ASDMAC Privacy Policy

 

Introduction

Australian Privacy Principle (APP) 1.3 in Schedule 1 to the Privacy Act 1988 (Cth) (Privacy Act) requires the Australian Sports Drug Medical Advisory Committee (ASDMAC) to have an APP privacy policy.  This policy provides the basis for how ASDMAC collects, stores, uses and discloses personal information.

Detailed information on privacy and the APPs is available on the Office of the Australian Information Commissioner’s website.

 

Privacy statement

ASDMAC is subject to the provisions of the Privacy Act, the Australian Sports Anti-Doping Authority Act 2006 (Cth) (ASADA Act), the Australian Sports Anti-Doping Authority Regulations 2006 (Cth) (including the National Anti-Doping scheme) (Regulations), the World Anti-Doping Code (WADC) and the International Standard for Therapeutic Use Exemptions (ISTUE).

Much of the information collected and held by ASDMAC is highly sensitive and personal in nature and ASDMAC places great emphasis on maintaining and enhancing the privacy and security of personal information it holds.

All individuals who have dealings with ASDMAC, including athletes and medical practitioners, are entitled to the protection of their privacy.  Penalties apply to those who fail to observe ASDMAC’s privacy obligations. The penalty under the ASADA Act for an unauthorised disclosure of personal information can be imprisonment for two years.

 

The Privacy Act

The Privacy Act regulates how APP entities collect, hold, use and disclose personal information, and how individuals can access and seek correction of that information. APP entities are:

  • Commonwealth agencies, including ASDMAC; and
  • private sector organisations;

which are bound by the Privacy Act.

‘Personal Information’ is information or opinion in any form that identifies or enables identification of a living person. The definition in the Privacy Act is:

  • “Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
    • whether the information or opinion is true or not; and
    • whether the information or opinion is recorded in a material form or not.”

‘Sensitive information’ relevantly includes the following types of health information:

“(a)    information or an opinion about:

  • the health, including an illness, disability or injury, (at any time) of an individual; or
  • an individual's expressed wishes about the future provision of health services to the individual; or
  • a health service provided, or to be provided, to an individual;

that is also personal information;

(b)     other personal information collected to provide, or in providing, a health service to an individual; …”.

ASDMAC is required to comply with the Privacy Act and in particular the thirteen APPs which regulate the collection, holding, use and disclosure of personal information. A copy of the Privacy Act can be obtained from the Federal Register of Legislation.

 

Why ASDMAC collects personal information

ASDMAC only collects personal information for the purpose of its functions and activities as set out at section 52(1) of the ASADA Act and Part 5 of the National Anti-Doping scheme in Schedule 1 to the Regulations (NAD scheme).

ASDMAC’s primary role is to assess and, if appropriate, provide approval for the therapeutic use of WADC prohibited substances and methods for athletes in Australia in accordance with the ASADA Act and Regulations and the ISTUE.

ASDMAC primarily achieves this aim through the consideration and approval of therapeutic use exemption (TUE) applications made by individuals.

 

Personal information collected by ASDMAC

In order to undertake its functions, ASDMAC necessarily collects information about individuals who are making an application for a TUE. This may include names of individuals, addresses, ages, private telephone numbers, sport and competition level, medical conditions, details of treatments, details of treating practitioners, medications or supplements used and drug test and TUE application histories.

ASDMAC also collects information about individual medical practitioners supporting any particular TUE application, including their name, qualifications and contact details.

ASDMAC also collects and holds personal information about its members in relation to their appointment to, and membership of ASDMAC, including their name, qualifications, contact details and details of relationships with sporting administration bodies.

ASDMAC also receives secretarial and administrative support from ASADA, and therefore collects and holds personal information in relation to the ASADA employees who provide these services including their name and contact details.

Where the above kinds of personal information include sensitive information, such as health information, this information is given the higher level of protection required by the APPs.

Personal information held by ASDMAC is stored on electronic media including in an electronic document and records management system and in databases as well as in paper files managed by ASADA on behalf of ASDMAC. ASDMAC stores and disposes of personal information in accordance with the Archives Act 1983 (Cth). Electronic and paper records containing personal information are protected in accordance with Australian Government security policies.

 

Use and disclosure of personal information

ASDMAC uses and discloses personal information for the particular purpose for which it was collected or for a directly related secondary purpose.

For example, personal information collected in the course of a TUE application will be used to determine the application (and any appeal), and may be disclosed to other parties, such as consultant medical practitioners, WADA and other TUE Committees. The outcome of an application may be disclosed to sporting administration bodies, ASADA and other national anti-doping organisations, WADA, or other TUE Committees.

ASDMAC will also use and disclose personal information as permitted or required by or under law. In particular, ASDMAC may give advice and information on sports doping and safety matters to ASADA, the Australian Sports Commission and sporting administration bodies. For example, ASDMAC may disclose information to ASADA regarding potential anti-doping rule violations. ASADA will only use or disclose information in accordance with its functions under the ASADA Act and Regulations.

We will not otherwise use or disclose your personal information for another purpose unless it is directly related to our functions.

 

ASADA specific legislation

The ASADA Act and Regulations impose strict legal obligations on entrusted persons in relation to the disclosure of protected information.

It is an offence for the CEO of ASADA, a member of the ASADA staff or of the ASDMAC or the Anti-Doping Rule Violation Panel, or certain other persons, to disclose protected information (see section 67 of the ASADA Act) to a person other than the person to whom the information relates.

However, it is not an offence if the disclosure is authorised by the ASADA Act or is in compliance with a requirement of certain other laws. The ASADA Act authorises the disclosure of protected information in certain circumstances, including:

  • if the disclosure is for the purposes of the ASADA Act (section 68); or
  • if the disclosure will enable or assist another body or person to perform or exercise any of the functions, duties or powers of the body or person (section 68B);
  • if the disclosure is for the purpose of preventing or lessening a serious threat to the life or health of an individual (section 68C);
  • the protected information has already been lawfully made available to the public (section 68D); or
  •  if the disclosure is by the CEO for the purposes of the ASADA responding to certain public comments (section 68E).

 

Overseas disclosure of personal information

ASDMAC may be required to disclose your personal information to parties or persons who are located overseas. For example, it may be necessary for ASDMAC to disclose personal information to sporting administration bodies, TUE Committees or anti-doping organisations located overseas in the exercise of its functions under the ASADA Act. International organisations which are likely to receive this type of information include the World Anti-Doping Agency (located in Canada) and International Sporting Federations. ASDMAC may also need to disclose personal information to other parties in relation to a TUE application (such as a supporting medical practitioner) who are located outside of Australia.

Where information is disclosed to WADA, for example by including information in the Anti-Doping Administration and Management System (ADAMS), this information is subject to protections under Canadian law, specifically the Personal Information Protection and Electronic Documents Act (PIPEDA). If ASDMAC otherwise intends to disclose personal information to an overseas recipient, and the disclosure is not authorised or required by or under law, ASDMAC will seek your express consent to the disclosure before any information is sent overseas.

 

Handling of personal information

ASDMAC endeavours to ensure that all electronic and hardcopy protected information or personal information held by ASDMAC is stored in a secure environment. Personal information or protected information will not be released unless the law permits or requires this or the person to whom the information relates grants permission for its release.

 

Compliance with the Notifiable Data Breaches Scheme and Privacy Code 2017

The Notifiable Data Breaches scheme (established under Part IIIC of the Privacy Act) creates a mandatory requirement for Commonwealth agencies to report on any data breaches which meet the criteria for an ‘eligible data breach’.

Upon receiving notification of a data breach, or possible data breach, any ASDMAC member must notify the ASADA Privacy Officer. ASADA will consult with ASDMAC if ASADA is first notified of the breach. The ASADA Privacy Officer and relevant ASADA Deputy Chief Executive Officer must then determine if the breach or possible breach constitutes an ‘eligible data breach’ in accordance with Annexure A to the ASADA Privacy Policy, having been authorised to do so by ASDMAC on its behalf. The relevant steps required to be undertaken pursuant to the ASADA Privacy Policy must then be undertaken by the ASADA Privacy Officer on ASDMAC’s behalf in consultation with the ASDMAC.

In accordance with the Privacy (Australian Government Agencies – Governance) Code 2017 an APP Entity is required to have a designated Privacy Officer and Privacy Champion. The Privacy Officer and Privacy Champion for ASDMAC are the same officials identified as undertaking those roles for ASADA in the ASADA Privacy Policy, having been authorised to do so by ASDMAC on its behalf.

 

Access to, and correction of, personal information

Under the Privacy Act, you (as an individual) have rights to access and correct personal information that ASDMAC holds about you. You also have similar rights under the Freedom of Information Act 1982 (Cth).

If you wish to request ASDMAC to correct your personal information, you should contact the ASADA Privacy Officer via:

Email:               privacy@asada.gov.au

Write to:           Privacy Officer
                        Australian Sports Anti-Doping Authority
                        PO Box 1744
                        Fyshwick ACT 2609

Or phone 13 000 27232 and ask for the Privacy Officer.

ASDMAC will deal promptly with your request in accordance with the requirements of the APPs.

 

Complaints process

If you believe ASDMAC has wrongly collected or used or disclosed your personal information, you can ask to be put through to the ASADA Privacy Officer alternatively you can make a written complaint to privacy@asada.gov.au.

If you are dissatisfied with the investigation, you can complain to the Office of the Australian Information Commissioner who is independent of ASDMAC.  The Australian Information Commissioner has the power to investigate complaints about possible breaches of the Privacy Act.  Further information can be obtained directly from the Office of the Australian Information Commissioner at www.oaic.gov.au.