ACIG staff are familiar with and will obtain, handle and maintain confidentiality and privacy of client information in accordance with the Privacy Act 1988 and the Australian Privacy Principles.
The thirteen Australian Privacy Principles (APPs) are the practical core of the Privacy Act. With limited exemptions, all Australian government agencies and statutory bodies must comply with the APPs, as must consultants such as ACIG when we are engaged by a government agency.
ACIG complies with the APPs in all our assignments, not just those for government agencies, and applies them in the following ways:
- We only collect information that is necessary – not because it may come handy later. The team leader of each assignment will consider whether each piece of information is necessary and whether the information is required in the circumstances.
- We tell people what we are going to do with the personal information we collect about them. Our consultants let individuals know why we need to collect the information, how we plan to use it and if we intend disclosing it. We also provide details about how they can contact us and, if they want to, how they can gain access to their personal information.
- We consider very carefully whether we need to disclose personal information.
- We always consider whether we can achieve our purpose without disclosing personal information. Where we must do so, ACIG seeks consent from the individual concerned.
- If people ask, we give them access to the personal information we hold about them.
ACIG is diligent about keeping personal and other information secure from unauthorised access, modification or disclosure and also against misuse and loss. The steps we take are proportionate to the sensitivity of the information we hold. For example, we:
- check that all data has been removed from computers before we sell them;
- use state-of-the-art firewalls, cookie removers and anti-virus scanners on work IT systems;
- keep hard copy files in properly secured cabinets;
- train all staff in privacy; and
- have internal procedures which allow file access to staff and associates on a ‘need to know’ basis only.
ACIG regularly monitors our information handling practices to ensure they are secure and we assesses the adequacy of existing security measures.
We do not keep information we no longer need or are no longer required to retain. Dependent upon circumstances we either return the data to the agency or organization we collected it for, or we destroy it.
Any personal information we must maintain is kept accurate and up to date.
ACIG’s designated Privacy Contact Officer can be contacted at firstname.lastname@example.org.
Prior to the end of relevant assignments, ACIG can meet with the client’s Project Manager to arrange finalisation and handover activities. At that meeting we will detail any data collections that still remain with ACIG and reach agreement as to how that information will be handled and/or destroyed.
Gerard Colla, ACIG Managing Director