Privacy Plan

1. Privacy Statement

Safe Food Production QLD (Safe Food) will assist in providing open and accountable government by pro-actively assessing information when it becomes a record. Safe Food is committed to the application of the Queensland Government’s Information Privacy Act (Qld) 2009 (the Act) which aims to ensure that personal information held by public authorities in Queensland is collected and managed responsibly and transparently. This plan reflects the requirements set down within the Act.

2. Plan Status

This plan has no legal status and is not legally binding on Safe Food. The plan cannot be used to limit the discretion of Safe Food to take any action. The plan is only to be interpreted as general guidance on how Safe Food will ensure compliance with the Act.

3. Scope

This plan applies to all Safe Food personnel and contractors employed by Safe Food. This plan also applies to all of Safe Food’s records and approved documents containing personal information.

4. Definitions

Collector

Where an agency collects personal information the agency is regarded as the collector in relation to that information. Where personal information is collected by an individual in the course of their employment by, or in the service of, an agency then the agency is regarded as the collector in relation to that information.

Consent

Voluntary agreement to some act, practice or purpose. Consent can be express or implied. Express consent is given explicitly, either orally or in writing. Implied consent arises where consent may reasonably be inferred from the conduct of the individual.

Individual

Means a natural living person rather than, for example, a company or organisation.

Personal

Defined as any information that would allow a person to be identified.

Information

Examples include an individual’s name, age and physical characteristics, such as hair colour, and can also include sensitive information such as political loyalty, religious beliefs, medical history or relationship details. It does not include information about an individual that is publicly available.

Solicit

In relation to personal information, this term means request a person to provide that information, or a kind of information in which that information is included.

Use

In general terms this term refers to the handling of personal information within an organisation including the inclusion of the information in a publication.

 

5. Background and Context

At a whole-of-Government level, effective corporate information management is fundamental to corporate governance, accountability and quality service delivery across government. The Queensland Government has committed to pro-actively making information available to the public.

The Information Privacy Act (Qld) 2009 (the Act) provides individuals with a legally enforceable right of access to, and amendment of, their own personal information held by Safe Food, unless this would, on balance, be contrary to the public interest. Safe Food is defined as a public authority under the Act and is therefore subject to the requirements of the Act.

Requests for non-personal information or for the personal information of others are dealt with under the terms of the Right to Information Act (Qld) 2009, as outlined in Safe Food’s Right to Information Policy.

 

6. Plan Principles

 This plan is based upon the following principles:

Principal 1 – Collection of Personal Information

When Safe Food collects personal information and intends to: (i) include the information in its records, in the form of a document, database, audio tape or photograph; or (ii) publish the information in a generally available publication, Safe Food must ensure that:

  • only personal information directly related to its activities is collected by fair means;
  • the collection of this information should not unreasonably intrude upon the privacy of the individual concerned;
  • when collecting information the individual is advised why the information is being collected, and to whom the information is normally disclosed; and
  • all reasonable steps are taken to ensure personal information is up-to-date, relevant and complete.

Principal 2 – Storage and Security

Where Safe Food possesses personal information, it must ensure that reasonable safeguards exist to prevent unauthorised access, use or disclosure of the information collected. To ensure this, Safe Food must institute appropriate levels of security, given the breach risk and sensitivity of the information held.

Principal 3 – Access and Amendment

Individuals are entitled to access records containing personal information and to alter those records if they are inaccurate.

The rights of an individual to access and amend personal information held by Safe Food are the same as existing rights under the Right to Information Act (Qld) 2009. 

Principal 4 – Accuracy and Relevancy

Where Safe Food has possession or control of a record that contains personal information, that information shall not be used except for a purpose to which the information is relevant.

Principal 5 – Use and Disclosure

Safe Food must use and disclose personal information: (i) only for the purpose for which it was collected; and (ii) only if the individual concerned is aware of, or has consented to that use or disclosure.

 

7. Collection & Management of Personal Information

Safe Food holds a range of information, some of which can be defined as personal information. All the records detailed below are retained on secured files for variable periods according to the Standard Retention and Disposal schedule. The records outlined below are kept in electronic and hard copy formats.

7.1 Personal Information

Personal information on accreditation holders is gathered and held within Safe Food to facilitate the effective management of legislative requirements and ensure the effective delivery of services to the community:

  • Accreditation and Enforcement Records (including Accreditation Records; Audit and Inspection reports; Enforcement Records; Slaughter Statistics; Domestic Export Statistics), in order to undertake the management of food safety risks and other duties delegated to Safe Food under the Food Act (Qld) 2006.
  • Accreditation Holder Service Records (including Accreditation Holder Contact Lists and Accreditation Holder Enquiry Records), in order to: (i) allow Safe Food Officers to maintain personal lists of business and accreditation holder contacts; (ii) generate mailing lists for specific Safe Food publications to interested parties; and (iii) store details of enquiries initiated by individuals on matters concerning Safe Food.

 

7.2 Ministerial Correspondence

Includes correspondence addressed to the Minister or his staff from a member of the public or other government agency on matters relating to Safe Food responsibilities. These records often include personal information and can only be accessed by the CEO, senior managers and administrative staff with responsibility for processing ministerial correspondence.

 

7.3 Operational Records

The purpose of these records is to facilitate the effective operation of Safe Food’s day-to-day management and business activities. Records maintained include those relating to administrative, financial and operational functions:

  • Financial Management System, in order to process and account for expenditure and revenue, where the personal information relates to creditors and debtors.
  • Contracts, in order to maintain contractual requirements for agreements with external providers, including government agencies and commercial service providers. The personal information contained within these records may relate to accreditation holders, contractors, vendors and other parties to a contract.
  • Vendors, in order to retain and manage business and financial relationships with vendors. While most vendor information stored is of a commercial and publicly available nature, some personal information may be collected incidental to normal business relationships.

8. Release of Personal Information

Safe Food has in place mechanisms and normal administrative practices to handle routine requests for access to information, such as accreditation details, or for alterations to information such as changes of address. Individuals wishing to obtain access to, or amend information about themselves, should contact Safe Food at privacy@safefood.qld.gov.au. The personal information of staff will not be released without their written consent except in the following instances:

  • where it is a matter of public record (eg. Accreditation status);
  • where it relates to a person’s Safe Food contact details;
  • where a request is made in accordance with a legislative or statutory provision (eg. requests made under an Act or Statute);
  • where an official written request has been received from a law enforcement agency;
  • where a legally enforceable request or direction has been received (eg. subpoenas or writs issued by a court); or
  • where disclosure is necessary to prevent or lessen a serious threat to a person’s life, health, safety or welfare, or to public health, safety or welfare.

Safe Food is required to acknowledge receipt of a request within 10 business days, to consult with the applicant regarding any difficulties in dealing with the request, and either grant access to the information required or provide specific written reasons for refusing access within 25 business days. This may be extended by a further 10 business days if consultation with a third party is required.

 

8.1 Accountabilities

The CEO is defined as the “Principal Officer” under the Act. The CEO has delegated the responsibility for determining the outcome of IP applications to the General Manager (Compliance Strategy & Response).

The General Manager (Compliance Strategy & Response) is responsible for making decisions regarding release of information within the time periods as set out in the Act and liaise with both prospective applicants and Safe Food units regarding access to information.

The Manager (Regulation & Standards), as “Internal Review Officer”, is responsible for the internal review of decisions made by the General Manager (Compliance Strategy & Response), if requested by the applicant.

 

CEO

Provide authority to release and manage information to the General Manager (Compliance Strategy & Response) and Manager (Regulation & Standards).

 

General Manager (Compliance Strategy & Response) and Manager (Regulation & Standards)

Ensure PI access requests are appropriately dealt with.

Release the information requested via PI access applications, if deemed suitable.

 

Safe Food Officers

Submit required information to the delegated officer.

 

8.2 Processing Requests

The CEO is responsible for making decisions regarding release of information within the time periods as set out in the Act. The CEO Information (or nominee) will liaise with applicants, prospective applicants and Safe Food Officers responsible for record keeping in the areas relevant to the information request regarding access to documents.

Safe Food Officers are responsible for locating information held in their areas. Declarations will be required by such officers, at the time records are provided, attesting to the thoroughness of their search and that electronic or hard copies of all documents identified have been provided. If information cannot be located, a written explanation of what action was taken to locate the information should be provided.

If inspection only of documents has been requested or if the publication scheme states that inspection of documents is the means by which certain information can be accessed, the applicant will be provided with reading facilities. At the applicant’s request, Safe Food will provide a copy of the documents, where possible, in the format requested.

The Act provides that access to certain documents or to certain information contained in documents may be refused in order to protect public interests or the private or business affairs of others. A request to obtain access to documents which contain information about the private affairs of others will usually be refused. Safe Food may also refuse access to documents on the grounds that there would be a substantial and unreasonable workload in identifying, locating and collating the volume of documents in question. If a request for access or amendment is refused, Safe Food will give specific written reasons for the decision and advise the applicant of their rights to appeal against the decision.

 

8.3 Appeal

The Act gives applicants a legally enforceable right to appeal against a refusal by Safe Food to grant full or partial access to, or to amend personal information.

 

8.4 Internal Review

If the decision on an IP request was made by a Safe Food Officer, other than the CEO, an applicant may request that Safe Food reconsiders its decision. An applicant may, however, apply directly for external review without first seeking internal review.

An application for internal review must be made in writing within twenty business days after the date of the written notification of the decision, stating reasons for seeking amendment of the decision or identifying particular aspects of the decision which are of concern.

A fresh decision will be made as soon as practicable, but no longer than 20 business days after the application is received by Safe Food. Reasons will be given if the appeal is not upheld. Applicants will also be advised of their rights to seek an external review.

 

8.5 External Review

The Information Commissioner is independent of Safe Food and is responsible for reviewing the RTI decisions of all agencies. An application to the Commissioner for external review may be made if:

  1. The request was decided originally by the CEO;
  2. An applicant is dissatisfied with the outcome of an internal review; or
  3. Safe Food fails to make a decision in relation to an internal review within the prescribed timeline.

An application for external review must be made in writing within twenty business days of the notification of the decision or outcome of an internal review.

 

8.6 Third-Party Requests for Personal Information in Relation to Legal Processes

From time to time, third parties, such as the Queensland Police, legal representatives and others submit requests for personal information in relation to legal processes. Information will only be provided to legal representatives where a subpoena or writ of non-party disclosure is provided, or where the individual to whom the request relates has provided written consent.

Where law enforcement agencies (eg. the Police) or third parties wish to request personal information regarding a member of staff, then this request must be submitted in writing by an authorised officer, quoting the Act or Statute under which the request is made, and addressed to the CEO.

 

9. Source Documentation

Right to Information Act (Qld) 2009

Information Privacy Act (Qld) 2009

Food Production (Safety) Act 2000