1 Purpose
To establish a framework pertaining to the privacy and confidentiality obligations of YMDAC, including protecting all Directors, staff, committee members from undue intrusion into their private information contained within YMDAC.

2. Scope
This policy shall apply to all employees of YMDAC and its Committees. This process will be reviewed every two years.

3. Policy Objectives
The objectives of this policy are:

• To ensure adequate controls are in place to minimise risk.

• To promote transparency and accountability

• Uphold the reputation of YMDAC.

• Instill confidence in YMDAC by community stakeholders and business partners.

• Protect members and staff private information contained within YMDAC.
   

4. Definitions
Privacy is mandated under the Privacy Act 1988 (Cth) (‘the Act’) to protect the privacy of individuals through the handling of their personal information, irrespective if the information is publicly available. Under the Act, “personal information” is defined as information or an opinion, about an identified person or reasonably identifiable individual, regardless of whether the information or opinion is true or not, and whether recorded in a material format or not.
Confidentiality is not mandated and is governed under common law. However, clauses in agreements and meetings dictate whether certain information that is not readily available to the public and has been conveyed in confidence, is to remain confidential and not disclosed.
Personal Information includes information pertaining to employees, elected members, and Clients.

5. POLICY STATEMENT
5.1 Policy Provisions
YMDAC will only collect information on members and staff members that it needs to carry out its functions and activities.
YMDAC will only use information on members and staff for the purpose it was collected for.
Information on members and staff will only be disclosed for a purpose:

• that is directly and reasonably related to the necessary operations of YMDAC.

• if the member or staff consents to the use or disclosure; or

• if the disclosure is authorized by law.
   

YMDAC must ensure contracts with third parties where the use of personal information is utilised must include provisions to protect the integrity and security of personal information.

Contracts must stipulate the contractor does not make unauthorised disclosures and may incorporate specific provisions about how the information is stored and disposed of at the completion of the contracted activity.

YMDAC is to take all reasonable measures to ensure the information it collects on members and staff members is accurate, complete, and up to date.

YMDAC will take steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification, or disclosure.

YMDAC employees are responsible for protecting personal information from misuse, loss, corruption, or disclosure. Personal information will be handled with care and only used for authorised purposes.
All employees must maintain public confidentiality and respect the privacy of individuals who have dealings with YMDAC. Employees must treat all personal information as confidential and sensitive information as highly confidential. YMDAC employees will not disclose any confidential information, use any information to their personal advantage or permit unauthorised access to such information.

YMDAC files are strictly confidential and under no circumstances should a member of the public have access to files. Employees must also be conscious of security within the office environment when members of the public are present. External clients must not be left unattended with YMDAC files.

Destruction of records containing personal information, including personal records must be by secure means. Ordinarily, garbage disposal or recycling of intact documents are not secure means of destruction and should only be used for documents that are already in the public domain. Reasonable steps to destroy paper documents that contain personal information include shredding, pulping or the disintegration of paper. All computers that are removed from use and made available for non- operational purposes will have all data removed from the hardware.

6 Access and Correction of Data
Individuals are permitted to access information about them which is held by.
YMDAC. Individuals are entitled to know generally what sort of information YMDAC holds about them, for what purposes and how it collects, holds, uses, and discloses that information.

Requests for access to such information are to be made in writing to the General Manager. The General Manager will establish the identity of the individual asking for the information.

YMDAC l will respond to public requests to correct information in a timely manner.

YMDAC will provide written reasons when a request for access or correction of personal information is refused.

7. Confidential use of Media
YMDAC progressively install CCTV cameras on all our operations and assets. The primary security use of CCTV is to discourage and/or detect unlawful behaviour. CCTV can also help to improve perceptions of safety within the community by helping to prevent damage to property, deter anti-social behaviour and inappropriate activity.

YMDAC expects authorised officers and stakeholders to ensure confidentiality of information gathered by or from CCTV operations, by not disclosing or discussing any events with unauthorized personnel or associates who have no direct responsibility relating to CCTV operations.

Treat all live and recorded images in an ethical manner and with the utmost of care, respect, and dignity.
If access to CCTV footage is provided for an authorised purpose, a record is to be created by the officer processing the request, indicating the reason why the CCTV footage was extracted.

8. Anonymity
Whenever it is lawful and practicable to do so, clients will be given the option. of not identifying themselves when dealing with YMDAC.

9. Accounting privacy
Board Members and employees have a right to privacy of their financial information as far as reasonably possible.

YMDAC is to take all reasonable steps to maintain the privacy and integrity of the personal information it holds as part of its accounting records.

YMDAC is to maintain a secure system for storing accounting records and related information on members and staff.
Appropriate access to accounting records by members and YMDAC staff as per CFO approval.

If you have any questions regarding this Policy, please contact YMDAC - ymdadmin@ymd.net.au