POL-C-018, Version 2.1, 14 June 2012
Version 2.1, 14 June 2012
The National Museum of Australia (the Museum) is a major cultural institution charged with researching, collecting, preserving and exhibiting historical material of the Australian nation. The Museum focuses on the three interrelated areas of Aboriginal and Torres Strait Islander history and culture, Australia’s history and society since European settlement in 1788 and the interaction of people with the environment.
Established in 1980, the Museum is a publicly funded institution governed as a statutory authority in the Commonwealth Arts portfolio. The Museum’s building on Acton Peninsula, Canberra opened in March 2001.
As a Commonwealth agency, the Museum must comply with the Privacy Act 1988 (Cth). This policy builds upon the Museum’s privacy obligations by explaining:
- the sorts of personal information collected by the Museum
- why the Museum collects this information
- how the information is used, stored and disposed of
- the circumstances in which personal information may be disclosed
- how the Museum will deal with any privacy complaints.
The policy is intended to inform the public about the Museum’s handling of personal information. It is also intended to provide guidance to Museum staff about the Museum’s obligations under the Privacy Act 1988.
4. Principles or guidelines
4.1 Application of the Privacy Act
The Museum collects personal information from a range of sources, and for a variety of reasons. ‘Personal information’ is defined in the Privacy Act as meaning information or an opinion about an individual whose identity is apparent, or could be ascertained. The Privacy Act, which applies only to living persons, sets out 11 Information Privacy Principles (IPPs) relating to the collection, storage, use, and disclosure of personal information. The IPPs are set out in the attachment to this policy.
The Privacy Act contains an exception for anything kept in a museum for the purposes of reference, study or exhibition. This means that material containing personal information kept by the Museum for reference, study or exhibition will not be subject to the IPPs.
4.2 Collection and use of personal information
The Museum uses the personal information it collects to perform its statutory functions. These functions include:
a) to develop and maintain a national collection of historical material
b) to exhibit, or to make available for exhibition by others:
i) historical material from the National Historical Collection or historical material that is otherwise in the possession of the Museum
ii) material, whether in written form or in any other form, that relates to Australia’s past, present and future
iii) material, whether in written form or in any other form and whether relating to Australia or to a foreign country
c) to conduct, arrange for or assist in research into matters pertaining to Australian history
d) to disseminate information relating to Australian history and information relating to the Museum and its functions
e) to develop and implement sponsorship, marketing and other commercial activities relating to the Museum’s functions.
The Museum engages with a broad cross section of the public, both in Australia and internationally, through its activities. While not an exhaustive list, the following describes the types of information which may be collected by the Museum, and the purposes for which the information may be used.
4.2.1 Staffing information
The Museum collects information about its employees. This information includes personal details (such as addresses, next of kin etc), bank account details, tax file number, employment history, medical checks, leave and salary records. Records may also be kept in relation to rehabilitation or workers compensation claims, discipline or code of conduct matters, and performance management. Hard copy employee information is maintained by the Museum’s Human Resources area (currently called the Employee Relations and People Development Section (ERPD)) and is kept in lockable cabinets in a room with restricted access. Electronic records are accessed only by officers who have been authorised to do so by the Director of ERPD. Access to these electronic records is regularly monitored by the Museum’s internal and external auditors to ensure that appropriate controls are in place.
The Museum also collects information about its volunteers, who are asked to provide their name, address, employment history and driver’s licence. Like employees, volunteers give their consent for a police check to be conducted. This information is used to assess the suitability of people to become museum volunteers. For all intents and purposes volunteers’ personal information is treated in the same manner as employee information.
Incident reports are created when an injury or hazard has been identified. These reports may contain information (some of a medical nature) relating to visitors, volunteers and staff.
When people apply to work at the Museum, their personal information is retained for at least a year after the recruitment process is finalised. The information is subsequently disposed of.
4.2.2 Historical collection and exhibition information
The Museum records information about objects in its collections, which includes the National Historical Collection. This information includes details about an object’s history, its donors, lenders or vendors, and other relevant historical information. The Museum’s copyright area also holds information about copyright owners of material (e.g. photographs) used by the Museum, as well as information about people who have been given permission to use material owned by the Museum.
Information is also gathered about people for the purposes of exhibition. This information is maintained in a range of forms e.g. in writing, as video or sound recordings, or photographs. Individuals are always asked to sign appropriate permissions and their material is only used in accordance with those permissions.
The Museum considers that much of the collection and exhibition information is kept for the purposes of reference, study or exhibition, and therefore will not be subject to the IPPs.
4.2.3 Visitor comments, evaluation and research
In order to improve its services, the Museum collects information from visitors about its programs. This information may either be solicited (for example, through visitor surveys) or unsolicited (such as letters or emails from members of the public). The majority of evaluation that is initiated by the Museum allows people to respond on an anonymous basis. Visitor surveys, which the Museum regularly uses to seek feedback from visitors, do not involve the collection of information which could lead to a person being identified although more generic information such as age and city of residence may be collected.
Where members of the public provide their personal information to the Museum in the course of making an enquiry or comment, that information will only be used by the Museum to deal with the person’s enquiry or comment.
4.2.4 Educational programs
The Museum sends information about its activities to teachers who request that information. Some information is collected from teachers who apply to participate in the Museum’s educational programs. This information is only used within the Museum’s education section to facilitate participation in these programs by the teachers and their students and for evaluation.
The Museum also uses the services of external companies to market educational products to schools. These companies will usually address their marketing to a teacher’s position title rather than maintaining a database of names. The Education section maintains an email database of ACT teachers for marketing purposes.
4.2.5 Events and venue services
Bookings for functions, conferences, school visits and guided tours are regularly taken by the Museum. Normally only a limited amount of personal information is collected – for example, a nominated point of contact will be requested. Where the Museum is organising an ‘invitation only event’, names and organisational details of guests are collected to enable the Museum to properly record the person’s RSVP or attendance.
The purpose of collecting this information is to ensure that an event or visit is properly coordinated. This information is not used for any other purpose (such as unsolicited marketing) without the consent of the individual concerned.
Visitors using Museum wheelchairs or scooters are asked to leave a form of personal identification (or a photocopy of such identification) to ensure items are returned. Where photocopies are taken, they are only kept for the duration of the visit and, provided the items are returned undamaged, are disposed of immediately.
4.2.6 Promotional activities
The Museum maintains contact lists which include information about people who wish to receive information about particular aspects of the Museum’s activities. These contact lists can include members of the general public or people with a business-related interest in the Museum (for example, people working in other cultural institutions, in the media or in tourism).
These contact lists are used to distribute information about Museum events and activities. The information is usually collected directly from the people who are interested in receiving the information or from a representative of their organisation.
The Museum also occasionally conducts competitions and collects names and addresses for the purposes of awarding prizes.
4.2.7 Suppliers and contractors
The Museum holds information about its suppliers and contractors and their employees. These may include security and cleaning staff employed under a contract between the Museum and the service provider; performers; IT service providers; and suppliers of products for the Museum shop. Personal information about contractors and their staff is collected and used for the purposes of managing the Museum’s relationship with that contractor. The information is also used to ensure compliance with Museum policies such as security and IT access.
Personal information held by the Museum will only be released to contractors where it is necessary for the contractor to perform their job - for example, where a security company is responsible for administering security passes to Museum staff. Where personal information is given to a body contracted by the Museum, the written contract will contain the appropriate privacy clauses recommended by the Privacy Commissioner.
4.2.8 The Museum shop
The Museum’s shop (which operates in the Museum building at Acton, Canberra and online) uses a secure electronic facility to process credit card transactions, and collects a customer’s signature as proof of purchase from the shop. Customers may also leave their details in order to purchase items by mail order or to have items placed on hold.
The Museum shop may also collect personal information when items are purchased via the online shop accessed through the Museum’s website.
4.2.9 The Museum’s website
The Museum has a corporate website and Museum-identified spaces on social networking sites such as Flickr, Facebook and blogs.
The Museum’s corporate website includes a Privacy statement and Conditions of use statement that are linked from the footer of every page in the website. The website provides two online services requiring users to provide personal information: the submission of job applications and the online shop. Personal details are maintained on secure servers. From time to time the Museum also invites people to submit their stories via forms on the website. Although people are encouraged not to identify people, the stories may include some personal information. Whenever the Museum collects such stories, individuals are informed about the purposes for which their stories will be used (e.g. publication on the website).
4.2.10 Friends of the National Museum
The Friends of the National Museum of Australia is the membership organisation for the Museum. Friends is an incorporated organisation separate to the Museum whose primary aim is to support, work in partnership with, and promote the Museum. The Friends organisation is supported by the Museum in a number of ways including through the provision of office space and IT facilities.
Records containing personal information about members of Friends including their names, addresses, family members (for household memberships) and contact information are kept in hard copy and electronic form. Records are maintained and accessed by the Friends’ Executive Officer and Membership and Events Coordinator. Encrypted credit card information is also held for the duration of the membership.
4.2.11 Security records (including CCTV)
The Museum maintains security records in order to issue security passes to staff and conduct police checks or security clearances. These records are held for staff, volunteers, and contractors.
The Museum also uses closed circuit television (CCTV) systems to monitor and record activity in a range of publicly accessible locations throughout the Museum. The purpose of this monitoring is to provide a safe and secure environment for Museum staff and visitors and to protect the Museum’s collections and exhibits from damage, theft or loss.
The images recorded by the cameras may include identifiable images of people visiting the Museum. These images are securely stored on hard drives and automatically erased after 14 days. The recordings are usually only accessed by the Museum’s Security Coordinator or the Security Support Officer. Where an incident has occurred requiring further investigation, the Museum may (a) retain the recordings beyond the standard 14-day period and (b) allow the recording to be viewed by people responsible for investigating the incident, both within the Museum and/or external to the Museum (for example the Australian Federal Police).
Signs have been placed at all public entrances to the Museum advising that the cameras are in operation.
4.3 Protecting personal information
Where the Museum solicits information from individuals, it is required to tell them why the information is being collected and what it will be used for (this is known as an IPP2 notice). The Museum is not permitted to use information for a purpose other than which it was collected. Where there is doubt about the purpose for which the information was collected, the information should not be used unless consent of the individuals is obtained. The Museum must also ensure that the information it holds is relevant, complete and up-to-date.
Security of personal information will be maintained in a number of ways. Where an electronic database containing personal information has been created, the Museum will ensure that the database may only be accessed by people performing relevant functions. For example, employee records will only be accessible by staff performing human resource functions.
Physical security of personal information is maintained by ensuring that files are held in secure, lockable cabinets and are only accessed by staff who need the information to perform a particular task. Extra precautions should be taken for highly sensitive information, for example, by keeping these records in a secure area within the Museum’s offices.
The Museum’s information technology system allows for information to be kept secure by restricting access to designated areas within the IT system. Access to those areas is granted only on authority of a person’s supervisor where that person requires access to perform their job. Some databases are also password protected. Guidance is provided to staff about safeguarding electronic information (including the secure transfer of that information) in the Museum’s information technology policies and procedures.
Disposal of paper records containing personal information is performed in accordance with the relevant General Disposal Authority under supervision of Records Management.
4.4 Disclosure of personal information to a third party
The Museum will not disclose personal information to anyone outside the Museum unless the individual concerned has given their consent or the Museum has advised the person, at the time the information is collected, that it is the Museum’s usual practice to disclose the information. The Museum may also disclose personal information if it is required to do so by law – for example, to respond to a court order.
4.5 How the Museum will handle privacy complaints
Where a staff member receives a complaint relating to the handling of personal information, that complaint must be referred to the Museum’s Privacy Contact Officer (PCO) for investigation. Alternatively, where a person has concerns about the way the Museum has dealt with their personal information they may contact the PCO directly. Any complaint should be made in writing and addressed to:
Privacy Contact Officer
National Museum of Australia
GPO Box 1901
Canberra ACT 2601
The PCO will investigate the matter and determine whether the Museum has breached its privacy obligations. If the PCO finds that there has been a privacy breach, the Director of the Museum will decide what remedial action should be taken. The Museum will aim to resolve the matter as soon as practicable, but in any event within six weeks of receiving the complaint.
If the complainant is dissatisfied with the Museum’s investigation of their complaint, they can complain to the Office of the Privacy Commissioner, who is independent of the Museum. Complaints should put in writing and addressed to:Office of the Privacy Commissioner
GPO Box 5218
Sydney NSW 2001
5. Definition of terms
Information Privacy Principles
Information Privacy Principles means the information privacy principles set out in section 14 of the Privacy Act.
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
6. Definition of responsibilities
Privacy Contact Officer
The Museum’s Privacy Contact Officer will be responsible for promulgating and updating this policy. The Privacy Contact Officer will also be responsible for providing advice on privacy issues; acting as the point of contact for the Federal Privacy Commissioner; and investigating any privacy complaints.
Privacy Act 1988 (Cth)
This policy applies to all staff undertaking activities which involve the collection, use, storage and disclosure of personal information.
8.2 Other related policies
IT&S Policies and Procedures Manual
Aboriginal and Torres Strait Islander Secret/Sacred and Private Material policy
Mail handling policy
There are no exclusions to this policy.
8.4 Superseded policies
This policy supersedes:
Former policy/ies title
Council approval date
This policy will be monitored by the Privacy Contact Officer and will be reviewed in December 2013.
14 June 2012
Council/Executive approval date
Original approved by Council 7 May 2009; This version approved by Executive 5 June 2012
Public & all staff
Privacy; personal information
Privacy Contact Officer (currently Manager, Legal Services)
National Museum of Australia
Tel: (02) 6208 5000
This update approved by Executive 5 June 2012
Attachment – Information Privacy Principles
Source: the Privacy Act 1988
Principle 1 – Manner and purpose of collection of personal information
1. Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:
a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
b) the collection of the information is necessary for or directly related to that purpose.
2. Personal information shall not be collected by a collector by unlawful or unfair means.
Principle 2 – Solicitation of personal information from individual concerned
a) a collector collects personal information for inclusion in a record or in a generally available publication; and
b) the information is solicited by the collector from the individual concerned;
the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, before the information is collected or, if that is not practicable, as soon as practicable after the information is collected, the individual concerned is generally aware of:
c) the purpose for which the information is being collected;
d) if the collection of the information is authorised or required by or under law - the fact that the collection of the information is so authorised or required; and
e) any person to whom, or any body or agency to which, it is the collector's usual practice to disclose personal information of the kind so collected, and (if known by the collector) any person to whom, or any body or agency to which, it is the usual practice of that first mentioned person, body or agency to pass on that information.
Principle 3 – Solicitation of personal information generally
a) a collector collects personal information for inclusion in a record or in a generally available publication; and
b) the information is solicited by the collector:
the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is collected
c) the information collected is relevant to that purpose and is up to date and complete; and
d) the collection of the information does not intrude to an unreasonable extent upon the personal affairs of the individual concerned.
Principle 4 – Storage and security of personal information
A record-keeper who has possession or control of a record that contains personal information shall ensure:
a) that the record is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss, against unauthorised access, use, modification or disclosure, and against other misuse; and
b) that if it is necessary for the record to be given to a person in connection with the provision of a service to the record-keeper, everything reasonably within the power of the record-keeper is done to prevent unauthorised use or disclosure of information contained in the record.
Principle 5 – Information relating to records kept by record-keeper
1. A record-keeper who has possession or control of records that contain personal information shall, subject to clause 2 of this Principle, take such steps as are, in the circumstances, reasonable to enable any person to ascertain:
a) whether the record-keeper has possession or control of any records that contain personal information; and
b) if the record-keeper has possession or control of a record that contains such information:
i) the nature of that information;
ii) the main purposes for which that information is used; and
iii) the steps that the person should take if the person wishes to obtain access to the record.
2. A record-keeper is not required under clause 1 of this Principle to give a person information if the record-keeper is required or authorised to refuse to give that information to the person under the applicable provisions of any law of the Commonwealth that provides for access by persons to documents.
3. A record-keeper shall maintain a record setting out:
a) the nature of the records of personal information kept by or on behalf of the record-keeper;
b) the purpose for which each type of record is kept;
c) the classes of individuals about whom records are kept;
d) the period for which each type of record is kept;
e) the persons who are entitled to have access to personal information contained in the records and the conditions under which they are entitled to have that access; and
f) the steps that should be taken by persons wishing to obtain access to that information.
4. A record-keeper shall:
a) make the record maintained under clause 3 of this Principle available for inspection by members of the public; and
b) give the Commissioner, in the month of June in each year, a copy of the record so maintained.
Principle 6 – Access to records containing personal information
Where a record-keeper has possession or control of a record that contains personal information, the individual concerned shall be entitled to have access to that record, except to the extent that the record-keeper is required or authorised to refuse to provide the individual with access to that record under the applicable provisions of any law of the Commonwealth that provides for access by persons to documents.
Principle 7 – Alteration of records containing personal information
1. A record-keeper who has possession or control of a record that contains personal information shall take such steps (if any), by way of making appropriate corrections, deletions and additions as are, in the circumstances, reasonable to ensure that the record:
a) is accurate; and
b) is, having regard to the purpose for which the information was collected or is to be used and to any purpose that is directly related to that purpose, relevant, up to date, complete and not misleading.
2. The obligation imposed on a record-keeper by clause 1 is subject to any applicable limitation in a law of the Commonwealth that provides a right to require the correction or amendment of documents.
a) the record-keeper of a record containing personal information is not willing to amend that record, by making a correction, deletion or addition, in accordance with a request by the individual concerned; and
b) no decision or recommendation to the effect that the record should be amended wholly or partly in accordance with that request has been made under the applicable provisions of a law of the Commonwealth;
the record-keeper shall, if so requested by the individual concerned, take such steps (if any) as are reasonable in the circumstances to attach to the record any statement provided by that individual of the correction, deletion or addition sought.
Principle 8 – Record-keeper to check accuracy etc of personal information before use
A record-keeper who has possession or control of a record that contains personal information shall not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date and complete.
Principle 9 – Personal information to be used only for relevant purposes
A record-keeper who has possession or control of a record that contains personal information shall not use the information except for a purpose to which the information is relevant.
Principle 10 – Limits on use of personal information
1. A record-keeper who has possession or control of a record that contains personal information that was obtained for a particular purpose shall not use the information for any other purpose unless:
a) the individual concerned has consented to use of the information for that other purpose;
b) the record-keeper believes on reasonable grounds that use of the information for that other purpose is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another person;
c) use of the information for that other purpose is required or authorised by or under law;
d) use of the information for that other purpose is reasonably necessary for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue; or
e) the purpose for which the information is used is directly related to the purpose for which the information was obtained.
2. Where personal information is used for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue, the record-keeper shall include in the record containing that information a note of that use.
Principle 11 – Limits on disclosure of personal information
1. A record-keeper who has possession or control of a record that contains personal information shall not disclose the information to a person, body or agency (other than the individual concerned) unless:
a) the individual concerned is reasonably likely to have been aware, or made aware under Principle 2, that information of that kind is usually passed to that person, body or agency;
b) the individual concerned has consented to the disclosure;
c) the record-keeper believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or of another person;
d) the disclosure is required or authorised by or under law; or
e) the disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue.
2. Where personal information is disclosed for the purposes of enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the purpose of the protection of the public revenue, the record-keeper shall include in the record containing that information a note of the disclosure.
3. A person, body or agency to whom personal information is disclosed under clause 1 of this Principle shall not use or disclose the information for a purpose other than the purpose for which the information was given to the person, body or agency.