About FOI Solutions
FOI Solutions provides legal services to State and Commonwealth agencies. In that capacity, FOI Solutions collects personal and other information from agencies to provide them with legal services. FOI Solutions collects:
- personal information of client officers; and
- personal information of others.
FOI Solutions collects personal information in documents and other information it receives relating to client legal matters. In addition to the requirements of the State and Commonwealth privacy legislation, FOI Solutions is bound by fiduciary duties of confidentiality and client legal privilege in respect of all documentation relating to client legal matters. As such, members of the public cannot seek to access or correct personal information that FOI Solutions holds about them.
In relation to Victorian agencies FOI Solutions is bound by the Information Privacy Principles (“IPPs”) as contained in the Privacy and Data Protection Act 2014 (Vic) and the Health Privacy Principles (“HPPs”) as contained in the Health Records Act 2001 (Vic). These govern how FOI Solutions collects, handles, uses and discloses personal, sensitive and health information obtained from Victorian agencies.
As a contracted service provider under the Privacy Act 1988 (Cth) FOI Solutions must comply with the Australian Privacy Principles (“APPs”) in terms of how it collects, handles, uses, and discloses personal and sensitive information obtained from Commonwealth agencies. In this policy references to “personal information” include personal, sensitive or health information.
How FOI Solutions collects and holds personal information
FOI Solutions only collects personal information where it is reasonably necessary for one or more of its functions or activities. The manner in which it collects information is done only by lawful and fair means.
FOI Solutions collects personal information directly from clients in order to provide them with specific legal services. It may also collect information provided by others during the course of the provision of legal services to our clients. The types of information we collect include the following:
- personal details, such as names and positions of client officers provided by a client when seeking the provision of legal services and in the course of our provision of those services.
- personal details, such as names and positions of client officers who request training or other education services and agree to stay on our mailing list in order to receive our newsletters, client email updates and other educational material.
- personal information of individuals who are referred to in documents or other information provided by clients to enable us to provide legal services.
- personal information of Court or Tribunal officers in relation to the conduct or progress of proceedings.
In addition, we may collect personal information of individuals applying for positions or otherwise initiating communications with FOI Solutions.
Use and disclosure
FOI Solutions only uses and discloses personal information for the primary purpose for which it is collected. In most circumstances this will be in order to provide our clients with legal advice and related services.
The following are ways in which FOI Solutions uses and discloses personal and other information:
- when forwarding correspondence and other documents to Courts and Tribunals for the effective conduct of legal proceedings, either pursuant to a Court or Tribunal order or where it is required in the circumstances.
- when forwarding documents to Privacy or FOI Commissioners or equivalent for inspection, only where permitted or required by law.
- to contact and notify individuals directly affected by a decision to release documents under the State or Commonwealth Freedom of Information Acts.
- to notify individuals regarding the conduct and progress of legal proceedings and related matters.
- to brief a barrister at a client’s instruction.
- for billing purposes.
In addition, FOI Solutions uses and discloses personal information in the following ways:
- to keep clients informed of developments in the law through our newsletters and client email updates.
- to notify particular clients of developments in the law which FOI Solutions believes they ought to be aware of.
- to invite clients to our training sessions, as well as other activities and events run by FOI Solutions.
FOI Solutions only sends newsletters and client email updates to clients. When FOI Solutions is engaged by an agency to provide legal or related services, contact details such as the email address of a particular client or officer are automatically placed on our mailing list. A client’s contact details are removed from our mailing list upon their request not to receive further similar material.
FOI Solutions only uses and discloses personal information for purposes other than the primary purpose where the individual who is the subject of the information has expressly or impliedly consented or where FOI Solutions is otherwise required or authorised by or under an Australian law.
Information Quality and Security
FOI Solutions takes all reasonable steps to ensure that any personal information collected is accurate, complete and up to date when the information is used or disclosed. Because FOI Solutions routinely handles sensitive documents and other information received from clients, the protection and confidentiality of that information is an absolute priority. FOI Solutions takes all reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
All information collected from clients is stored in:
- paper-based files;
- computers; and
- other data storage devices, such as discs.
FOI Solutions uses a secure file management program, with both password and network protection. FOI Solutions stores all hardcopy files and documents relevant to client matters in a secure room that is only accessible by members of staff. That room remains locked whenever it is not in use. Data storage devices such as discs are also stored securely with the hardcopy file. Where sensitive documents relevant to a Freedom of Information request are forwarded to a Court or Tribunal for the purpose of conducting legal proceedings, FOI Solutions ensures they are:
- packaged securely;
- clearly marked ‘confidential’; and
- sent by DX or delivered by hand.
In addition, FOI Solutions staff members are bound by duties of confidentiality and client legal privilege in relation to all documents and information relevant to a client file. Where permitted by law, FOI Solutions will destroy or permanently de-identify any personal information it holds about an individual upon their request. Under the Professional Conduct and Practice Rules 2005 (Vic), FOI Solutions is required to retain all documents relating to a file:
- when a particular matter is being undertaken; and
- for a minimum of 7 years after termination of engagement or until the documents are returned to the client.
After the completion of a particular matter, all documents and information are returned to the client where they specifically request it. Where permitted by law, FOI Solutions destroys all information and documents relevant to a client file in accordance with strict file destruction procedures.
Access and Correction
FOI Solutions does not give individuals (other than client officers) access to personal information which it holds about them. This is due to FOI Solutions’ duties of confidentiality and client legal privilege in respect of all documentation relating to a client matter. FOI Solutions will take all reasonable steps to correct personal information of its client officers that is inaccurate, out of date, incomplete, irrelevant or misleading.
Where an individual believes FOI Solutions holds information about them which is incorrect, they should, where possible, contact the particular agency from whom the information was collected to seek access to and/or correction of that information.
Client officers can seek access or correction to information held about them by FOI Solutions. Any requests to do so should be directed in writing to the Office Manager by email at firstname.lastname@example.org or care of FOI Solutions’ offices at Level 9, 99 Williams Street, Melbourne Vic 3000.
If FOI Solutions refuses access or correction to personal information, it will provide a written notice to the individual setting out:
- the reasons for the refusal, unless doing so would be unreasonable;
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulations.
How to complain about a breach of the IPPs/HPPs/APPs and how FOI Solutions will deal with such a complaint
If an individual believes FOI Solutions has breached the IPPs, HPPs or APPs in relation to information held about them they should contact the Executive Director at email@example.com or by telephone on (03) 9601 4144.
Transfer of personal information outside of Victoria
Because FOI Solutions only provides legal and related services to State and Commonwealth agencies it is highly unlikely it will send information to overseas recipients.
In some circumstances it may be necessary for FOI Solutions to transfer personal information outside of Victoria. This will only be done with the express or implied consent of clients or where FOI Solutions is otherwise required or permitted by law to do so.