Privacy obligations

When contracting with Homes Tasmania, you and your employees must carefully manage the collection, storage, use, disclosure and disposal of personal information in compliance with the Personal Information Protection Act 2004.

Personal information protection principles

Schedule 1 of the Personal Information Protection Act 2004 outlines the 10 key principles for managing personal information. Homes Tasmania requires you and your staff to understand and adhere to these principles. Ombudsman Tasmania provides an accessible summary here.

Your obligations

Privacy training

It is essential that your staff are trained in their privacy obligations on a regular basis, and before they are given access to Homes Tasmania information. This training must include educating your staff about the Personal Information Protection Act 2004 and the principles outlined in Schedule 1. It is a good idea to retain a record of completed training to demonstrate best practice.

Information handling and security

Personal information you and your staff collect while delivering services and programs is held on behalf of Homes Tasmania. This information must be collected lawfully and, where possible, directly from the individual.

Only information relevant to your service or program should be collected – personal data for advertising, marketing or research purposes is prohibited. However, the information you collect can be used for program analysis and internal reporting.

Personal or health information must not be uploaded or stored on personal devices or IT systems that are not approved by Homes Tasmania.

Data breaches

Any data breach or suspected breach involving Homes Tasmania information, whether accidental or intentional, must be reported to us using the Data or privacy breach form.

In the event of a breach, you and your staff must collaborate with Homes Tasmania to:

  • investigate the nature and extent of the breach
  • assess the risks and consequences associated with the breach
  • review the circumstances of the breach and participate in action to mitigate the risk of any future breach.

Data retention

Obligations under Homes Tasmania contracts may extend beyond the contract period. For example, government record-keeping requirements may require you to retain information beyond the contract term.

You should seek legal advice to ensure compliance with the Personal Information Protection Act 2004 and the Archives Act 1983.

More information

Further information about your compliance obligations under the Personal Information Protection Act 2004 is available through the Ombudsman Tasmania website.