News Group Privacy Policy

 
1. Our commitment to privacy

News Limited (News) and each of its Australian related companies (the News Group)*, respects and is committed to protecting information privacy.  News has developed its own set of privacy principles which embody the spirit of the National Privacy Principles (NPPs) as set out in the Privacy Act 1988 (Cth) (the Privacy Act).  Each member of the News Group subscribes to this policy.


This policy sets out the principles and procedures for the handling of personal information that News has adopted in order to protect information about individuals.  The policy must be followed to ensure News complies with its legal obligations under the Privacy Act.


News relies on a number of exemptions in the Privacy Act, namely:

• the related bodies corporate exemption in the Privacy Act to share personal information with its related bodies corporate in Australia;
• the employee records exemption in relation to News’ handling of employee records in a way which is directly related to a current or former employment relationship; and
• the media exemption in the Privacy Act in relation to the acts and practices of media organisations which are carried out in the course of journalism.

* The News Group does not include companies in which News holds or controls only 50% or less of the company.  For example, the News Group does not include FoxSports, FOXTEL, NRL or Newspoll. 

2. An overview of the Privacy Act

This is a brief overview of the Privacy Act and the NPPs and how it impacts on information handling by News.
 

2.1 How will News comply with the Privacy Act?
News considers the lawful and correct treatment of personal information as critical.  News will comply with the Privacy Act and the NPPs.  It has adopted this Policy and Best Practice Guidelines to ensure that it complies.  A failure to comply with this Policy could result in a breach of the Privacy Act and liability for News to pay damages. 


It is important you read this policy carefully and comply with its provisions as well as the Best Practice Guidelines which apply to you in your particular company role.  A breach of this Policy or the Best Practice Guidelines may result in disciplinary action against you or your employment with News being terminated.


2.2 Who does the Privacy Act apply to?
Amendments to the Privacy Act, which come in to effect on 21 December 2001, impose a minimum standard on private sector organisations in the way they handle personal information.  The NPPs set this minimum standard. 
News is subject to these amendments and must comply with the Privacy Act and the NPPs.


2.3 What are the NPPs?
The NPPs are 10 principles found in the Privacy Act which set a minimum standard for the way in which organisations must handle personal information.


The NPPs cover collection, use and disclosure, data quality, data security, openness, access and correction, unique identifiers, anonymity, transborder data flows and sensitive information.


2.4 What is personal information?
The NPPs regulate the handling and use of records of personal information.


Basically, personal information means information or opinion about an individual, whether true or not and whether recorded in a material form or not.  Examples include a person’s name, address, telephone number and date of birth or more complex information like a resume or personnel file.


A record includes a document, database or pictorial representation of a person in an electronic or paper file, whether held by us or someone else on our behalf.
 
Some examples of the kinds of personal information which are relevant to our business include:

• client/subscriber and potential client/subscriber details held in a central electronic database/CRM;
• materials received from clients/subscribers;
• information about advertising customers;
• information about potential, current or former employees and freelancers;
• archived hard copy files held for us in document storage;
• materials gathered to prepare stories, articles and other news and magazine contributions;
• information gathered from and about entrants in the process of running a competition;
• library and archive material including published articles; and
• video footage of persons entering or leaving News’ premises.

2.5 What other information is affected?
In addition to restricting collection and use of personal information, further restrictions apply to the use of sensitive information.  Sensitive information includes information relating to race, membership of trade organisations, sexual orientation, religious and political beliefs and criminal records.  Health information is a type of sensitive information and subject to added restrictions under the Privacy Act and other legislation.


Sensitive information may not be collected or transferred to other companies in the News Group without express consent.


2.6 Are there any exemptions or exceptions?
There are several exemptions and exceptions to the Privacy Act.  These constitute an attempt to strike a balance between an individual’s right to information privacy and public interest.  As a result, media organisations, political parties, employee records and certain non business activities are exempt from the Act.  There are broad exemptions for small business and, significantly, for the transfer of personal (but not sensitive) information between related bodies corporate.


There are also limited exemptions for information collected before the amendments to the Privacy Act come into effect.


Where applicable, News will handle personal information relying on the following exemptions:

• related bodies corporate exemption;
• the employee exemption; and
• media organisation exemption.

See 2.7, 2.8 and 2.9 of this Policy for more information on these exemptions.


2.7 Data transfers between related bodies corporate
Related bodies corporate may share personal information without interfering with privacy.  Related bodies corporate are defined by reference to the Corporations Act. 

This exemption does not apply to sensitive information.


Personal information may be shared between related bodies corporate if it is used for the same purpose for which it was initially collected.  It can only be used for other purposes where that use would be reasonably anticipated by the individual or where the individual consents to the other use.


Both organisations, that transferring the information and that receiving it, must comply with the NPPs.
Where an organisation transfers personal information to a related body corporate outside Australia it must first comply with NPP9 regarding transborder data flows.


2.8 Employee records
The Privacy Act protects all personal information, including employee information.


News’ handling of employee records in a way which is directly related to a current or former employment relationship will be exempt from the Privacy Act.


Employee records are records of personal information relating to an individual’s employment and include information about health and performance, terms of employment, resumes, disciplinary records and financial details.


Employee records, therefore, are not required to be shown to employees.  However, this exemption does not apply to contractors or prospective employees.  This means that personal information that News holds about its contractors and job applicants or prospective employees who are not subsequently employed must be handled in accordance with the NPPs.


News has adopted a system based on the NPPs for handling employee information and relies on the exemption where necessary.  Any use of employee information in a way which is outside the scope of the exemption must be consented to by an employee.



2.9 Media organisation exemption
The Privacy Act will not apply to the acts and practices of a media organisation when acting in the course of journalism, provided that the media organisation is publicly committed to observing published standards that deal with privacy in the context of the media activities of a media organisation.


News’ newspapers will subscribe to the Australian Press Council Privacy Standards.


In relation to those activities which are not regarded as being undertaken in the course of journalism, the media organisations will be bound by the NPPs.


2.10 Will the Privacy Act apply to personal information News already holds?
All of the NPPs will apply to all personal information collected after 21 December 2001.  However, only the following NPPs will apply to personal information collected before 21 December 2001: 

• data quality on use and disclosure (NPP3);
• data security (NPP4);
• privacy policies and openness (NPP5);
• access and correction where information already held is used and disclosed (NPP6);
• Commonwealth government identifiers (NPP7);
• transborder data flow (NPP9).

2.11 Access and Complaints
The Privacy Act includes access rights for individuals as well as creating an enforcement mechanism which is based on complaints.  If an individual feels that News has handled personal information inappropriately, he or she can complain to News.  An individual has the right to ask for access to personal information News holds about them.  News is entitled to refuse access where one of the exceptions found in the NPPs applies.

If any person wishes to request access to information held by News about them, lodge a complaint about News’ handling of personal information or seek information about News’ handling of personal information, they should contact the company’s Privacy Officer.


2.12 News’ Best Practice Guidelines
News has developed some Best Practice Guidelines to provide practical steps to help implement and ensure continued compliance with the Privacy Policy.


2.13 Want to know more?
If you would like to know more about the Privacy Act, you can visit the website of the Federal Privacy Commissioner at www.privacy.gov.au

If you do not understand what is required of you under this Policy or you want to know more about the way News Group companies handle personal information, please contact your company’s Privacy Officer or News’ Privacy Compliance Officer (PCO). 

3. News Group Privacy Principles

News has developed its own set of privacy principles which embody the spirit of the NPPs and the Privacy Act.  They summarise News’ approach to privacy and how we collect, use and protect personal information.  You must read this Policy and the Best Practice Guidelines to understand these principles and how they work in practice.  You should comply with the News Group Privacy Principles when you handle personal information.


The Privacy Principles set out below will be complied with except where we are entitled to rely on the media exception, the related body corporate exception or the employee records exception.


3.1 Collection
We will only collect personal information about individuals which we need in the context of our day to day business.  We will not make unreasonably intrusive enquiries and will collect information in a way which is fair and lawful.


Where it is reasonable and practicable to do so, we will collect personal information about an individual only from that individual.


When collecting personal information we will take all reasonable steps to let the individual know the purposes for which the information is being collected and to whom, if anyone, the information is likely to be disclosed.  We will also outline to the individual any relevant consequences of not providing the information and if applicable, identify any law requiring the collection of the information.  We will usually provide our contact details so the individual is aware of how to contact us should she or he wish to access or update the personal information provided to us.  If we collect information about an individual from someone else we will also take reasonable steps to ensure the individual concerned has been made aware of these matters except to the extent that to do so would pose a serious threat to the life or health of any individual.


3.2 Use and Disclosure


Purposes

The purposes for which we may use the information we collect from individuals include the following:

• the provision of services offered by a member of the News Group and to fulfil associated administrative functions;
• to enter into service contracts with third parties;
• to fulfil our obligations as employer to all News employees;
• for marketing and to support, improve and obtain feedback on News Group goods and services; and
• in the course of journalism for the purposes of publication of information in newspapers, magazines and other media.

We only use or disclose information for the primary purpose for which it was collected and for which the individual has consented and otherwise in accordance with this Policy.


We will only use or disclose information for a secondary purpose if the person has consented or if it is related to the primary purpose (and, if the information is sensitive information, directly related to the primary purpose,) and the individual who is the subject of the information would reasonably expect the information to be used for such a purpose.


The above statements do not restrict the ability of a News Group company or business to act, use or disclose information where to do so is permitted by the media, employee or any other exemptions provided in the Privacy Act.


Marketing Uses

We will never use sensitive information for the secondary purpose of marketing.  We will only use non-sensitive personal information for marketing if we have consent or if:

• it is impracticable to seek consent before this use; and
• the individual is given the opportunity to opt out of receiving any further direct marketing communications and this wish has not been previously expressed.

If the individual requests not to receive direct marketing communications from us, we will not charge a fee for complying with that request.


In any direct marketing communication with an individual we will set out our contact details.


Use Without Consent

Situations in which we may use or disclose information without an individual’s consent include where:

• we reasonably believe that use or disclosure is necessary to reduce or prevent a threat to a person’s life or health or a serious threat to public health or safety;
•  we are investigating or reporting on suspected unlawful activity;
• the use or disclosure is required or authorised by law; or
• we reasonably believe that the use is reasonably necessary for law enforcement, public revenue protection, prevention and remedying of seriously improper conduct, or preparation or conduct of court or tribunal proceedings, either by or on behalf of an enforcement body.

If we use or disclose information on these grounds we will make a written note of such disclosure.


Health Information
Health information may be used or disclosed by News if we have consent or where:

• it is impracticable to seek consent before this use; and
• the use is in accordance with any guidelines under section 95A of the Privacy Act; and
• in the case of disclosure, we reasonably believe that the recipient will not disclose the information.

Basically, health information is sensitive information relating to or collected in connection with an individual’s:

• health or disability;
• past, current or future use of health services;
• wishes about the future provision of health services; or
• donation, or intended donation of his or her body parts, organs or body substances.

Health information can include details such as an individual’s name, address, billing information and Medicare number if it is part of the information about an individual’s health.


Sharing Information
We may share personal information with other members of the News Group provided we have taken reasonable steps to tell the individual that we may do this.  This means, for example, that the primary purpose for which information was collected by one company will be deemed to be the purpose of collection by each other company in the News Group.  Also, if an individual opts-out of direct marketing communication, that decision must be respected by all the companies in the News Group.  Sharing of information with related companies which are located outside of Australia can only occur in compliance with transborder data flow requirements (see section 3.9).

3.3 Data Quality
We will take steps to ensure that the personal information that is collected, used and disclosed by us is accurate, complete and up-to-date.
 
3.4 Data Security
We will take steps to keep personal information secure.
We will implement policies, as far as practicable, which prevent misuse, loss, unauthorised access, modification or disclosure of personal information.  We will check that those policies are being complied with on an on-going basis.


We will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed.


3.5 Openness

We will take steps to let people know the sort of personal information we hold, the purpose for which the information is held and how the information is collected, used, stored and disclosed on request.


3.6 Access and Correction

Individuals have a right to access any personal information which we collect and hold about them and, subject to any other legal restrictions, to have it corrected if it is wrong.


We may charge where access to personal information is provided, but this charge will not be excessive.  We will not charge an individual to lodge a request for access.


We may deny a request for access if we reasonably believe any of the following circumstances apply:

• it would pose a serious and imminent threat to the life or health of any person or, if health information, would pose a serious threat to the life or health of any person;
• the privacy of others would be unreasonably affected;
• the request is frivolous or vexatious;
• the information relates to existing legal proceedings with the person who is the subject of the information and the information would not be accessible through discovery;
• providing access would prejudice negotiations with the person who is the subject of the information by revealing our intentions regarding those negotiations;
• providing access would be unlawful or denying access is required or authorised by law;
• providing access would be likely to prejudice an investigation of unlawful activity or law enforcement, public revenue protection, prevention and remedying of seriously improper conduct, or preparation or conduct of court or tribunal proceedings, either by or on behalf of an enforcement body;
• an enforcement body performing a lawful security function requests denial of access to protect national security; or
• where evaluative information generated by us in making a commercially sensitive decision would be revealed by providing access.  In this situation News may provide an explanation for the commercially sensitive decision instead.

We will provide reasons if access is denied or we refuse to correct personal information relying on any of the above circumstances.


3.7 Identifiers
An identifier is a number or word or combination of numbers and letters, assigned by an organisation to an individual to identify the individual uniquely for the purposes of the organisation’s operations.  Medicare and pension numbers are identifiers issued by the government.


If we are required to collect any government identifier, such as a Medicare number or ABN, in providing our services, we will not identify the individual by this number on our databases.


We will not disclose any government identifiers to any other person, except as required by law or if the disclosure is requested in writing by the individual to whom the identifier pertains.


3.8 Anonymity
Where it is lawful and practicable we will allow individuals to enter into transactions with us on an anonymous basis.


3.9 Transborder Data Flows
We will only transfer personal information to someone (other than the person who is the subject of the information) in a foreign country if:

• similar privacy laws are in place in that country;
• the individual consents to the transfer;
• the transfer is necessary to perform the contract between the individual and News or the individual and a third party;
• the transfer is for the benefit of the individual and it is impractical to get consent and it is likely consent would be given; or
• we have taken reasonable steps to ensure that the information will be appropriately handled and protected.