Examination of Local Government Privacy Policies
This report outlines the findings of an examination conducted by the Office of the Victorian Information Commissioner (OVIC), in which we reviewed the privacy policies of all 79 local government authorities. The examination measured the privacy policies against the requirements of the Privacy and Data Protection Act 2014 (PDP Act) and relevant guidance.
It is encouraging to find that, since a similar examination in 2016, local councils have made their privacy policies more available with 89 percent of privacy policies being available online, compared to 82 percent in 2016. It is also encouraging to find that 97 percent of privacy policies now include information on how an individual can access and correct their personal information – compared to 7 percent in 2016.
While this examination report provides some specific recommendations to local councils, the tips and recommendations are useful and relevant for all Victorian public sector organisations covered by Part 3 of the PDP Act. In addition, this examination report has referred to OVIC’s discrete guidance, which is still valid and relevant, and has been incorporated into the findings and tools created. 1
The themes and findings highlighted in this examination report are not specific to councils, nor are a reflection on ‘mistakes’ made by councils, rather we predict that the they are indicative of common issues amongst privacy policies across the Victorian public sector.
Privacy and Data Protection Deputy Commissioner
Summary of best practices and minimum requirements
Findability and accessibility
Provide users with multiple ways to find the policy.
Use descriptive titles for each webpage, allowing users to quickly identify whether the information contained in the webpage is what they are looking for.
Use clear and simple language to appropriately name the policy.
Consider creating a dedicated privacy webpage explaining the need to know information about privacy and how to contact the council about a privacy concern.
Include a version number, date of which the policy was approved and a clear statement when the policy is due for a review
Reference the correct privacy legislation.
Include a description of the organisations main functions.
Have an explanation on how the organisation adheres to the IPPs. This may include using specific examples about the organisation’s functions and how it will use the personal information it holds. Organisations should consider how they present this information in a concise and clear way.
Every policy should be written using plain language, and avoid legal jargon. Privacy policies should not mirror the wording of the legislation.
Every policy should include a clear explanation and process for making a privacy complaint.
Every policy should include accurate details of OVIC and any other external complaint agencies that are able to review the decisions of your organisation.
Council activities are diverse and extensive, ranging from providing public health services, to traffic, parking, and animal management. Councils collect a vast amount of personal information about individuals, from information about ratepayers and pet owners, to details of complaints made to the council. Local councils are required to comply with Part 3 of the Privacy and Data Protection Act 2014 (PDP Act) which provides for the responsible handling of personal information by Victorian public sector organisations.
Where a local council collects, holds, uses or discloses personal information, it must comply with the 10 Information Privacy Principles (IPPs) listed in Schedule 1 of the PDP Act. The IPPs set out the minimum standard for how the Victorian public sector should handle personal information, from the time it is first collected until it is disposed of when no longer required
This report does not aim to name or criticise councils, but rather to highlight good practices as well as areas for improvement. The tips and recommendations made in this report represent what OVIC considers to be good practice and a minimum standard for privacy policies.
Why are privacy policies so important?
A key emphasis of the report is the importance of effective communication in the protection of privacy, compliance with the PDP Act, and the maintenance of public trust in government.
Compliance with the PDP Act and the IPPs often turns on the quality and effectiveness of an organisation’s ability to communicate its privacy obligations. In many cases — such as providing a collection notice or establishing informed consent — compliance with the IPPs depends on whether information has been effectively conveyed to allow understanding by an individual engaging with the organisation.
Transparency around information handling practices is also essential to both the protection of privacy as a human right, and the maintenance of public trust. Transparency empowers individuals to understand what their rights are and what organisations are doing with their personal information. It empowers individuals to engage effectively with organisations when they have concerns about their privacy and gives them confidence that they will be heard. Transparency allows an organisation to demonstrate that they take privacy seriously, and that they can be trusted to responsibly manage the personal information that they hold.
What we examined
For this reason, each policy was assessed against discrete guidance issued by this Office on the minimum content required, and best practice drafting principles. Specifically, each policy was assessed as to whether it, at a minimum, included:
- The identity of the council, including a description of the council’s main function.
- A description of the type of information the council collects to fulfil its functions.
- How the council uses and shares the personal information it collects, including the types of third parties the information may be shared with.
- Whether collection of personal information is compulsory or optional.
- How the organisation securely stores and manages access to the personal information, and how long it may be stored for.
- The date and version of the policy.
- How an individual can contact the council, request access to the information or make a privacy complaint.
In addition to these minimum requirements, we examined how the policy can be found online and how accessible it is; for example, whether it is downloadable and available in other languages.
What we needed
How we conducted the examination
The examination was conducted as a desktop review.
At the conclusion of the examination we wrote to each council and provided feedback on their policy and, where necessary, included suggestions for policy improvement.
- Eight provided a copy of their policy; four of the eight arranged for the policy to be published online, and one also provided a draft revised policy.
- One confirmed it did not have a policy, but would implement one by July 2019.
Of the remaining 69 councils who have policies online:
- 46 policies are current, with one being provided as a draft revised policy in the process of being approved.
- 14 policies are planned for review, or are currently being reviewed.
- Seven provided updated policies and arranged for the updated versions to be uploaded to their website.
A detailed discussion of our examination is set out in the next part of this report, and includes findings, recommendations and tips for better practice. The scope of the examination was structured around four themes; policy findability and accessibility, policy control, policy content and privacy complaints.
For a comparison of how councils fared with one another in the four themes, please refer to Appendix 1. The statistics are aimed to provide a comparative snapshot of councils according to whether they are metropolitan or regional.
What We Found – In Detail
The findings are structured around four themes; policy findability and accessibility, policy control, policy content and privacy complaints.
For a full list of the question asked and the total findings, please refer to the table in Appendix 2.
Policy findability and accessibility
If all three questions answered yes then the policy was easy to find. If one or two out of three questions answered yes then it was average to find and if you could not find it using these three ways then it was difficult to find.
We found that 47 out of 78 councils were easy to find, 17 were average to find and 14 were difficult to find.
There are many authorities and standards when it comes to website usability and digital standards. Councils and other Government organisations should take into consideration the digital standards set by the Victorian Government 5 and the recommendations made by the Web Content Accessibility Guidelines (WCAG) 6 The WCAG recommendations and guidelines aim to make web content accessible to a wide range of people with disabilities, and will often make web content more usable to users in general.
Case example 1: Example of a policy that was ‘easy’ to find
Melbourne City Council
While just over half of the policies were ‘easy’ to find, mostly by using the website’s search bar tool, policies were often located on a page that contains all council policies, procedures and other corporate governance documents. Most of the time, policies are located under headings such as ‘Governance’ or ‘Corporate’ that, to the general public, have little meaning and may lead to confusion and an inability to identify the relevant privacy document.
Case example 2: Example of a policy that was ‘difficult’ to find
This example is from a large shire.
The Victorian Government Digital Standards (VGDS) state that to comply with the Disability Discrimination Act, and the VGDS, a Victorian government agency’s digital presence must comply with the WCAG ‘AA’ conformance requirements. The VGDS note that, to comply with WCAG, it is best to avoid using PDFs, or Microsoft Word, PowerPoint or Excel documents online. The VGDS recommend HTML.
Two council policies are available in other languages. 7
A small hand full (5 out of 78) of the policies that are accessible as a webpage have an audio option, which reads the policy for the user.
9 out of 78 councils that have a dedicated privacy webpage also had an audio capacity for the webpage. This means that, while the downloadable policy cannot be read out to the user, the information on the webpage can be. This provides the site user with another option to access privacy information.
Case example 3: Good example of an accessible policy
Greater Geelong City Council
Tips to improve
- Providing site users with multiple ways to find the policy.
- Using descriptive titles for each webpage, allowing users to quickly identify whether the information contained in the webpage is what they are looking for.
- Using clear and simple language to appropriately name the policy.
- Creating a dedicated privacy webpage explaining the ‘need to know’ information about privacy and how to contact the council about a privacy concern.
- Making the policy available in HTML format or equivalent, in addition to other utilised formats.
We found that only a small number of council policies included a version number (29 out of 78).
70 out of 78 policies had a date of either approval or publication, and 60 out of 78 had a review date.
We also found that 13 out of 78 policies were unclear regarding a review date, mainly because the policy is presented as a webpage rather than a downloadable policy document. An updated webpage or attachment does not represent an updated policy.
Statements such as ‘will be reviewed periodically’ or ‘will be reviewed time to time’, are not clear statements of when, or if, the policy will be reviewed and updated.
Tips to improve
As best practice, the policy should include:
- a version number;
- a date of which the policy was approved; and
- a clear statement when the policy is due for a review.
It is recommended that every council:
- reviews its current policy, unless it has done so within the last year; and
The focus on this part of the examination was in two parts; how comprehensive the content of the policy is, and assessing how well the policy is written.
Content – how comprehensive is the content of the policy?
IPP 5 does not state the type of information a policy should include. Each policy was assessed against guidance issued by this Office on the minimum content required and best practice drafting principles.
We also examined whether each council’s policy adequately referenced the 10 IPPs, as the IPPs set out the minimum standards for the handling of personal information for all Victorian public sector agencies specified in the PDP Act.
While we found that overall each council policy referenced the 10 IPPs, only 2 out of 78 8policies included a description of the council’s main functions. They both include an ‘About Council’ section in their policy and briefly describe their role and functions under the Local Government Act 1989.
Including a clear and concise statement of the organisations main functions, and linking it to the IPPs, demonstrates that the organisation has considered the different ways the organisations collects information (as it will differ between organisations) and how that information flows through the organisation.
Good examples defined what personal information is, and used specific examples to explain:
- What types of personal information it generally collects, and for what purpose (IPP 1); and
- How it uses and discloses the personal information (IPP 2).
Case example 4: Good example of IPP1 and IPP2 – Explanation with examples
Boroondara City Council
IPP 1 – Collection
Council will only collect personal information supplied by you when it is necessary to do so. This information typically includes but is not limited to the following:
- address (postal and email)
- telephone number (work, home and mobile)
- date of birth
- Medicare number
- credit card and bank account numbers
- motor vehicle registration number.
The information you provide may be used for purposes including but not limited to the following … to contact you where it is necessary to resolve issues relating to the Boroondara City Council services or functions which you have brought to our attention. For instance, contacting you in response to your report of a fallen tree branch.
Casey City Council
IPP 2 – Use and disclosure
The information may be disclosed:
- To Council’s contracted service providers who manage the services provided by Council. Some examples include: garbage collection, management of leisure centres, environmental health inspections and infrastructure maintenance. Council will also require these service providers to maintain the confidentiality of the information and comply with the Information Privacy Principles in all respects.
While a majority of councils covered and explained the 10 IPPs, we found that some councils failed to mention two important IPPs being:
- IPP 7, which relates to the use of unique identifiers and under what circumstances they are used by organisations, and
- IPP 9, which relates to transborder data flow and how privacy is protected if transferred outside of Victoria.
We found that IPP 7 was explained with generic wording which mirrored the wording in the legislation. For example, broad statements such as ‘Council will not assign, adopt, use, disclose or require unique identifiers except if required by law’ does not explain what a unique identifier is, and in what circumstances they would be used. An explanation of what a unique identifier is for council purposes would be helpful for individuals.
Similarly, statements attempting to address IPP 9, such as ‘Council may transfer personal information outside of Victoria only if that data transfer conforms with the reasons and conditions set out in the Act’ often did not adequately explain the reason why personal data was being transferred outside of Victoria, or how the council would protect personal information once it was transferred.
Case example 5: Good example of IPP 7 and IPP 9 – Explanation with examples
Maribyrnong City Council
IPP 7 – Unique identifiers
A unique identifier is a number or code that is assigned to someone’s record to assist with identification (similar to a drivers licence number). Council will only assign a unique identifier to a person if the assignment is reasonably necessary to carry out its functions efficiently.
IPP 9 – Transborder data flows
… does not prohibit the transfer of personal information outside of Victoria but it does place restrictions on when it can occur. This is because the PDPA is a Victorian law and therefore the IPP’s will not apply to organisations in a different state, territory or country.
Council will only transfer personal or health information outside of Victoria in accordance with the provisions outlined in the PDPA and Health Records Act.
While Council uses cloud computing services based outside Victoria, it has taken all reasonable steps to ensure that the information which it transfers will not be held, used or disclosed by the host of the information inconsistently with the Victorian IPPs. It also ensures the hosts/recipients are subject to laws and/or binding contractual arrangements that provide similar protections to that afforded under the PDPA.
Latrobe City Council
The council specifically states that it:
… may use cloud computing services based outside Victoria, in which case Council must ensure [compliance] with the Victorian IPPs and HPPs in engaging with those
The second example above demonstrates the council’s awareness of how personal information is stored on its information technology services. IPP 9 does not only apply to personal information that is physically transferred outside of Victoria, but also applies to electronic information that may be stored on servers based outside of Victoria. We found that a small handful of councils specifically mentioned that they use a cloud type storage system to store personal information, meaning that IPP 9 applies to protect that information.
We also found that IPP 6 could be explained more effectively. IPP 6 deals with how individuals can access and correct their information held by organisations.
12 policies had a statement addressing the possibility of access to, and correction of, personal information. However, all 12 policies failed to detail how an individual could undertake this process rendering the statement ineffective.
Case example 6: Example of ineffective IPP 6 statement – Access and Correction
This example is from a metropolitan council.
Individuals have a right to request access to any personal or health information held about them by Council. If an individual believes that their information is inaccurate, incomplete or out of date, they may request Council to correct it.
Council can deny access to personal and health information in accordance with the exemptions detailed in the Privacy and Data Protection Act 2014 and Health Records Acts 2001.
We found that 7 councils use the above statement (or similar) when explaining how an individual can access or correct information. While the statement provides an explanation of an individual’s rights to access and correct their information, it would be preferable if agencies took the default position that everyone has the right to access and correct their information through the processes outlined in the Freedom of Information Act 1982, which is the approach taken by majority of the councils.
In contrast, a handful of councils encourage individuals wishing to access their information and correct it to contact the council department first or to speak with the Privacy Officer in an attempt to resolve the concern informally, rather than going through the more formal and lengthy FOI process. In some instances, however, it may be more appropriate for an individual to make a formal request to council under the freedom of information process. In these instances, the council can support their customer by providing guidance around initiating an FOI request.
Case example 7: A good example of IPP 6 explanation – Access and Correction
Warrnambool City Council
Should an individual wish to access their personal information, the individual can contact the most relevant Council department directly or Council’s FOI/Privacy Officer [details provided] …
Access will be provided except in the circumstances outlined in the Act, for example, where the information relates to legal proceedings or where the Freedom of Information Act 1982 applies. If an individual believes that their personal information is inaccurate, incomplete or out of date, the individual may request Council to correct the information. The request will be dealt with in accordance with the Act.
An organisation’s commitment to open and transparent privacy practices is reflected in the way it clearly and simply communicates guidance to the public. The above example illustrates the benefits of including contact details to directly support and guide an individual seeking information around access and correction of their personal information.
Content – how well is the policy written?
In 2006, the Australian Bureau of Statistics conducted a survey to identify and measure a broad range of social and economic characteristics of people across Australia, including literacy levels.9 Five different literacy capabilities were tested including the ability to read, understand and use information from various kinds of narrative texts such as information from newspapers, brochures and information sheets. Almost half of Australians between the ages of 15 to 74 scored in levels 1 and 2 (level 1 being the lowest measured level of literacy, and level 3 being considered the minimum requirement to understand narrative text). 37% of survey respondents scored in level 3.
With this in mind, it is important for documents, such as a policy, to be written using simple, plain English. While it is difficult to measure, we found that overwhelmingly, most policies were written using complex, legal terminology, and often mirrored the legislation.
OVIC’s guidance suggests ways to ensure effective communication, including:
- Using plain language – for example, short, clear sentences and familiar, plain English words;
- Avoiding legal jargon or technical terminology;
Organisations might consider presenting their discussion of IPPs in a different way including, for example, by theme. Alternatively, organisations might provide a narrative of how personal information is collected by the organisation and how it travels through the organisation from collection to destruction.
Case example 8: Good example of how IPPs are discussed
Brimbank City Council
The council uses headings, in the form of questions, to explain the IPPs without presenting them in any particular order, or mirroring the legislation.
What type of information does the council collect?
What does the council do with information?
What disclosures might be made?
How does the council ensure that information is accurate, up to date, and secure?
How can a person access or correct information held by council?
Loddon Shire Council
The council uses sub-headings, in the form of questions, to explain ‘what is use’ and ‘what is disclosure’ when explaining IPP 2, and uses simple language and examples to detail the answers:
What is use? This includes:
- searching records for any reason
- using personal and/or health information in a record to make a decision
- inserting personal and/or health information into a database
What is disclosure? This includes:
- providing personal and/or health information to a third party (such as a contractor)
- providing a record containing personal and/or health information to a member of the public
When drafting or reviewing a policy, it is important to consider just what is trying to be achieved (the intent of the policy), and how the policy aims to achieve this outcome. It is also important to think about the audience and what information they would expect to see in the policy.
For councils that have dedicated privacy webpages, we found that the information is able to be, and has been, presented in a simple and easy to understand way.
Tips to improve
As best practice, every policy should include:
- A reference to the correct privacy legislation.
- A description of the organisations main functions.
- An explanation on how the organisation adheres to the IPPs. This may include using specific examples about the organisation’s functions and how it will use the personal information it holds. Organisations should consider how they present this information in a concise and clear way.
As best practice, every policy should be written using plain language, and avoid legal jargon. Privacy policies should not mirror the wording of the legislation.
It is recommended that every council:
- Review its explanation of its process to accessing and correcting personal information.
- When undertaking its next review of its policy, consider plain English drafting principles.
In an overwhelming majority of reviewed privacy policies, we found little or no explanation or guidance regarding the ability make a privacy complaint.
While 64 out of 78 policies did mention the ability to raise a complaint, many councils failed to provide adequate details or guidance regarding the complaint process. Only a very few policies provided sufficient information covering the complaint process, from how to make a complaint, to how it would be investigated, and how long it would take for the process to conclude.
Organisations should make it as simple as possible for individuals to make a privacy complaint. The PDP Act does not provide any legislative requirements for complaints to be made in a certain way. We found that 5 councils require complaints to be made in writing alongside the provisions of proof of identification. We do not recommend this as a standard practice.
Making it simple for an aggrieved individual to make a privacy complaint reflects an organisation’s openness and transparency.
We also found that policies lacked information about OVIC as the independent regulator of privacy for state government agencies, or for the Health Complaints Commissioner (for health information related complaints). When considering privacy complaints, many councils failed to accurately describe OVIC’s function and role in conciliating privacy complaints between aggrieved parties. Only one council accurately described OVICs functions.
When OVIC’s contact details were provided, they were generally incorrect and outdated, with OVIC often being referred to as its predecessor agency, the Commissioner of Privacy and Data Protection, which is inaccurate.
Other Victorian government oversight bodies have reviewed the complaint handling processes of local government 10 and provided useful guidance and tips on complaint handling in general. During this examination, the Victorian Ombudsman announced an enquiry into how councils handle complaints.11 The outcome of this enquiry will be beneficial in assisting councils to provide better privacy complaint processes.
Overall, the internal and external complaints processes are inadequately and ineffectively explained, or are not explained at all. Some councils have separate complaints handling policies that address how to make a complaint about privacy, but the policies are not linked or cross-referenced.
Tips to improve
As best practice, every policy should include a clear explanation and process for making a privacy complaint.
As best practice, every policy should include accurate details of OVIC and any other external complaint agencies that are able to review the decisions of your organisation.
Appendix 1 - Council Comparison
Chart 1 – Break down of council by classification
Chart 1 illustrates a simple breakdown of council by classification. Source of the categories is provided by www.localgovernment.vic.gov.au.
Table 1 – Comparison on policy findability according to classification
Table 1 compares the findings from the question “Describe how easy it is to find the policy on the website: Easy, Average, Difficult.”
Chart 2 – Illustration of comparison on policy findability
Table 2 – Comparison on policy control according to classification
|Is there a version number?||Is there a date?||Is there a review date?|
Table 2 compares the findings between council classification and various questions about policy control. The finding is that of a “yes” answer.
Chart 3 – Illustration of comparison on policy governance
Table 3 – Comparison on overdue policies according to classification
Table 3 compares the findings from the question “Is the policy overdue for a review?”
Note that 8 out of the 19 policies that are overdue for a review, are being reviewed at the time of this examination.
Chart 4 – Illustration of comparison on overdue policies according to classification
Table 4 – Comparison on IPPs according to classification
Table 4 compares the findings between council classification and whether their policies include mention and explanation of the 10 IPPs.
Chart 5 – llustration of comparison on IPPs according to classification
Table 5 – Comparison of complaint handling according to classification
|Does the policy explain how to make a complaint to the council?||Does the policy include information about OVIC?||Does the policy include information about the Health Complaints Commissioner?|
Table 5 compares the findings between council classification and whether their policies include information about making and responding to privacy complaints. The finding is that of a “yes” answer.
Chart 6 – Illustration of comparison on complaint handling according to classification
Appendix 2 – Table of statistical findings
1. Policy location and accessibility
|Is there a policy? (IPP5 – Openness)||78||99%|
|Is there a dedicated ‘privacy’ section on the website?||46||59%|
|Can the policy be found by clicking on the ‘privacy’ section of the home page?||43||55%|
|Describe how easy it is to find the policy on the website: Easy, Average, Difficult.|
|If so, describe what is online.|
|Are ther other policies that affect privacy? For example, CCTV policy or Health Records Policy?||37||47%|
|If so, what are they?|
|Are there supporting documents that accompany or compliment the policy?||21||27%|
|If so, what are they?|
|Is the policy available as a webpage?||12||15%|
|Is the policy available as a downloadable PDF?||59||76%|
|Is the policy available as a downloadable Word document?||10||13%|
|Is the policy available as a downloadable HTML document?||0||0%|
|Is the policy available in other languages?||1||1%|
|If so, what languages?|
|Is there an audio version of the policy?||5||6%|
|Are there other accessibility options?||9||12%|
|If so, what are they?|
|Can the policy be shared? For example, shared to an email or social media?||20||26%|
2. Policy control
|Does the policy identify the council?||77||98%|
|Does the policy identify a position or business unit that is responsible for approving and updating the policy?||72||92%|
|If so, who?|
|Does the policy have information about who approved the policy?||57||73%|
|If so, who?|
|Does the policy state what version it is?||29||37%|
|Does the policy have a date?||70||90%|
|Does the policy have a review date?||60||77%|
|What is the review date?|
|Is the policy overdue for a review?||19||24%|
3. Policy content
|Does the policy refer to current legislation?||68||87%|
|How many pages is the policy?|
|Is the policy broken up into sections with clearly marked headings?||78||99%|
|Is the policy layered?||8||10%|
|Does the policy state the council’s main functions?||2||3%|
|Does the policy state the types of third parties the information may be shared with?||72||92%|
|Does the policy state whether collection of personal information is compulsory or optional?||71||91%|
|Does the policy state the types of personal information it generally collects? (IPP 1 – Collection)||74||95%|
|Does the policy state how the council uses and discloses the personal information? (IPP 2 – Use and disclosure)||75||96%|
|Does the policy state how the council ensures the personal information it collects is accurate, complete and up to date? (IPP 3 – Data quality)||76||97%|
|Does the policy state how the council stores and manages personal information, including how long personal information may be stored for? (IPP 4 – Data security)||72||92%|
|Does the policy contain information about how an individual can request to access and/or alter their personal information? (IPP 6 – Access and correction)||76||97%|
|If so, what is it?|
|Does the policy state whether the council assigns unique identifiers to individuals, and if so, under what circumstances? (IPP 7 – Unique identifiers)||56||72%|
|Does the policy state that a person may remain anonymous when dealing the council? (IPP 8 – Anonymity)||72||92%|
|Does the policy state how privacy is protected if information is transferred or stored outside of Victoria? (IPP 9 – Transborder data flows)||54||69%|
|Does the policy state whether the council collects sensitive information? (IPP 10 – Sensitive information)||73||93%|
|Does the policy explain how to make a privacy complaint to the council?||64||82%|
|Does the policy correctly direct complaints to OVIC only after the complaint is first made to the council?||46||59%|
|Is there a separate policy for general complaint handling?||12||15%|
|Does the policy include information about the Health Records Act 2001?||47||60%|
|Does the policy address the Health Privacy Principles?||40||51%|
|Does the policy correctly direct complaints about health information to the Health Complaints Commissioner?||22||28%|
|Is there a separate policy that addresses health privacy?||10||13%|
|In general terms, comment on the quality of the policy content. For example, has the information been simplified and examples used to explain the IPPs, or is it a cut and paste of the legislation?|
4. Reference to external agencies
|Does the policy include a description of OVIC’s functions?||2/78||3%|
|Is it accurate?||1/2||50%|
|Does the policy include a link to OVIC’s website?||13/78||16%|
|Is it accurate?||4/13||31%|
|Does the policy include OVIC’s contact phone number?||19/78||24%|
|Is it accurate?||2/19||11%|
|Does the policy include OVIC’s email?||20/78||26%|
|Is it accurate?||2/20||10%|
|Does the policy include OVIC’s postal address?||14/78||18%|
|Is it accurate?||6/14||43%|
|Does the policy include a description the Health Complaints Commissioner’s functions?||2/78||3%|
|Is it accurate?||1/2||50%|
|Does the policy include a link to Health Complaints Commissioner’s website?||7/78||9%|
|Is it accurate?||4/7||57%|
|Does the policy include Health Complaints Commissioner’s contact phone number?||13/78||16%|
|Is it accurate?||10/13||77%|
|Does the policy include Health Complaints Commissioner’s enquiries email?||6/78||8%|
|Is it accurate?||1/6||17%|
|Does the policy include Health Complaints Commissioner’s postal address?||6/78||8%|
|Is it accurate?||4/6||67%|
5. Contact information
|Does the policy contain information about who to contact at the council regarding privacy concerns?||68/78||87%|
|What is the name and/or title of the contact point?|
|Is there a phone line to call?||46/78||59%|
|If so, what is it?|
|Is the phone line the same as the council switchboard/general enquiries?||28/46||61%|
|Is there an email address?||30/78||38%|
|If so, what is it?|
|Is the email address the same as for general enquiries?||19/30||63%|
|Is there a postal address?||36/78||46%|
|If so, what is it?|
|Is the postal address the same as for general enquiries?||33/36||92%|
|Additional comments – is there contact information in any other form, online, fax, online complaint form or is there contact information on another page?|
- OVIC, IPP 5 Self Assessment Tool. https://ovic.vic.gov.au/wp-content/uploads/2019/06/20190530-IPP-5-Self-Assessment-Tool-re-draft.docx
- By ‘current’ we mean the most recent or updated policy. See ‘Summary statistics’ section for more information on how councils responded.
- https://www.vic.gov.au/digital-standards – the framework is Victoria’s central reference for digital best practice standards and, where applicable, mandatory standards
- 2.0. https://www.w3.org/TR/WCAG20/
- Moreland City Council and Greater Geelong City Council
- Banyule City Council and Melbourne City Council.
- The Adult Literacy and Life Skills Survey http://www.ausstats.abs.gov.au/ausstats/subscriber.nsf/0/B22A471C221C7BADCA2573CA00207F10/$File/42280_2006%20(reissue).pdf
- Victorian Ombudsman report into Council and Complaints – A good practice guide Feb 2015 https://www.ombudsman.vic.gov.au/Publications/Parliamentary-Reports/Councils-and-complaints-%E2%80%93-A-report-on-current-prac