(b) who is alive or has not been dead for more than 25 years
The following policy statement addresses the principles applied by the Department in order to protect your personal information.
Information collected by the Department
Personal information collected by the Department may include names, addresses and telephone numbers, together with any specific information about a person that may be required for the purpose of discharging departmental functions.
The Department primarily collects personal information in order to perform the following functions:
Personal information may also be collected for the administration of security controls and measures to provide and maintain a safe working environment for our employees, contractors and visitors, and for the administration of a secure physical environment for the Department’s information, resources and assets.
Use and disclosure of personal information
Personal information will be used only for the purposes outlined above. Your personal information will only be disclosed with your consent, or, if it is required by or authorised by law. For example, there may be a need or requirement to disclose some or all information the Department collects to contractors and agents of the Department, law enforcement agencies, courts, or other public sector bodies.
The Act also permits the disclosure of "basic personal information" (that is, name, address, date of birth and gender) that is collected in conjunction with the provision of a service to other public sector bodies.
Some de-identified personal information the Department has collected may be used in research, statistical analysis, state or national reporting, awareness programs, public statements or training, but not in a way to compromise the protection of personal information.
Personal information in written submissions on policy matters or matters of public consultation may be disclosed in reports that are made public, unless the submission was made and/or accepted on a confidential basis.
The Department takes reasonable steps to ensure that the personal information it holds is accurate, complete and up to date. Where practicable, the Department will check on the accuracy of your personal information before it is used.
Security of personal information
Access to all departmental information including approved departmental databases is given to employees with a ‘need-to-know’ in accordance with the Department’s overarching security policy and the information management records policy.
All staff are bound by confidentiality requirements under section 9 of the State Service Code of Conduct (State Service Act 2000). Treasury staff who have a requirement to access information collected by the State Revenue Office are bound by the secrecy provisions under section 76 of the Taxation Administration Act 1997. Similarly Treasury staff who need to access information for the purposes of the administration of the Gaming Control Act 1993 are bound by the secrecy provision under section 157 of that Act.
The Department uses a number of procedural, physical, and technical safeguards, including access controls, secure methods of communication and back-up and recovery systems to protect information from misuse and loss, unauthorised access, modification and disclosure. These are administered in accordance with the Department’s overarching security policy and ICT security policy.
Generally, there is an intention that information is destroyed or permanently de-identified when it is no longer required, and is disposed of in accordance with processes approved by the State Archivist under the Archives Act 1983.
Sensitive information includes health information, criminal record, racial origin and religious beliefs. Generally, the Department will only collect sensitive information if it is necessary and with your consent, or if the collection of that information is required by law.
If you are making a general enquiry, it may not be necessary to identify yourself. If you want to obtain a service, however, identification may be necessary.
The Department does not assign unique identifiers to people unless it is necessary for us to carry out our functions efficiently or is required by law. Nor does the Department adopt as our unique identifiers the unique identifiers from another organisation. The Department may, however, collect the unique identifiers assigned to you by another organisation, but will not disclose these without lawful authority.
Access to, and correction of, information collected
The Act provides that, upon request, you can access your personal information held by the Department. Any such request is to be in writing addressed to the Department and must include an address to which a response can be made as well as proof of identify to confirm the authenticity of your request.
If you consider the personal information to be incorrect, incomplete, out of date or misleading, you can request that the information be amended by specifying the amendments that you want made.
If the Department refuses your request or does not respond within 20 working days, you may make a second request which will be processed in accordance with the provisions of section 13 of the Right to Information Act 2009. Depending upon the nature of the request, a fee may be charged in accordance with section 16 of the RTI Act.
For further information see our right to information page or contact the Department’s Right to Information Coordinator by telephone (03 6166 4071) or by email:email@example.com.
If you are not satisfied with the handling or outcome of your request to access your personal information (or the Department’s correction of your personal information), you can lodge a complaint with the Ombudsman. The Ombudsman's Office can be contacted on 1800 001 170 (free call in Tasmania) or 1300 766 725 (cost of local call anywhere in Australia), and by email at firstname.lastname@example.org.