Chat with us, powered by LiveChat
CONTACT US

ScriptARC Privacy Guidance Paper

ScriptARC Privacy Guidance Paper

 

Introduction

This document refers to the ScriptARC solution provided by Corum Health Pty Ltd (Corum Health).  ScriptARC allows you to scan, archive and retrieve scripts electronically.

This document is intended to provide you with information which you will need to know in order to understand your obligations under the Privacy Act 1988 (Cth) (Privacy Act) when using ScriptARC.  This document does not contain legal advice.

For the purposes of the Privacy Act, the information stored using ScriptARC will contain personal information, including sensitive information, relating to your customers.

As you may be aware, you are responsible for complying with the Privacy Act at all times in respect of your personal information, even where that information is stored using ScriptARC.  This includes putting in place appropriate processes to collect personal information from individuals and ensuring that all required disclosures are made and consents are obtained.

Who can access information?

You retain ownership and control of the information stored via ScriptARC at all times.  You are responsible for determining which individuals within your organisation will be given access to that information, and for ensuring that individuals who are given access to ScriptARC keep their login details secure and confidential.

Corum Health and its sub-contractors will only access information stored via ScriptARC to the extent necessary to operate ScriptARC or if otherwise required to enable compliance with legal obligations.

Corum Health maintains a strict access control regime. Any of its staff who require ad hoc access to data stored via ScriptARC to enable them to perform updates etc must request such access using an internal request tracking system.  If approved, access is provided on a temporary basis and may be revoked at any time by Corum Health.

In the unlikely event that information stored via ScriptARC is accessed by a third party without authorisation to do so and Corum Health becomes aware of such unauthorised access, we will notify you.  You will be responsible for determining how your organisation responds to such incident, including whether you are required to notify the individuals to whom the personal information relates about the incident.

Where will information be stored?

Information which is uploaded to ScriptARC is stored using Microsoft Azure.  All information will be stored in Microsoft’s data centre in South East Australia.  ScriptARC uses a locally redundant storage model, which means that your data will be stored within a  single data centre.  If you elect to purchase the geo-redundant storage option, your data will be replicated to a secondary data centre which is inside Australia.

For more information on these options please see https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy#locally-redundant-storage.

How will information be secured?

Corum Health takes security very seriously and is responsible for managing the security of the underlying ScriptARC solution.  An overview of the extensive security measures which are in place can be found here www.corumhealth.com.au/security/scriptarc-security

You must also implement appropriate security measures in respect of your own ICT environment and the information which you elect to store within ScriptARC.