Policy Register Number: DOC/17/4544
Date of Board Approval: 29 June 2017
Responsibility: Director, Experience and Engagement
Review Cycle: Two-Yearly
1. Policy Objective/Intent
Museums Victoria acknowledges our obligations under the Privacy and Data Protection Act 2014 in the protection of the privacy of individuals associated with Museums Victoria, including past and present workers and visitors. This policy provides the basis for the establishment of Museums Victoria’s practices in relation to Information about individuals.
2. Policy Statement
Museums Victoria respects the privacy of individuals and will comply with the Privacy and Data Protection Act 2014 (including the Information Privacy Principles) and the Freedom of Information Act 1982 in the collection, use, storage, management, provision of Access to, amendment of and disposal of Information. Personal information is information that identifies an individual, or could be used to identify an individual. This includes financial information such as credit card or bank account details or fax file numbers.
3. Key Policy Principles
3.1 Museums Victoria will only collect Information about individuals where necessary to undertake our functions as defined by the Museums Act 1983. When we collect Information, we will take reasonable steps to:
- make individuals aware of who is collecting the Information
- make individuals aware of the purpose of collecting the Information
- provide advice on how to contact us in relation to the Information collected.
We will also require any third parties who collect Information on our behalf to take these steps.
3.2 Museums Victoria collects Personal Information related to the following functions:
- staff and volunteers - recruitment and employment
- visitors – feedback and comments, participation in market research and evaluation, education, community programs, public enquiries;
- health and safety
- MV Members
- marketing and public relations
- museum governance
- stakeholder management
- collections, research and exhibitions
- commercial, including online transaction services to purchase goods or services, and general operations.
3.3 Museums Victoria will limit the accessibility of Personal Information to only those staff members who need the Information to carry out our functions.
3.4 Museums Victoria will collect Personal Information in a lawful, fair manner. Where practical and reasonable, Information will be obtained directly from the individual concerned. If we collect Information about an individual from someone else we will endeavour to make the individual aware of the matters in 3.1.
3.5 Museums Victoria will only use or disclose Information for the purpose it was collected for, unless in accordance with the Information Privacy Principles.
3.6 To protect Information from misuse, loss or unauthorised Access, modification or disclosure, Museums Victoria will provide secure Information storage systems and procedures including access control for the management of both physical and electronic Information.
3.7 Information will be de-identified or disposed of according to approved retention and disposal authorities under the Public Records Act 1973.
- Museums Victoria will use our best efforts to ensure the Personal Information is accurate, complete and up-to-date. Museums Victoria relies on individuals to provide accurate and current information, and to notify when details change.
- Museums Victoria will maintain procedures specifying how individuals may apply to Access, correct or update Information about them. Where lawful and reasonable, Museums Victoria will provide individuals with Access to the Information we hold about them. If Access would infringe upon the privacy of others, or there are other issues with providing Access, the Freedom of Information request process may be required.
- Museums Victoria will not assign or use Unique Identifiers to individuals unless it is necessary to carry out one of our organisational functions efficiently, or if it is required by law.
- Where practicable, Museums Victoria will give individuals the option to conduct their transactions with Museums Victoria anonymously.
- If Museums Victoria transfers Personal Information outside Victoria we will comply with the legislative requirements relating to trans-border data flow.
3.13 Museums Victoria will obtain Consent from the individual prior to collecting Sensitive Information and/or Health Information about them unless required by law. Where the Information relates to Children, Museums Victoria will seek Consent from a Parent.
3.14 Museums Victoria will appoint a Privacy Officer to assist with ensuring compliance with the Privacy and Data Protection Act 2014, including ensuring a proactive approach to protection of privacy, and their contact details will be made publicly available.
3.15 Alleged breaches of this policy will be investigated by Museums Victoria under the supervision of the Museums Victoria Privacy Officer. Incidences of employee misconduct will be managed through the discipline process outlined in Museums Victoria Staff Partnership Agreement and the Museums Victoria Discipline and Unsatisfactory Work Performance Policy. The Victorian Privacy and Data Protection Commissioner may investigate alleged breaches of the Privacy and Data Protection Act 2014, and refer the complaint to the Victorian Civil and Administrative Tribunal.
4. Key Definitions
4.1 'Access' is provision of a copy of the Information or the provision of supervised Access to the Information.
4.2 'Children' means persons under the age of 18 years.
4.3 'Consent' means express Consent or implied Consent. Express consent is best collected in writing. Implied Consent is where Consent can reasonably be inferred from a person’s conduct or actions.
4.4 'Health Information' is defined in Section 3(1) of the Health Records Act 2001.
4.5 'Information' means Personal Information or Sensitive Information, including financial information.
4.6 'Information Privacy Principles' means any of the Information Privacy Principles set out in Schedule 1 of the Privacy and Data Protection Act 2014.
4.7 'Parent' in relation to a child, includes –
(a) a step-parent;
(b) an adoptive parent;
(c) a foster parent;
(d) a guardian;
(e) a person who has custody or daily care and control of the child.
4.8 ‘Personal Information' is information that identifies you or could identify you. There are some obvious examples of Personal Information, such as your name or address. Personal Information can also include financial information, such as credit card or bank account details, photos, videos, and even information about what you like, your opinions and where you work - basically, any information where you are reasonably identifiable. Information does not have to include your name to be Personal information. For example, in some cases, your date of birth and post code may be enough to identify you.
4.9 'Sensitive Information' means information or an opinion about an individual's:
(a) racial or ethnic origin; or
(b) political opinions; or
(c) membership of a political association; or
(d) religious beliefs or affiliations; or
(e) philosophical beliefs; or
(f) membership of a professional or trade association; or
(g) membership of a trade union; or
(h) sexual preferences or practices; or
(i) criminal record.
4.10 'Unique Identifiers' means an identifier (usually a number) assigned to an individual uniquely to identify that individual for the purposes of the operations of the organisation but does not include an identifier that consists only of the individual’s name.
4.11 'Workers' means employees, volunteers, students, researchers and contractors.
5. Related Policies
- Aboriginal Genealogy Access Policy
- Archives Policy
- Discipline and Unsatisfactory Work Performance Policy
- Information and Records Management Policy
- Information Technology Security Policy
- Intellectual Property Policy
- Open Access Policy
- Use of Information Technology Resources Policy
6. Associated Documents, Guidelines and Procedures
- Code of Conduct for Victorian Public Sector Employees (No 1) 2007
- Museums Victoria Staff Partnership Agreement 2012
- Museums Victoria Website Privacy Statement
- Museums Victoria Information Privacy Handbook
- Museums Victoria Procedures for Managing Applications for Information under the Freedom of Information Act 1982
- Standing Directions of the Minister for Finance 2016 under the Financial Management Act
- Electronic Transactions Act 2000 (Vic)
- Financial Management Act 1994 (Vic)
- Freedom of Information Act 1982 (Vic)
- Health Records Act 2001 (Vic)
- Occupational Health and Safety Act 2004 (Vic)
- Privacy and Data Protection Act 2014 (Vic)
- Protected Disclosures Act
- Public Administration Act 2004 (Vic)
- Public Records Act 1973 (Vic)