Privacy

National Blood Authority Privacy Policy

The National Blood Authority (NBA) will always take reasonable steps to ensure your personal information is handled in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).  The purpose of this policy is to summarise what our personal information handling practices are, how you can seek access to or seek correction of that information and how you can complain to the NBA about our practices. We will update this policy in March 2015.

NBA Privacy Policy (pdf) (106.11 KB)

NBA Privacy Policy (docx) (32.42 KB)

Who are we?

The National Blood Authority (NBA) operates as an Australian Government agency within the Commonwealth legislative framework. The General Manager is accountable to the Minister for Health and Ageing for the performance of the agency and in particular compliance with the Australian Government’s policies and regulations. In addition to the National Blood Authority Act 2003 (NBA Act), the operations of the NBA are governed by the Financial Management and Accountability Act 1997 and the Public Service Act 1999. For more information about the NBA you can visit: http://www.blood.gov.au/.

The NBA is required to comply with the Australian Privacy Principles (APP) contained within the Privacy Act 1988. This includes APP 1 which imposes three separate obligations upon the NBA. In particular, it requires the NBA to have a clearly expressed and up to date APP Privacy Policy about how the entity manages personal information and to take reasonable steps to make that privacy policy available free of charge in an appropriate form and, upon request, in a particular form.  The purpose of this document is to set out how the NBA manages personal information that it holds.

Back to top

Who should read this privacy policy?

You should read this privacy policy if you are:

  • An employee or ex-employee or independent contractor working for the NBA;
  • A person seeking employment with the NBA;
  • An individual whose personal information is held or provided to the NBA;
  • A contractor, consultant or supplier of goods or services provided to the NBA;
  • A member of a committee, board or working group administered by the NBA.

Back to top

What kinds of personal information are collected and held?

The NBA collects and holds personal information and sensitive personal information. Sensitive personal information includes health information; racial or ethnic origin; political opinions; membership of a political association; religious beliefs or associations; philosophical beliefs; sexual orientation; genetic information; biometric information; biometric templates. We will limit the collection of sensitive information to the minimum amount required to perform our functions or activities. A more detailed list of the categories of information that the NBA maintains which contain personal information is included below:

  • Personnel Records
  • OH&S database
  • Contractor and Consultancy details
  • Committee and Board details
  • Grants information
  • Mailing lists
  • Public consultation
  • FOI requests
  • Legal Branch files and advising
  • Representations to the agency and minister
  • Security clearance records
  • Stakeholder, supplier and approved healthcare provider information
  • Approved recipients of blood products traveling overseas
  • Blood and blood products order and receipt data (BloodNET)
  • Clotting factor use data (Australian Bleeding Disorder Registry (ABDR), MyABDR)
  • IVIg usage data.

Back to top

What about clickstream data and cookies?

The NBA uses a 'cookie' for maintaining contact with a user through a web site session. A cookie is a small file supplied by the NBA and stored by the web browser software on your computer when you access the NBA site. (An explanation of cookies generally can be found at the site of the Australian Privacy Commissioner). The cookie allows the NBA to recognise you as an individual as you move from one page to another.

The cookie used by the NBA will be immediately lost when you end your internet session and shut down your computer. Our copy of your information will be automatically deleted twenty minutes after you last used the system. This information is only used to help you use our web site systems more efficiently, not to track your movements through the internet, or to record private information about you.

Any system on this web site that records information about you will specifically ask your permission first.

The NBA makes a record of your visit and logs the following information for statistical purposes:

  • the user's server address
  • the user's top level domain name
  • the date and time of access to the site
  • pages accessed and documents downloaded
  • the previous site visited

This information is analysed to show broken links in our web site, bottlenecks, and other site problems. We use this information to redesign for efficiency of use.

No attempt will be made to identify anonymous users or their browsing activities unless legally compelled to do so, such as in the event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider's log files.

For information about protecting your privacy on the internet visit the Office of the Australian Information Commissioner website.

Back to top

How do we collect your personal information?

Where possible, the NBA will collect your personal information directly from you. This may be via a form completed by you or with your clinician for input into an NBA Blood Sector Information System (such as ABDR), on the telephone (for example, if you contact the NBA ICT Support Line for advice about a user account), or online (for example, if you choose to sign up to a mailing list operated by the NBA via our website).

We also obtain personal information from third parties such as referees if you are seeking employment with us and health professionals who place orders for a blood product directly for you. If we collect personal information about you we will take reasonable steps to inform you of that collection including whether it will involve a third party, the reasons for collection and what usual uses and disclosures may occur. Where sensitive personal information is concerned we will also seek your express consent for that collection unless a legal exception under the Privacy Act 1988 applies.

Back to top

How do we hold your personal information?

The NBA is concerned with protecting personal information it collects. We will take all reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Your personal information will only be stored on a password protected ICT system which complies with the Australian Government Protective Security Policy Framework. This includes ensuring that information we store is only accessed by authorised officers that require access to undertake their official functions and roles and safeguarding the accuracy and completeness of information provided to us. We will not store your personal information in a cloud and we will only store your personal information within Australia. Sensitive personal information will have very restricted access placed on it and will be managed under strict governance requirements which will vary depending on the nature of the information and the Blood Sector ICT system concerned.

Back to top

Why do we collect personal information and how is it used?

The key role of the NBA is to:

  • provide an adequate, safe, secure and affordable supply of blood products, blood related products and blood related services, and
  • promote safe, high quality management and use of blood products, blood related products and blood related services in Australia.

Section 8 of the National Blood Authority Act 2003 (Cth) sets out the various functions of the NBA. Several of the agreed functions and roles of the NBA require the NBA to liaise with and continuously gather blood sector data in order to:

  • monitor the demand for blood and blood products;
  • undertake annual supply and production planning and budgeting;
  • undertake or facilitate national information management, benchmarking and cost and performance evaluation for the national blood supply

At times the NBA needs to collect and use personal information to undertake our functions and activities. For example, we may need to collect personal information so we can use it to create demand models in order to estimate demand for particular products over time. Such estimates are critical for contract negotiations with product suppliers and for Government budget planning purposes.  We will only collect your personal information where it is reasonably necessary for, or directly related to, one or more of our functions or activities (‘purpose test’). Where sensitive personal information is concerned we will only collect that information where you consent to that collection and the purpose test is satisfied or where a legal exception under the Privacy Act 1988 arises.

If we collect personal information for a specific purpose then we will only use it for that purpose. The exception to this is where you consent or you would reasonably expect us to use the information for that purpose and it relates to the primary purpose of collection. For example, if you order a publication from us then we may contact you if our contact details change so you can re-order that publication in the future.

Back to top

When and to whom will the NBA disclose my personal information?

The NBA will notify you at the point of collection or as soon as practicable afterwards about disclosures that apply to particular collections of personal information so you have a reasonable expectation of what disclosures may occur for that collection.

Since the NBA is a national body that represents the interests of all Governments in Australia there may be a need at times to communicate personal information to State or Territory representatives on a limited basis in order to make decisions and get input directly related to our functions and activities. In general though, the NBA will not share personal information about you with any other party without your permission.

Exceptions to this general rule arise where we are required or authorised by law to make a disclosure, where it will lessen or prevent a serious and imminent threat to someone’s life or health or where another limited exception may apply under the Privacy Act 1988. The NBA will not usually disclose personal information overseas.

Back to top

Accessing and seeking correction of personal information

You have a right to request access to personal information that the NBA holds about you and to request its correction under the Privacy Act 1988.  Access and correction requirements in the Privacy Act operate alongside and do not replace other informal or legal procedures by which you can be provided with access to, or correction of, your personal information, including the Freedom of Information Act 1982.

Your rights to access your personal information are not absolute. Please note that we are not required to grant access in certain circumstances such as where access would have an unreasonable impact on the privacy of other individuals. If we refuse to grant you access to your personal information, we will provide you with reasons for that decision and the avenues available for you to complain about the refusal.  You can contact the details indicated below to request access or correction of your personal information:

Postal:

NBA Legal Counsel
National Blood Authority
Locked Bag 8430
Canberra ACT 2601
Australia

Physical:

NBA Legal Counsel
National Blood Authority
Level 2, 243 Northbourne Avenue
Lyneham ACT 2602
Australia

Facsimile:

+61 2 6151 5300

Phone:

NBA Legal Counsel            +61 2 6151 5070

privacy [at] blood.gov.au

Back to top

How can I complain about a breach of privacy?

If you wish to make a complaint about an apparent breach of your privacy by the NBA, you should, at the first instance set out your complaint in writing to the NBA Legal Counsel on the details indicated above.  The NBA will respond in writing to your complaint within 30 days of receipt. If you are dissatisfied with the response you receive you can contact the OAIC. Further information about making privacy complaints through the OAIC can be found by visiting http://www.oaic.gov.au/privacy/making-a-privacy-complaint.

Back to top