C.09 Prisoner internal information
All requests by prisoners for all or part of personal information retained by Prison Services relating to them is to be managed and processed in accordance with the Privacy Act 1993.
C.09.01 Prisoner internal information criteria
- Personal information can only be collected if it is for a lawful and necessary purpose connected with a function of the Department.
- The collection of prisoners' personal information by the Department of Corrections will at all times comply with the [Privacy Act 2020 and, in particular, with Privacy Principles 2, 3, 4, and 5].
C.09.02 Prisoner rights relating to personal information
- Prisoners have the following rights in relation to their personal information:
- confirmation of what personal information is held about them
- access to that information
- the right to request corrections to the personal information held, or (when a correction is requested but not made) the right to attach to that information a statement from the prisoner noting that a request to correct was sought but not made
- an ‘authorised agent’, i.e. someone authorised in writing (or having the proper authority) by the prisoner to make the request on their behalf.
- Staff should confirm with the person whose information is being requested that they have authorised this person to act as their agent.
- Requests made by persons without authority to be an agent, or who are requesting personal information about other individuals are to be treated as requests under the [Official Information Act 1982].
- Prisoners and/or their authorised agent are to be informed of the steps taken in response to their request.
C.09.03 Request by a prisoner for prisoner personal information
- All requests by a prisoner or their authorised agent (either orally or in writing) for a prisoner’s personal information will be managed using [C.09.Form.01 Prisoner request for personal information].
- All requests for personal information will be answered as soon as reasonably practicable, but not later than 20 working days after the date of the request.
- These procedures do not apply if the request for information relates to evidence in relation to a disciplinary offence charge (e.g. incident report), as full disclosure is generally always required.
- Prisoners requesting personal information will complete or ask to have completed, [C.09.Form.01 Prisoner request for personal information]. The Officer receiving / completing the request will acknowledge receipt of the request by signing and dating the form. The Officer will also make an IOMS file note detailing the request. The timeframe for completing the request (20 working days) commences from the time the form is acknowledged by the Officer.
- The form is copied and the copy given to the prisoner as a receipt. The original is handed to the PCO to undertake the required checks to consider if the information requested can be released fully, partially or should be refused. The prison director must decide if any information request is to be refused or partially completed.
- The PCO will then:
- enter the request on the site register
- complete the final section of the form (including adding the registration number)
- advise the prisoner of the outcome
- arrange for the provision of the information, or
- provide a written explanation as to why it is been withheld (following prison director's decision)
- note the outcome in IOMS file note
- place the completed form in the prisoner file
- update the register.
- A prisoner may contact any agency in writing or orally to request personal information without using [C.09.Form.01 Prisoner request for personal information].
- Any issues relating to the refusal to provide personal information should be referred to:
National Office CHIEF PRIVACY OFFICER
C.09.04 Review of information prior to release
- Prior to releasing any personal information to the prisoner and or their authorised agent, all information subject to a request for disclosure must be carefully examined by an officer authorised by the prison director to identify:
- any information that is prohibited from being released pursuant to [sections 49-53 of the Privacy Act 2020] (refer C.04.Res.01 Privacy Act grounds for refusing disclosure of personal information)
- if staff name(s) appear on incident reports and whether or not staff name(s) can be deleted from the copy of the incident report.
- If staff name(s) appear on the report, the authorised officer must consider whether the identity of the staff member(s) whose name(s) are in the report is already known to the prisoner requester.
- If the staff name(s) are known to the prisoner, their names cannot be deleted on the basis that disclosure would be likely to endanger their safety, as release of the report would not be disclosing their identity because it is already known to the prisoner requester.
- In most cases, it will be clear from the incident report whether or not the identity of the staff member(s) is already known to the prisoner requester.
- However, when it is not obvious if the staff name(s) are known to the prisoner, the authorised officer must inform the staff about the refusal provision under [section 49(1)(a) of the Privacy Act 2020] and give them an opportunity to outline what, if any, concerns they have for their safety if the incident report is released without their name(s) being deleted.
C.09.05 Decision to make full or partial disclosure
- Access to personal information cannot lawfully be refused for any reason other than those in the [Privacy Act 2020].
- The prison director must consider all the grounds for refusing disclosure of personal information contained in [sections 49-53 of the Privacy Act 2020] (refer [C.09.Res.01 Privacy Act grounds for refusing disclosure of personal information]) before any information is released.
- The prison director must determine whether or not the concerns outlined by each staff member amount to a sufficient basis to justify deleting his/her name being released form the incident reports.
- The prison director may approve disclosure of all or part of a prisoner’s personal information, i.e. releasing information not covered by [sections 49-53 of the Privacy Act 2020], while refusing to release information covered by these sections.
- The prison director must provide written reasons to the prisoner for refusing disclosure of all or part of a prisoner’s file or a particular document unless this would prejudice the interests being protected.
- If the prison director has any concerns relating to the release of information or complying with the [Privacy Act 2020] they should refer the request and their concerns immediately to one of the Legal Advisers at National Office.
C.09.06 Review of decision to refuse or make partial disclosure
- The prisoner must be advised of their right to complain to the Privacy Commissioner to seek an investigation and review of the prison director's decision to refuse disclosure of all or part of the personal information requested.
C.09.07 Copying / providing personal information
- Prisoners or their authorised agents cannot be charged for the disclosure of their personal information.
- The prisoner can request to have disclosure of their personal information by:
- receiving a copy of it
- inspecting the original (a prisoner is not to be left unsupervised with a file)
- hearing oral information about its contents
- being provided with a summary.
- The prison director must consider, when determining what form the disclosure of the information to the prisoner will take, whether it is:
- administratively inefficient
- contrary to the legal duty of the agency
- prejudicial as set out in [sections 49-53 of the Privacy Act 2020].
- The prison director must provide reasons to the prisoner if the form of disclosure is not in the form the prisoner requested.
- If a prisoner chooses no particular form of disclosure, the most appropriate form in the circumstances is to be chosen.
- A record of all requests by prisoners for disclosure of personal information is maintained at a central location at each site / unit. A full record of the information that is disclosed / withheld is kept, and the date on which disclosure is made is recorded. If a further request is made for another copy of the entire file, it is justifiable for only a copy of information gathered since the first request to be provided.