We deal with personal and health information for a large number of people. As a result some suppliers have access to this information as part of carrying out services for us and our customers.
We really care about how the mishandling of this information impacts our customers, and want to work with suppliers who will have access to personal or health information so they not only meet the requirements of the Privacy Act 1993 (the Act) and Health Information Privacy Code 1994, but also work with a greater level of transparency on privacy breaches or near misses.
This greater level of transparency will allow effective preventative measures to be put in place and help all parties learn how we can better protect the personal and health information that is in our care.
For suppliers who have access to personal or health information we would like you to:
- work with us in a transparent way
- notify us of potential privacy risk
- notify us of a privacy breach or near miss
- contact us to help you make things right
- resolve issues as they arise
- maintain a privacy register that includes breaches, near misses and remedial action plans.
We defined the following:
A breach is any breach of the Information Privacy Principles (IPPs 1-12) set out in the Privacy Act 1993.
A near miss is an identified action that would have lead to a privacy breach but didn’t because the information was not disclosed.
All businesses have obligations under the Privacy Act 1993. When dealing with personal information, organisations need to ensure they comply with the 12 Information Privacy Principles that cover the collection, handling and use of personal information, as set out in the Act. The Act also requires all businesses to have a Privacy Officer to oversee their compliance with the Act and investigate complaints.
For more information, download the:
Check out our helpful:
Consult the Office of the Privacy Commissioner
Call the helpline:
(09) 302 8655
Updated: 4 September 2014
Reviewed: 16 March 2015