Handle with care
Just in case you missed hearing about these resources, here’s a snapshot.
The ‘Privacy in complaint handling systems review’ looked at the extent to which the privacy obligations in the Information Privacy Act 2009 (IP Act) have been incorporated in Queensland government agencies’ complaint handling systems. The objectives were to publicise examples of good practice by agencies and to identify areas of complaint practice where OIC could develop resources for agencies to use when handling a complaint.
The review noted areas of good agency practice, including examples of:
- collection notices that provide detailed information about how personal information would be used and disclosed in the course of handling a complaint,
- a complaint form that was designed to avoid collection of unnecessary and irrelevant information,
- a complaint register template that controls what information is recorded about complaints and whether a collection notice had been provided,
- contract provisions used by an agency when it outsources some or all of its complaints handling function,
- fact sheets and scenarios explaining how to incorporate privacy considerations when responding to complaints about employees,
- a performance report template that appropriately de-identifies complaints data; and
- a fact sheet on identifying systemic issues and trends.
A copy of the report can be accessed from the OIC compliance and audit reports web page.
Guidelines and information sheets
OIC has a number of guidelines to assist agencies in meeting their obligations under the IP Act. Those relevant to handling complaints include:
- OIC Guideline: Investigations, outcomes and complainants – provides guidance on how the type of complaint will affect whether giving information to a complainant will be a breach of the privacy principles,
- OIC Guideline: Applications for investigation and complaint documents – provides guidance about the factors favouring disclosure and the factors favouring non-disclosure that commonly arise when processing applications for complaint documents,
- OIC Guideline: Demographics and privacy – provides guidance on the collection of demographic data, its potential impact on an individual’s privacy and examples of collection notices that cover multiple purposes,
- OIC Guideline: Contracted Service Providers – provides guidance on an agency’s obligations when entering into contracts or arrangements with another entity to perform one of more services which fall within an agency’s functions; and
- OIC Guideline: Dataset publication and de-identification techniques – provides an introduction to the tools and techniques for de-identifying datasets so that their publication complies with the privacy principles in the IP Act.
Further guidelines are being developed by OIC as an outcome of the ‘Privacy in complaint handling systems review’. These include:
- collection, storage and security of personal information in complaints,
- anonymity, confidentiality and privacy in complaints,
- disclosure of personal information and natural justice; and
- documenting an agency’s personal information holdings.
Subscribing to OIC’s subscription service is a great way to receive updates on news items, guidelines, events or training opportunities as they are published on our website.
‘Privacy Complaint Management Training’ has been added to OIC’s suite of free online training. It is specifically aimed at agency officers involved in the management of privacy complaints. It takes participants through such issues as:
- how to handle complaints about multiple issues,
- how to identify privacy complaints,
- how to assess privacy complaints,
- key factors in resolving a complaint, including what makes a good apology; and
- tips for effectively communicating your decision to the complainant.