2. Personal information handling practices
3. Use and disclosure of personal information
4. Data quality
5. Storage and data security
6. Records management
7. Email communication
11. How to contact the NFSA Privacy Contact Officer
Appendix 1 – Australian Privacy Principles — a summary for APP entities
The 13 APPs are summarised in Appendix A of this APP Policy and are available in full in Schedule 1 of the Privacy Act.
Some terms defined in legislation are identified using inverted commas (' ').
The NFSA collects personal information to perform its functions in the NFSA Act to:
- develop, preserve, maintain, promote and provide access to a national collection of programs and related material;
- support and promote the collection by others of programs and related material in Australia;
- support, promote or engage in:
- the preservation and maintenance of programs and related material that are not in the national collection; and
- the provision of access to programs and related material that are not in the national collection;
- support and promote greater understanding and awareness in Australia of programs; and
- undertake any other function conferred on it by any other law of the Commonwealth.
These functions are performed within the NFSA's powers to do all things necessary or convenient to be done for or in connection with the performance of the NFSA's functions, including but not limited to the powers to:
- accept gifts, devises, bequests and assignments;
- act as trustee of money, programs or other property vested in the NFSA on trust;
- act on behalf of the Commonwealth or an authority of the Commonwealth of the Commonwealth in the administration of a trust relating to programs or to matters connected with programs; and
- do anything incidental to its functions.
- Is not collected by the NFSA for inclusion in a 'record' or a 'generally available publication';
- Is in an item kept by the NFSA for the purposes of reference, study or exhibition and therefore is not a 'record' under the Privacy Act; or
- Is in a 'Commonwealth record' administered in accordance with provisions contained in the Archives Act 1983 (Cth) therefore is not a 'record' under the Privacy Act.
1.3 Personal information and sensitive information
The Privacy Act defines terms including 'personal information' and 'sensitive information'.
'Personal information' means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
'Sensitive information' includes:
- 'personal information' that is information or an opinion about an individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices or criminal record;
- health or genetic information about an individual;
- genetic information about an individual that is not otherwise health information;
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification; and
- biometric templates
1.4 Overview of this APP Policy
In compliance with APP 1, the NFSA takes steps as are reasonable in the circumstances to implement practices, procedures and systems that ensure compliance with the APPs and any relevant APP code, including for dealing with any related enquiries or complaints.
This APP Policy explains how the NFSA manages personal information, including:
- the kinds of personal information that the NFSA collects and holds;
- how the NFSA collects and holds personal information;
- the purposes for which the NFSA collects, holds, uses and discloses personal information;
- how an individual may access personal information about the individual that is held by the NFSA and seek the correction of such information;
- how an individual may complain about an alleged breach of the APPs, or any relevant APP code, and how the NFSA will deal with any complaints;
- whether the NFSA is likely to disclose personal information to overseas recipients and, if so, the countries where recipients are likely to be located.
2. Personal information handling practices
2.1 The kinds of personal information the NFSA collects and holds
The NFSA may collect personal information from an individual, or from a third party. The NFSA uses forms, online systems and other electronic or paper correspondence, as well as telephone and face-to-face interactions, to collect personal information.
The NFSA collects and holds over 19 classes of personal information which may include;
- contact details – staff and clients
- employment history and educational qualifications of staff
- complaint details
- reference and user enquiries
- corporate mailing list
- financial information and accounting system
- mailing and membership list of Friends of the NFSA
- sponsorship and fund raising information
- volunteers of the NFSA
- user feedback database
- registration to websites (nfsa.gov.au and aso.gov.au)
- subscriptions to newsletters
- entries to social media competitions
- online event ticketing
- details of donors, lenders and rights owners of items in the National Audiovisual Collection
- biographical information, including career history information
- published and broadcast commentary and opinion
- unpublished recordings and manuscripts
- oral histories
2.2 About personal information the NFSA collects
The personal information collected in connection with the operations of the NFSA may be in relation to:
- Requests for access to the National Audiovisual Collection
- Details of volunteers
- Processing of financial transactions
- Establishing ownership of intellectual property rights
- Archival research and interpretation
- Applications for grants, fellowships and scholarships (including internships and 'in-residence' programs)
- Compliance with Government regulations and legislation
- Donor liaison, sponsorship and fundraising activities
- Recording user feedback on services and activities including surveys and evaluations
- Electronic mailing lists relating to the activities of the NFSA
- Corporate mailing lists
- Registration details for the organisation's websites, including nfsa.gov.au and aso.gov.au
- Subscription information
- Online event ticketing
- Oral histories
- Employee records
- Membership records of Friends of the National Film and Sound Archive
- Footage from closed circuit cameras.
2.3 How the NFSA collects personal information
In collecting information within its functions and powers, the NFSA will not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related, to one or more of the NFSA's functions or powers. Any personal information that the NFSA collects will be relevant for the purpose to which it is collected. The NFSA will only collect personal information by lawful and fair means and will generally collect the information about an individual from the individual personally, unless the individual consents otherwise, or it is unreasonable or impractical to do so.
Unsolicited personal information will be collected if the NFSA determines that it could have otherwise collected the information, or de-identify or destroy the information if the NFSA could not have collected the information and it is not contained in a Commonwealth record.
Where it is reasonable in the circumstances, the NFSA will notify individuals about the collection of their information by reference to this APP Policy or will otherwise ensure that the individual is aware of relevant matters as required by the APPs.
2.4 How the NFSA holds personal information
- The NFSA holds personal information in the following ways:
- The records for the corporate mailing list are held in electronic and paper files
- The records for donors are held on MediaFlex, the collection management database and in electronic and paper files
- The records for requests for access to the collection are held in electronic and paper files
- The records for financial transactions are held on the Finance One database.
- The records for membership of the Friends of the NFSA are held in electronic and paper files
- The records of relating to sponsorship and fund raising are held in electronic and paper files
- The records for volunteers are held in electronic and paper files
- The records for user feedback is held in electronic and paper files
- The records of online event ticketing are held in both electronic and paper files
- Oral histories are held in electronic and paper files
- Employee records are held in electronic and paper files
2.5 Access to and correction of personal information
An individual may apply to access or correct their personal information by application to the Privacy Contact Officer.
- Access to personal information (APP 12)
Individuals have a right to access the personal information that the NFSA holds about that individual. The right of access is subject to the relevant exemptions in the FOI Act and any Act of the Commonwealth. The NFSA will respond to the individual's request within 30 days after the receipt of a request from the individual, to grant access or to give written reasons for any refusal to grant access to the information.
- Amendment of personal information (APP 13)
The NFSA will take reasonable steps to correct personal information that it holds to ensure that it is accurate, up-to-date, complete, relevant and not misleading.
Individuals can request information that the NFSA holds about them to be corrected. The NFSA will notify the individual of a decision within 30 days after the receipt of a request from the individual and will provide written reasons if the request to amend personal information is refused.
3. Use and disclosure of personal information (APP 6)
3.1 General use and disclosure
The NFSA holds personal information that is collected for a primary purpose and will not use or disclose it for another purpose, except where an individual provides consent or in compliance with APP6, including where:
- the individual would reasonably expect the sensitive information to be used for a purpose directly related to the primary purpose records;
- the individual would reasonably expect the personal information (not sensitive information) to be used for a purpose related to the primary purpose;
- it is required or authorised by law or a court/tribunal order;
- a 'permitted general situation' exists; or
- the NFSA believes it is reasonably necessary for the activities conducted by or on behalf of an enforcement body.
3.2 Disclosure of personal information to overseas recipients (APP 8)
The NFSA is not likely to disclose information to overseas recipients.
APP 8 places obligations on the NFSA for disclosure of personal information to overseas entities, when the recipient is not in Australia or an external entity Territory, and is not the entity or the individual. Before any personal information is disclosed overseas, the NFSA will take reasonable steps to ensure that the overseas recipient does not breach the APPs (other than APP 1) in relation to the information.
3.3 Accidental or unauthorised disclosure of personal information
The NFSA protects personal information the NFSA holds and will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information.
External service providers who handle personal information about the NFSA’s staff, users or other individuals are ordinarily bound contractually to comply with the Privacy Act and may themselves have statutory obligations as APP entities.
It is also ordinarily a requirement for staff, contractors and service providers to comply with the Privacy Act in fulfilment of their obligations under:
- Public Service Act 1999
- Public Service Regulations 1999
- Australian Public Service (APS) Values
- APS Code of Conduct.
If employees disclose official information without authority they may face disciplinary sanctions including, in the most serious cases, termination of employment.
4. Data quality
Collection systems aid in the automated correction of identified errors within Mediaflex dataset when required - identification and resolution method are determined by Collection Information Section. Additionally, Collection Information Section upgrades data as part of their regular work.
In terms of securing personal data collected via acquisition work processes, this is achieved by limiting access to the Mediaflex system to staff and endorsed researchers. This information is also withheld from the Mediaflex public interface (Search the Collection).
5. Storage and data security (APP 11)
The NFSA takes reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure.
The NFSA manages its online services and IT systems in accordance with the Australian Government Protective Security Policy Framework and the Australian Government Information Security Manual.
6. Records management
Storage of information (and the disposal of information when no longer required) is managed in accordance with Australian Government records management regulations, guidelines and authorities, including the Archives Act, Records Authorities and General Disposal Authorities.
7. Email communication
There are inherent risks associated with the transmission of information over the internet, including via email. Individuals should be aware of this when sending personal information to the NFSA via email. If this is of concern to any individual, they should use other methods of communication with the NFSA, such as post, fax, or phone. The NFSA does not endorse the sending of credit card details to the NFSA.
9.1 How to make a complaint
9.2 NFSA complaint-handling commitment
In accordance with APP 1, the NFSA will take reasonable steps in the circumstances to deal with enquiries or complaints about compliance with the APPs. The NFSA will send a considered response to a complaint or suggestion within 30 days if contact details are provided. The NFSA is committed to quick and fair resolution of any complaints and will ensure complaint sis taken seriously.
9.3 How to make a complaint to the Federal Privacy Commissioner
Any complaints about the NFSA's personal information handling practices can be made to the Privacy Contact Officer (above) or to the Office of the Australian Information Commissioner.
11. How to contact the NFSA Privacy Contact Officer
In accordance with APP1, an individual may contact the Privacy Contact Officer to:
- obtain access to their personal information
- make a complaint about a breach of their privacy
- query how their personal information is collected, used or disclosed
The NFSA’s Privacy Contact Officer may be contacted by any of these contact points:
Privacy Contact Officer
(Principal Legal Counsel)
National Film and Sound Archive of Australia
Post: GPO Box 2002, Canberra ACT 2601
Fax: 02 6248 2165 (+61 2 6248 2165 for callers outside Australia)
Telephone: 02 6248 2056 (+61 2 6248 2056 for callers outside Australia)
Appendix 1 - Australian Privacy Principles — a summary for APP entities
Dated 12 March 2014, from the Office of the Australian Information Commissioner.
APP 1 - Open and transparent management of personal information
APP 2 - Anonymity and pseudonymity
Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.
APP 3 - Collection of solicited personal information
Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.
APP 4 - Dealing with unsolicited personal information
Outlines how APP entities must deal with unsolicited personal information.
APP 5 - Notification of the collection of personal information
Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.
APP 6 - Use or disclosure of personal information
Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.
APP 7 - Direct marketing
An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.
APP 8 - Cross-border disclosure of personal information
Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.
APP 9 - Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.
APP 10 - Quality of personal information
An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
APP 11 - Security of personal information
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access,modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.
APP 12 - Access to personal information
Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.
APP 13 - Correction of personal information
Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.
The purpose of this statement is to let users of this website know what information is collected about them when they visit this site, how this information is used and if it is disclosed.
This statement has been prepared in accordance with the Federal Privacy Commissioner’s Guidelines for Federal and ACT Government World Wide Websites.
1. Information collected
When you look at this website, the National Film and Sound Archive of Australia’s server makes a record of your visit and logs the following information for statistical purposes:
- your server address
- your top level domain name (for example .com, .gov, .au, .uk etc)
- the date and time of your visit to the site
- the pages you accessed and documents downloaded
- the previous site you visited
- the type of browser you used.
2. Access to information collected
The National Film and Sound Archive of Australia will not make an attempt to identify users or their browsing activities. However, in the unlikely event of an investigation, a law enforcement agency or other government agency may exercise its legal authority to inspect the National Film and Sound Archive of Australia’s or our Internet Service Provider’s logs.
3. Use of information collected
We will only record your e-mail address if you send us a message. Your e-mail address will only be used for the purpose for which you have provided it and it will not be added to a mailing list or used for any other purpose without your consent.
4. Transmission of information across the Internet
This site does not provide facilities for the secure transmission of information across the Internet. Users should be aware that there are inherent risks transmitting information across the Internet.
On occasion, the National Film and Sound Archive of Australia will use electronic forms on this site to gather personal information for purposes directly related to a function or activity of the National Film and Sound Archive of Australia. When we do so we will let you know the purpose for which the information is being collected (including if the information is to be published), and the legal authority for the collection if it is authorised or required by or under law.
We will also provide you with other options for providing the information (for example, a paper form and mailing address, or a telephone contact). For further information, please contact the National Film and Sound Archive of Australia.
5. Information collected
Some sites use 'cookies’ to track a particular user’s access to a site. Cookies are not used on this site to gather personal information about users except when they are used within a specific web-based application for session management purposes (for example, while using the search function within the National Collection of Screen and Sound database).
6. Publishing Information
We will only publish personal information on this site if it has been collected for this purpose with your knowledge or if you have consented to the disclosure.
When giving such consent you should be aware that information published on this site is accessible to millions of users from all over the world, that it will be indexed by search engines and that it may be copied and used by any web user. This means that, once the information is published on this site, we will have no control over its subsequent use and disclosure.
7. Digital Learning website
The NFSA’s privacy information for Digital Learning websites is located on our Legal notices page.