The document discusses an organization's "Taking Responsibility" program which aims to provide tools, training, communication and resources to ensure employees understand their obligations. It covers responsibilities related to risk management, environmental protection, privacy, records management, freedom of information and information security. Key aspects of privacy, records management and information security are defined.
4. What is privacy? ‘ Personal information’ & ‘health information’ ‘ Health information’ ‘ Personal information’ Cth & ACT public sector & some private sector orgs Vic public & private sectors Vic public sector Federal Privacy Commissioner Health Services Commissioner, Vic Privacy Commissioner, Vic NPPs & IPPs Privacy Act 1988 (Cth) 11 Health Privacy Principles (HPPs) Health Records Act 2001 (Vic) (HRA) 10 Information Privacy Principles (IPPs) Information Privacy Act 2000 (Vic) (IPA)
5. Privacy – Key definitions Is a photo personal information? Are details of a person’s position and salary recorded on their personnel file? Includes information about a person’s race or ethnicity and criminal record. Sensitive information Information able to be linked to a living or deceased person about a person’s physical, mental or psychological health. Health information Recorded information about a living identifiable or easily identifiable individual. Personal information
The Taking Responsibility program is about providing all staff with the tools, training and resources to ensure the department fulfils all of its obligations. Taking responsibility is what we do when we adopt good records management practices and why we ensure sensitive information is handled in a sensitive manner. It is about asking for advice if unsure, so we can all adopt stringent but practical regimes. The program aims to maintain and grow awareness of the key obligations that each staff member has in their day-to-day work. The Program is about supporting you with tools, training, promotional materials and resources to ensure all staff know how to perform their roles and meet all of their obligations on an ongoing daily basis. Some of those obligations include adhering to the VPS Code of Conduct, privacy and freedom of information laws, information security requirements, records management practices and risk and environmental management. The program takes a pro-active approach to compliance through cooperation and coordination and, only where necessary, through intervention. The program emphasises three broad activities. These are: prevention – through policies, procedures, general awareness activities and learning and development tailored intervention – through self assessment tools, monitoring of activities, issues management and feedback treatment and control – through investigations, complaints handling, disciplinary procedures and auditing.
While there are several obligations you need to be mindful of as an employee, responsibilities which are pivotal to the Taking Responsibility program are: Privacy & FOI Records Management Information Security Code of Conduct Environment As a group they form the mnemonic – PRICE. The cost of non- compliance can be “price”-less, whereby breaches exact a heavy “price” on both individuals and the department. What price would you personally put on non-compliance?
The Victorian Information Privacy Act covers personal information, other than health related personal information, held by Victorian public sector organisations. This is the legislation that will be focussed on in this session. The Information Privacy Act came into effect on 1 September 2001. It established the Office of the Victorian Privacy Commissioner which is an independent statutory office along the lines of the Ombudsman or Auditor-General. The Privacy Commissioner, Paul Chadwick, took up a five year appointment in July 2001 which finishes this year. The Privacy Commissioner can receive complaints about perceived breaches of privacy by public sector organisations which took place after 1 September 2002. Each of the two acts contain Privacy Principles which guide how personal information should be handled – these are very similar across the two pieces of legislation.. Most Victorian public sector organisations will be subject to more than one privacy law. For example, many will hold some health related personal information about employees making the organisation subject to both the Information Privacy Act and the Health Records Act .
Under the Victorian Information Privacy Act , personal information is any information or opinion, whether true or not, about an individual whose identity is apparent or can reasonably be ascertained. Information can still be identifying even if it does not include a person’s name. For example an address in today’s age of reverse telephone directories may be personal information. Most public sector organisations hold personal information about members of the public and also about their employees. The Health Records Act defines health information as information able to be linked to a living or deceased person about a person's physical, mental or psychological health. It includes disability related information. Sensitive information includes information about a person’s race, ethnicity and criminal record.
Always assume that whatever you write on a file could be accessed under FoI It is imperative that files are well maintained You should always attach documents in TRIM and to the relevant file (including e-mails) so that they can readily be discovered Information and decisions recorded in TRIM and on files needs to be factual, soundly based, objective and reached in an appropriate manner
The code of conduct is binding and describes the behaviours expected of us as public sector employees. It may be supplemented by other information. Check with your manager or HR to see what other guidelines apply to your work. You might like to mention those that apply in your organisation. The behaviours described in the code are so important to our work that acting otherwise could be regarded as misconduct.
Today was an introduction to the code of conduct, the Victorian public sector values and the behaviours that support them. There are lots of ways you can put the code into practice. Here are some. Can you suggest other ways?
The Taking Responsibility Program consists of four distinct phases: Risk, Awareness & Education, Monitoring & Compliance, & Policies & Procedures. Under each of these headings a number of activities have, or will be occurring. It is important to bear in mind that all of these phases are just as important as each other. All parts of the program need to be ongoing and kept active. Briefly, there will be a number of communication and training activities. There will be regular communication by a variety of means to keep compliance in your mind. Think short presentations ( like this one), posters and giveaways, articles on J-NET, messages on email and e-messages. A few well chosen key messages have been developed. Communication back the other way from you is also just as important! We are also taking a close look at our policies and procedures. Our policies and procedures must be written from the person who will carry them out, so they require direct input from the operating divisions to ensure that they actually work. We are examining how many policies we have, the quality of those polices and how we train you in there requirements. An important part of monitoring is to identify the main potential danger areas in each work practice and pay special attention to those areas on a regular basis. The Programme will be working closely with business units to monitor against unwanted problems. The purpose of monitoring is to ensure that the required procedures are being followed, help resolve difficulties at an early stage, seek, and listen to, any suggestions for improvements, and serve as early waning device. Underpinning a lot of this program, is identifying and controlling danger areas. The prompt rectification of all failures of the system can, to some extent, be managed through a threat and risk assessment approach.
Many of you would have received some promotional materials either electronically or in hard copy as part of Privacy and Human Resources Awareness Week. CCS staff would have received materials from CV Head Office. In the coming months posters and tips will be distributed. Sneak and Peak In addition, hot off the press, is a sneak peak at some of the posters that have been developed and will be rolled out in the coming weeks. Each of the icons in the secondary posters also features in the primary poster. The hand and tree for environment, a USB key and padlock for information security, and a whistle for whistle blowing.
The coloured balloon activity raises awareness of the clear desk and screen policy, especially the importance of securing sensitive and private information. The coloured balloons and cards used green, orange and red to signify how well staff complied with the policy. Coloured cards provided individuals with a personal rating while the balloons indicated team performance. The activity also used black balloons to highlight the importance of being environmentally responsible such as turning off lights and computers at the end of every day. The activity provides Managers with an immediate indication as to which areas could be improved and which were doing things well. Information for Regional Managers on how to host a Coloured Balloon day activity and FAQs and tips on keeping a clear desk and being environmentally will be available from the Taking Responsibility homepage.