National Privacy Principles
The Australian Federal Privacy Act came into operation on 21st December 2001, introducing sweeping legislative protection for consumers and individuals' personal information. The act is referred to as the National Privacy Principles (NPP).
As a valued member of AFG, you, your staff and sub contractors are impacted by the NPP and as such you must demonstrate compliance to the NPP if called upon or potentially face sanctions and fines.
The act imposes significant obligations on our industry in relation to the collection, storage, accuracy, use, disclosure, retention and security of personal information in hard files and on and offline systems. It embraces any information that would enable an individual to be identified.
The following is a guide to practices that should happen in relation to the NPP:
- DO ensure you are fully conversant with your obligations to the NPP.
- DO ensure your staff and sub contractors are fully aware of their obligations to the NPP.
- DO ensure only authorized persons have access to information held by you in systems and files.
- DO ensure that all Consent forms are stored in a suitable and secure location for retrieval if necessary for up to a period of 7 years. The AFG NPP must be held in a secure location away from the client files.
- DO ensure you have all the latest lenders application forms with the new NPP consent clauses or obtain the separate consent forms from the lenders.
- DO ensure you and your staff and sub contractors use the Consent to Disclose Information to AFG on each and EVERY occasion when dealing with applicants.
- DO only store information with the client's consent and ensure consent form is always held.
- DO regularly change the access codes to your systems and other areas where personal information is stored.
- DO utilize the Complaints Handling Process and forms provided if you have no other procedures in place.
- DO review all marketing and promotional campaigns to ensure full compliance to NPP.
- DO review who has access to personal information stored in your systems and premises.
- DO review your newsletters and mass correspondence to ensure compliance with NPP.
- DO set up procedures permitting individuals access to their personal information should they officially request.
- DO react quickly, efficiently and courteously to any customer privacy complaints.
- DO continue to educate your staff on the principles of NPP.
- DO remember that there is a $20,000 fine per breach of this Act.
The following is a guide to practices that should not happen in relation to the NPP:
- DO NOT lodge an application to lenders without a completed and signed lender Privacy statement form.
- DO NOT LOSE ANY SIGNED CONSENT FORMS
- DO NOT collect personal information unless it is specifically to be used for the primary purpose ie, loan approval.
- DO NOT pass personal information onto third parties without consent.
- DO NOT deal with third parties involved with personal information transfer unless you have evidenced their compliance to NPP.
- DO NOT store or use an identifier to information that has been assigned by a Government Agency or contractor to a Government Agency unless it is needed to meet obligations to that Agency such as an ABN.
- DO NOT dispose of personal information in a careless manner permitting unauthorized persons access.
- DO NOT collect or store personal information on an individual with reference to the following:
- Racial or ethnic origin
- Political opinions
- Membership of a political association
- Religious beliefs or affiliations
- Philosophical beliefs
- Membership of a professional or trade association
- Membership of a trade union
- Sexual preferences or practices
- Criminal record
- Health information about an individual.
The lesson to be learnt here is do not pass on or accept ANY information about an individual to or from another party without knowing consent has been provided.
|
Contact
Phone (07) 54 300 900
Fax (07) 54 300 999
