IARC’s values are expertise, compassion and confidentiality. IARC understands how important a person’s personal information is and we value your personal privacy. IARC’s lawyers are bound by solicitors’ obligations of confidentiality and client legal professional privilege and any obligations under the Privacy Act 1988 (Cth), and the Australian Privacy Principles. The Office of the Australian Information Commissioner provides guidance on the meaning and interpretation of these principles on its website..
IARC seeks to act consistently with Australian privacy laws – most notably:
- the Privacy Act 1988 (Cth)
- the Privacy and Personal Information Protection Act 1998 (NSW) and
- the Health Records and Information Parivacy Act 2002 (NSW)
These three statutes establish a number of privacy principles, as well as exemptions to those principles. IARC employees, management committee members, contractors, students and volunteers must comply with the Australian Privacy Principles.
The types of personal information that IARC holds
This policy applies to personal information collected by IARC. IARC routinely collects personal information about:
- people who are IARC’s legal clients or potential clients;
- people who are seeking IARC’s advice or referral services;
- third parties involved in legal matters with IARC’s clients or potential clients;
- life stories or experiences of individuals for use in policy reports and submissions;
- people who attend IARC’s training courses;
- people who donate to IARC or otherwise do business with IARC; and
- IARC staff, directors, contractors, students and volunteers.
We collect this information so that we can undertake our work and perform our functions. So that IARC can assess a person’s eligibility for IARC’s services, we may need to know information about a potential client’s income, housing, caring and support situation, language background, Indigenous status, and/or disability.
In order that IARC’s lawyers can advise potential clients about their legal situation, fulfil their legal professional obligations and determine whether IARC can act for them, IARC’s lawyers also need to know some information about the potential client’s identity, the nature of their matter, and who the other parties are.
When IARC acts for a client, our lawyers may need to collect personal information about the client from other people, including the client’s health service providers or government agencies. IARC will obtain the client’s authority before collecting personal information on their behalf.
IARC may need to share a client’s personal information with other people, such as barristers, experts, or other parties to the matter. Before sharing any information, IARC will ensure it has the permission of the client to do so.
IARC also holds personal information about people other than clients including IARC staff, directors, contractors, student placements and volunteers, for purposes relevant to their employment with, work with or other connection to IARC. For example, we may need to collect information about Management Committee Members for the purposes of administering an individual’s contribution to the work of IARC or for insurance purposes. Or we may collect information about donors to process donations, issue tax receipts and send updates about IARC’s work.
Access to personal information
If you want to access your personal information held by IARC and/or request amendments to this personal information, you will need to contact the IARC Principal Solicitor. Requests received to access personal information or to amend personal information and /or complaints and requests relating to the collection, use and disclosure of personal information will be dealt with by the Principal Solicitor.
Anyone making a request in relation to personal information should do so in writing. If IARC does not meet a request in full, IARC will provide written reasons to the person making the request.
If a person is not satisfied with the decision of the Principal Solicitor, they may seek review by the IARC Management Committee.
‘Health information’ is personal information relating to an individual’s physical or mental health, or about the provision of health services. It includes information about services provided to people with disability.
The Health Records and Information Privacy Act 2002 (NSW) provides a separate set of rules (the Health Privacy Principles) that apply primarily to health service providers. These may apply to IARC as well in respect of health information collected for employment purposes.
Broadly speaking, the Health Privacy Principles are similar in content to the Australian Privacy Principles but there are some stricter requirements on IARC in collecting and holding such information, in recognition that health information can be particularly sensitive.
For more information about privacy law in Australia, see www.oaic.gov.au.