Home | Links | Contact Us

Privacy Plan

Privacy Plans title 

Aim
The aim of this plan is to outline the measures to be implemented by the Office of the Governor in order to comply with Federal and State Government privacy requirements, and the timeframe for implementation. This plan is supported by a Privacy Implementation Plan.

Acts Administered by the Office of the Governor
The Office of the Governor administers no Federal or State Acts or regulations.

Treatment of Personal Information Held by the Office of the Governor
The treatment of personal information collected, used and stored by the Office of the Governor is governed by the requirements of this plan, the Queensland Freedom of Information Act 1992, and the Commonwealth Government Information Privacy Principles (IPPs) outlined in the Commonwealth Privacy Act 1988.

As a guiding principle, all information held by the Office of the Governor is collected and managed in a responsible and transparent manner in accordance with the principles enunciated in the IPPs. No information is sold or distributed to unauthorised third parties, and information and records are stored and/or disposed of in a secure manner.

The IPPs deal with the following:

  • Principle 1: Manner and purpose of collecting personal information;
  • Principle 2: Solicitation of personal information from individuals;
  • Principle 3: Solicitation of personal information generally;
  • Principle 4: Storage and security of personal information;
  • Principle 5: Information relating to records held by record-keeper;
  • Principle 6: Access to records containing personal information;
  • Principle 7: Alteration of records containing personal information;
  • Principle 8: Checking of accuracy of personal information before use;
  • Principle 9: Personal information to be used for relevant purposes;
  • Principle 10: Limits on use of personal information; and
  • Principle 11: Limits on disclosure of personal information.

Details of the IPPs can be obtained at the Department of Innovation and Information Economy website.

Types of Personal Information Held by the Office of the Governor
The Office of the Governor collects, stores and uses:

Employee Personal Information
The Office of the Governor collects, stores and uses personal information about its employees. Typically this information will comprise basic personal data such as name, address, date of birth and other ‘record' type information, normally supplied as part of the recruitment and induction process. Specific information will also be collected on behalf of the Australian Taxation Office (Tax File Number Declaration) and payroll provider (bank account details etc). Over time, employee records progressively build up to form a staff member's personal record or file which will contain a wide range of information such as changes of address, next-of-kin details, leave history, sickness history, attendance record, disciplinary record, performance record and other similar information. This information is retained for effective personnel and human resource management. Generally, this information is retained in a secure container or database, and access is limited to those staff members employed in management or human resources functions. Access to personal records is controlled by the Office Manager.

Personal information about vendors
The Office of the Governor collects, stores and uses basic and business-related information about vendors. Typically this information will comprise basic data such as business name, address, Australian Business Number (ABN) and other ‘record' type information, and will include details provided to the Office as part of initial vendor validation. Specific information will also be collected to enable ‘EFT' processing of vendor payments. This information is retained in order that normal business processes can be carried out by the Office of the Governor. Generally, this information is retained in a secure container or database, and access is limited to those staff members employed in financial management, purchasing, or payment functions. Access to vendor-related information is controlled by the Office Manager.

Information about Patronage organisations
The Office of the Governor collects, stores and uses basic and business-related information about organisations for which the Governor performs the role of patron. Typically this information will comprise basic data such as organisation name, address, office holders and other ‘record' type information, which initially establish the bona fides of the organisation, and encourage ongoing communication between it and the Office of the Governor. Over time, patronage records are progressively built up to form a file which will contain a wide range of information such as annual reports, lists of office holders, relationship history, and other similar information. This information is retained in order that normal patronage processes can be effectively carried out by the Office of the Governor. Generally, this information is retained in a secure container or database, and access is limited to those staff members employed in patronage-related functions. Access to patronage-related information is controlled by the Public Affairs Advisor and the Office Manager.

Personal information about people who are regularly invited to functions and events at
Government House or who are considered to be clients
The Office of the Governor collects, stores and uses basic and personal information about people who are regularly invited to functions and events at Government House. Typically this information will comprise basic data such as name, address, spouse's name, decorations held, attendance at functions, and other ‘record' type information. It will include details provided to the Office by the individual and information recorded by the Office from other sources such as correspondence and newspaper coverage. This information is retained in order that normal office business processes can be effectively carried out by the Office of the Governor, including having available contemporary records of address and attendance. Generally, this information is retained in a secure computer database, and access is available to those staff members who have access to the Office of the Governor local area network. Access to this type of personal information is monitored by the Office Manager.

Service Level Agreements, Licences and Outsourcing Arrangements
These are as follows:

Service Level Agreements: between the Office of the Governor and QBuild for the provision of horticultural services.

Licences: An Apparatus Licence issued by the Australian Communications Authority for the operation of ambulatory systems (security staff radios).

Outsourcing Arrangements: Arrangements with the Queensland Parliamentary Service for the provision of payroll services to the Office of the Governor.

As at October 2003, one of these agreements had been reviewed for compliance with privacy requirements. Over time, and as these agreements expire and are renegotiated, these agreements will be amended to comply with the requirements of the IPPs. This will be in accordance with the Implementation Timetable below.

List of Public Registers Managed by the Office of the Governor
No Public Registers are managed by the Office of the Governor.

Office of the Governor Implementation Timetable
The following timetable applies to implementation of the Office of the Governor Privacy Plan:

Privacy Implementation Plan

 Serial (a)  Goal(b)  Implementation (c)
 1  Promulgate awareness of privacy issues and policy  Develop website privacy statement and post to website server (by end of March 2002)Amend Office Procedures and Practices Manual 1996 (by November 2002)Central presentations for all staff affected by Privacy policies (by April 2002)E-mail bulletin to all staff (by March 2002)Incorporation of Privacy awareness material into induction training and programs (ongoing)Amend staff duty statement to reflect privacy responsibilities (by September 2003)
 2  Provide training on privacy issues and policy  Conduct privacy training for executive management staff (commence April 2002 and ongoing)Incorporate privacy awareness training into induction programs (ongoing)
 3  Review relevant policies and guidelines  Review and update procedures for dealing with external requests for information and records access (commencing April 2002 and finalised by September 2003)Review complaint handling procedures to include privacy complaints, consistent with statements in the Privacy Plan (commencing April 2002, completed by end September 2002)
 4  Review service agreements, licences and contracts  Review service agreements, contracts, licences and other binding agreements prior to renewal (commencing March 2002 and ongoing)Ensure compliance with IPPs in all renewed formal agreements (as formal agreements are renewed and/or extended)
 5  Review all Office notices, application forms, position applications, organisation summary charts and other agency-generated documentation to ensure compliance with IPPs  Review, and modify where necessary all ‘standard' forms to ensure compliance with IPPs (commencing March 2002, and completed by August 2003)Incorporate IPP compliance into new forms or documents raised (commencing April 2002 and ongoing)
 6  Develop privacy policies and guidelines  Develop summary handout material for inclusion in induction and staff training (by June 2002)Consider privacy implications on agency contracts and formal agreements for inclusion in negotiation (ongoing)Develop guidelines for key staff with special responsibilities for HR and correspondence functions (ongoing)
 7  Conduct annual review  Annual review and correction as necessary (commencing June 2003, and thereafter annually in June)

Procedure to Gain Access to Personal Information
Any person or organisation wishing to obtain access to personal records held by the Office of the Governor should submit a written request or e-mail Government House. Right of access is limited to existing rights under the Freedom of Information Act 1992, and will be processed in accordance with the requirements of the Office of the Governor Information Privacy Plan.

Review Procedure
If a person or organisation believes that their personal information has not been dealt with in accordance with an IPP they may make a request to the Office of the Governor seeking an internal review. A request for an internal review must be made in writing and must be made within six months from the date when the breach was suspected to have occurred. Requests should be forwarded to: The Office Manager, Office of the Governor, GPO Box 434, Brisbane, Qld. 4001. Requests for internal review will not be accepted by e-mail.

Requests for review will be acknowledged in writing within 14 days from the date of receipt, and will be processed and responded to within 60 days of receipt. The Office of the Governor will respond in writing.

If an applicant does not agree with the decision / response, a request may be made for further internal review. The Official Secretary / CEO will arrange for an internal review to be carried out by a more senior officer who has not previously been involved in the matter. This review will be conducted within 45 days of receipt of the request, and the Official Secretary / CEO will respond in writing to the applicant.

The Governor | Government House | Ceremonial and Honours | News and Media | Forms | Employment | Annual Reports | Privacy Statement | Get Adobe Acrobat