PIAC collects, uses, discloses, and otherwise handles personal information in accordance with the Australian Privacy Principles (APPs) which are contained in in the Privacy Act 1988 (Cth).
PIAC also complies with:
- the Privacy and Personal Information Protection Act 1998 (NSW) and
- the Health Records and Information Privacy Act 2002 (NSW).
The types of personal information PIAC holds
PIAC collects personal information about people who:
- Are legal clients or seek legal assistance. We may collect your name, date of birth, contact details, information about your circumstances, and information about the matter you are seeking assistance with. So PIAC’s lawyers can advise potential clients whether PIAC can act for them, PIAC’s lawyers also need to know some information about the potential client’s identity, the nature of their matter, and who the other parties are.
- Are third parties involved in legal matters with PIAC’s clients or potential clients. We may collect your name, date of birth, contact details and information about your circumstances.
- Donate money to PIAC. We may collect your name, email address and address, payment details, amount and frequency of donations, communication preferences, and records of any contact or correspondence you have with us.
- Subscribe to PIAC bulletins or other PIAC communications. We may collect your name, organisation and contact details and details about the information you access in our publications and notifications.
- Attend PIAC events. We may collect your name, organisation, contact details and information about your attendance at PIAC events.
- Make a complaint. We may collect your name, contact details, the details of your complaint, information collected in any investigation of the matter and details of the resolution of the complaint.
- Apply for a job or other position at PIAC. We may collect the information you include in your application, including your cover letter, resume, contact details and referee reports.
‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
‘Sensitive personal information’ is information relating to racial or ethnic origin, religious beliefs, health and genetic information (including information about a disability) and whether or not you have a criminal record. This requires a higher level of protection under privacy laws.
When PIAC acts for a client, its lawyers may need to collect personal information and sensitive information about the client from other people, including the client’s health service providers, or government agencies. PIAC will obtain the client’s authority before collecting this information.
When will PIAC collect personal information?
PIAC will only collect personal information if:
- it is for a lawful purpose that is directly related to one of its functions; and
- it is reasonably necessary for PIAC to have the information.
PIAC will only collect sensitive personal information if:
- the person has consented; or
- the collection is required by law; or
- PIAC is required to collect and the information to assist to deal with a serious and imminent threat to any person (and the person is incapable of giving consent).
How PIAC collects personal information
- PIAC will collect personal information directly from the person unless it is expressly authorised to collect it from another source.
- PIAC will ensure that the personal information it collects is relevant, accurate, up-to-date, complete, and not misleading.
Use and disclosure
The nature of the services provided by PIAC means that it is often necessary for us to disclose your personal information to other parties. We will ordinarily let you know who we will disclose your personal information to when we collect the information from you (unless there are practical reasons for not informing you).
Common third parties we might need to disclose your personal information to include:
- the legal providers that give legal assistance to our clients
- other community legal service providers (for file audit purposes)
- our funding providers (although personal information will only be provided with consent)
- financial institutions for payment processing
- referees whose details are provided to us by job applicants
- a court (for obtaining copies of documents relevant to your matter).
We may also need to disclose your personal information to our contracted service providers which include:
- information technology service providers
- event and function organisers
- communications, analytics, and research service providers
- freight and courier services
- external business advisers (such as recruitment advisors, auditors and lawyers).
PIAC will take reasonable security measures to protect personal information from loss, unauthorised access, use, modification or disclosure.
PIAC will ensure personal information is stored securely, not kept longer than necessary, and disposed of appropriately.
PIAC will allow people to access their personal information within 30 days and without unreasonable delay.
PIAC will only refuse access where authorised by law or where PIAC is concerned that providing access will affect the safety and wellbeing of a client. PIAC will provide written reasons for declining to provide personal information after receiving a request.
PIAC will allow people to update or amend their personal information, to ensure it is accurate, relevant, up-to-date, complete or not misleading.
Before using personal information, PIAC will take appropriate steps to ensure that the information is relevant, accurate, up-to-date, complete, and not misleading.
For more information about privacy law in Australia, see www.privacy.gov.au.
If you have a query about how PIAC handles privacy matters, contact PIAC and ask to speak to the one of PIAC’s Principal Solicitors.