Heidrick & Struggles is committed to abiding by the provisions of the Privacy Amendment (Public Sector) Act 2000 and its principles. The company will honour its obligations in relation to the responsible collection, use and disclosure of personal information, including information relating to its employees.
Personal information refers to “information or an opinion (whether information or an opinion forming part of a data base) whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion”. To be included the information must be recorded in document, data base etc., but does not include publicly available material.
The conduct of Heidrick & Struggles employees in the relation to the handling of personal information can impact on the company’s compliance with the Privacy Act. All employees are expected to respect the privacy of personal information. Given that the business undertaken by Heidrick & Struggles involves dealing with considerable amounts of personal information it is critical that all employees are aware of their obligations. Heidrick & Struggles appreciates that new obligations will take some time to bed down however employees are advised that serious breeches of privacy will be considered as misconduct and treated accordingly.
All employees must ensure that they are aware of their obligations as follows:
Collection of Personal Information Collection of all personal information must be fair, lawful and non-intrusive, and the person must be informed of the purpose for collecting the information. This includes information gathered in any form or which may be given verbally and subsequently written down.
Use and Disclosure of Personal Information
Must be for the primary purpose for which it was collected, or consent given to provide to third parties. Employees must not disclose personal information other than for a legitimate purpose, connected with the function of the employees position.
All employees must take all steps possible to ensure that personal information is accurate, complete and up to date.
All employees must ensure data that is under their control and their responsibility is safe from misuse, loss and unauthorised access. They must also ensure they comply with all protocols of the firm, in particular those aimed at ensuring the security of electronic data (ie. the use and regular changing of computer passwords, etc.).
Employees must ensure that sensitive information is not collected unless the individual has consented, or is required by law or other special circumstances. Sensitive information refers to information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record, that is personal information, or health information about an individual.
Employee Personal Information
Employees are advised that the Privacy Act does not cover “employee records” as defined by the Act and does not impose obligations on the company in relation to the use collection and disclosure of employee records.
Employees are entitled to request access to their Personal Information and have the right to request correction of personal information, if he or she can establish that the information held is not accurate, complete or up to date.
Enquiries Regarding the Privacy Act
Should any individual be unaware of their obligations under the Privacy Act, require particular advice as to a specific circumstance, or believe that they may have breeched the provisions of the Privacy Act they should immediately seek assistance from Heidrick & Struggles Privacy Officer or alternatively a member of the Privacy Management Committee.
Alternatively should any employee receive an enquiry as to the Privacy Act from a member of the public they should be immediately directed to the Privacy Officer.