The PSA regularly collects information from members and uses it for various reasons consistent with its rules. It therefore needs a policy to make sure that this information is gathered and used appropriately and that the PSA fulfils its legal obligations.
This policy identifies the main ways in which information is gathered and used, and sets out the PSA’s policy on managing that information.
The PSA gathers information from members to allow it to administer its membership so as to fulfil the purpose and objects of the union. That purpose is to build a union that is able to influence the industrial, economic, political and social environment in order to advance the interests of PSA members.
The PSA has a privacy officer appointed by the Secretariat to manage this policy, provide advice and training on privacy, and make sure that the PSA meets its obligations under the Privacy Act. The privacy officer will usually be a member of the legal team.
Gathering member information
The PSA has an obligation to collect information in a fair way.
This means we:
* Gather the information required in order to administer a member’s membership in pursuit of the purpose of the PSA;
* Collect information on members only from members unless exceptional circumstances apply;
* Collect any information from delegates necessary to support them in that role;
* Take all practicable steps to ensure that the information is accurate;
* Provide members with a statement of the purpose for which the information will be used, and how they may access and update that information, at the time they provide it to the PSA.
Access to member information
Individual members have the right and opportunity to access and update information about themselves, either through the PSA website, by writing or by passing information through PSA delegates and staff. Access to individual member information is available to those members of the PSA staff who need it for particular activities undertaken in pursuit of the purpose of the PSA.
Staff must respect the privacy of members by:
* Only using the information for activities authorised by the PSA;
* Not passing on or providing access to member information to anyone other than the member concerned and appropriate staff and delegates;
* Adhering to any guidelines issued to staff on the management of member information.
Delegates are representatives of the PSA and are entitled to have access to all the information on the membership form to help them recruit and organise members and apply the provisions of collective agreements.
Delegates who receive this information are provided with guidelines on how this information may be managed, including the obligation to use it only for the purpose for which it was provided. Training on the management of member information is included in delegate training.
Information may be provided to employers to help the PSA recruit new members and to apply the provisions of collective agreements. This information will be limited to the details necessary for the purpose, such as names and payroll numbers.
Access by others may only be agreed by the secretariat, provided it represents a reasonable activity in pursuit of the purpose of the PSA.
Uses to which member information may be put
Member information may be used for all reasonable activities undertaken in pursuit of the purpose of the PSA.
The following are examples of such activities:
* Communication with members
* Programmes to recruit new members to the PSA
* Establishing a demographic profile of the membership of the PSA for planning purposes
* Gathering members’ views on issues of concern to them and the PSA
* The effective representation of members in collective bargaining
* The effective application of collective agreements
* The effective representation of members in dispute with their employer
* Campaigning activities in support of the purpose of the PSA
* The refund of any expenses incurred by members
* The development of delegates and targeting of training courses for delegates.
Whenever a new project is likely to affect the privacy of members or the use of information on them held by the PSA, the union will undertake a privacy impact assessment to identify any risks and corrective measures required.
Storing member information
Information collected at the time of joining the PSA and by updating member details is held electronically on Unison under strict security arrangements.
Access to member information on Unison is available only to staff and authorised members of the Executive Board for approved purposes only. Staff and board members are provided with the security clearance necessary to access the information to which they are entitled.
Paper application forms are disposed of on
ce the information is transferred to Unison. Portable storage devices shall not be used to transport personal member information other than in exceptional circumstances.
Paper information associated with an employment relationship issue involving a member is managed in a manner that minimises the risk of unauthorised staff or individuals sighting the details.
To this end:
* The information must be organised in a file and left in a tidy and ordered manner when in use by a member of staff;
* The information must not be left unattended outside of the secure areas in PSA offices;
* Documents printed off or photocopied are collected immediately;
* Information is recorded in a factual and objective manner;
* Files are kept in a filing cabinet when not in use;
* Files are kept in a secure place for ten years following the conclusion of the employment relationship issue.
Member information no longer required is securely disposed of:
* Names, contact details and birthdates are removed from documents before they are disposed of;
* Paper documents containing member information are disposed of using shredders and secure destruction services;
* The hard drives of all machines – including photocopiers – are wiped before they are sold or decommissioned.
The PSA’s plan identifies the risks in managing member information and has strategies to mitigate any problems arising from those risks. This risk management plan is reviewed annually.