Privacy Plan
1. Privacy Statement
Safe Food Production Queensland (Safe Food) will assist in providing open and accountable government by pro-actively assessing information when it becomes a record. Safe Food is committed to the application of the Queensland Government’s Information Privacy Act (Qld) 2009 (the Act) which aims to ensure that personal information held by public authorities in Queensland is collected and managed responsibly and transparently. This plan reflects the requirements set down within the Act.
2. Plan Status
This plan has no legal status and is not legally binding on Safe Food. The plan cannot be used to limit the discretion of Safe Food to take any action. The plan is only to be interpreted as general guidance on how Safe Food will ensure compliance with the Act.
3. Scope
This plan applies to all Safe Food personnel and contractors employed by Safe Food. This plan also applies to all of Safe Food’s records and approved documents containing personal information.
4. Definitions
Collector
Where an agency collects personal information the agency is regarded as the collector in relation to that information. Where personal information is collected by an individual in the course of their employment by, or in the service of, an agency then the agency is regarded as the collector in relation to that information.
Consent
Voluntary agreement to some act, practice or purpose. Consent can be express or implied. Express consent is given explicitly, either orally or in writing. Implied consent arises where consent may reasonably be inferred from the conduct of the individual.
Individual
Means a natural living person rather than, for example, a company or organisation.
Personal
Defined as any information that would allow a person to be identified.
Information
Examples include an individual’s name, age and physical characteristics, such as hair colour, and can also include sensitive information such as political loyalty, religious beliefs, medical history or relationship details. It does not include information about an individual that is publicly available.
Solicit
In relation to personal information, this term means request a person to provide that information, or a kind of information in which that information is included.
Use
In general terms this term refers to the handling of personal information within an organisation including the inclusion of the information in a publication.
5. Background and Context
At a whole-of-Government level, effective corporate information management is fundamental to corporate governance, accountability and quality service delivery across government. The Queensland Government has committed to pro-actively making information available to the public.
The Information Privacy Act (Qld) 2009 (the Act) provides individuals with a legally enforceable right of access to, and amendment of, their own personal information held by Safe Food, unless this would, on balance, be contrary to the public interest. Safe Food is defined as a public authority under the Act and is therefore subject to the requirements of the Act.
Requests for non-personal information or for the personal information of others are dealt with under the terms of the Right to Information Act (Qld) 2009, as outlined in Safe Food’s Right to Information Policy.
6. Information Plan Principles (IPP)
Safe Food staff are made aware of their responsibilities to uphold privacy requirements and to comply with the requirements of the Privacy Act and related guidelines through training sessions and changes to documented procedures and policies.
Collection of Personal Information (IPPs 1 to 3)
When Safe Food collects personal information and intends to: (i) include the information in its records, in the form of a document, database, audio tape or photograph; or (ii) publish the information in a generally available publication, Safe Food must ensure that:
- only personal information directly related to its activities is collected by fair means;
- the collection of this information should not unreasonably intrude upon the privacy of the individual concerned;
- when collecting information the individual is advised why the information is being collected, and to whom the information is normally disclosed; and
- all reasonable steps are taken to ensure personal information is up-to-date, relevant and complete.
Storage and Security (IPP 4)
Where Safe Food possesses personal information, it must ensure that reasonable safeguards exist to prevent unauthorised access, use or disclosure of the information collected. To ensure this, Safe Food must institute appropriate levels of security, given the breach risk and sensitivity of the information held.
Access and Amendment (IPPs 5 to 7)
Individuals are entitled to access records containing personal information and to alter those records if they are inaccurate.
The rights of an individual to access and amend personal information held by Safe Food are the same as existing rights under the Right to Information Act (Qld) 2009.
Accuracy and Relevancy (IPPs 8 to 10)
Where Safe Food has possession or control of a record that contains personal information, that information shall not be used except for a purpose to which the information is relevant.
Where information is stored in a computerised database, service areas ensure that appropriate descriptions are used to avoid errors or misinterpretation of data and standards are adopted which allow consistent transfer of information between areas within Safe Food.
Standards have been adopted, in relation to the functions and purposes of the particular service area, to ensure personal information is used only for the authorised purposes for which it was collected. Authorised purposes include the delivery of accreditation services, auditing and monitoring, dispute resolution, investigations, policy and research, community education and information services. It may be used internally to improve service delivery and to directly target clients, for example information and education campaigns, to research emerging issues in the primary production sector and to establish client satisfaction levels with Safe Foods services.
Use and Disclosure (IPP 11)
Safe Food must use and disclose personal information: (i) only for the purpose for which it was collected; and (ii) only if the individual concerned is aware of, or has consented to that use or disclosure.
7. Collection & Management of Personal Information
7.1 Personal Information
Safe Food holds a range of information, some of which can be defined as personal information. All the records detailed below are retained on secured files for variable periods according to the Standard Retention and Disposal schedule. The records outlined below are kept in electronic and hard copy formats.
7.2 Personal Information
Personal information on accreditation holders is gathered and held within Safe Food to facilitate the effective management of legislative requirements and ensure the effective delivery of services to the community:
- Accreditation and Enforcement Records (including Accreditation Records; Audit and Inspection reports; Enforcement Records; Slaughter Statistics; Domestic Export Statistics), in order to undertake the management of food safety risks and other duties delegated to Safe Food under the Food Act (Qld) 2006./em>.
- Accreditation Holder Service Records (including Accreditation Holder Contact Lists and Accreditation Holder Enquiry Records), in order to: (i) allow Safe Food Officers to maintain personal lists of business and accreditation holder contacts; (ii) generate mailing lists for specific Safe Food publications to interested parties; and (iii) store details of enquiries initiated by individuals on matters concerning Safe Food.
7.3 Personal information about employees and prospective employees
This is required so that human resource management functions can be carried out for prospective and current staff. These functions include leave details, performance management, training, staff selection and information required for reporting against public sector requirements such as target groups.
Types of information collected include: names, dates of birth, contact details, work histories, tax file numbers and bank account details, referee reports, photographs, internet and email usage, and relevant medical histories.
Collection is authorised under the Food Production Safety Act and the Privacy Act, relevant legislation (such as taxation and financial administration requirements) and internal policies and procedures.
7.4 Ministerial Correspondence
Includes correspondence addressed to the Minister or his staff from a member of the public or other government agency on matters relating to Safe Food responsibilities. These records often include personal information and can only be accessed by the CEO, senior managers and administrative staff with responsibility for processing ministerial correspondence.
7.5 Operational Records
- Financial Management System, in order to process and account for expenditure and revenue, where the personal information relates to creditors and debtors.
- Contracts, in order to maintain contractual requirements for agreements with external providers, including government agencies and commercial service providers. The personal information contained within these records may relate to accreditation holders, contractors, vendors and other parties to a contract.
- Vendors, in order to retain and manage business and financial relationships with vendors. While most vendor information stored is of a commercial and publicly available nature, some personal information may be collected incidental to normal business relationships.
8. Release of Personal Information
Safe Food has in place mechanisms and normal administrative practices to handle routine requests for access to information, such as accreditation details, or for alterations to information such as changes of address. Individuals wishing to obtain access to, or amend information about themselves, should contact Safe Food at privacy@safefood.qld.gov.au. The personal information of staff will not be released without their written consent except in the following instances:
- where it is a matter of public record (e.g. Accreditation status);
- where it relates to a person’s Safe Food contact details;
- where a request is made in accordance with a legislative or statutory provision (e.g. requests made under an Act or Statute);
- where an official written request has been received from a law enforcement agency;
- where a legally enforceable request or direction has been received (e.g. subpoenas or writs issued by a court); or
- where disclosure is necessary to prevent or lessen a serious threat to a person’s life, health, safety or welfare, or to public health, safety or welfare.
Safe Food is required to acknowledge receipt of a request within 10 business days, to consult with the applicant regarding any difficulties in dealing with the request, and either grant access to the information required or provide specific written reasons for refusing access within 25 business days. This may be extended by a further 10 business days if consultation with a third party is required.
8.1 Accountabilities
The Chief Executive Officer (CEO) is defined as the “Principal Officer” under the Act. The CEO has delegated the responsibility for determining the outcome of IP applications to the Chief Information Officer (CIO)
CEO
Provide authority to release and manage information.
Safe Food Officers
Submit required information to the delegated officer.
8.2 Processing Requests
The CEO is responsible for making decisions regarding release of information within the time periods as set out in the Act. The CEO (or delegate) will liaise with applicants, prospective applicants and Safe Food Officers responsible for record keeping in the areas relevant to the information request regarding access to documents.
Safe Food Officers are responsible for locating information held in their areas. Declarations will be required by such officers, at the time records are provided, attesting to the thoroughness of their search and that electronic or hard copies of all documents identified have been provided. If information cannot be located, a written explanation of what action was taken to locate the information should be provided.
If inspection only of documents has been requested or if the publication scheme states that inspection of documents is the means by which certain information can be accessed, the applicant will be provided with reading facilities. At the applicant’s request, Safe Food will provide a copy of the documents, where possible, in the format requested.
The Act provides that access to certain documents or to certain information contained in documents may be refused in order to protect public interests or the private or business affairs of others. A request to obtain access to documents which contain information about the private affairs of others will usually be refused. Safe Food may also refuse access to documents on the grounds that there would be a substantial and unreasonable workload in identifying, locating and collating the volume of documents in question. If a request for access or amendment is refused, Safe Food will give specific written reasons for the decision and advise the applicant of their rights to appeal against the decision.
8.3 Appeal
The Act gives applicants a legally enforceable right to appeal against a refusal by Safe Food to grant full or partial access to, or to amend personal information.
8.4 Internal Review
If the decision on an IP request was made by a Safe Food Officer, other than the CEO, an applicant may request that Safe Food reconsiders its decision. An applicant may, however, apply directly for external review without first seeking internal review.
An application for internal review must be made in writing within twenty business days after the date of the written notification of the decision, stating reasons for seeking amendment of the decision or identifying particular aspects of the decision which are of concern.
A fresh decision will be made as soon as practicable, but no longer than 20 business days after the application is received by Safe Food. Reasons will be given if the appeal is not upheld. Applicants will also be advised of their rights to seek an external review.
8.5 External Review
The Information Commissioner is independent of Safe Food and is responsible for reviewing the RTI decisions of all agencies. An application to the Commissioner for external review may be made if:
- The request was decided originally by the CEO;
- An applicant is dissatisfied with the outcome of an internal review; or
- Safe Food fails to make a decision in relation to an internal review within the prescribed timeline.
An application for external review must be made in writing within twenty business days of the notification of the decision or outcome of an internal review.
8.6 Third-Party Requests for Personal Information in Relation to Legal Processes
From time to time, third parties, such as the Queensland Police, legal representatives and others submit requests for personal information in relation to legal processes. Information will only be provided to legal representatives where a subpoena or writ of non-party disclosure is provided, or where the individual to whom the request relates has provided written consent.
Where law enforcement agencies (e.g. the Police) or third parties wish to request personal information regarding a member of staff, then this request must be submitted in writing by an authorised officer, quoting the Act or Statute under which the request is made, and addressed to the CEO.
9. Source Documentation
Right to Information Act (Qld) 2009
Information Privacy Act (Qld) 2009
Food Production (Safety) Act 2000