Created March 2019
To avoid doubt, the content of this document does not detract from any obligations contained in the NPPs.
This document helps people understand our privacy obligations as set out in the NPPs, and also holds us to higher standards of privacy protection, as compared with the NPPs, regarding sensitive information and disclosures abroad (see points 8 and 9 below).
For the purposes of this document, ‘consent’, ‘personal information’, ‘sensitive Information’ and ‘use’ have the meanings contained in Section 6 of the Privacy Act 1988.
Openness (NPP 5)
An organisation must have a policy on how it manages personal information, and make it available to anyone who asks for it.
Collection (NPP 1)
Describes what an organisation should do when collecting personal information, including what they can collect, collecting from third parties and, generally, what they should tell individuals about the collection.
Use and disclosure (NPP 2)
Outlines how organisations may use and disclose individuals’ personal information. If certain conditions are met, an organisation does not always need an individual’s consent to use and disclose personal information. There are rules about direct marketing.
2. Collection and use
When people make inquiries of OSMI we will use their contact information for the purpose of fulfilling the inquiry.
Information quality and security (NPPs 3 & 4)
An organisation must take steps to ensure the personal information it holds is accurate and up-to-date, and is kept secure from unauthorised use or access.
3. Data quality
OSMI will take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date.
4. Data security
OMSI will take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
Access and correction (NPP 6)
Gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.
5. Access and correction
OSMI will provide individuals with appropriate access to their private information, on request and work with them to ensure information is accurate, complete, and current.
Anonymity (NPP 8 )
Where possible, organisations must give individuals the opportunity to do business with them without the individual having to identify themselves.
Wherever it is lawful and practicable, individuals will have the option of not identifying themselves when entering transactions with OSMI.
Sensitive information (NPP 10)
Sensitive information includes information such as health, racial or ethnic background, or criminal record. Higher standards apply to the handling of sensitive information.
7. Information kept in Australia
OSMI will not transfer personal information to any organisation outside Australia.
Identifiers (NPP 7)
Generally prevents an organisation from adopting an Australian Government identifier for an individual (e.g. Medicare numbers) as its own.
8. Sensitive information
8.1 OSMI will not collect any sensitive personal information in the usual course of developing or operating renewable energy projects.
8.2 If an individual raises a complaint against the operations of OSMI, we will work to resolve the issue fairly and this includes treating any sensitive information collected with the appropriate level of care.
OSMI strongly values the scientific process and we may assist researchers to ethically gather scientific data about our operations, where this does not threaten privacy.