Privacy & Confidentiality

Our policy is to respect and protect the privacy of all people connected with our organisation, including participants, providers, employees, contractors, and community partners.

The information we collect is used to provide services to participants in a safe and healthy environment with individual requirements, to meet duty of care obligations, to initiate appropriate referrals, and to conduct business activities to support those services. 

• We are committed to complying with the privacy requirements of the Privacy Act, the Australian Privacy Principles and for Privacy Amendment (Notifiable Data Breaches) as required by organisations providing disability services.
• We are fully committed to complying with the consent requirements of the NDIS Quality and Safeguarding Framework and relevant state or territory requirements.
• We provide all individuals with access to information about the privacy of their personal information.
• Everyone has the right to opt out of consenting to and providing their personal details if they wish.
• Individuals have the right to request access to their personal records by requesting this through their contact person/coordinator.
• Where we are required to report to government funding bodies, information provided is non-identifiable and related to services and support hours provided, age, disability, language, and nationality.
• Personal information will only be used by our organisation and will not be shared without your permission unless required by law (e.g., reporting assault, abuse, neglect, or where a court order is issued).
• Images or video footage of participants will not be used without their consent.
• Participants have the option of being involved in external NDIS audits if they wish.

• We take all reasonable steps to protect the personal information we hold against misuse, interference, loss, unauthorised access, modification, and disclosure.
• Personal information is accessible to the participant and by relevant workers.
• Security for personal information includes password protection for IT systems, locked filing cabinets and physical access restrictions with only authorised personnel permitted access.
• Personal information no longer required is securely destroyed or de-identified.

• We will take reasonable steps to reduce the likelihood of a data breach occurring including storing personal information securely and accessible only by relevant workers.
• If we know or suspect your personal information has been accessed by unauthorised parties, and we believe this could cause you harm, we will take reasonable steps to reduce the chance of harm and advise you of the breach, and if necessary, the Office of the Australian Information Commissioner.

• A breach of privacy and confidentiality is an incident—follow the Manage incident internally process to resolve.
• A breach of privacy and confidentiality may require an investigation.
• an intentional breach of privacy and confidentiality will result in disciplinary action up to and including termination of employment.

Describe the item or answer the question so that site visitors who are interested get more information. You can emphasize this text with bullets, italics or bold, and add links.

Term

Data Breach

A data breach is type of security incident where personal, sensitive, or confidential information normally protected, is deliberately or mistakenly copied, sent, viewed, stolen or used by an unauthorised person or parties.

A data breach where people are at risk of serious harm as a result, is reportable to the Office of the Australian Information Commissioner. 

Personal Information 

Personal information includes (regardless of its

accuracy):

• Name
• Address
• Phone number
• Email address
• Date of birth
• Recorded opinions or notes about someone
• Any other information that could be used to identify someone.

Sensitive Personal Information 

Sensitive personal information can include personal information that is normally private such as:

• Health information
• Ethnicity
• Political opinions
• Membership of a political association, professional or trade association or trade union
• Religious beliefs or affiliations
• Philosophical beliefs
• Sexuality
• Criminal record
• Biometric information (such as fingerprints)