The Australian Nursing and Midwifery Federation (Victorian Branch) (ANMF) is an organisation of employees (i.e. a trade union) registered under the Fair Work (Registered Organisations) Act 2009 and is also (via a subsidiary) a Registered Training Organisation. The ANMF is covered by the provisions of the Privacy Act 1998 (the Act) and the Australian Privacy Principles (APPs) in relation to personal information and its collection and use; its disclosure and its security; and access to it. This Privacy policy (Policy) applies to the ANMF and should be read in conjunction with the Act and the APPs.
In order to carry out its activities and provide services, the ANMF may collect personal information from, or on behalf of, members, students, potential members, potential students and former members and students, in order to provide our services related to the professions of nursing and midwifery or the employment of nurses and midwives, educational services and information such as newsletters and publications. Personal information is also collected from subscribers to the ANMF’s publications.
Personal information includes all information or opinion about an individual whose identity is apparent or can reasonably be determined from the information or opinion and may include sensitive information, which is defined as information or opinion about an individual's membership of a trade union; sexual orientation or practices; criminal record; or personal health.
This Policy applies to personal information the ANMF collects from you:
This Policy also applies to personal information the ANMF collects from any other third party, about you.
From time to time you may voluntarily supply your personal information to the ANMF. The ANMF may record your demographic details if you send us a message, subscribe to an email newsletter, or complete a form that contains this information.
When you provide your personal information, it allows us, for example, to assist you with industrial relations and employment queries, inform you about industrial, social and political campaigns, provide services and benefits to you, and accept your application for membership. You may supply personal information to the ANMF by, for example, responding to a survey, filling in a meeting attendance sheet, taking part in a competition, completing a membership form, discussing your issues with a delegate, or signing up to a campaign. The ANMF only collects personal information that is related for the ANMF to perform its functions, services, campaigns and/or activities. Depending upon the circumstances you may provide to the ANMF and the ANMF may collect, information such as, but not limited to:
Some personal information is considered sensitive information and includes:
The Act allows the ANMF to collect sensitive information which relates solely to the ANMF’s members or people who have regular contact with the ANMF, if the sensitive information relates to the ANMF’s activities and/or services. We will only collect sensitive information where we have received your consent to your personal information being collected, used, disclosed and stored by the ANMF in accordance with this Policy.
Where you provide information to the ANMF in relation to a job application the personal information you provide will only be collected, held, used and disclosed for the purposes of considering your potential employment with the ANMF. Where you provide the details of referees, you confirm that you have informed the referees that you are providing their contact information to the ANMF and they have consented to the ANMF contacting them and discussing the personal information you have provided in relation to the job application.
We will collect personal information directly from you unless:
Where we have collected personal information about you either directly or by other means as set out above, we will notify you at the time, or as soon as practicable, to ensure that you are aware of such collection and its purpose.
You can choose to interact with us anonymously or by using a pseudonym where it is lawful and practicable. For example, you may wish to participate in a blog or enquire about a particular campaign anonymously or under a pseudonym. Your decision to interact anonymously or by using a pseudonym may affect the level of services we can offer you. For example, we may not be able to assist you with a specific industrial enquiry or investigate a privacy complaint on an anonymous or pseudonymous basis. We will inform you if this is the case and let you know the options available to you.
If we receive unsolicited personal information about or relating to you, and we determine that such information could have been collected in the same manner if we had solicited the information, then we will treat it in the same way as solicited personal information and in accordance with the APPs.
Otherwise if we determine that such information could not have been collected in the same manner as solicited personal information, and that information is not contained in a Commonwealth record, we will, if it is lawful and reasonable to do so, destroy the information or de‐identify the information.
The ANMF collects, holds, uses and discloses your personal information to:
You consent to our use of your personal information for the purposes of providing you with information about events, benefits, products or services which may be of interest to you.
If you do not wish to receive communications from the ANMF, or a particular communication, you may request to cancel such communication(s) by:
The ANMF website collects two types of information. The first type is anonymous information. The web server makes a record of your visit and logs the following information for statistical purposes:
No attempt will be made to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider's logs.
Another way information may be collected is through the use of "cookies". A cookie is a small text file that the website may place on your computer. Cookies may be used, among other things, to track the pages you have visited, to remember your preferences and to store personal information about you.
The Notifiable Data Breaches Scheme commenced on 22 February 2018. This affects breaches that occured on or after this date.
The Notifiable Data Breaches Scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. The notification must include recommendations about the steps taken in response to the breach. The Australian Information Commissioner must be notified of an Eligible Data Breach.
A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.
An eligible data breach arises when the following three criteria are satisfied:
Examples of data breaches that can occur are:
Where ANMF staff believe a data breach may have occurred they must immediately report the breach to the Branch Secretary or a Branch Assistant Secretary who will determine the next steps in line with Appendix A – Data Breach Procedure.
The ANMF will not adopt as our own identifier a government related identifier of an individual, such as a tax file number or Medicare card number and will only use or disclose a government related identifier where the use or disclosure:
The ANMF will, in a timely manner and at the written request of an individual, provide them with access to their personal information held by the ANMF. The ANMF may seek to recover reasonable costs associated with providing such access. If, for any reason, access is refused, written reasons for the refusal will be provided.
All complaints about the manner in which personal information has been handled, or where access to personal information has been limited or denied, are addressed in accordance with the ANMF’s Policy on Complaints.
This Policy may be varied from time to time and an updated version will be posted on the ANMF’s websites. Please check our websites regularly to ensure that you have the most recent version of the Policy.
ANMF’s first step is to contain a suspected or known breach where possible. This means taking immediate steps to limit any further access or distribution of the affected personal information, or the possible compromise of other information.
The ANMF will consider whether the data breach is likely to result in serious harm to any of the individuals whose information was involved. If the ANMF has reasonable grounds to believe this is the case, then it must notify individuals at likely risk of serious harm. The Commissioner must also be notified as soon as practicable through a statement about the eligible data breach.
The notification to affected individuals and the Commissioner must include the following information:
The notification to the Commissioner can be made using the OAIC's Notifiable Data Breach form.
If ANMF only has grounds to suspect that the data breach will result in serious harm, then it must conduct an assessment process. As part of the assessment, ANMF will consider whether remedial action is possible.
If an assessment is required, ANMF will follow a four-stage process for assessment as follows:
ANMF will conduct this assessment expeditiously and, where possible, within 30 days. If it can’t be done within 30 days, we will include in the documentation why this is the case.
Where possible, ANMF will take steps to reduce any potential harm to individuals. This might involve taking action to recover lost information before it is accessed or changing access controls on compromised customer accounts before unauthorised transactions can occur. If remedial action is successful in making serious harm no longer likely, then notification is not required and entities can progress to the review stage.
Where serious harm is likely, ANMF will prepare a statement for the Privacy Commissioner (a form is available on the Commissioner’s website) that contains:
ANMF will notify affected individuals, and inform them of the contents of the statement via one of three options.
If neither of these options are practicable:
When a breach requiring notification has occurred, ANMF will undertake a review and take action to prevent future breaches. This may include:
ANMF may also consider reporting the incident to other relevant bodies, such as: