To set out the guidelines for the management of confidentiality and privacy in the workplace of Deloraine House Inc.
This policy ensures that we comply with the provisions of the National Privacy Principles (“NPP”) contained in the Privacy Amendment (Private Sector) Act 2000 and Information Privacy Principles (IPP). This policy ensures access to, and the collection and use of, personal information provided by individuals to our employees, contractors, and volunteers is managed responsibly through a system of control.
Confidentiality relates to the treatment of information that has been disclosed during the course of a professional relationship. We all have an obligation to refrain from disclosing information that is given in confidence. Confidentiality is a balance between safeguarding the rights of individuals, discharging professional duty of care and weighing up the need for others to know.
NATIONAL PRIVACY PRINCIPLES
We acknowledge and respect the privacy of individuals. We support and endorse the National Privacy Principles contained in the Privacy Amendment (Private Sector) Act 2000 and will comply with these principles whenever personal information as defined by the Act is collected by us.
In accordance with the National Privacy Principles, we:
- will only collect personal information with an individual’s prior knowledge and consent;
- will only use personal information provided by an individual for the purposes for which it was collected;
- will not disclose personal information to a third party without the individual’s consent;
- will not disclose personal information to other institutions and authorities except if required by law or other regulation;
- will remove personal information from records when it is no longer required (except where archiving is required);
- have processes and policies to protect the personal information that we have under our control from:
- unauthorised access;
- improper use;
- unlawful or accidental destruction and accidental loss.
Personal information is defined by the Privacy Act as “information about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion” which is maintained electronically, on video or in written/printed form; and/or verbal information given to an employee about an individual. Although exempt under the Privacy Act, we include employee records under this policy. However, this does not apply in situations where the Crown or a statutory body or other similar body is seeking employee records information as part of an enquiry or investigation. Our inclusion of employee records under this policy applies to general enquiries by individuals and organisations.
For the purpose of this policy we define individuals as:
- Company directors
- Members of the public accessing our services or website
- Suppliers/contractors delivered by an individual
- Job applicants
(Please note: the Privacy Act only relates to individuals, it does not apply to the collection of information about business).
Sensitive Information means:
- Information or an opinion about an individual’s:
- Racial or ethnic origin
- Political opinions
- Membership of a political association
- Religious beliefs or affiliations
- Philosophical beliefs
- Membership of a professional or trade association
- Membership of a trade union
- Sexual orientation and gender identity
- Criminal record,
- where that information is also personal information.
- Health information about an individual.
Health information means:
- information or opinion about:
- the health or a disability (at any time) of an individual; or
- an individual’s expressed wishes about the future provision of health services to him or her; or
- a health service provided, or to be provided, to an individual; that is also personal information; or
- other personal information collected to provide, or in providing, a health service; or
- other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances.
Employee record, in relation to an employee, means a record of personal information relating to the employment of the employee. Examples of personal information relating to the employment of the employee are health information about the employee and personal information about all, or any, of the following:
- the engagement, training, discipline or resignation of the employee;
- the termination of the employment of the employee;
- the terms and conditions of employment of the employee;
- the employee’s personal and emergency contact details;
- the employee’s performance and conduct;
- the employee’s hours of employment
- the employee’s salary or wages;
- the employee’s membership of a professional or trade association
- the employee’s trade union membership;
- the employee’s recreation, long service, sick, personal, maternity, paternity or other leave;
- the employee’s taxation, banking or superannuation affairs.
The following guides the professional practice framework for all areas of activity within our organisation:
- having the confidence of individuals is a privilege;
- individual’s access to information about them is a right;
- the privacy of individuals is invaded through the collection and storage of unnecessary information;
- the formation of, or expression of, a professional assessment must be recorded with care. Sensitive information can only be recorded with the individual’s consent unless:
(a) the collection is required by law; or
(b) the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:
(i) is physically or legally incapable of giving consent to the collection; or
(ii) physically cannot communicate consent to the collection; or
(c) the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.
- all individuals have the right to be informed on who has access to their information;
- individuals have a right to challenge the accuracy of personal information recorded about them;
- at, or before, the time (or, if that is not practicable, as soon as practicable after) that we collect personal information about an individual, we must take reasonable steps to ensure that the individual is aware of:
- the content of the information;
- the identity of the program/unit and how to contact it;
- their right to make reasonable requests to access that information;
- the purpose for which the information is collected;
- the period of time for which the information is kept;
- the organisations (or types of organisations) to which the service/unit usually discloses information of that kind;
- any law that requires the particular information to be collected; and
- the main consequences (if any) for the individual if all or part of the information is not provided.
- it is expected that employees will exercise professional judgment in relation to how and when to explain the limits of privacy and confidentiality;
- where confidential information is to be provided to other agencies, the preferred option is via written consent of the client using a consent form. However, it is also acknowledged that the nature of work may result in situations where it is not always possible to use a consent form. When such situations arise, verbal consent must be given by the individual and the employee is required to make a record indicating that verbal consent was provided.
- the release of non-identifying information must be checked prior to release to ensure the information is truly non-identifying;
- formal and informal team-briefing is considered a professional contract which is based on professional ethics of confidentiality;
- wherever it is lawful and practicable, individuals must have the option of not identifying themselves.