AOSG is a licensed Sunshine Coast Private Investigation and Security Company with service locations throughout Australia and overseas. By nature of its functions, AOSG collects and uses personal information to operate effectively. As a result, there is a requirement to store and manage this information responsibly and in accordance with Australia’s privacy laws.
We treat information privacy very seriously and have registered our company with the Office of the Australian Information Commissioner.
Our APP (Australian Privacy Principles) registration can be viewed online at; https://www.oaic.gov.au/privacylaw/privacy-registers/opt-in-register.
Management of Personal Information
The day to day management of personal information is everyone’s responsibility.
All client’s and staff personal information is kept secure and not stored on network capable devices unless protected with virus/malware protection software on the computer device. Emailing information is acceptable as long as the information security is maintained and care is taken to ensure the correct recipient is receiving the information.
All data is kept accurate and up to date.
Information stored on paper is filed away and cataloged in secure receptacles
Maintaining Accuracy and Quality of Personal Information
Staff take reasonable steps to ensure the information they are working with is accurate.
Security and retention are part of the ‘life cycle’ of personal information or data. All staff take reasonable steps to ensure that:
Personal information is protected from misuse, loss, unauthorised access or modification, or improper disclosure.
Information has not been changed or tampered with.
Hard copy records containing personal information are kept in a secure location and away from non-authorised persons.
Communications and computing systems have appropriate access security controls and are not disrupted in their normal operations.
Authentication processes (for identification) are adhered to, in that a person accessing or providing information are who they claim to be.
AOSG takes reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose and in accordance with applicable record keeping law and standards. Record keeping standards detail the need for AOSG to keep full and accurate records and implement a records disposal program. Where applicable, destruction of personal information is carried out in accordance with our Records retention and disposal procedure.
AOSG complies with the provisions of the Information Privacy Act 2009 of Queensland in its treatment of personal information.
AOSG will collect personal information from clients in relation to themselves and the subject of their investigations or security related contracts. Some of this information will be public access information from sources such as the internet; however there will also be personal information that cannot be located on any public accessible medium.
This information may include names, dates of birth, addresses, health information, financial information and other sensitive and personal data.
When conducting Work Cover and fraud related investigations, personal and health information about a subject will be made available by the client to assist with the investigation. This will also apply for any security role where there may be a concern to the health of any operative involved in an operation.
For the majority of corporate/company investigations, this information will be obtained from paid database sources and publicly accessible mediums.
All details relating to clients will be stored in a manner to prevent unauthorised access by persons not directly involved with the client and to which they have no lawful right to that information.
Why we Collect the Information
The primary purpose for collecting the information is to conduct lawful investigation and security operations on behalf of a legitimate paying client with an interest to providing a lawful service for the client.
Accuracy, Security and Storage of Information
AOSG holds personal information in electronic and paper based records management systems. It takes all reasonable steps to ensure that the personal information it holds is accurate and complete and that it is protected from misuse, loss, unauthorised access or disclosure.
We utilise secure access cloud based storage as well as backup data onto external hard drives that are stored offsite.
Some information may be held by external agencies. The information disclosed to these host organisations for the purpose of obtaining this information will be limited to that necessary to effectively run an investigation. Information stored by externally hosted organisations will not be subject to our privacy practices because we cannot guarantee the integrity of their data storage.
All employees and contractors involved in operations for AOSG must comply with our strict privacy guidelines and practices.
Use or Disclosure of Information
AOSG will use and disclose personal information solely for the purposes it was collected. Additional disclosures will only be made if required and/or permitted by law, or with consent of the subject.
Staff directory: Workplace contact information (i.e. name, telephone, email address and location) is stored securely and is not for public access.
Website: Contact information, company profile and images may be published on the AOSG websites if relevant to the running of the company. Names and details of any surveillance operators are not published on the website and remain strictly confidential. Only approved public access information is released in any media statement or online posting.
Access and amendment of personal information: Staff and clients may have direct access to their own personal information unless provision of the information will have an unreasonable impact on the privacy of others. Otherwise, access to and correction of personal information is handled in accordance with the Freedom of Information Act 1982. If someone wishes access to their personal information, a request should be made in writing to the Business Solutions Manager of AOSG.
Collection of Personal Information
Collection is a fundamental part of privacy protection and it is essential that it is managed correctly. In simple terms the rules are:
Collect only what you need.
Do it lawfully and fairly.
Don’t intrude unreasonably.
Tell people you are doing it where applicable.
In practice this means we only collect personal information if it is necessary for an operation or the management of personnel within the organisation.
Collecting personal information in a fair and lawful manner often relates to the information given to the person at the point of collection. This is generally provided by a client who engages AOSG to conduct a security or investigation operation on their behalf. Information to be obtained may include:
The reason (Scope) for the operation.
Personal data/images and information relating to a subject of an investigation and known associates.
Details of persons/legal firms to whom the data can be released in-confidence.
This information can be obtained through email correspondence and written form by way of notes made during a meeting with the client. All information taken on paper format is imaged and filed electronically.
Unsolicited Personal Information
Personal information may be given to AOSG that was not requested (unsolicited). Unsolicited personal information must also be managed in accordance with AOSG’s privacy and data protection policy and relevant privacy law.
Examples of unsolicited information may be letters/emails to AOSG from members of the public, social network groups, requests from potential clients who subsequently did not follow through with the request after providing the information, information contained within complaints or other extraneous requests.
AOSG maintains a strict policy of confidentiality with its clients who have the right to anonymity in their dealings with AOSG, where it is both lawful and practicable.
In situations where there is no need to seek a person’s personal information, this should be accommodated if requested. An example where it is not necessary to collect personal information (e.g. a clients address) is when someone contacts AOSG to seek general information.
Sensitive information about people like their ethnic background, religion, political views or affiliations, sexual preference or criminal records have special protection under Queensland law. Such information can be collected if it is essential for AOSG operations, required by law, or with specific and informed consent.
Sensitive and health information have special protections because this kind of information can be used to discriminate against individuals. Care is taken to not discriminate with preconceptions based on race, religion, or creed when conducting an investigation as it may bias the results.
We do not collect sensitive or health information about an individual unless certain conditions are met, including:
The individual has consented.
The collection is required under law.
The collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual.
There are certain exemptions to the above requirements, such as where:
The collection is necessary for research, or the compilation or analysis of statistics, relevant to a client’s operation.
The information relates to an individual’s racial or ethnic origin and is collected for the purpose of an investigation or census gathering.
There is no reasonably practicable alternative to collecting the information for that purpose.
It is impracticable for AOSG to seek the individual’s consent to the collection.