Document I 

CATHOLIC ARCHDIOCESE OF MELBOURNE 
Privacy compliance advice
 

I .     The purpose of this advice is to provide Parishes with basic information about the new Commonwealth privacy laws that come into effect on 21 December 2001 and to outline practices that Parishes should put in place regarding the collection and use of affected information. Privacy practices in the Archdiocese will be subject to continuous review and further advice may be forwarded from time to time. 

2.      Peak bodies in the Catholic education, welfare and health sectors are providing separate and more detailed advice to their constituents on the implication of the new laws as they relate to those sectors. This advice is targeted at those aspects of Church life that fall outside these sectors. While this advice is directed at Parishes, it is equally applicable to religious orders and any other church body not covered by these sectors. Parish priests and other key personnel are urged to study the more detailed practices provided by these sectors (where relevant) so that Parish organisations adopt a common approach to privacy matters. 

3.      The legislation covers any business or not for profit organisation with an annual turnover of more than $3 million. It applies to organisations providing a health service even if their turnover is less than $3 million per annum. However, all church bodies are asked to comply with the legislation regardless of annual turnover. The interdependent nature of our Church organisations requires the adoption of common understandings about protecting private information. Overall, it is important that all of us in the Church develop and maintain a culture, which respects and values the personal information that the faithful are willing to entrust to us. 

4.      The Privacy Act introduces a mechanism enabling individuals to;

  • Access personal information about themselves, 

  • Request corrections to be made to that information, 

  • Make complaints about the handling of their personal information, and 

  • Receive compensation for interference with their privacy. 

5.      The following types of information are covered by the Privacy Act: 

5.1      Personal information which is information or an opinion that allows someone to identify the individual that the information or opinion is about. It can range from very detailed information such as medical records to other less obvious types of identifying information, such as an email address. It could include marital status/problems, custody details, and maiden/previous names. 

5.2      Sensitive information is personal information that is given extra protection and must be treated with additional care. It includes any information or opinion about an individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record. It could include birth details (father, mother), date and place of baptism and other sacraments. 

5.3
      Health information is a subset of sensitive information. It is any information or opinion about the health or disability of an individual and the individual's expressed wishes about the future provision of health services. Health information also includes personal information collected in the course of providing a health service. It could include medical ailments, immunisation details, weight, height, and disorders. 

6.      The Privacy Act regulates personal information contained in a 'record'. A 'record' is defined as a document, database (however kept) or a photograph or other pictorial representation. 

7.      Employee records that directly relate to a current or past employee of the Parish are exempt from the legislation. However, the exemption does not apply to job applicants. Job applicants may seek access to records of personal information which the Parish holds about them. The Parish should be mindful of this when collecting personal information (eg references, making notes and reports). The Parish might consider destroying some or all records once a position is filled. The same applies to contractors. 

8.      If you intend to pass on information to another Parish, you should make the applicant aware of this in the collection advice. 

9.      A key component of the new legislation is the requirement for organisations to comply with the National Privacy Principles. The National Privacy Principles set minimum requirements for dealing with, 

  • How an Organisation collects, uses and discloses personal information that could identify an individual, 
  • The quality, security and storage of that information, and 
  • The overseas transfer of that information. 

IO.     Organisations are required to demonstrate compliance with the ten National Privacy Principles (NPPs). The NPPs are high level principles that are spelt out in the Privacy Act. They do not spell out in detail exactly what an Organisation must do to comply with them, however the general thrust of the legislation is that practicable solutions rule the day. In Parish life, information is generally volunteered by the parishioners and examples of how these principles relate to Parish life are discussed below. 

10.1 Collection of personal information (NPP 1) 

Explanation 

  • Information must be necessary for a function or activity. 
  • Collection must be fair, lawful and not unreasonably intrusive. 
  • Individuals should be made aware of the use of the information at 
    the time of collection. 

Tighter restrictions apply to sensitive information (see NPP 1O below) 

NPP 1 also states that at or before the time an organisation collects personal information about an individual, it should take reasonable steps to ensure the individual is aware of:

  • the identity of the organisation and how to contact it, 
  • that fact that he or she is able to gain access to the information; 
  • the purposes for which the information is collected; 
  • the organisations (or the types of organisations) to which the organisation usually discloses information to be collected; 
  • the main consequences (if any) for the individual if all or part of the information is not provided

Application 
This principle only applies to information collected after 21 December 2001. 

Relevance 
Parish records include Baptism, First Communion, Confirmation and Marriage records. Parishes may also have a Parish Census Card. These are all necessary documents a Parish must keep. Collection notices should be issued when gathering all records (samples are attached). 

10.2      Use and disclosure of personal information - NPP 2 

Explanation 

  • Generally, information can be used or disclosed for the purpose 
    for which it is collected. 
  • How broad this can be depends on the circumstances. 

Application 
This principle only applies to information collected after 21 December 2001. 

Relevance 
The primary purpose of a Parish is to provide religious services to its community. This definition provides leeway in using information gathered in a broader religious context. 

10.3      Quality of personal information - NPP 3 

Explanation 
Reasonable steps must be taken to ensure that personal information is accurate, complete and up to date. 

Application 
This principle, as it applies to collection, applies to information collected before or after 21 December 2001 

Relevance 
Review data held form time to time, eg census data. 

10.4      Security of personal information - NPP 4 

Explanation 
NPP 4 requires an organisation to take reasonable steps to protect 
personal information it holds from misuse and loss and from unauthorised access, modification and disclosure. NPP 4 also requires an organisation to take reasonable steps to destroy or permanently de-identify personal information that is no longer needed for any purpose. 

Application 
This principle applies to personal information held by the Parish regardless of whether it was collected before or after the commencement of the Act. 

Relevance 
Keep records secure. Ensure there is adequate security of electronic data. 

10.5 Openness - NPP 5 

Explanation 
NPP 5 obliges an organisation to formulate a document outlining its 
information management practices. It gives an organisation a number of options to make an individual aware of information held on them, so long as it is maintained in a document which is available to the public. A privacy policy setting out how privacy is created and made available either in hard copy or on a website is an appropriate response. 

Application 
This principle applies to personal information held by the Parish regardless of whether it was collected before or after the commencement of the Act. 

Relevance 
Issue a Parish Privacy Policy and follow other recommended steps 
(see attached). 

10.6      Access of individuals to personal information - NPP 6 

Explanation 
NPP 6 requires an organisation to give an individual access to any information it holds about that person. It also requires an Organisation to take reasonable steps to correct that information if the individual shows that the information is not accurate, complete or up to date. There are exceptions, including; 

  • where access would unreasonably impact on another individual's privacy, or 
  • where the request is frivolous or vexatious:
  • where authorised by law. 

Application 
This applies to personal information collected after the commencement of the Act. However, this will also apply to personal information collected before the commencement of the Act if the information is used or disclosed by the Parish after the Act's commencement. 

Relevance 
If the Parish receives a request for information, it cannot respond by allowing the applicant to conduct their own research from a range of Parish records. Parishes often have addenda attached to these documents eg. Baptism Certificates - Pater lgnotus clause, Pre- Nuptial Inquiry Form, often have items attached. It is recommended that the Parish remove these addenda if not specific to the request. In practical terms the most appropriate means would be to identify what an individual requires and determine whether other forms of access, such as a summary of information held, would suffice. 

10.7 Identifiers - NPP 7 

Explanation 
NPP 7 states that an identifier includes a number assigned by an organisation to an individual to identify uniquely the individual for the purposes of its operations, Examples of identifiers include Medicare and Pension numbers. They do not include the Australian Business Number (ABN).

Application 
This principle applies to personal information held by the Parish regardless of whether it was collected before or after the commencement of the Act. 

Relevance 
The Parish cannot link an identifier number as a way of finding out extra information about an individual from another database and should not use a Commonwealth government identifier as a means of identifying individuals for its own records. 

10.8 Anonymity - NPP 8 

Explanation 
NPP 8 provides that individuals must have the option of not identifying themselves when entering transactions with an organisation wherever this is lawful and practicable. 

Application 
This principle applies to information collected after 21 December 2001. 

Relevance 
Parishes receive most of their information in a bipartisan way, hence this may not occur in Parishes. 

10.9 Transborder data flows - NPP 9 

Explanation 
There has been a tremendous increase in data flows across national borders in recent years, made possible by advancements in technology. Taking these factors into account, the aim of NPP 9 is not to halt the transfer of personal information outside Australia. It is to provide a suitable balance by allowing personal information to be moved across jurisdictions in a way that ensures the privacy rights of the individual are protected. An organisation is prevented from disclosing personal information to someone in a foreign country that is not subject to a comparable information privacy scheme (except with the individual's consent) 

Application 
This principle applies regardless of when information was collected. 

Relevance
If Parishes receive requests for information from former parishioners who are domiciled overseas it is recommended this information be posted to them, rather than using electronic transmission which is less secure. Aside from security issues, consent will have been received if information is requested in the above manner. 

10.10 Collection of sensitive information - NNP 10 

Explanation
An organisation must not collect sensitive information about an individual unless: 

  • the individual has consented; or 
  • collection of the information is required by law- or 
  • the information is needed to prevent or lessen a serious and imminent threat to life or health

Application 
This principle only applies to information collected after 21 December 2001 

Relevance 
Restrict collection of this information to where there is a specific need, eg heath information for a sporting activity, after school care, and parental details for sacramental provision and only to the extent necessary. 

11.      Parishes are requested to 

11.1      Determine if the new private sector provisions bind them or if, as a matter of best practice, it will conform with the requirements even though not strictly. bound to do so. 
11.2      Inform all staff and other relevant people that the Privacy Amendment (Private Sector) Act 2000 will be operative from 21 December 2001. 
11.3      Conduct an audit of their practices against the ten National privacy 
principles. 
11.4      Establish a plan for compliance, 
11.5      Adopt a privacy policy, which expresses in plain language the Parish's policies on its management of personal information. A draft policy is attached which all Parishes can adapt. 
11.6      Appoint a person responsible for privacy issues, usually the Parish priest. 
11.7      Distribute the policy to all staff and other relevant people. 

Document 2 


Parish of: HAWTHORN CATHOLIC PARISH, 345 Burwood Road, Hawthorn 3122
Archdiocese of Melbourne 

Privacy policy 

Your privacy is important to us 
This statement outlines the Parish's policy on how it uses and manages personal information provided to or collected by it. It does not relate to records collected and held by the Parish school. The school has a separate policy statement.

The Parish may from time to time review and update this policy to comply with all relevant legislation and to take account of changes in technology, changes to the Parish's operations and practices and to make sure that it remains relevant to the Parish environment. 

This Parish is not bound by the Privacy Amendment (Private Sector) Act 2000. However, the Parish respects and values the personal information that the parishioners are willing to entrust on it, and will abide by the spirit and principles enshrined in that legislation. 

What kind of personal information does the Parish collect and how does it collect it? 

The Parish collects and holds includes personal information, including sensitive information about 

  • Children and their parents and/or guardians and may be related to children receiving sacraments or pastoral care. It may relate to the child's enrolment at the Parish school, after school care facility or sporting association. 
  • Adults receiving sacraments or pastoral care and witnesses to sacraments. 
  • Job applicants, staff members, religious undertaking work in the Parish, volunteers and contractors. 
  • Fundraising. 

Personal information you provide. 
The Parish will generally collect personal information held about an individual by way of forms filled out either by the person or the parent/guardian, face to face meetings, interviews and telephone calls. 

 

Personal information provided by other people. 
In some circumstances the Parish may be provided with personal information about an individual from a third party, eg a reference about an applicant for a position. 

Exception in relation to employee records. 
This policy does not apply in relation to the treatment of an employee record, where the information is directly related to a current or former employment relationship between the Parish and the employee as these records are exempt from the application of the Commonwealth Privacy Act. 

How will the Parish use the personal information you provide? 
The Parish is restricted by the Privacy Legislation how it can use the information provided by the Parishioner. 

Children and their parents and/or guardians. 
The Parish's primary purpose of collection is to enable it to administer the sacraments and pastoral care to children of the faithful. Collection may be required if the Parish offers after school care or social/sporting facilities. This information may be required to provide care for the child while under supervision. 

The purposes for which the Parish uses personal information of children and their parents and/or guardians include: 

  • Keeping parents and/or guardians informed about matters relating to the child's spiritual life, through correspondence and newsletters 
  • Day to day administration 
  • Looking after the child's spiritual and physical wellbeing
  • Seeking donations 
  • Satisfying the Parish's legal obligations and allow the Parish to discharge its duty of care. 

In some cases where the Parish requests personal information about a child or parent and/or guardian and the information is not obtained, the child may not be able to receive the sacrament or be enrolled in the Parish program. 

Where the Parish is collecting information of this kind, it will issue a copy of the 'Standard Collection Notice' (see attachment 1 below). 

Adults. 
The Parish's primary purpose of collection is to enable it to administer the sacraments and pastoral care to adult parishioners, Information is used for purposes similar to the use for children.
Where the Parish is collecting information of this kind, it will issue a copy of the 'Standard Collection Notice' (see attachment 1 below). 

 

Job applicants, staff members, religious, volunteers and contractors. 
The primary purpose of collection is to assess the suitability of the person or persons for the role and, if successful, employ or engage the person or persons concerned. 
The purposes for which the Parish uses this information include: 
  • Administering the person's employment or contract.
  • For insurance purposes.
  • Seeking funds. 
  • Satisfying. the Parish's legal obligations, eg, in relation to child protection legislation. 

All applicants for jobs will be sent a copy of the 'Employment Collection Notice' (see attachment 2 below). All new contractors and volunteers will be sent a modified version of the 'Employment Collection Notice' (see attachment 3 below). 

Fundraising
The primary purpose of collection of information is for raising funds now and into the future. It is also used for accounting purposes, including complying with taxation requirements. 

Purposes for which the Parish uses this information include:

  • Seeking funds 
  • Providing taxation receipts, where subject to a tax deduction. 

Where the Parish is collecting information of this kind, it will issue a copy of the 'Standard Collection Notice' (see attachment 1 below). 

Who might the Parish disclose personal information to? 
The Parish is restricted by the Privacy Legislation as to whom this personal information may be disclosed to. The Parish is not allowed to send personal information about an individual outside Australia without obtaining the consent of the individual. 

How does the Parish treat sensitive information? 
In the Parish context, sensitive information could mean information relating to a person's parentage, racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record. 

Sensitive information will be used and disclosed only for the purposes for which it was provided or a directly related secondary purpose unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law. 

 

Management and security of personal information 
The Parish's staff are required to respect the confidentiality of the information and privacy of individuals. 

The Parish has in place steps to protect the personal information the Parish holds from misuse, loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and pass worded access rights to computerised records. 

Updating personal information 
The Parish endeavours to ensure that the personal information it holds is accurate, complete, and up to date. A person may seek to update their personal information held by the Parish by contacting the Parish Office - tel: 9819 3699 at any time. 

The National Privacy principles require the Parish not to store personal information longer than necessary for our purposes for use and disclosure. 

You have the right to check what personal information the Parish holds about you 
Under the Commonwealth Privacy Act and with some exceptions, an individual has the right to obtain access to any personal information, which the Parish holds, about them and to advise the Parish of any perceived inaccuracy. Children will generally have access to their personal information through their parents and/or guardians. 

To make a request to access any information the Parish holds about you or your child, please contact Parish Office at Hawthorn Catholic Parish, 345 Burwood Road Hawthorn, 3122 in writing. 

The Parish may require you to verify your identity and specify what information you require. The Parish may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. 

 

Consent and right of access to the personal information of children 
The Parish respects every parent and/or guardian's right to make decisions concerning their children's religious upbringing and care. 

Generally, the Parish will refer any requests for consent and notices in relation to personal information of a child to the parent and/or guardian. The Parish will treat consent given by a parent and/or guardian as consent given on behalf of the child and notices to parent and/or guardians will act as notice given to the child. 

Enquiries 
If you would like further information about the way the Parish manages the personal information it holds, please contact the Parish Office by telephone on 9819 3699 or in writing at Hawthorn Catholic Parish, 345 Burwood Road, Hawthorn, 3122. 

 

Attachment 1 

Sample Standard Collection Notice 

1.     The Parish collects personal information, including sensitive information 
about members of the faithful. The primary purpose of collecting this information is to enable it to administer the sacraments and pastoral care to the faithful, and often to children of the faithful. Information may be required to allow the Parish to meet some of its legal obligations, provide care for the child while under supervision and discharge its duty of care. If you reside in the Parish or otherwise continue to use its services, the information may also be used to solicit donations and/or request your services as a volunteer from time to time. 


2.     The Parish from time to time discloses personal and sensitive information to others for administrative purposes. This includes other Parishes, the diocese, medical practitioners and people providing services to the schools including volunteers. 

3.     If we do not obtain the information requested, we may not be able to administer the sacraments. 

4.     Personal information collected from children is disclosed to their parents or guardians. Parents or guardians may seek access to personal information collected about them and their son/daughter by contacting the Parish. 

5.     Adults may also seek access to information collected about them in the 
same manner. 

6.     As the Parish is largely reliant upon locally raised funds and local effort for its continuation, information received from those who reside in the Parish or avail themselves of its services may be used to solicit donations and other forms of support from them. On occasions it uses the resources of the Archdiocese to support this process and in the course of this, information is made available to those people. We will not disclose your person information to other third parties for other fundraising purposes without your consent. 

 

Attachment 2 

Sample Employment Collection Notice 

1.      In applying for this position you will be providing Hawthorn Catholic Parish  with personal information. We can be contacted at the Parish Office by telephone on 9819 3699 or in writing at Hawthorn Catholic Parish, 345 Burwood Road, Hawthorn, 3122. 

2.      If you provide us with personal information, for example your name and address or information contained on your resume, we will collect the information in order to assess your application. 

3.      You agree that we may store this information for 2 years. 

4.      You may seek access to your personal information that we hold about you if you are unsuccessful for the position. However, there will be occasions when access is denied. Such occasions would include where access would have an unreasonable impact on the privacy of others. 

5.      We will not disclose this information to a third party without your consent. 

6.      (if applicable) We are required to (conduct a criminal record check) collect information (regarding whether you are or have been the subject of an Apprehended Violence Order and certain criminal offences) under Child Protection law before employment can be offered 

7.      If you provide us with the personal information of others, we encourage you to inform them that you are disclosing that information to the Parish and why, that they can access that information if they wish, that the Parish does not usually disclose the information to third parties and that we may store their information for 2 years. 

 

Attachment 3 

Contractor/Volunteer Collection Notice 

1 .      In applying to provide your services you will be providing Hawthorn Catholic Parish  with personal information. We can be contacted at the Parish Office by telephone on 9819 3699 or in writing at Hawthorn Catholic Parish, 345 Burwood Road, Hawthorn, 3122.

2.      If you provide us with personal information, for example your name and address or information contained on your resume, we will collect the information in order to assess your application. We may also make notes and prepare a confidential report in respect of your application. 

3.      You agree that we may store this information for 2 years. 

4.      Access to this information may be available to you if you ask the Parish for it. 

5.      We will only disclose this information to a third party if related to the services you are providing or with your consent. 

6.      (if applicable) We are required to (conduct a criminal record check) collect information (regarding whether you are or have been the subject of an Apprehended Violence Order and certain criminal offences before a contract can be awarded) 

7.      If you provide us with the personal information of others, we encourage you to inform them that you are disclosing that information to the Parish and why, that they can access that information if they wish, that the Parish does not usually disclose the information to third parties and that we may store their information for 2 years.


BACK TO NAVIGATION