Privacy Plan

Introduction

Records are the basis for organisational accountability, ensure compliance with legislative requirements and protect the interests of the Queensland Reconstruction Authority (QRA) and the rights of its employees and the public. Records assist QRA to efficiently capitalise on organisational knowledge and experience, and support consistency, continuity, efficiency and productivity in the achievement of administrative, business and program deliverables. QRA is committed to protecting the privacy of your personal information. QRA manages personal information in line with the eleven Information Privacy Principles (IPP) under the Information Privacy Act 2009.

What is personal information?

Personal information can be almost any information that is associated with an identifiable living individual. It can include correspondence, audio recordings, images, alpha-numerical identifiers and/or any combinations of these. For information to be personal information two criteria must be satisfied:  It must be about an individual.  The individual's identity must be reasonably ascertainable from the information or opinion. Information does not have to be true in order to be personal information and it does not need to be written down or recorded in another material form, such as a photograph or audio recording.

Information Privacy Principles (IPP)

Collection of personal information (IPP 1, IPP 2 & IPP 3)

QRA may request personal information from an individual or from a third party if the request is only for specific personal information required to fulfil the lawful purpose that directly relates to the function of QRA. The agency has a responsibility to identify the specific purpose of why the personal information relates to the functions of the agency, and to ensure the collection method only captures the relevant personal information requested.

Storage and security of personal information (IPP 4)

QRA must ensure that documents containing personal information are protected against:

  • loss
  • unauthorised access, use, modifications or disclosure, and
  • any other misuse.

The level of storage and security will depend upon the nature of the personal information in the document and the risk of a security breach occurring.

QRA must take all reasonable steps to prevent unauthorised use or disclosure of the personal information by the person.

Protection must include the security safeguards adequate to provide the level of protection that can reasonably be expected.

Access and amendment to information (IPP 5, IPP 6 & IPP 7)

QRA must disclose to the public the general types of information they hold, the particular purpose and its use. An individual may request access to their personal information by:

  • making an access application in an approved form
  • requesting an administrative release through IPP 6.

QRA must take all reasonable steps to assure the quality and accuracy of personal information prior to using it. An individual may request to amend their personal information by:

  • formally applying for an amendment application in an approved form
  • requesting an amendment through IPP 7.

Use of personal information (IPP 8, IPP 9 & IPP 10)

QRA must take reasonable steps to ensure the personal information contained within a document under its control, is accurate, complete and up to date.

QRA must use only the parts of the personal information that are directly relevant to fulfilling the particular purpose.

QRA must not use personal information for a purpose other than that for which it was obtained, unless certain exceptions apply, outlined in IPP 10.

Limits on disclosure of personal information (IPP 11)

If QRA has control of a document containing an individual’s personal information, QRA must not disclose personal information to a third party, unless certain exceptions apply. For a full list of exceptions see IPP 11 (external link).

Personal information held by QRA 

Personal information held by QRA includes:

  • Employees/contractors
    • Records relating to past and present employees and contractors and contracts, including: Personnel, payroll, recruitment and selection.
  • Administrative information 
    • Records relating to suppliers and potential suppliers of goods and services, individuals advertising their expertise.
  • QRA administered funding 
    • Funding applications and submission claims, and all supporting evidence, including employees and contractors used to complete jobs.
  • Financial management records 
    • Account expenditure and private information of creditors, debtors, employees and contractors.
  • Government /Intergovernmental relations records
    • These records document the engagement and activity between government bodies. Records could include QRA’s relationship/engagement with ministers, liaison with other agencies, the Commonwealth or international government bodies.
  • Information Access and Complaint records
    • Applications from the public requesting Government held information, and records of complaints submitted to QRA including any discussions between complainant and organisation
  • Information systems, technology and telecommunication
    • Records relating to the development or acquisition, implementation and management of all types of technology, including system access forms for both internal and external and all QRA data and back-up data.
  • Building premises records
    • Records of who has visited QRA, incidents that may have occurred in the building, building fitouts
  • Damage Assessment Reporting Management System records
    • Records relating to the collection of damage data occurred during and after a natural disaster.

The retention and disposal of Personal information is managed in compliance with the Public Records Act 2002 and the State Archivists approved General Retention and Disposal Schedule.

How to access or amend your personal information

You can apply for your personal information by submitting an Information Privacy Access application form directly to QRA. You will need to ensure that you have provided evidence of your identity either with the application or within 10 days of lodging the application.

You may apply to amend documents containing your personal information you believe is inaccurate, misleading, out of date or incomplete. You need to have seen or accessed the documents before you can apply to have them amended.

You can apply to amend your personal information by submitting an Information Privacy Amendment application form (external link) directly to QRA. Completed forms can be emailed to: info.qra@qra.qld.gov.au or posted to: Queensland Reconstruction Authority PO Box 15428 City East QLD 4002.

For more information regarding an information privacy access or amending your personal information, please visit the Office of the Information Commissioner.

Fees and charges

There are no application fees under the Information Privacy Act 2009, but there may be access charges.

Complaints

If an individual believes that QRA has not handled their personal information in accordance with the Information Privacy Act 2009, they may make a complaint. The complaint should be made in writing to the Principal Information Officer. For information on how to make a complaint, and how a complaint will be handled, refer to QRAs complaints policy and Information Privacy Complaint Procedure. For further information or enquiries relating to Information Privacy, please contact us.

(Last reviewed July 2021. QRA document reference: CM DOC/22/14353)