Privacy and Confidentiality Policy
Purpose
See Differently is bound by State and Federal Privacy laws and has adopted the Australian Privacy Principles which are included in the Privacy Act 1988 (Cth).
This means that See Differently will:
- only collect personal information that is needed for its primary function with prior knowledge and consent of the individual;
- ensure that individuals are informed about why we collect information and how we manage the information gathered;
- use and disclose personal information only for its primary function or a directly related purpose, or for another purpose with the individual’s consent;
- store personal information securely, protecting it from unauthorised access;
- provide individuals with access to their own information.
With regard to an individual’s information, See Differently also complies with all of the requirements of the Disability Discrimination Act, Aged Care Act, NDIS Quality and Safeguarding Practice Standards and the National Standards for Disability Services and any legislative (Australian and State) requirements. This includes compliance with program specific guidelines including, but not limited to the Disability Employment Services (DES) Privacy Guidelines.
Policy Statement
See Differently is committed to protecting the privacy of personal information which See Differently collects, holds and administers. See Differently will only collect information that is required for it to fulfil its contractual, ethical and legal responsibilities and provide quality and timely services.
See Differently recognises the essential rights of individuals to have their information administered in ways which they would reasonably expect – protected on one hand and made accessible to them on the other. These privacy values are reflected in See Differently’s core values.
Responsibilities
Employees and volunteers
All employees and volunteers have an obligation to abide by See Differently’s Privacy Policy and are responsible for the management of personal information to which they have access in accordance with this policy.
Privacy Officer
The Privacy Officer of See Differently is the Human Resource Manager who will:
- ensure that all employees and volunteers receive training in privacy and procedures for handling personal information
- ensure that all employees and volunteers sign an agreement to maintain and protect an individual’s privacy and confidentiality
- regularly review compliance with this policy
- investigate complaints lodged; and
- handle any requests for access or correction to personal information
Definitions
Personal Information – means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
The types of personal information we collect may include name, date of birth, gender, ethnic origin, contact information, credit/debit card information, health information, service history and information we need to collect by law or funding agreement.
Some personal information is regarded as sensitive information and includes health information, opinions about an individual, person’s beliefs and affiliations, biometric information, sexual orientation and criminal record.
Records – Includes documents, information and data stored by any means including all copies and extracts.
Consent – In general terms consent is a voluntary agreement to another’s proposition, it requires an actual willingness that an act or an infringement of an interest shall occur.
Informed consent – Informed consent is providing a person with clear and understandable information prior to making an agreement between 2 or more parties. This includes decisions about service provision, collection, use and distribution of personal information.
Procedures
Collection of information
See Differently will
- only collect information that is necessary for the performance and primary function of See Differently;
- inform individuals about why we collect personal information and how we manage the information gathered;
- notify individuals that personal information is accessible to them;
- collect personal information from individuals directly, unless it is unreasonable or impracticable to do so, or the individual consents to See Differently obtaining it from someone else; and
- only collect sensitive information as required by law or with the individual’s consent.
See Differently collects personal information from:
- customers of See Differently
- employees, prospective employees and contractors.
- volunteers
- donors who contribute financially to our organisation.
- Suppliers, contractors and consultants
Use and disclosure
See Differently will
- only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose;
- only release information about an individual with that individual’s expressed informed consent, including where that consent was previously obtained.
- identify on all forms the purpose for which the personal information is collected.
- release information to third parties where that is requested by the individual concerned.
The employee’s obligation of maintaining confidentiality does not extend to confidential information that the law requires to be disclosed.
Consent
Consent can be collected both verbally and in writing. It is preferred that consent be signed by the party who is providing the consent. Where there is not possible verbal consent can be given if the details of that consent, are fully documented by the staff member obtaining the verbal consent. Consent may be withdrawn at any time on request by the individual.
Providing an individual’s information to a third Party
If you are required to provide information about an individual to a 3rd party e.g. GP, a Client Authority to Exchange Information Form must be completed and signed by the individual or authorised party. A scanned copy of this form is to be kept on the individuals CRM file under legal tab and consents as type ‘consent to share information’ and stored in the related tab.
Data quality
See Differently will take reasonable steps to ensure the personal information collected is accurate, complete, up to date and relevant to its functions.
Data security and retention
See Differently will
- safeguard the information collected and store against misuse, loss, unauthorised access and modification;
- only destroy records in accordance with the records disposal schedule and in accord with contractual obligations;
- take all reasonable steps to protect the personal information held from mis-use and loss from unauthorised access, modification or disclosure. This will include ensuring that all electronic systems are protected through electronic passwords, and all hard copy personal information is securely stored and only accessible by authorised personnel;
- only release personal information to third parties without consent if required by law;
- manage records in accordance with See Differently’s Records Management Policy.
Any suspected data breach involving personal information that the association holds will be managed in accord with our Data Breach Procedures. The procedure ensures that if any data breach occurs the breach is identified, staff know the correct procedures, those affected are notified, appropriate records are kept, and the breach is reviewed, and any correctional action is taken.
Access to personal information
See Differently will ensure individuals have the right to seek access to personal information about them and request correction if their information is inaccurate, incomplete, out of date or misleading.
Accessibility
See Differently will ensure that individuals are aware of See Differently Privacy Policy. See Differently will post the Privacy Policy on our website so that individuals can access information about the Policy, including what information is collected and for what purpose, how the information may be used, under what circumstances it may be disclosed to other parties and how it is protected. The Privacy Policy is available upon request in large print, Braille or audio format.
Participation in research
See Differently will not release contact details or other personal information for research without consent.
Individuals being invited to participate in a research project will be:
- given a choice about participating or not
- given the right to withdraw at any time
- informed about the purpose of the research project, the information to be collected, and how information they provide will be used
- given copies of any subsequent publications
The collection of personal information will be limited to that which is required for the conduct of the project. Individual participants will not be identified.
Making A Complaint
Under the Privacy Act 1988 (Cth) (Privacy Act) you can make a complaint to the Office of the Australian Information Commissioner (OAIC) about the handling of your personal information.
More information can be obtained from the Commissioner’s website at www.oaic.gov.au
If you have a complaint in relation to See Differently and the Australian Privacy Principles or any applicable registered APP code, you may also direct your complaint to See Differently’s Privacy Officer.
See Differently will investigate your complaint and communicate its findings to you within 30 days.
See Differently Privacy Officer is:
Toni Sougleris
Privacy Officer
See Differently
31 Blacks Road
Gilles Plains SA 5086
Phone (08) 8417 5564
Fax: (08) 8227 2177
Email: Toni.Sougleris@See Differently.org.au
Related Standards
- Home Care Common Standards
- Data Breach Procedure