.

How to make a submission

You can make a submission using the online form located below or clicking this link.

Should you intend to make a submission on the draft Plan in writing you, may do so by 5:00pm on 17 January 2023 . Please quote “Privacy Management Plan Review 2022". Submissions should be addressed to The General Manager and can be submitted via:

Ask a question to the team

If you have a question regarding the updated policy, you can ask a question directly to the team using this link.

In accordance with the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act), the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act), the Government Information (Public Access) Act 2009 (NSW) (GIPA Act), and the Privacy Code of Practice for Local Government (December 2019), Council is required to review its Privacy Management Plan and make such adjustments as it considers appropriate.

See the document here.

You can also see a copy of the plan at:

  • Council’s Administration Building (Customer Relations Section)
  • Cessnock Public Library
  • Kurri Kurri Library

Amendments

The objective of the review of the Privacy Management Plan is to inform the community of the following significant amendments:

  • A summary of the Information Privacy Principles (IPPs) and Health Privacy Principles (HPPs) – clause 5;
  • Extension of the timeframe for amending one’s ‘Name and Address Record’ from 24 hours to 3 business days due to changes in organisational systems and processes –clause 6.6;
  • Clarification about:
    • the difference between privacy complaints and other categories of complaints clause 7.3;
    • Council’s ability to refer internal reviews to the Privacy Commissioner – clause 7.9;
    • Council’s approach to dealing with anonymity and anonymous customers – clauses 5.16 - 5.17, 10.4;
    • Council’s approach to unsolicited information – clause 11.2;
    • Collecting personal or health information directly or indirectly from an individual, and providing relevant examples 11.6 – 11.8;
    • How Council ensures collected personal information is accurate, up-to-date and complete – clauses 11.34 – 11.35, 11.39, 15.4;
    • Council’s default position to not collecting Individual Healthcare Identifiers – clauses 12.4 – 12.6;
    • The General Identifiers Council collects and uses – clause 16.2; and
    • The definition of sensitive information – clause 16.8;
  • Elaboration of:
    • the functions and operations Council performs, in particular around committees and unreasonable customers, including provision of an example – clauses 11.3 - 11.4, 11.22 – 11.23, 11.36;
    • the documents via which Council collects personal and health information – clause 11.5;
    • the requirement for Council to inform individuals how their information is being used – clause 11.44;
    • the general uses of personal and health information collected by Council – clause 15;
    • Council’s right to seek legal counsel in the context of disclosing personal information – clauses 16.15 – 16.66;
    • additional systems and databases Council uses for information management – clause 17.5;
    • additional Public Registers which contain personal information Council holds – clause 18.5;
    • Council’s approach to receiving personal information via its social media channels – clause 19;
  • Outline of the operations and provision of services by Cessnock Youth Centre & Outreach Service (CYCOS) in the context of collection, use and disclosure of personal and health information – clause 23;
  • Outline of the functions performed by Rangers (clause 24) and Executive Assistants (clause 25) in the context of collection, use and disclosure of personal and health information;
  • Outline of the arrangement Council has entered into with other agencies for the exchange, use and disclosure of personal and health information – clause 26; and
  • Council may refer an internal review to the Privacy Commissioner under section 54(3) PIPP Act to be undertaken by the Privacy Commissioner. This may occur due to a lack of resources, the privacy complaint being concurrent with another type of complaint, or if the complaint relates to actions of senior Council Officials or the Privacy Contact Officer.
  • Updated templates titles, clauses, document categories, timeframes and other references (all throughout the Plan).

See the document here.

How to make a submission

You can make a submission using the online form located below or clicking this link.

Should you intend to make a submission on the draft Plan in writing you, may do so by 5:00pm on 17 January 2023 . Please quote “Privacy Management Plan Review 2022". Submissions should be addressed to The General Manager and can be submitted via:

Ask a question to the team

If you have a question regarding the updated policy, you can ask a question directly to the team using this link.