Yarra Plenty Regional Library (YPRL) adheres to its obligations under the Privacy and Data Protection Act (2014) and Health Records Act 2001 (Vic).
Collection of personal information
In accordance with the Privacy and Data Protection Act (2014), YPRL collects only information which is required to carry out its business and for the purpose of performing statutory functions. Personal information is handled in a way that is transparent to the individual concerned.
YPRL will only assign a unique identifier to individuals where it is necessary to carry out its functions
and services efficiently, for example, a membership number or payroll number.
All user information is kept on a secure computer system. User records are accessible to library staff, certain library contractors who have a need to know user information and the user only. All paper-based information relating to users is disposed via security bins or shredded when no longer
required.
Collection of health information
Any health information held by the Library will be managed in accordance with the requirements of
the Health Records Act 2001 (Vic).
Use and disclosure of personal information
YPRL will only use or disclose personal information for the purpose for which it has been collected or for a purpose that an individual would reasonably expect to be associated with library services and functions.
YPRL does not disclose any personal information collected unless authorised by law, or with
reasonable consent. Should information be disclosed, such disclosures are kept in writing by the
CEO.
On occasion, it is necessary to pass information onto debt recovery agencies in order to assist in the
collection of long-overdue items. Any agency used must comply with Federal and State Privacy
Principles, and must not use this information for any other purpose. Users are informed before any
information is passed to a recovery agency.
Data quality
YPRL endeavours to ensure that the personal information it collects is accurate, complete and up to
date.
YPRL takes steps to ensure that information is kept securely, and that adequate controls are in place
to protect personal information from misuse, loss, unauthorised access, modification or disclosure.
YPRL lawfully and responsibly destroys or permanently de-identifies personal information when it is
no longer needed, and is compliant with relevant regulations.
Requesting information
Individuals whose personal information is held by the Library have a right to access and correct that
information. Requests can be made informally via the YPRL CEO. More complex requests are dealt
with via the library’s Freedom of Information Policy.
Complaint Procedures
If any persons feel aggrieved by the Corporation’s handling of personal information about
themselves, they may make a complaint in writing to the Chief Executive Officer. Alternatively, any
person may make a complaint to the Commissioner for Privacy and Data Protection.