Checklist For Compliance With The Privacy Laws - All Staff
Have you been trained in privacy laws or attended a privacy briefing session?
Have you considered the privacy implications for all new projects?
Do you only collect personal information that is necessary for Monash’s functions and activities?
When collecting personal information, do you make sure that individuals providing the information know the purposes for collection, any law that requires collection, the types of organisations to which Monash discloses the information, the individual has the right to access their information, any consequences of not providing the information and the Privacy Officer’s contact details?
Do you only use and disclose personal information for the primary purpose of collection or a secondary purpose the individual would reasonably expect? If it does not fall within the primary or secondary purpose do you obtain the consent of the individual?
When disclosing personal information to third parties, do you request the third party to sign a privacy agreement which requires them to treat the information in accordance with the privacy laws?
Do you make sure personal information is accurate, complete and up to date?
Do you take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure?
Do you provide individuals with the opportunity to access their personal information in accordance with the Freedom of Information laws?
Do you, wherever it is lawful and practicable, provide individuals with the option of remaining anonymous when dealing with Monash?
When transferring information outside of Victoria, do you make sure that the recipient has equivalent privacy laws, the individual consents or you request the recipient to sign a privacy agreement?
Do you only collect sensitive or health information with the consent of the individual, or if it is required or authorised by law?