On 1 July 2009, the Information Privacy Act 2009 (IP Act) commenced. The IP Act contains 11 Information Privacy Principles (IPPs) which apply to the Royal Brisbane and Women’s Hospital Foundation (the Foundation).
IPP 5 places an obligation on agencies to take steps to ensure that people are aware of the types of personal information held by an agency, why they are held, and how an individual can access their personal information.
To ensure the Foundation meets these obligations this privacy plan outlines how the Foundation will meet its obligations to manage personal information in accordance with the IP Act. It incorporates:
- Introduction
- The Foundation
- Employees
- Complaints
- Access to personal information
- Collection of your information
- Use and disclosure of your information
- Data quality and security
Introduction
The IP Act regulates how public sector agencies, Ministers and statutory bodies, such as the Foundation, must manage personal information. It creates an obligation to comply with the privacy principles, which include the IPPs or the National Privacy Principles (NPPs), the conditions under which personal information may be transferred outside Australia and the rules regarding contracted service providers. Chapter 3 of the IP Act creates a right for individuals to access and amend their personal information.
The eleven IPPs apply to the Foundation and specify how personal information is to be collected, stored, secured, accessed, amended, used and disclosed. However, the responsibilities of the Foundation under the Right to Information Act 2009 (RTI Act) and chapter 3 of the IP Act requires the Foundation to deal in a specific way with personal information when meeting these responsibilities.
The IP Act defines personal information as information or an opinion, including information or an opinion forming part of a database, whether true or not, and whether in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Personal information is not limited to information that is sensitive or confidential, although the degree of sensitivity or confidentially may influence the way in which the IPPs are applied in particular circumstances. Many of the IPPs require that reasonable actions be taken, having regard to the specific circumstances and the nature of the information. As such, procedures may vary with the sensitivity of the information.
Personal information that may be collected includes, but is not limited to:
- names, telephone numbers, addresses, email addresses, date of birth (and age), birth certificate, next of kin details, photos, doctor’s name and contact information, educational history and qualifications, occupations and professional associations;
- health information and medical history;
- credit card information; and
- information that is required to be collected for the purposes of the Foundation’s accountability to government audits or for government funding.
This information will only be collected by the Foundation to enable it to carry out its functions and activities, including those functions set out under the heading “Collection of your Information” below.
The Office of the Information Commissioner has produced extensive guidelines on the IP Act, which may be viewed on the Office’s website:
The IP Act may be found on the Office of the Queensland Parliamentary Counsel’s Queensland Legislation website:
The Foundation
The Foundation was first established in 1985 as the charity arm of Royal Brisbane and Women's Hospital (the Royal), Queensland's largest hospital.
While the Royal is part of Queensland Health, funding from the government is limited and there is often no available dollars to pay for certain equipment, training and research that will ensure the Royal remains at the forefront of patient care and on the leading edge of new technology and treatment methods.
The Foundation's role is to fill that funding gap. The Foundation's purpose is to ensure the hospital's doctors, nurses, researchers and allied health professionals are able to achieve optimal patient outcomes by providing them with the knowledge, skills and technology which may not otherwise be afforded to them due to budgetary constraints.
Money raised by the Foundation is therefore used to fund research on the campus, purchase vital pieces of equipment and enable key health professionals to attend additional training programs, conferences and seminars.
To raise these funds, the Foundation relies heavily on the support of the community. It is through the generosity of many individuals, businesses and community groups that we are able to assist the hospital in its life-saving work.
The Foundation aims to comply with the privacy principles.
Employees
Employees are responsible for managing personal information in compliance with the IP Act and the privacy plan. There are strict security procedures in place for the management of information held in the office, and all employees are required to sign a deed of confidentially before gaining access to any information. Employees are given access only to information which is relevant to their duties.
Complaints
If you believe that your personal information has not been handled by the Foundation in accordance with the IP Act, you may make a written complaint to the Foundation at:
The Manager
Royal Brisbane and Women’s Hospital Foundation
PO Box 94
Qld 4029
If you subsequently remain dissatisfied with the Foundation’s response to your complaint and the period of 45 business days has passed since you complained to the Foundation, you may lodge your complaint with the Office of the Information Commissioner at the following address:
The Manager, Corporate and Executive Services
Office of the Information Commissioner
PO Box 10143
Adelaide Street
Brisbane Qld 4000
Access to personal information
IPP 6(1) places an obligation on agencies which control documents containing personal information to give the individual the personal information is about a copy of the document if they request access to it. However, this obligation is subject to the limitation in IPP 6(2), which allows an agency to refuse access if it was permitted to refuse an access law of the state.
If you would like access to any records of personal information we have about you or if you believe any information we have about you requires correction, please contact 1300 363 786 or email your query to This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Collection of your information
The Foundation only collects personal information that is necessary for it to carry on it functions and activities, including matters relating to or connected with:
- past, present or potential donations to the Foundation;
- fundraising for the Foundation generally or charities supported or sponsored by the Foundation;
- past, present or future patients of the Royal;
- the Foundation’s activities as a promoter of medical research;
- the Foundation’s functions, events or promotions generally; or
- any other matters reasonably necessary to its function as a charitable organisation.
Use and disclosure of your information
The Foundation will only use your personal information for the purposes for which it was collected.
In the event the Foundation proposes to disclose such information, other than within the Foundation or for use outside of its business activities, it will first obtain your written consent prior to such disclosure or use.
If you have received communications from the Foundation, and you no longer wish to receive those sorts of communications, you should call 1300 363 786 or email This e-mail address is being protected from spambots. You need JavaScript enabled to view it and the Foundation will ensure the relevant communication ceases.
Any other use or disclosure we make of personal information will only be as required by law or by your consent.
Data quality and security
The Foundation will take all reasonable steps to:
- Make sure that the personal information we collect, use or disclose is accurate, complete and up to date;
- Protect the information from misuse, loss, unauthorized access, modification or disclosure both physically and through computer security method; and
- Destroy or permanently de-identify the information if it is no longer needed for any purpose.