9. Adoption, Use or Disclosure of Government Related Identifiers
GCSS will not adopt or use a Government Related Identifier for GCSS’s own purpose of identification. This includes Medicare, Centrelink, driver’s license, tax file or Australian Passport numbers, unless an exemption applies under the Privacy Act. GCSS may collect Government Related Identifiers for other purposes but will ensure that information is only used and disclosed as defined by the Australian Privacy Principles. GCSS will not use or disclose a Government Related Identifier unless an exemption applies under the Privacy Act.
10. Quality of Personal Information
GCSS will take reasonable steps to ensure that personal information it collects is accurate, up-to-date and complete and the steps GCSS takes to ensure this, will have regard to the purpose of the use or disclosure of the personal information.
11. Security of Personal Information
GCSS will take reasonable steps to protect personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure. Where GCSS no longer needs the personal information for any purpose for which the information may be used or disclosed, GCSS will take reasonable steps to destroy or de-identify the information. Exemptions will apply where the information is part of a Commonwealth Record or where GCSS is required by law or court/tribunal order to retain the personal information.
12. Access to Personal Information
If GCSS receives a request for personal information it holds about an individual by the individual or another person who is authorised to make a request on their behalf (such as legal guardian or authorised agent) GCSS will provide the information in a reasonable period after the request was made( within 30 calendar days generally being seen as reasonable). The personal information requested will be provided in the manner requested by the individual if it is reasonable and practical to do so (the manner of another person who is authorised to make a request on their behalf access may for example be by email, phone, in person ,hard copy or electronic record). Before personal information is provided GCSS must be satisfied that the request for personal information is made by the individual concerned or another person who is authorised to make a request on their behalf (in short that the request complies with the Australian Privacy Principle regarding the Use of Disclosure of Personal Information.) GCSS may consider there are grounds for refusing to give access to personal information and the grounds of refusal will be communicated with the person making the request. Grounds for refusing will be communicated with the person making the request. Grounds for refusing a request would be where GCSS reasonably believes giving access would pose a serious threat to life, health or safety: giving access would have an unreasonable impact on the privacy of other individuals: the request for access is frivolous or vexatious: the information related to existing or anticipated legal proceedings between GCSS and the individual and would not be accessible by the process of discovery in those proceedings; giving access would reveal intentions of GCSS in relation to negotiations with the individual;in such a way as to prejudicethose negotiations; giving access would be unlawful under an Australian law; GCSS would have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to GCSS functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; giving access would be likely to prejudice enforcement related activities conducted by, or on behalf of an enforcement body; or giving access would reveal evaluative information within GCSS in connection with a commercially sensitive decision-making process.
If GCSS refuses to give access in the manner requested by the individual, GCSS will give the individual written notice setting out the reason, the complaint mechanism available to the individual and any other matters prescribed by regulations under the Privacy Act. GCSS will not impose a charge on making a request to access personal information but may impose a charge for giving access to requested personal information. If a charge is to be applied, it will not be excessive but look to recover costs of providing the personal information requested.
13. Correction of Personal Information
Where GCSS is satisfied that personal information is inaccurate, out of date, incomplete, irrelevant or misleading; having regard to the purpose or where an individual requests GCSS correct personal information, GCSS will take reasonable steps to correct the information. If another person has requested a correction, then GCSS will give notice to the person requesting a correction, as to why a correction is refused; if that is the case (and associate a statement with the information if the correction is refused) and not charge the person in relation to the request.