Skip to main content
Top of the Page

Privacy Policy

1 INTRODUCTION

The College of Intensive Care Medicine of Australia and New Zealand (the College) is committed to ensuring the privacy of individuals. The purpose of this policy is to communicate clearly the personal information handling practices of the College, in accordance with relevant legislation.

The College complies with the following:

  • National Privacy Principles - Australian Privacy Act 1988, Privacy Amendment; and
  • Information Privacy Principles - New Zealand Privacy Act 1993.

This policy outlines the way the College collects, holds, uses, and discloses personal information, and the procedures that allow access to this information.

The policy also outlines how the College will respond to suspected or known data breaches of personal information.

2 COLLECTION AND USE OF INFORMATION

  1. OVERVIEW

    2. All personal information that enters the College is dealt with in a consistent manner and every effort is made to maintain its security. The College collects and holds personal information about Fellows, Trainees, conference delegates, applicants, recipients of College services, hospitals, suppliers and other individuals who interact with the College. This information typically includes name, gender, address, telephone and fax details, email address, financial information and may also include other personal information (e.g. curriculum vitae). This information facilitates the provision of College services such as education and training, enables the College to procure goods and services from suppliers, and allows the College to contact individuals and others.

    Business needs may require the disclosure of personal information to related service providers. In appropriate cases we will endeavour to inform the individual of the type of personal information held, the reasons for disclosure, and the type of individuals and organisation to whom it is usually disclosed. Personal information where required by law will be disclosed.

  2. COLLECTION OF INFORMATION

    3. The College will only collect information from individuals when it is reasonably necessary for the performance of its functions and activities. All such collection will be subject to this policy. The information collected will depend on the individual’s relationship with the College.

  3. SENSITIVE INFORMATION

    4. Sometimes the College may need to collect sensitive information from individuals to enable the College to deliver a service or manage an issue or compliant.

    Examples of ‘sensitive information’ includes information about an individual’s health, racial or ethnic origin, political opinions, association memberships, religious beliefs, sexual orientation, criminal history and genetic or biometric information.

  4. INDIRECT COLLECTION

    5. In the course of delivering a service, handling an issue or compliant, the College may collect personal information (including sensitive information) about an individual from publicly available sources or from third parties such as:

    • An authorised representative of the subject individual; and
    • Other third parties (e.g. supervisors of training; Fellows or Trainees).

    The College also collects information from publicly available sources to enable it to contact stakeholders who may be interested in the training program, attending College events or general College activities.

  5. ANONYMITY

    6. Where possible the College will allow individuals to interact with the College, anonymously or using a pseudonym. For example, if an individual, contacts the College with a general question regarding the training program, they will not be asked for their name unless it is needed to enable their question to be handled adequately.

    For most College functions however, name and contact information will be required.

  6. WEB BASED DATA COLLECTION

    7. The College has a website and members' web-based portal. The addresses are as follows

    https://www.cicm.org.au/
    https://www.cicm.org.au/Login

    When individuals visit either of these addresses, the College may collate information including:

    • Device's IP address;
    • Devices screen size;
    • Device type, operating system and browser information;
    • Geographic location;
    • Referring domain and out link if applicable;
    • Search terms and pages visited; and
    • Date and time of page access.

    The College may also periodically maintain separate websites for College related activities (e.g. the annual scientific meeting). The College also collates information listed above from these websites.

  7. EMAIL LIST, REGISTRATIONS AND FEEDBACK

    8. The College collects information when individuals sign up to College mailing lists, register for College events or sends email/s to the College at [email protected].

  8. SOCIAL NETWORKING SERVICES

    9. The College uses social networking services including Facebook, Twitter and Linkedin to communicate to the public about the College’s work.

    The College may collect personal information about individuals who use these social networking services. The information is used to help the College to communicate with the public and individuals.

  9. USE OF INFORMATION

    10. The College uses personal information for the purpose for which it was collected. This information may be used for secondary purposes which directly relate to the primary purpose of collection. For example, an individual may be required to fill in a form to register for a scientific meeting or conference and the College may use these contact details to send a conference program or other conference information.

    Contact information held by the College may also be used to inform individuals of special offers or additional services provided by the College. Where required or appropriate, the individual contacted will be provided with the option of not receiving further communication of this nature from the College.

    The College uses information and may provide information to third parties to provide membership services and benefits, maintain membership and service/benefits records, provide information, assist continuing professional development and education and training, and to conduct research for purposes related to the College, intensive care medicine and the above.

    All specific requests for information from a third party will be documented.

  10. DISCLOSURE OF INFORMATION

    11. The College does not sell any of the personal information it collects. The College will disclose personal information for the primary purpose for which it was collected or for a secondary purpose if it directly relates to the primary purpose. Individuals will be informed of this and may have to sign a consent form at the point of collection. For example, aggregated membership and training information may be shared with Medical Boards, Health Authorities, Government, hospitals and other health institutions in connection with uses identified in this policy.

    The College does engage third parties to perform certain business functions. Therefore, it is sometimes necessary to disclose personal information to those suppliers. Where disclosure takes place, the College seeks to ensure that personal information is handled in accordance with the Australian National Privacy Principles and the New Zealand Information Privacy Principles. The College requires third parties to sign a confidentiality agreement Information will not be disclosed where to do so would breach other statutory or legal obligations.

  11. SECURITY OF INFORMATION

    12. The College undertakes to protect personal information from unauthorised use, access, disclosure and alteration. The College may store information electronically and/ or in hard copy. Staff must comply with the College’s policy on the handling of personal information. IT protection systems and internal procedures are also utilised to protect the personal information held by the College. Information will be held until there is no longer a business or legal need to retain it.

  12. CORRECTION OF INFORMATION

    13. The College seeks to maintain the accuracy of personal information. Individuals are encouraged to contact the College if the information held is incorrect or to notify the College if personal information has changed. Changes to personal details can also be made by individuals through the College website or by email.

  13. PERIOD OF RETENTION OF INFORMATION

    14. The College shall not retain the personal information of any person for longer than necessary.

  14. ACCESS TO INFORMATION

    15. The Chief Executive Officer may be contacted on +61 3 9514 2888 at any time by an individual to access their personal information. A request in writing from that individual will be required to access their information. Access will be provided unless the request is unreasonable, or the Australian National Privacy Principles or New Zealand Information Privacy Principles permit or require the College to decline that access. As permitted by law, a fee may be requested to cover the cost of access. Any queries regarding an individual’s personal on-line information should be checked by that individual prior to any such request.

3 PARTICULAR PROVISIONS AND USE OF INFORMATION

  1. INTERNATIONAL MEDICAL GRADUATES

    2. The College is involved in the assessment of international medical graduates’ qualifications and experience in intensive care training. The Australian Medical Council (AMC) and the Medical Council of New Zealand (MCNZ) discloses applicants’ personal information to the College for this purpose and vice versa. Applicants for assessment for Area of Need intensive care positions in Australia disclose personal information to both the AMC and the College in parallel.

    The College may need to clarify this information with external institutions or individuals, such as employers, recruitment agents, or health departments, and gather additional information in order to complete assessments. Information may also be sought from any area of the College including the New Zealand National Office. As part of the specialist assessment process, the College’s recommendation(s) will be provided to the AMC or to the MCNZ and to any relevant State or Territory Medical Board or Council. The College may also disclose personal information where required to do so by law. The College will handle any personal information in accordance with the Privacy Acts of Australia and New Zealand and Australian National Privacy Principles or New Zealand Information Privacy Principles. Any information provided to the College for the purpose of assessment will be used and disclosed in the manner set out in this policy.

  2. FELLOWS AND TRAINEES

    3. The College holds personal information about Fellows and Trainees which is used to conduct College business, for the purpose of education, training and assessment and for continuing professional development and other purposes set out in this policy. It may be disclosed to College staff, Council and Committees, hospitals, external suppliers, and Societies and Associations of which the individual is an applicant or member. General information may be provided to members of the public if requests are made about a Fellow’s or Trainee’s status, or otherwise. Personal information may be disclosed where required by law.

    Any information provided to the College will be used and disclosed in the manner set out in this policy. Failure to provide this information may prevent the College from adequately delivering its services. Further information regarding the use and disclosure of personal information may be provided at the point of collection.

  3. EXTERNAL SUPPLIERS

    4. The College discloses information to external suppliers, including examination and training supervisors, when entering into transactions for the purpose of College business. This information will be handled in accordance with the Australian National Privacy Principles or New Zealand Information Privacy Principles. It will not be utilised for any other purpose and only disclosed to suppliers for the contracted purpose. Failure by an external supplier to act in accordance with the College Privacy Policy may result in termination of the relationship with the College.

    The College holds personal information about external suppliers which may be used and disclosed in the course of conducting College business. Personal information may be disclosed to other suppliers to the College or to College staff, Council and Committees where necessary in order to conduct this business. Failure to provide this information may impede the process of transacting business.

4 SUSPECTED OR KNOWN DATA BREACHES

The College has an obligation to take reasonable steps to handle personal information in accordance with the Australian Privacy Act principals. This includes protecting personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.

  1. SUSPECTED OR KNOWN DATA BREACH

    2. In the event the College either suspects or knows of a data breach, the College’s first response will be to contain the suspected or known breach. This will include the College taking immediate steps to limit any further access or distribution of the affected personal information, or the possible compromise of other information.

  2. ASSESS

    3. After the containment or attempt to contain the suspected or known breach, the College will consider whether the data breach is likely to result in serious harm to any of the individuals whose information was involved.

    If the College considers there are reasonable grounds to believe the breach is likely to result in serious harm to the individuals whose information was involved, the College initiate its’ notification process.

    If the College only has grounds to suspect that this is the case, then it will conduct an assessment process.

    As part of the assessment, the College will consider whether remedial action is possible. The assessment will include the following stages:

    • Development of a plan
    • Assignment of a team or person to perform the assessment;
    • Investigation; and
    • Evaluation based on the evidence

    The College will strive to complete the assessment within 30 days of the breach. Where the assessment cannot be completed within the 30 days, the College will document the reasons for the delay.

  3. REMEDIAL ACTION

    4. The College will take all possible reasonable steps to reduce any potential harm to individuals. Actions may include attempting to recover lost information before it is accessed or changing access controls on compromised Fellow or trainee member accounts before unauthorised transactions can occur.

    Where the remedial action is successful in making serious harm no longer likely, then the College will not initiate its’ notification process. It will however undertake a review.

  4. NOTIFICATION PROCES

    5. Where serious harm is likely, the College will prepare a statement for the Commissioner that contains:

    • The College's contact details;
    • A description of the breach; and
    • The kind/s of information concerned.

    The College will also adopt one or more of the following options:

    • Notify all individuals; or
    • Notify only those individuals at risk of serious harm If neither of these options are practicable; or
    • Publish the statement on the College’s website and publicise.
  5. REVIEW

    6. The College will also review the incident and take action to prevent future breaches. The review may include all or a subset of the following:

    • Fully investigating the cause of the breach;
    • Developing a prevention plan;
    • Conducting audits to ensure the plan is implemented;
    • Updating security/response plan;
    • Considering changes to policies and procedures; and
    • Revising staff training practices.

    As part of the review, consideration will also be given to reporting the breach to the police and other governing bodies.

5 CHANGES TO CICM PRIVACY POLICY

The College may modify or amend this policy at any time provided the policy still complies with the relevant privacy legislation. Information will be held and used in accordance with the Privacy Policy, as amended from time to time. Formal notice of amendments will not ordinarily be given, but the current Privacy Policy will be available via the College website.

6 AIRNESS, CUSTOMER SERVICE AND REFUNDS

The College will always try to settle any issues or complaints quickly and fairly. General issues should be directed to:

The Chief Executive Officer

CICM

2 Porter Street,
Unit 201,
Prahran, VIC, 3181
AUSTRALIA

Ph: +61 3 9514 2888

This policy document has been prepared with regard to general circumstances, and it is the responsibility of the practitioner to have regard to the particular circumstances of each case, and the application of this document in each case.

Policy documents are reviewed from time to time, and it is the responsibility of the practitioner to ensure the current version has been obtained. Policy Documents have been prepared according to the information available at the time of their preparation, and the practitioner should therefore have regard to any information, research or material which may have been published or become available subsequently.

Whilst the College endeavours to ensure that documents are as current as possible at the time of their preparation, it takes no responsibility for matters arising from changed circumstances or information or material which may have become available subsequently.

www.cicm.org.au

This document is copyright and cannot be reproduced in whole or in part without prior permission.

Back to Top

Acknowledgement of Country

CICM acknowledges and pays respect to the Traditional Custodians of the lands across Australia on which our members live and work, and to their Elders, past, present and future. We pay respect to the Wurundjeri Peoples of the Kulin Nation as the Traditional Custodians of the land on which CICM’s office stands.

CICM acknowledges Māori as tangata whenua and Te Tiriti o Waitangi (Treaty of Waitangi) partners in Aotearoa New Zealand.