The collection, maintenance, use and disclosure of personal information relating to individuals is regulated by the Personal Information Protection Act 2004 (PIP Act). The Act places specific obligations upon personal information custodians for this purpose.
The following policy sets out the principles that are applied by the Environment Protection Authority in managing personal information.
Application to the Environment Protection Authority
Under the PIP Act, the Environment Protection Authority (EPA) is the custodian of personal information related to its functions and activities.
What is 'Personal Information'?
'Personal information' is information or opinion, recorded in any format, about an individual whose identity is apparent or is reasonably ascertainable from the information or opinion. This includes information about individuals who have been deceased for less than 25 years.
A person's recorded image on CCTV (or photograph, video etc) is not, for example, personal information unless, from that image, the person's identity is apparent or reasonably ascertainable.
'Basic personal information' (i.e. name, residential or postal address, date of birth and gender of an individual) can be used and disclosed to other Government bodies without consent in certain limited circumstances.
This Policy does not extend to public information, as such information is not regulated by the PIP Act.
If, for example, a person's email is contained in a publicly available record or publication it is public information – to which the PIP Act does not apply.
The EPA only collects personal information that is necessary for it to perform its functions, and will only use or disclose this information for the purposes for which it was provided.
The type of personal information collected includes names, addresses and telephone numbers, together with any specific information about a person that may be required to enable us to provide a service or administer legislation.
The EPA takes reasonable steps to ensure that the personal information it holds is accurate, complete and up to date. Where practicable, the EPA will check on the accuracy of personal information before it is used.
'Sensitive information' may include, but is not limited to, things like health information, criminal record, racial origin and sexual preferences. Generally, the EPA will only collect sensitive information if it is necessary and the person consents, or if the collection of that information is required or permitted by law.
If you are making a general inquiry, it may not be necessary to identify yourself. However, if you want to obtain a service, identification may be necessary.
The EPA does not assign unique identifiers to people unless it is necessary for us to carry out our functions efficiently or is required by law. In certain circumstances, we may collect the unique identifiers assigned to you by another organisation, but we will not disclose these without lawful authority.
Use and Disclosure of Personal Information
EPA staff are only provided with or have access to the personal information that is necessary for them to carry out their functions within the Authority. All staff are bound to maintain appropriate confidentiality in relation to information acquired in carrying out their duties.
Personal information will be used only for the purposes described in the Information Collected section above. Personal information will only be disclosed with the person's consent, or if it is required by or authorised by law.
There may be a need or requirement to disclose some or all of the personal information the EPA collects to contractors and agents of the Authority, law enforcement agencies, courts, or other public sector bodies.
Personal information collected and used in research, statistical analysis, state or national reporting, awareness programs, public statements or training in a de-identified form, so that the person to whom it relates cannot be identified, ceases to be 'personal information' for the purposes of the PIP Act.
Personal information in written submissions on policy matters or matters of public consultation may be disclosed in reports that are made public, unless the submission was submitted and/or accepted on a confidential basis.
Security of Personal Information
The EPA uses a number of procedural, physical, and technical safeguards, including access controls, secure methods of communication and backup and recovery systems to protect information from misuse and loss, unauthorised access, modification and disclosure.
Generally, there is an intention that information is destroyed or permanently de-identified when it is no longer required, but this can only be done in accordance with processes approved by the State Archivist under the Archives Act 1983.
Access to and Correction of Information Collected
The PIP Act provides that a person may be provided with access to his or her personal information held by the EPA, on receipt of a written request.
If a person considers the personal information held by the EPA to be incorrect, incomplete, out of date or misleading, he or she can request that the information be amended.
Requests to access or amend personal information held by the EPA should be addressed to the CEO by mail at:
Chief Executive Officer
Environment Protection Authority
GPO Box 1550
Hobart Tasmania 7001
If a person is not satisfied with the handling or outcome of his or her request for access to or amendment of his or her personal information, a complaint can be lodged with the Ombudsman. The Ombudsman's Office can be contacted on 1800 001 170, and by email at: firstname.lastname@example.org