Access keys | Skip to primary navigation | Skip to secondary navigation | Skip to content | Skip to footer |

• Environmental management
  • Environmental management
  • EPA/LG Partnerships
  • Mt Isa
  • Air
  • Impact assessment
  • Land
  • Monitoring
  • Waste
  • Noise and nuisance
  • Coast and oceans
  • Planning and guidelines
  • State of the environment
  • Sustainability
  • Water
• Parks and forests
  • Parks and forests
  • Centenary of Parks 2008
  • Find a park or forest
  • Park alerts
  • Popular parks
  • Marine Parks
  • Wildlife parks
  • Great Walks
  • Activities in parks and forests
  • Safety in parks and forests
  • Caring for parks and forests
  • History of parks and forests
  • Managing parks and forests
  • World Heritage Areas
• Nature conservation
  • Nature conservation
  • Conservation Management Profiles
  • Wildlife
  • Biodiversity
  • Habitats
  • Plants
  • Nature refuges
  • Community role
  • CyberRangers
• Cultural heritage
  • Cultural heritage
  • Heritage tourism
  • Keep Queensland's heritage alive
  • Queensland Heritage Council
  • Registers and inventories
  • Protecting cultural heritage
  • Indigenous heritage
  • Owning a heritage place
  • Heritage places
• Ecoaccess
  • Ecoaccess
  • Codes of environmental compliance
  • Pre-design conferencing
  • Advice Agency role under IPA/IDAS
  • Biodiscovery
  • Business and industry
  • Coastal development
  • Cultural heritage
  • Contaminated land
  • Koala conservation and sustainability areas
  • Mining
  • Parks and forest management
  • Petroleum
  • Plants and animals
  • Waste management
• About the EPA
  • About the EPA
  • Customer First Declaration
  • Information for EPA employees
  • Premier’s Awards for Public Sector Excellence
  • Complaints, Compliments, Comments
  • Minister
  • Public notices
  • Legislation
  • Structure
  • Strategic planning
  • Public reporting
  • Freedom of information
  • Public consultation
  • EPA Research and Development Plan 2007-2012
  • Working at the EPA
  • EPA Calendar
• Publications
  • Search publications
  • List all publications
  • Recent additions
  • Bookshop
  • Library services

Privacy

• Information Privacy Principles
• Privacy Management Plan

See also:

• Mapping and databases online
• Site index
• Website updates
• Site map
• Disclaimer
• Access keys
• Copyright
• Help

Page options

Privacy Management Plan

1 Introduction

In September 2001 the Queensland Government approved the introduction of Information Standard 42 and supporting privacy guidelines to give effect to the Information Privacy Principles contained in the Privacy Act 1988 (Cwth) in the Queensland public sector.

Under Information Standard 42 personal information held by Queensland Government agencies must be responsibly and transparently collected and managed (including transfer of personal information held by agencies to other agencies, other levels of Government or the private sector) in accordance with the requirements of the Information Privacy Principles.

Agencies were also required to develop privacy plans to give effect to the Information Privacy Principles and publish their plans on their websites.  This plan has been developed for the Environmental Protection Agency. 

2 Personal information

The Information Privacy Principles (IPPs) are concerned with personal information.  For the purposes of IPPs 1 to 5 and 8 to 11 personal information is defined to mean:  information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.

Under IPPs 6 and 7 personal information is limited to the way that phrase has been interpreted in the Freedom of Information Act 1992 (Qld) (FOI Act).  IPPs 6 and 7 cover access to and alteration of records.

Personal information includes but is not confined to one or more of the following identifiers:  names, addresses, telephone numbers, dates of birth, employment information, medical records, student records, disabilities or distinctive physical characteristics.  The information may be recorded on paper or electronically or in any other medium such as audio or video.

Certain types of personal information such as information contained in Cabinet documents and information about an individual arising out of an investigation of misconduct under the Criminal Justice Act 1989 (Qld) are exempt.

3 Information protection principles

The Information Privacy Principles are 11 general principles that set the privacy standards with which agencies must comply.  The aim of the Principles is to minimise the risk of misuse of personal information.  They also allow individuals to exercise a reasonable degree of control over what happens to their own personal information.

To these ends, the Principles establish standards for:

• the collection
• storage and accuracy
• public awareness and subject access; and
• use and disclosure to third parties

of personal information.

An outline of the Information Privacy Principles is provided at Appendix A.

4 Acts administered by the Environmental Protection Agency

The Agency has identified legislation which is applicable to the collection, storage, use and disclosure of personal information and other legislation which may prevail over the IPPs. 

• Acts which prevail over the privacy principles include:
  • Freedom of Information Act 1992 (Qld)
    
  • Public Records Act 2002 (Qld)

• The Agency administers all or parts of the following legislation. 
  • Aboriginal Land Act 1991 (Qld) (s 83(2)-(11); s 134 (as it applies to the provisions of the Act administered by the Minister))
  • Alcan Queensland Pty. Limited Agreement Act 1965 (Qld) (Sch – to the extent that it is relevant to environmental matters)
  • Brisbane Forest Park Act 1977(Qld)
  • Central Queensland Coal Associates Agreement Act 1968 (Qld) (Sch pt III – to the extent that it is relevant to environmental matters)
  • Coastal Protection and Management Act 1995 (Qld)
  • Commonwealth Aluminium Corporation Pty. Limited Agreement Act 1957 (Qld) (to the extent that it is relevant to environmental matters)
  • Currumbin Bird Sanctuary Act 1976 (Qld)
  • Environmental Protection Act 1994 (Qld)
  • Forestry Act 1959 (Qld) (jointly administered with the Minister for Natural Resources and Water and Minister Assisting the Premier in North Queensland except to the extent administered by the Treasurer and the Minister for Primary Industries and Fisheries)
  • Gurulmundi Secure Landfill Agreement Act 1992 (Qld)
  • Marine Parks Act 2004 (Qld)
  • Mineral Resources Act 1989 (Qld) (to the extent that it is relevant to environmental matters)
  • Mount Isa Mines Limited Agreement Act 1985 (Qld) (to the extent that it is relevant to environmental matters)
  • National Environment Protection Council (Queensland) Act 1994 (Qld)
  • National Trust of Queensland Act 1963 (Qld)
  • Nature Conservation Act 1992 (Qld)
  • Newstead House Trust Act 1939 (Qld)
  • Queensland Heritage Act 1992 (Qld)
  • Recreation Areas Management Act 2006 (Qld)
  • Thiess Peabody Coal Pty. Ltd. Agreement Act 1962 (Qld) (to the extent that it is relevant to environmental matters)
  • Thiess Peabody Mitsui Coal Pty. Ltd. Agreements Act 1965 (Qld) (to the extent that it is relevant to environmental matters)
  • Torres Strait Islander Land Act 1991 (Qld) (s 80(2)- (11); s 131 (as it applies to the provisions of the Act administered by the Minister))
  • Tweed River Entrance Sand Bypassing Project Agreement Act 1998 (Qld)
  • Wet Tropics World Heritage Protection and Management Act 1993 (Qld)

5 Types of personal information held by the Environmental Protection Agency

The EPA collects, stores, uses and discloses personal information in the conduct of its business.  Six main categories of personal information have been identified for the purposes of the Agency’s Privacy Plan. 

The six main categories are:

• Employee personal information
• Client personal details which are required for licensing, permits, environmental applications, environmental services and sale/purchase of products
• Personal details required for public consultation programs, stakeholder and interest group activities and membership of formal advisory committees
• Personal information about vendors
• Images held in the agency’s photographic and video libraries.
• Other types of separately identified personal information for specific environmental operations including legal compliance

Details of personal information under categories:

5.1 Employee personal information

The following personal information is stored with Workforce Management Unit, Corporate Development.  Records are stored in accordance with the General Disposal and Retention Schedule for Administrative Records.  Access to the following records is restricted to approved officers.

• Medical records;
• Personal history files relating to contracted officers;
• Contracts and conditions of employment;
• Completed questionnaires and personnel survey forms;
• Records relating to character checks and security clearances;
• Records relating to counselling and discipline matters, including disciplinary, investigation and action files, legal action files, records of criminal convictions, and any other staff and establishment records as appropriate;
• Complaints and grievances;
• Compensation case files;
• Rehabilitation case files; and
• Equal employment opportunity data

The following personal information is stored with individual units within divisions and regions.  Access to this information is restricted to officers with appropriate delegation.  Recruitment records and position applications are provided to selection panel members.

• Records relating to attendance and overtime;
• Performance appraisals;
• Graduate and work experience schemes;
• Travel documentation; and
• Recruitment records and position applications.

The following information is stored and held with Corporate Solutions Queensland (CSQ).  This information is restricted to approved CSQ officers who are responsible for the maintenance of human resource information. 

• Records relating to attendance and overtime;
• Leave applications and approvals;
• Payroll and pay related records, including banking details;
• Tax file number declaration forms;
• Personal history files;
• Records relating to personal development and training;
• Records relating to removals; and
• Records of accidents and injuries.

There are formal agreements in place between EPA and CSQ which govern storage and use of personal information.

Aurion is the Human Resource Information System used to manage payroll functions.  It holds employee personal records electronically and produces reports.  Aurion is accessible to officers with approved delegation and authority within Corporate Development, CSQ, Divisional Units and Regional offices. 

5.2 Client personal details which are required for licensing, permits, environmental applications, environmental services and sale/purchase of products

1. Personal information held on hard copy forms and electronically

5.3 Personal details required for public consultation programs, stakeholder and interest group activities and membership of formal advisory committees

1. Databases containing personal information

5.4 Personal information about vendors

1. Submissions in response to request for offer held in hard copy and electronically

5.5 Images held in the agency’s photographic and video libraries

• Hard copy images stored in the Agency’s image library
• Images stored in electronic archives in EPA Marketing
• Images stored on PCs in EPA Marketing
• Images stored on PCs in divisions

Personal information, as outlined above, is stored on paper and electronically.

6 Public registers managed within the Agency

Public registers will be identified from time to time and their maintenance and use incorporated within the Agency’s personal information management practices.

7 Contracts, outsorcing arranagement, licences and permits

The Agency:

• enters into contractual and outsourcing arrangements with external organisations for the supply of goods and services to the Agency.  Preferred contracts are available which contain appropriate clauses covering privacy.
• has arrangements in place with Corporate Solutions Queensland (CSQ) for the delivery of services for the purpose of HR administration.  There are formal agreements in place between EPA and CSQ which govern storage and use of personal information.
• has entered into licence and permit arrangements with external organisations and individuals.   These arrangements may prevail over the privacy principles, as some were in existence before the Agency was required to comply with the privacy principles.  Licence and permit arrangements were reviewed and new licences and permits comply with the principles.

8 Procedures to gain access to personal information

IPPs 6 and 7 provide that access to and amendment of personal information is subject to any law of the State applicable to access to and amendment of information held by Government.  In effect, this means that access and amendment are to be dealt with in accordance with the FOI Act , which is the main statute governing access to documents and amendment of information.

Applications for access to records containing personal information must be made in writing to the Agency, as required by the FOI Act, and set out in detail the information to which access is requested.  The officer in the Agency delegated to do this work is the Freedom of Information Officer, Environmental Protection Agency, PO Box 15155, City East, 4002.  Enquiries should be directed to email: foi@epa.qld.gov.au or phone: 3237 1048.

Appendix A - Information Privacy Principles

Information Privacy Principle 1

1. Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:
   1. the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
   2. the collection of information is necessary for or directly related to that purpose
2. Personal information shall not be collected by a collector by unlawful or unfair means.

Information Privacy Principle 2

Where:

1. a collector collects personal information for inclusion in a record or in a generally available publication; and
2. the information is solicited by the collector from the individual concerned; the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, before the information is collected or, if that is not practicable, as soon as practicable after the information is collected, the individual concerned is generally aware of:
   • the purpose for which the information is being collected;
   • if the collection of the information is authorised or required by or under law, the fact that the collection of the information is so authorised or required; and
   • any person to whom, or any agency to which, it is the collector’s usual practice to disclose personal information of the kind so collected, and (if known by the collector) any person to whom, or anybody or agency to which, it is the usual practice of that first-mentioned person, body, or agency to pass on that information.

Information Privacy Principle 3

Where:

1. a collector collects personal information for inclusion in a record or in a generally available publication; and
2. the information is solicited by the collector; the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is collected:
   • the information collected is relevant to that purpose and is up to date and complete; and
   • the collection of the information does not intrude to an unreasonable extent upon the personal affairs of the individual concerned.

Information Privacy Principle 4

A record-keeper who has possession or control of a record that contains personal information shall ensure:

1. that the record is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss, against authorised access, use, modification or disclosure, and against other misuse; and
2. that if it is necessary for the record to be given to a person in connection with the provision of a service to the record-keeper, everything reasonably within the power of the record-keeper is done to prevent unauthorised use or disclosure of information contained in the record.

Information Privacy Principle 5

1. A record-keeper who has possession or control of records that contain personal information shall, subject to clause 2 of this principle, takes such steps as are, in the circumstances, reasonable to enable any person to ascertain:
   1. whether the record-keeper has possession or control of any records that contain personal information; and
   2. if the record-keeper has possession or control of a record that contains such information:
      • the nature of that information;
      • the main purposes for which the information is used; and
      • the steps that the person should take if the person wishes to obtain access to the record.
2. A record-keeper is not required under clause 1 of this Principle to give a person information if the record-keeper is required or authorised to refuse to give that information to the person under the applicable provisions of any law of the State that provides for access by persons to documents.
3. A record-keeper shall maintain a record in the form of a privacy plan setting out:
   • The nature of the records of personal information kept by or on behalf of the record-keeper;
   • The purpose for which each type of record is kept;
   • The classes or types of individuals about whom records are kept;
   • The period for which each type of record is kept;
   • The persons who are entitled to have access to personal information contained in the records and the conditions under which they are entitled to have that access; and
   • The steps that should be taken by persons wishing to obtain access to that information.
4. A record-keeper shall make the record maintained under clause 3 of this Principle available for inspection by members of the public.

Information Privacy Principle 6

Where a record-keeper has possession or control of a record that contains personal information, the individual concerned shall be entitled to have access to that record, except to the extent that the record-keeper is required or authorised to refuse to provide the individual with access to that record under the applicable provisions of any law of the State that provides for access by persons to documents.

Information Privacy Principle 7

1. A record-keeper who has possession or control of a record that contains personal information shall take such steps (if any) by way of making appropriate correction, deletions, and additions as are, in the circumstances, reasonable to ensure that the record:
   • Is accurate; and
   • Is, having regard to the purpose for which the information was collected or is to be used and to any purpose that is directly related to that purpose, relevant, up to date, complete, and not misleading.
2. The obligation imposed on a record-keeper by clause 1 is subject to any applicable limitation in a law of the State that provides a right to require the correction or amendments of documents
3. Where:
   1. the record-keeper of a record containing personal information is not willing to amend that record, by making a correction, deletion, or addition, in accordance with a request by the individual concerned, and
   2. no decision or recommendation to the effect that the record should be amended wholly or partly in accordance with that request has been made under the applicable provision of a law of the State; the record-keeper shall, if so requested by the individual concerned, take such steps (if any) as are reasonable in the circumstances to attach to the record any statement provided by that individual of the correction, deletion, or addition sought.

Information Privacy Principle 8

A record-keeper who has possession or control of a record that contains personal information shall not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date, and complete.

Information Privacy Principle 9

A record-keeper who has possession or control of a record that contains personal information shall not use the information except for a purpose to which the information is relevant.

Information Privacy Principle 10

1. A record-keeper who has possession or control of a record that contains personal information that was obtained for a particular purpose shall not use the information for any other purpose unless:
   1. the individual concerned has consented to use of the information for that purpose;
   2. the record-keeper believes on reasonable grounds that use of the information for that other purpose is necessary to prevent or lessen a serious or imminent threat to the life of the individual concerned or another person;
   3. use of the information for that other purpose is required or authorised under law;
   4. use of the information for that other purpose is reasonably necessary for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue; or
   5. the purpose for which the information is used is directly related to the purpose for which the information was obtained.
2. Where personal information is used for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue, the record-keeper shall include in the record containing that information a note of that use.

Information Privacy Principle 11

1. A record-keeper who has possession or control of a record that contains personal information shall not disclose the information to a person, body, or agency (other than the individual concerned) unless:
1. the individual concerned is reasonably likely to have been aware, or made aware under Principle 2, that information of that kind is usually passed to that person, body, or agency;
2. the individual concerned has consented to the disclosure;
3. the record-keeper believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or of another person;
4. the disclosure is required or authorised by or under law; or
5. the disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue.

Last updated: 23 October 2007

Copyright | Disclaimer | Privacy | Access keys | Feedback

© The State of Queensland (Environmental Protection Agency) 2008.

Queensland Government | Other languages