1. PURPOSE AND SCOPE

This policy details the College’s privacy policy and related information handling practices and gives guidelines for access to any information retained by the College, particularly in relation to fellows and trainees. This includes information collected in relation to the College website.

2. POLICY

The College is committed to ensuring the privacy of individuals, in accordance with applicable privacy principles, such as the National Privacy Principles set out in the Australian Privacy Act 1998 and the Information Privacy Principles contained in the New Zealand Privacy Act 1993. When information is collected directly from individuals the College may provide further relevant privacy information to the individual at the point of collection, in which case, such information should be read in conjunction with this policy.

Fellows rightfully expect that any use of College collected information will be undertaken respecting the reputation of the College, the privacy of individuals and within the respective privacy laws of Australia and New Zealand.

This policy encompasses requests for information that are explicitly considered in College privacy statements and consent to release forms as well as those which are not covered by an existing consent to release information.

All personal and health information collected by the College is dealt with in a uniform manner and every reasonable effort is made to maintain its security.

The College may collect personal and health information about fellows, trainees, international medical graduates, applicants for registration, suppliers, conference delegates, staff and other individuals who interact with the College. This information includes name, address, phone number, and email address, and may also include other personal information and financial information. The collection of this information facilitates the provision of College services such as training and scholarships, enables the College to procure goods and services from suppliers and generally interact with third parties, allows the College to contact individuals and others and ensures access to member only services on the College website.

Functions of the College may necessitate the disclosure of personal information to related or joint service providers.

Wherever possible, every effort will be made to inform the individual of the type of personal information held, the purpose for which information is collected, and the type of individuals and organisations to whom it is usually disclosed. Personal information will be collected for primary and secondary purposes (as referred to in this policy), and disclosed in connection with those purposes and where required or authorised by law.

The CEO will act as the College Privacy Officer.

An individual may contact the Privacy Officer on telephone +61 3 9230 0444 or at admin@acem.org.au.

2.1 Collection

The College will only collect personal and health information from individuals when it is necessary for the activities of the College, and all such collection will be subject to this policy and any other notifications. The information collected will depend on the individual’s relationship with the College. Sensitive information will only be collected if the individual gives consent, or if it is required or authorised by law.

“Sensitive information” means information about an individual’s attributes, such as racial or ethnic origin, political opinions, membership of a political, professional or trade association, philosophical beliefs or affiliations, membership of trade union, sexual preferences or practices, or criminal record.

The College has certain obligations when collecting personal, health and sensitive information about
individuals. Generally, the College is required to inform individuals of:

• the identity and contact details of the College

• the purpose for which the College is collecting their personal or health information

• the names and types of organisations to which the College usually discloses information of that
kind

• the consequences to the individual of not providing the information, and

• how the individual can access and correct the information held by the College.

• The College must also make sure that we collect personal information in a fair and lawful way,
and that the personal information we hold is accurate, up-to-date and secure.

• When collecting personal and/or health information, the College may require individuals to give
additional acknowledgements concerning the collection of such information, although the absence
of additional statements does not preclude or limit the operation of this policy.

2.2 Web information collection

Without limiting the means by which information is collected by the College, the usage analysis software used by the College in connection with the College website records (amongst other things):

• unique visitors and sessions

• requested pages, downloads, search terms used, posted forms, status and errors, hits and bytes
downloaded per directory, file, and file type

• entrance pages, exit pages, click paths, click to and click from and length of session

• domains, countries, and IP addresses, and

• browsers, platforms, and robots.

The statistics are deidentified at the time of recording. This information is used for administrative purposes, including to improve and assess services, and to monitor usage patterns in order to improve navigation and design features – helping users to get information more easily.

The College website will also use cookies to manage login and logout.

2.3 Use

The College collects personal information for a number of purposes (being the primary purposes of collection), including:

• to provide membership services and benefits and maintain membership and service/benefits
records

• to assist, support, provide and improve continuing professional development and education and
training

• to enable planning, policy and service development and to market, advertise or otherwise
promote the College, including to inform individuals of special offers or additional services
provided by the College

• to monitor and investigate conduct; and to appropriately interact with government and regulatory
bodies relating to the profession

• to implement, monitor and maintain quality assurance processes and systems, as well as
processes and systems concerning regulatory matters, registrations, accreditation, audits, risk
and claims management (including dealings with insurers)

• to procure funding, donations or other support for the activities of the College

• to enable internal administration, training, assessments and reviews

• to provide or undertake any of the other activities referred to in this policy, and

• to conduct or facilitate research or surveys for purposes related to the College and/or one or
more of the above.

Information may also be used for secondary purposes which directly relate to the primary purpose of collection or any other purpose which is authorised by the individual or which are required or authorised by law. For example, if an individual completed a form to register for the Annual Scientific Meeting and the College may use the individual’s contact details for the purposes of issuing a meeting program.

All information may be shared and used by all College staff, officers, committees and subcommittees
connected to College activities where access to such information is warranted, as determined by the College.
If an individual does not supply information to the College, the College may not be able to deal with them or adequately provide services, in which case additional requirements and conditions may be notified by the College.

2.4 Disclosure

The College will only disclose personal information for the primary purpose for which it was collected, for a secondary purpose if it directly relates to the primary purpose or for any other lawful purpose.

The College does engage third parties to perform certain business functions. Therefore, it is sometimes necessary to disclose personal information to those suppliers.

Disclosures may also be made to other third parties, including:

• the College’s consultants, auditors, lawyers, contractors and contracted staff or service providers
that provide goods or administrative or other services in connection with the activities of the
College

• entities and institutions who provide services or undertake activities in conjunction with or in
association with the College

• regulatory authorities and bodies, professional or specialist societies and associations, hospitals
and health centres and relevant complaints tribunals and government departments and agencies
• where the College collects an individual’s information from someone else, or another entity, the
that person or entity

• where the law requires or permits the College to do so (such as to law enforcement agencies),
and

• an individual’s agent (with an individual’s authority).

Where disclosure takes place, the College seeks to ensure that personal information is handled appropriately.

All specific requests for information from a third party (including a specialty society) must be documented.

When the College receives requests from commercial organisations seeking to advertise products and conferences to Fellows and trainees the College will assess the merit of the request. In particular, the College will consider:

(a) Who is requesting the information?

(b) What type of information is being sought? In what form? Individual names, numbers?

(d) Why is the information being requested?

(e) When is the information required?

(f) Where will the information ultimately reside?

(g) What is the value to Fellows/trainees of granting the request?

(h) Is the disclosure permitted?

If staff are unsure about the request in relation to this policy, they should seek direction from their director of the area that ‘owns’ the requested information. If it is a repeat request whereby it has been established that release of the information is in alignment with this policy, then it is not necessary to confirm with your director or manager. If there is any doubt, the matter can be referred to the College’s Privacy Officer.

2.5 Refusal

When access to information held by the College has been denied to a person or organisation then, if practical and reasonable, some suggestions or assistance may be offered to find an alternative source of information.

2.6 Security

The College takes reasonable steps to protect personal information from unauthorised use, access, disclosure and alteration. Staff must comply with the College’s policy on the handling of personal and confidential information. IT protection systems and internal procedures are also utilised to protect the personal information held by the College. This includes the website where the College endeavours to ensure the website is secure through the use of firewalls. Personal data is maintained under strict security and is to only be accessed internally by those College employees who have permission to do so.

Information will be held until there is no longer a need or obligation to retain it, after which time it will be deleted, destroyed or de-identified.

2.7 Correction

The College seeks to maintain the accuracy of personal information. Individuals are encouraged to contact the College if the information held is incorrect or to notify the College if personal information has changed (reference should also be made to any additional collection statements). This should be directed to College administration admin@acem.org.au. Changes to personal details can also be made on the College website: www.acem.org.au.

2.8 Access

An individual may contact the Privacy Officer at any time to access personal information about themselves.

They will be required to fill out a form to access this information. Access will be provided unless the request is unreasonable or the applicable privacy laws permit or require the College to decline that access. As permitted by law, a fee may be requested to cover the cost of access. Access forms to obtain personal or health information are available from College administration – admin@acem.org.au.

Regarding the web, the College will not knowingly make an attempt to identify users or their browsing activities. However, in the unlikely event of an investigation, a law enforcement agency or other government agency may exercise its legal authority to inspect the College’s Internet Service Provider’s logs, and thus gain information about users and their activities.

All of the identified information that the College has used to grant member access can be viewed and changed by members when they view their personal details.

2.9 Specialist Assessment

The College is involved in the assessment of international medical graduates’ training, qualifications and experience, and the Medical Board of Australia, Medical Council of New Zealand and the Australian Medical Council (AMC) disclose applicants’ personal information to the College for this purpose. For example, applicants for assessment for Area-of-Need specialist positions disclose personal information to both the AMC and the College in parallel.

Without limiting the scope of the authorised uses, the College may need to clarify this information
with external institutions or individuals, and gather additional information in order to complete the assessment.

Information may also be sought from any area of the College including the New Zealand National office. As part of the specialist assessment process, the College’s recommendation(s) will be provided to the AMC and, in the case of Area-of-Need specialist assessments, to the relevant Medical Board or Medical Council. The College may also disclose personal information where required to do so by law.

2.10 Fellows and Trainees

Without limiting the scope of section 3.2, personal information about fellows and trainees is used to conduct College business, including for the purpose of training and assessment and for continuing professional development. Information may, without limitation, be disclosed to College staff, College Boards and Committees, external suppliers, and Societies and Associations of which the individual is a member.

Information may be provided to members of the public if required as to the fellowship status of a Fellow, and whether or not the Fellow is of “good standing”.

Further information regarding the use and disclosure of personal information may be provided at the point of collection.

(a) Public enquiries regarding a Fellow or Trainee

(i) Public enquiries regarding a Fellow

The College may receive queries from the public requesting confirmation of the status of a Fellow.

The College is able to advise that a person has been awarded Fellowship of the College, and
whether or not the Fellow is of “good standing”.

It is important that the recipient of this information is aware that it is a confirmation of the status of
a Fellow and not an endorsement.

(ii) Public enquiries regarding a Trainee

The College is able to confirm that a trainee is registered as a trainee. Other requests concerning
trainees will be considered on their individual merit.

Where practical and reasonable, the trainee will be kept informed of any proposed action taken by
the College.

Unless otherwise agreed, the College will not publicly publish names of trainees who have
successfully completed an examination or components of their training. Trainees will be identified
by a number or some other anonymous medium.

(b) Provision of Information on Fellows or Trainees (incl. International Medical Graduates)

(i) Communication with Fellows and Trainees by associated bodies

These requests usually involve assistance with mail outs to Fellows or trainees advising of a
conference or specific event that may be of interest. The College will not, in the usual course,
provide labels with names and addresses directly to the requester.

The College may deal with a number of mail houses with appropriate controls. The College will
provide the appropriate list of names to the mail house for a “once only use.” It will be the
responsibility of the external organisation concerned to pay all costs.

(ii) Continuing Professional Development Program

The College receives enquiries from hospitals, day surgery units and the general public regarding
the participation of individual Fellows in the College’s Continuing Professional Development (CPD)
Program.

Fellows who do not participate in the program, or participate but do not comply will be declared a
‘non participant’. The non-participant status of the Fellows will be communicated in response to
any enquiry regarding CPD Program participation.

(c) Medico-legal Fellows

The College may respond to enquiries from members of the public or legal firms requesting the name of a Fellow in a particular region or specialty who is familiar with medico-legal work.

(d) Information requests from Fellows and Trainees regarding other Fellows and Trainees

The College can respond to requests for names, practice addresses and email addresses of Fellows with confirmation that a person is a Fellow or a trainee of the College. Any other information about a Fellow or trainee will not be provided without their permission (unless required or authorised by law). In response to a request for information the College may pursue one of two options (although it is not obliged to do so):

(i) The College may elect to contact the Fellow or trainee and advise them that information is
being requested about them and seek their express consent to release it; or

(ii) The College may elect to obtain the contact details of the requester and provide this to
the Fellow or trainee allowing them to contact the requester directly.

(e) International Medical Graduates

The assessment of international medical graduates is an area where the College may need to contact external institutions and individuals to clarify and obtain additional information. These requests are covered by this policy and otherwise through any consent form signed by the international medical graduate prior to the commencement of the assessment process.

(f) Providing information to College Boards and Committees

Records indicating examination performance, work performance and other information on individual
trainees and/or Fellows will be available to College Boards and committees and supervisors of trainees, where such information is required for review of an individual’s performance in their work environment, in an examination, in the CPD Program or for other authorised College purposes.

Subject to this policy and other College documents, this information will be treated in confidence by College Boards, committees and supervisors.

Trainee details and information about trainee performance may also be provided to the employer,
Medical Registration Board and/or Australian Medical Council and/or New Zealand Medical Council.

2.11 External suppliers

The College discloses information to external suppliers when entering into transactions for the purpose of College business. Failure to provide this information may impede the process of transacting business.

Information supplied in such circumstances is disclosed to suppliers for the contracted purpose. Failure to act in accordance with this policy and other contractual obligations may result in termination of the relationship with the College.

2.12 The College website and publications

Information on the College website is public and if names, photos or any identifier of a Fellow or trainee are published then consent for this should be obtained (express or implied). This also applies to College publications.

2.13 Broadcast emails

Emails broadcast to Fellows and trainees are sent as ‘blind copies’ i.e. with undisclosed recipients. The restrictions and parameters for use of broadcast emails apply equally to broadcast SMS messages.

2.14 Complaints and concerns

Any concerns about the College’s handling of personal information should be directed to the Privacy Officer on +61 3 9320 0444 or at admin@acem.org.au. Requests may be required in writing and resolution of concerns will be sought as promptly as possible.

The Australian Government’s Privacy Commissioner is an additional source of information –
Link – www.privacy.gov.au.

2.15 Changes to College Privacy Policy

The College may modify or amend this policy at any time provided the policy still complies with applicable laws. Information will be held and used in accordance with the Privacy Policy, as amended from time to time. Formal notice of amendments will not ordinarily be given, but the current Privacy Policy will be available via the College website.

3. RESPONSIBILITIES

Policy implementation: Councillors/Councillors
Policy authorisation: Council
Policy maintenance: CEO