Yarra Plenty Regional Library (YPRL) adheres to its obligations under the Privacy and Data Protection Act (2014) and Health Records Act 2001 (Vic).
Collection of personal information In accordance with the Privacy and Data Protection Act (2014), YPRL collects only information which is required to carry out its business and for the purpose of performing statutory functions. Personal information is handled in a way that is transparent to the individual concerned.
YPRL will only assign a unique identifier to individuals where it is necessary to carry out its functions and services efficiently, for example, a membership number or payroll number.
All user information is kept on a secure computer system. User records are accessible to library staff, certain library contractors who have a need to know user information and the user only. All paper-based information relating to users is disposed via security bins or shredded when no longer required.
Collection of health information Any health information held by the Library will be managed in accordance with the requirements of the Health Records Act 2001 (Vic).
Use and disclosure of personal information YPRL will only use or disclose personal information for the purpose for which it has been collected or for a purpose that an individual would reasonably expect to be associated with library services and functions.
YPRL does not disclose any personal information collected unless authorised by law, or with reasonable consent. Should information be disclosed, such disclosures are kept in writing by the CEO.
On occasion, it is necessary to pass information onto debt recovery agencies in order to assist in the collection of long-overdue items. Any agency used must comply with Federal and State Privacy Principles, and must not use this information for any other purpose. Users are informed before any information is passed to a recovery agency.
Data quality YPRL endeavours to ensure that the personal information it collects is accurate, complete and up to date.
YPRL takes steps to ensure that information is kept securely, and that adequate controls are in place to protect personal information from misuse, loss, unauthorised access, modification or disclosure. YPRL lawfully and responsibly destroys or permanently de-identifies personal information when it is no longer needed, and is compliant with relevant regulations.
Requesting information Individuals whose personal information is held by the Library have a right to access and correct that information. Requests can be made informally via the YPRL CEO. More complex requests are dealt with via the library’s Freedom of Information Policy.
Complaint Procedures If any persons feel aggrieved by the Corporation’s handling of personal information about themselves, they may make a complaint in writing to the Chief Executive Officer. Alternatively, any person may make a complaint to the Commissioner for Privacy and Data Protection.