The Energy and Water Ombudsman (SA) Limited (“the Company”) is committed to adhering to the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988.
Intent of policy
This Policy applies to all of our workers whether full time, part time, contractors, temporary staff or consultants, and includes any other person engaged to work on behalf of the Company.
Personal information is information about an individual that can be used to identify that individual including any “sensitive information” but not employee records. The APPs outline how personal information should be managed by businesses to ensure that the privacy of individuals who deal with those businesses is protected.
Personal information is information or an opinion about an identified individual who is reasonably identifiable whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Sensitive information is information or an opinion which includes:
- an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, or criminal record;
- health information about an individual;
- generic information about an individual that is not otherwise health information;
- biometric information that is to be used for the purpose of automated biometric verification or biometric identifications; or
- biometric templates.
Collection of personal information
The Company only collects personal information where it is necessary for us to respond to enquiries or resolve complaints. We may collect a complainant's personal information in person, by telephone or through written information or forms that a complainant submits to us.
We require information from complainants lodging complaints with us including the following:
- Full name and address.
- Contact details.
- Details of the service the complaint is about, which may include an account number with an energy or water service provider.
- Name of the energy or water service provider.
- Authority to Act from the account holder where the complaint is being lodged on the account holder’s behalf by a third party.
- Other relevant information that may assist us to resolve the enquiry or complaint.
If an individual does not provide all of the personal information we require, we may be unable to properly respond to, or investigate, a matter, enquiry or complaint.
Complainants have the right to contact us anonymously. However, if they do, it may be impracticable for us to assist with the enquiry or complaint.
We do not currently collect any sensitive information. We may from time to time collect additional information for statistical reporting purposes (such as gender, age group). Sensitive information will only be collected with the consent of the individuals and published in a de-identified format.
Use and disclosure of personal information
Personal information may be collected directly from the complainant, or it may be obtained from their energy or water service provider.
The Company treats all complaints as confidential between the complainant, the members (energy or water service providers) and the Company. From time to time, we may need to disclose complainants’ personal information to agencies such as the Technical Regulator, the Essential Services Commission (of South Australia) (“the Commission”), the Australian Energy Regulator (“AER”), the Office of the Australian Information Commissioner ("OAIC"), or to a third party who may be able to assist in the investigation.
We will ensure that personal information will not be used or disclosed to other Government institutions or authorities except if required by law. We do not disclose personal information to any overseas recipients (except with a complainant's consent or where we are otherwise legally permitted or required to do so).
Access to personal information
It is our Policy not to provide documents, however acquired, relating to the specific details of an investigation unless required by law.
Complainants have the right (with some exceptions) to access the personal information we hold about them that we may have collected and held.
We may require a complainant to provide us with sufficient identification before providing access to personal information. If we are required or authorised by law to do so, we may refuse access. Requests for access to and the correction of personal information may be made by submitting a completed Request for Access to Personal Information Form, made available at Request for access to personal information. More information on how to access or correct personal information is accessible at Guideline to access personal information.
We may charge a reasonable fee to process a request for access to an individual's personal information, but that fee will not exceed our reasonable costs of assessing a request and providing access. We will advise the amount once we have assessed the request, and may require payment prior to providing access. Access to personal information may be provided in a number of ways, including by providing a hard copy of the information, or by allowing a complainant to view our records.
If a complainant believes the personal information the Company holds is inaccurate, incomplete or out of date, please contact us as detailed below. If we are satisfied that any personal information we hold about a complainant is not accurate, complete or up-to-date, we will amend our records accordingly.
Storage and disposal
The Company takes reasonable steps to protect personal information from misuse, interference, loss or unauthorised use, modification or disclosure. We hold personal information as either physical records, records on our servers and in some cases records on third party servers, which may be located overseas.
The Company uses a range of security measures to protect personal information, including locked and alarmed offices, locked files and cabinets, passwords on all our computers and a firewall on our computer network, which is monitored by virus protection software.
We will keep personal information as long as we need it for the purposes set out in this Policy, or as long as we are required by law to retain it, after which time we will destroy it or de-identify the personal information.
Managing a data breach
In the event that personal information is lost or subjected to unauthorised access, modification, use or disclosure or other misuse, the Company will:
- Contain the breach and make a preliminary assessment;
- Evaluate the risks for individuals associated with the breach;
- Consider breach notification.
Amendments to Policy
This Policy is current as at May 2016.
We reserve the right to amend this Policy at any time, without notice, to ensure that we maintain the highest standards.
If an individual has any questions, concerns or complaints about our management of personal information, please contact our Company Secretary for further information at the details set out below:
Phone: 1800 665 565
We request that any dispute or complaint be submitted in writing to the Company Secretary. We will confirm receipt of a complaint and the dispute or complaint will be investigated and we will respond to the individual within a reasonable time.
Any individual who is dissatisfied with the handling of the complaint may contact the Office of the Australian Information Commissioner. For further details, see www.oaic.gov.au/privacy/making-a-privacy-complaint for further information.