City of Stonnington Information Privacy Policy

‍

About

City of Stonnington (Council) acknowledges that the responsible handling of personal information is not only a legislative obligation but is also a key aspect of good corporate governance and maintains community confidence in Councils delivery of services. Accordingly, Council is committed to full compliance with its obligations under the Privacy and Data Protection Act 2014 (Vic).

Purpose

Council views the protection of an individual’s privacy as an integral part of its commitment towards accountability and integrity in all its activities and programs. This policy outlines Council’s commitment to protecting an individual’s right to privacy and management of personal information as required by the Privacy and Data Protection Act 2014 (Vic).

‍
We handle personal and sensitive information in accordance with the Privacy Act 1988 (Cth) including the Australian Privacy Principles (Privacy Act) and this policy.

‍

About Council

Council’s role is to provide good governance in its municipal district for the benefit and wellbeing of the community.

It does this by performing its role giving effect to the overarching governance principles set out in the Local Governance Act 2020 (Vic). The governance principles include collaboration with other councils, governments and statutory bodies, and ensuring the transparency of Council decisions, actions and information.

Council has functions, duties and powers under the Local Government Acts of 1989 and 2020, as well as a range of other legislation, such as the Food Act 1984 (Vic), the Building Act 1993 (Vic) and the Public Health and Wellbeing Act 2008 (Vic).

Some of Council’s functions and services include:

• planning and building such as applying for a permit
• rates and valuations
• waste and environment including recycling and waste management, reporting a damaged tree, animal management and registration and drainage
• community health services such as maternal and child health, immunisation, youth, aged people and people with disabilities
• regulation of parking and roads such as paying a parking fine and applying for a parking permit
• recreation and arts programs
• library services
• local business support.

Scope

This policy applies to all employees, Councillors, contractors and volunteers of Council.

This policy covers all personal information held by Council and includes information we have collected, irrespective of its format or how it was collected.

For information collected when using Council’s website, please also refer to Council’s Website Privacy Statement.

‍

Terms and definitions

Personal information

Personal information means information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include information of a kind to which the Health Records Act 2001 (Vic) applies.

Information Privacy Principles (IPPs)

IPPs is a set of principles that regulates the handling of personal information.

Public registers

Documents or information that Council is required to make publicly available pursuant to State Government legislation. These registers: 

• are open to inspection by members of the public
• contain information required or permitted by legislation
• may contain personal information.

Sensitive information

Sensitive information is personal information or an opinion about an individual’s: 

• race or ethnic origin
• political opinions
• membership of a political association
• religious beliefs or affiliations
• philosophical beliefs
• membership of a professional trade association
• membership of a trade union
• sexual preferences or practice
• criminal record.

Policy statement

It is Council’s policy that personal information is managed in accordance with the 10 Information Privacy Principles (IPPs). The 10 IPPs contained in the Privacy and Data Protection Act 2014 (Vic) are:

• Principle 1 – Collection
• Principle 2 – Use and Disclosure
• Principle 3 – Data Quality
• Principle 4 – Data Security
• Principle 5 – Openness
• Principle 6 – Access and Correction
• Principle 7 – Unique Identifiers
• Principle 8 – Anonymity 
• Principle 9 – Trans Border Data Flows
• Principle 10 – Sensitive Information

Information Privacy Principles (IPPs)

Principle 1 – Collection

Council will only collect personal information supplied by you when it is necessary for one or more of its functions or activities. This information typically includes but is not limited to the following.

• Name
• Address (residential, postal and email)
• Telephone number (work, home and mobile)
• Date of birth
• Occupation
• Medicare number
• Credit card and bank account numbers
• Motor vehicle registration number

From time to time Council may collect information about an individual from a source other than the individual. For example:

• a third party may provide Council with address change notification, which is used to update customer records
• Council may obtain demographic or customer interests information, which is used for planning purposes and understanding customer consumption patterns and behaviour.

The personal information we collect may be used for purposes including but not limited to the following. 

• To contact people in order to provide services requested by them, such as obtaining a resident parking permit via our public interfaces.
• As part of our commitment to customer service, by periodically inviting people to provide feedback about their experience via a survey. Any survey is voluntary
• To contact people where it is necessary to resolve issues relating to the Council services or functions which people have brought to our attention. For instance, contacting people in response to their report about a fallen tree branch.
• To contact people prior to a Council or Committee meeting to confirm attendance and/or advise people of any changes to the meeting details where they have made a submission for consideration.
• To supply people with material concerning Council initiatives and programs where we think this will be of interest.
• To facilitate the collection of Council fees and charges. For instance, we will use peoples’ name and address details to forward rate notices.
• To enable payment for Council providing goods and services. We collect someone’s credit card and bank account details when they make payment for good and services.
• To enable Council to undertake its law enforcement functions. For instance, Council collects information about people from various Road Traffic Authorities to process Parking Infringement Notices.
• To aid community safety. For instance, Council collects images via closed circuit television cameras which are located throughout our municipality.
• To enable Council to receive enquires and complaints from members of the public. 

Collection notices

In accordance with IPP 1.3, where personal information is being collected for a particular purpose, Council will provide people with a collection notice at or before the time of collection (or as soon as practicable after the information is collected). The collection notice will explain the purpose for which the information is being collected and how Council will use and handle the personal information. This notice is separate to this policy (which is a requirement under IPP 5 as noted below).

Principle 2 – Use and disclosure

Council will take all practicable measures to prevent unauthorised access to, or disclosure of, peoples’ personal information.

For example, Council will use and/or disclose personal information:

• for the primary purpose for which it was collected
• for secondary purposes where these are related to the primary purpose of collection and are reasonably expected
• in accordance with your consent
• where required or authorised under law
• where otherwise permitted by the IPPs and the Privacy and Data Protection Act 2014 (Vic).

Some examples of use or disclosure of personal information include the following.

• Disclosure of personal information to external organisations such as Council’s contracted service providers who perform various services for and on behalf of Council. These contractors have agreed to be bound by the provisions of the Privacy and Data Protection Act 2014 (Vic). Information provided to these contractors is limited to the information required by them to provide services to people on behalf of Council.
• Disclosure of personal information to other agencies in the course of an investigation and defence of legal claims against Council. This includes Council’s solicitors, consultants and investigators.
• Use of personal information contained in complaints that people make to Council as part of any prosecution undertaken as part its law enforcement functions.
• Disclosure of personal information to Council’s contractors for the purpose of providing reminder calls in instances where parking fines remain unpaid. Visit our parking fines page for further details about when Council discloses your details to conduct law enforcement functions in relation to parking fines.

If people have opted to complain to Council, please note that Council may be obliged under legislation to investigate the complaint, and if necessary may initiate legal proceedings as a result of its investigation to prosecute possible offenders.

Council may also disclose personal information to:

• debt collection agencies
• government agencies including the Department of Health and Human Services, the Department of Education and Training, the Building and Plumbing Commission, the Independent Broad-based Anti-Corruption Commission and the Victorian WorkCover Authority in accordance with their relevant legislation and functions
• statutory authorities to enable them to advise you of works which may impact upon you or your property, such as road closures or reconstruction, property acquisition
• law enforcement and emergency agencies, including the Victoria Police and SES, for emergency or law enforcement purposes
• water, gas and electricity utilities for the purposes of ensuring data is accurate
• Council’s professional advisers, including accountants, auditors, insurers, bankers, valuers, IT providers and lawyers
• other individuals or organisations where Council believes that the disclosure is necessary to lessen or prevent a serious threat to an individual’s life, health, safety or welfare or a serious threat to public health, safety or welfare.

Personal information in applications for employment with Council will be supplied to agencies such as the Victoria Police where required by law, such as under the Working with Children Act 2005 (Vic), as part of a background check.

Background checks will only be carried out on applicants for selected positions prior to employment with Council. Such checks will only be carried out with the applicant’s written authorisation and the results will not be disclosed to third parties unless authorised by law.

Personal information submitted as part of public submission to a Council or a Delegated Committee meeting may be included with the published agenda papers and minutes of the meeting. The published agenda papers and minutes are displayed online and available in hard copy format for an indefinite period.

Personal information may also be contained in Council’s Public Registers (refer below). Under the Local Government Act 1989 (Vic) and Local Government Act 2020 (Vic), any person is entitled to inspect Council’s Public Registers, or make a copy of them, upon payment of the relevant fee.

Principle 3 – Data quality

Council will endeavour to ensure that the personal information it holds is accurate, complete and up to date. You may request to amend any personal information you have supplied to Council. Details on how to do so are under Principle 6 – Access and Correction. 

Principle 4 – Data security

Council will take all practicable steps to ensure that personal information held by Council is stored safely and securely, so that it is protected from misuse, loss, and unauthorised modification and disclosure. This applies regardless of the format in which the information is held.

Any personal information that you provide to Council, which is no longer necessary for Council’s purposes, will, when scheduled by Council, be archived or disposed of in accordance with the document retention and disposal requirements of the Public Records Act 1973 (Vic) and the Public Records Office Victoria.

Principle 5 – Openness

This document and Council’s Website Privacy Statement detail Council’s management of personal information. The content of both documents meets the principles outlined under IPP 5.

Principle 6 – Access and correction

Requests for access to and correction of documents containing personal information are generally managed under the Freedom of Information Act 1982 (Vic) (FOI Act).

Such requests must be made in writing and addressed to:

Executive Manager Legal and Governance
Stonnington City Council
311 Glenferrie Road
Malvern Vic 3144
[email protected]

For more information on how to make an FOI request, please visit Freedom of Information.

For requests seeking access, you must state as precisely as possible what information is being sought.

For requests seeking amendment of personal information, you must state the information is believed to be inaccurate, incomplete, out of date or would give a misleading impression and what changes are requested to be made. However, some requests for personal information may be dealt with informally (outside the FOI Act).

Please contact a member of the Council Legal and Governance Team on 03 8290 1333 to discuss your requirements.

Principle 7 – Unique identifiers

A unique identifier is a number or code that is assigned to someone’s record to assist with identification (similar to a drivers licence number). Unique identifiers may be assigned where necessary to enable Council to carry out any of its functions efficiently. An example is the unique identifier assigned to customers who access Council’s libraries or aquatics services.

Principle 8 – Anonymity

Where lawful and practicable, you have the option of remaining anonymous when dealing with Council.

Some types of interactions with Council may be able to be completed without someone providing their details, such as lodging complaints, reporting broken assets. However, in many situations this will not be possible such as where a person is seeking specific information which may be unique to them.

However, anonymity may limit Council’s ability to take action. Therefore, if people choose not to supply personal information that Council considers is necessary for it to perform its functions, Council reserves the right to take no action on the matter.

Principle 9 – Trans border data flows

Council may transfer personal information about a person to an individual or organisation outside Victoria in the following instances if:

• that person has provided their consent
• the recipient of the information is subject to a law, binding scheme or contract with similar principles as the IPPs under the Privacy and Data Protection Act 2014 (Vic).

Council uses cloud-based infrastructure as part of its website and online form tools, which is supplied by third-party service providers that may be based overseas. Accordingly, a person’s personal information may be placed with, or transferred or disclosed to, service providers in jurisdictions outside of Victoria. These jurisdictions include but are not limited to the United States of America and the United Kingdom.

Principle 10 – Sensitive information

Council only collects sensitive information about people in the circumstances prescribed in the Privacy and Data Protection Act 2014 (Vic).

Complaints or enquiries concerning privacy

Complaints about a privacy breach, in the first instance, may be directed to:

Executive Manager Legal and Governance
Stonnington City Council
311 Glenferrie Road
Malvern Vic 3144
[email protected]

These complaints will be acknowledged on receipt and actioned in line with Council’s Complaint Handling Policy.

Alternatively, complaints can be directed to the Office of the Victorian Information Commissioner (OVIC), although the Information Commissioner may decline to consider a complaint if the complainant has not first complained directly to Council.

You can make a complaint to the OVIC by downloading a copy of the privacy complaint form from their website, completing it and sending it to:

Office of the Victorian Information Commissioner
PO Box 24274
Melbourne Vic 3001
1300 006 842
[email protected]

Roles and responsibilities

For all queries or feedback regarding this policy, please contact either of the responsible officers below.

FOI and Privacy Officer

• Investigation and resolution of any matters relating to this policy including complaints, and requests to access and correct health information.
• Ensure its public availability on Council webpage.
• Maintain the Policy currency.

Executive Manager Legal and Governance

• Oversight of this policy and any complaints.

Monitoring, evaluation and review

The Executive Manager Legal and Governance acts as Council’s Privacy Officer and will make any necessary amendments to the policy at their discretion or otherwise in accordance with any changes to legislation.

Council officers are authorised to make minor editorial amendments as needed for administrative or updated information purposes. For example but not limited to changes to, position and roles, references to legislation and definitions. Council officers may also make amendments to the list of related documents at such times where reference material or guidelines require updating.

Related legislation and policies

There is a range of legislation, codes and Council documents that inform and support this Policy. These include, but are not limited to:

• Legislation City of Stonnington Documents
• Building Act 1993 (Vic)
• Domestic Animals Act 1994 (Vic)
• Freedom of Information Act 1982 (Vic)
• Health Records Act 2001 (Vic)
• Local Government Act 1989 (Vic)
• Local Government Act 2020 (Vic)
• Planning and Environment Act 1987 (Vic)
• Privacy Act 1988 (Cth)
• Privacy and Data Protection Act 2014 (Vic)
• Public Records Act 1973 (Vic)
• Victorian Charter of Human Rights and Responsibilities Act 2006 (Vic)
• Working with Children Act 2005 (Vic)
• Complaint Handling Policy
• Councillor Code of Conduct
• Employee Code of Conduct
• Health Records Policy
• Public Transparency Policy

Public registers

The following public registers are among those currently maintained by Council which may include personal information.

• Register of authorised officers appointed under s 224 of the Local Government Act 1989 (Vic).
• Register of delegations under ss 11(8) and 47(7) of the Local Government Act 2020 (Vic).
• Details of current allowances fixed for the Mayor, Deputy Mayor and Councillors.
• Details of overseas or interstate travel (with the exception of interstate travel by land for less than 3 days) undertaken in an official capacity by Councillors or Council staff in the previous 12 months.
• Summary of personal interests returns under s 135 of the Local Government Act 2020 (Vic).
• Details of all leases involving land entered into by the Council as lessor, including the lessee and the terms and value of the lease.
• Election campaign donation returns under ss 307 and 308 of the Local Government Act 2020 (Vic).
• Register of building permits kept pursuant to s 31 of the Building Act 1993 (Vic).
• Register of occupancy permits and temporary approvals received by Council kept pursuant to s 74 of the Building Act 1993 (Vic).
• Register of emergency orders, building notices and building orders, as required under s 126 of the Building Act 1993 (Vic).
• Register of swimming pools and spas, pursuant to s 230 of the Building Act 1993 (Vic).
• Register of all applications for planning permits and all decisions and determinations relating to permits pursuant to s 49 of the Planning and Environment Act 1987 (Vic). Details of planning applications received by Council are also available on Council’s website.
• Copy of objections to planning permits pursuant to s 57(5) of the Planning and Environment Act 1987 (Vic).
• Copy of planning permits issued pursuant to s 70 of the Planning and Environment Act 1987 (Vic).
• Register of registered dogs and cats (including ownership details) in the municipality pursuant to the Domestic Animals Act 1994 (Vic).

Tax File Numbers

Council holds Tax File Numbers (TFN) information about its employees. Under the Notifiable Data Breach Scheme, contained in Part IIIC of the Commonwealth Privacy Act 1988, Council is required to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals if there has been an ‘eligible data breach’ of TFN information.

An eligible data breach occurs when there is loss of, unauthorised access to, or unauthorised disclosure of, personal information, which is likely to result in serious harm, and remedial action has not been taken to prevent such risk of harm.

Council is not otherwise directly subject to the Commonwealth Privacy Act 1988. However, Council may at times agree to be bound by this Act. For example, where it receives funding under a Commonwealth program.