ESTA is committed to protecting the privacy of personal information that we handle in the delivery of services to the community, agencies, employees and agents. The way ESTA collects discloses and manages personal and health information contributes to its success.
Victoria has three key pieces of legislation: the Emergency Services Telecommunications Act 2004; the Privacy & Data Protection Act 2014; and the Health Records Act 2001 which apply to ESTA. These laws contain information about confidential information, and privacy principles which give people more say in regard to how their personal and health information is collected and used and who can access it.
In addition, Victoria’s Charter of Human Rights and Responsibilities protects individuals from having their privacy unlawfully or arbitrarily interfered with.
ESTA collects sensitive, personal and health information in the course of its operations. The organisation is committed to protecting confidential information, and to implementation of Victoria’s Information Privacy Principles and Health Privacy Principles, in the context of delivering emergency and related call-taking and dispatch services, including via triple zero.
ESTA maintains a broad privacy framework, supported by an active strategy to improve privacy compliance and awareness. ESTA’s privacy framework is comprised of four elements:
- Compliance with privacy laws and privacy principles, and other relevant legislation;
- Provision of advice and guidance internally and externally regarding privacy rights and responsibilities;
- Training and awareness activities within the organisation; and
- Monitoring, reporting and managing privacy practice, including incident management.
ESTA’s policy refers to the use and management of personal and health information collected by the Emergency Services Telecommunication Authority (ESTA).
Personal and health information held by ESTA is managed in accordance with the privacy principles contained in the Privacy and Data Protection Act 2014 (Vic), the Health Records Act 2001 (Vic) and as required by other laws. ESTA is required by law to have a policy on its information handling practices.
Privacy and security measures protect against misuse, loss and unauthorised disclosure of personal information.
The Emergency Services Telecommunications Act 2004 (the ESTA Act) also protects confidential information from unauthorised disclosure.
Personal information is recorded information about a living identifiable or easily identifiable individual (including work related information or images).
Sensitive information is information about a living individual’s race or ethnicity, political opinions, religious or philosophical beliefs, sexual preferences or practices, criminal record, or membership details, such as trade union or professional, political or trade associations.
Health information is information about a living or deceased individual’s physical, mental or psychological health.
Confidential information is any information relating to calls received or messages communicated by (ESTA) in the course of providing a service to an emergency services and other related services organisation.
What does ESTA do?
ESTA was established by the ESTA Act to provide emergency call taking and dispatch and other communications services to emergency services organisations throughout Victoria (the services).
ESTA currently provides services to the following organisations:
- Country Fire Authority
- Ambulance Victoria
- Fire Rescue Victoria
- Victoria Police
- Victoria State Emergency Service (VICSES).
ESTA is committed to protecting the privacy of personal information that we handle. Personal information is information that directly or indirectly identifies a person.
What areas of ESTA collect personal and health information?
All calls to triple zero, VICSES emergency calls and operational radio communications are voice recorded. Under the Telecommunications (Interception and Access) Act 1979 ESTA may listen to or record, by any means, such a communication within a ‘emergency service facility’ without the knowledge of the person making the communication. Administration telephony systems within the State Emergency Communications Centres are not recorded.
Because individuals, members of the public, and ESTA employees deal with different areas of the Authority, these areas may have additional privacy policies and practices that explain in more detail their particular information management practices. For example, ESTA’s People, Culture and Reputation department has additional policies, which explain in more detail how human resources records are managed in accordance with privacy legislation. ESTA’s Operations Department has policies regarding access to control rooms.
How does ESTA treat confidential information?
ESTA collects sensitive and personal information in the course of its operations. This information is protected under the confidentiality sections of the ESTA Act. The Act provides for otherwise confidential information, including personal and health information, to be provided to emergency services organisations to assist callers.
Section 33 (Secrecy) of the ESTA Act protects the "confidential information" of callers (whether or not such information is considered personal or health information) by limiting the use that ESTA, its employees and any others may make in relation to that information. Confidential information under the ESTA Act means “any information relating to calls received or messages communicated by [ESTA] in the course of providing a service to an emergency services and other related services organisation”.
The restriction on the use of confidential information is as follows: “A person who has confidential information that he or she has received in the course of carrying out duties under the ESTA Act must not, except to the extent necessary to perform duties under the ESTA Act, record, disclose, communicate or make use of that information”.
All ESTA employees are required to comply with this restriction and, under the ESTA Act, penalties may apply for breach of this restriction.
Certain areas of ESTA and some ESTA personnel may not have to comply with some or all of the privacy principles. These situations include where:
- The provisions of another Act are more specific about how information should be managed.
- The area makes use of generally available publications, for example, websites, or publicly accessible directories.
- Employees are carrying out law enforcement functions which would be hindered if they were to comply with all of the privacy principles.
- If the use or disclosure it is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health, safety or welfare.
What sort of information does ESTA collect?
In broad terms ESTA:
- collects only information needed for the provision of ESTA’s services
- takes reasonable steps to ensure personal information is accurate, complete, up-to-date and relevant to the functions performed
- uses and discloses it only for ESTA’s service provision purposes, for another purpose with the person's consent, or as otherwise authorised by law
- stores information securely, protecting it from unauthorised access
- retains it for the period authorised by the Public Records Act 1973
- provides the person with access to their own information, and the right to seek its correction
ESTA also collects personal and health information for statutory and administrative reasons.
ESTA may collect sensitive information according to privacy and other legislation.
Why does ESTA collect information?
ESTA collects personal and health information as necessary for its functions of service delivery, administration and enforcement of the law.
Below are the most common reasons that ESTA may collect and use your personal information:
- If you ring ESTA (for example via Triple Zero or VICSES 132 500 to request assistance from an emergency service).
- When seeking to obtain your direct feedback on services provided by ESTA.
- If you seek to be or are employed by ESTA (including referee and police checks).
- You are or would like to be a supplier or contractor to ESTA
- If you request information from ESTA.
- For the purposes of conducting an event (for example, Junior Triple Zero Hero Awards) and for the purposes of contacting you regarding other events that may be of interest.
ESTA takes reasonable steps to explain why personal or health information is collected, what is done with it, whether any laws require it and the main consequences for an individual if it is not provided to ESTA.
What does ESTA do with the information?
ESTA uses and provides to other people or organisations, personal or health information necessary to provide the requested emergency service. ESTA is authorised by law to use or provide personal or health information to others for the purpose of providing its service.
ESTA only assigns or adopts a unique identifier (e.g. employee number) for an individual if it is necessary, authorised by law or with consent. ESTA ensures any transfer of personal or health information outside Victoria is in accordance with privacy and other legislation.
How does ESTA ensure that information is accurate and up-to-date?
ESTA takes reasonable steps to ensure that personal and heath information held is accurate, complete and up-to-date. Usually, ESTA relies on individuals to provide accurate and current information in the first instance, and to notify when circumstances or details change.
How does ESTA store and protect information?
ESTA has security measures aimed at protecting personal and health information from misuse, loss, unauthorised access or disclosure. Stored information is also archived in accordance with the Public Records Act 1973, which determines when it is appropriate to retain or dispose of it.
How can individuals access information held by ESTA?
Information on how you can access information held by ESTA, including under Freedom of Information (FOI), is set out under Information Access & FOI.
How does ESTA handle complaints about privacy?
ESTA undertakes to resolve privacy complaints in a timely, fair and reasoned way.
ESTA employs conduct management policies to address any alleged privacy breaches by employees. It also maintains an Incident Management Framework to help manage any breach caused by a system, process or other failure.
Contact the Privacy Officer if you would like to report a breach of privacy:
Email: privacy [at] esta.vic.gov.au
Write to: General Counsel and Board Secretary – Privacy Officer, 33 Lakeside Drive, Burwood East VIC 3151
You can also request that incorrect information be amended.