Transparency and trust and the handling of personal information

The South Australian Government relies on information supplied by individuals for implementing and managing public services. This information is often personal in nature and is delivered with a level of trust in how the information will be handled.

Transparency in the Government’s collection, use and management of personal information has always been important to ensure public trust. Government agencies which are developing initiatives or services that collect personal information should ensure they have identified and addressed any potential privacy impacts.

Transparency and trust is particularly relevant as agencies implement emergency management directions in response of the COVID-19 pandemic.

 

A principle-based approach

In handling personal information, South Australian state government agencies must abide by the Information Privacy Principles Instruction, issued as Premier and Cabinet Circular PC012. These principles are similar to those used in other jurisdictions across Australia, including those binding on businesses and other governments through the Commonwealth Privacy Act 1988.

Key elements of the principles-based approach include:

  • Clear collection notices – individuals should be able to understand why the information is being collected (including the specific laws or regulations under which it is being collected), which agency is collecting it, how it is going to be used, and whether they can refuse
  • Data minimisation – collection should be limited to the minimum information reasonably necessary to achieve a legitimate purpose. This may include making a record that a document has been signed by an appropriate officer rather than requiring and retaining a copy of the document
  • Accuracy – agencies should not collect or use information that is inaccurate, irrelevant, out of date, or incomplete
  • Purpose of use – as well as being clear about the purpose for use at the time of collection, information that is required for a specific purpose should generally not be used for other purposes, unless allowed by another law
  • Security – collection should be undertaken using safe and secure means, and then reasonable steps must be taken to protect the information from misuse, interference and loss, and from unauthorised access, modification or unauthorised disclosure
  • Access and correction – individuals should be able to apply to access and correct any personal information that has been collected about them
  • Retention – subject to determination under the State Records Act 1997, information should be securely destroyed once it is no longer needed.

Privacy principles will not prevent agencies from complying with other laws and regulations. They provide a framework within which compliance can be undertaken while still supporting public expectations.

 

Assessing privacy impacts

The privacy impacts of government decisions and actions should be identified and considered early – ideally as part of the planning stage for any new initiative.

Formal privacy impact assessments (PIA) can either involve in-house expertise or external companies with privacy expertise. Advice on PIAs specific to SA Government agencies will be published on this site soon.

 

Collection notices

Clear collection notices allow an individual to provide informed consent prior to the collection of their personal information.  A collection notice should include:

  • The identity of the collecting agency
  • The reason for collection and the mandate / law that authorises its collection
  • What the information will be used for and if it will be disclosed to any other parties
  • How long the information will be kept and how it will be kept secure
  • How an individual can access or amend the information
  • How a complaint can be made
  • The main consequences (if any) if all or part of the information is not provided.

 

Further Information

Please contact us if you have any questions in relation to this information page.

Queries relating to private business should be directed to the Office of the Australian Information Commissioner in the first instance.