Privacy Policy

PRIVACY AND CONFIDENTIALITY GUIDELINES

To support the privacy and confidentiality of individuals:
  • We are committed to complying with the Privacy Act’s privacy requirements, the Australian Privacy Principles, and for Privacy Amendment (Notifiable Data Breaches) as required by organisations providing disability services.
  • We are fully committed to complying with the NDIS Quality and Safeguarding Framework’s consent requirements and relevant state or territory requirements.
  • We provide all individuals with access to information about the privacy of their data.
  • Individuals have the right to request access to their personal records by requesting this with their contact person.
  • Where we are required to report to government funding bodies, information provided is non-identifiable and related to services and support hours provided age, disability, language, and nationality.
  • We will only use personal data for the reasons it is sought. It will not be shared outside the organisation without your permission unless required by bylaw (e.g. reporting assault, abuse, neglect, or where a court order is issued).
  • Images or video footage of participants will not be used without their consent.
  • Participants have the option of being involved in external NDIS audits if they wish.

SECURITY OF INFORMATION

To keep information secure:
  • We take reasonable steps to protect the personal information we hold against misuse, interference, loss, unauthorised access, modification and disclosure.
  • Personal data is accessible to the participant and can be used only by relevant workers.
  • Security for personal information includes password protection for IT systems, locked filing cabinets and physical access restrictions with only authorised personnel permitted access.
  • Personal information no longer required is securely destroyed or de-identified.

DATA BREACHES

As part of information security responsibilities:
  • We will take reasonable steps to reduce the likelihood of a data breach occurring, including storing personal information securely and accessible only by relevant employees.
  • If we know or suspect your personal information has been accessed by unauthorised parties, and we think this could cause you harm, we will take reasonable steps to reduce the chance of harm and advise you of the breach, and if necessary, the Office of the Australian Information Commissioner.

BREACH OF PRIVACY AND CONFIDENTIALITY

A breach of privacy and confidentiality is an incident:
  • We will follow the Manage incident internally process to resolve.
  • It may require an investigation.
An intentional breach will result in disciplinary action up to and including termination of employment.