Privacy & Confidentiality Policy
Carers SA is committed to protecting and maintaining the privacy of carers and their families, Carers SA members, employees, volunteers, board members, students and representatives of agencies and organisations with which we deal, and to maintain the confidentiality of the personal, health and sensitive information we hold about them.
Carers SA complies with the Privacy Amendment (Notifiable Data Breaches) Act 2017, the Privacy Act 1988 and the Australian Privacy Principles.
As a community service provider, Carers SA has a special obligation to protect and uphold the right to privacy and confidentiality of our clients. This policy applies to employees (including full-time, part-time and casual), students on work experience placement, volunteers and Board members. (For the purposes of this policy, the above will collectively be referred to as Staff).
The Privacy and Confidentiality Policy applies to all personal, health or sensitive information about individuals, collected, used, stored, disclosed, shared and destroyed by Carers SA, regardless of the format of the information.
It also applies to organisational information which is not to be used or disclosed by board members, staff or volunteers.
- Carers SA protects the personal information of the people we support.
- We only collect personal information for purposes directly related to Carers SA services. We collect personal information directly from the person using our services (usually a carer). We always obtain consent to collect personal information. The people we support may choose to remain anonymous although this may limit the services then available to support them.
- We only use personal information for the purpose for which it was provided to us, for related purposes or as required or permitted by law.
- Carers SA complies with the Notifiable Data Breaches scheme where we are obligated to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.
- Staff should take appropriate care and actions to ensure that information is not able to be accessed by unauthorised persons. This includes ensuring relevant conversations are private, ensuring computers are locked, not leaving confidential information in public areas etc.
- All Staff are informed of their obligations under this, Carers SA Privacy and Confidentiality Policy, and must declare they understand and abide by this policy by signing the Privacy and Confidentially Declaration (as part of their orientation).
- Staff are expected to return materials containing confidential information at the time of separation from employment or expiration of service. The Staff member’s obligation of confidentiality will continue after the end of their employment or volunteering with Carers SA.
- This policy is available on request
Types of personal information we collect and hold
Names, addresses, email addresses, phone numbers, date of birth, payment details, occupation, qualifications, personal and health information (about the carer and person they care for), other information to assist us in carrying out our services and activities.
We also collect information required in the normal course of human resource management and the operation of a community service organisation. This includes recruitment information for employees and volunteers, as well as information collected about Board members.
How we collect information
We only collect personal information by lawful and fair means. We usually collect personal information from:
- Face-to-face meetings, interviews and telephone calls;
- Business cards;
- Application forms – such as application forms for government assistance programs and grants administered by us, application forms to join or participate in programs provided by us;
- Consent forms – such as a consent form to use your name and photo in our publications; and
- Fundraising events – for example, from donations and fundraising event registrations;
- Electronic communications – for example, e-mails and attachments (including CVs); forms filled out by people, including as part of acquiring a product or service from us;
- Third parties – for example, from a carers parents or guardians, recruitment agencies, referees, representatives or agents; and
- Our website, including if you use it to contact us, engage in the discussion forum, give us feedback or to make a donation.
Use and disclosure
We will only use or disclose your sensitive information for the purpose for which it was initially collected or for a directly related purpose, as required or permitted by law, or where you consent to the use or disclosure.
Staff may make referrals, with carer agreement, to services external to Carers SA. For this to happen, Carers SA must have signed consent or verbal consent noted and dated in carer files.
How we keep personal information secure
We take reasonable steps to protect your personal information from misuse, interference, loss and unauthorised access, modification and disclosure. Such steps include: physical security over paper-based and electronic data storage and premises; computer and network security measures, including use of firewalls, password access and secure servers; restricting access to your personal information to employees, volunteers and those acting on our behalf who are authorised and on a ‘need to know’ basis; retaining your personal information for no longer than it is reasonably required, unless we are required by law to retain it for longer; and entering into confidentiality agreements with staff and third parties.
Where we no longer require your personal information, including where we are no longer required by law to keep records relating to you, we will ensure that it is de-identified or destroyed. This may include using confidential waste bins, shredding or deleting files.
Notifiable Data Breaches
In the unlikely event of a data breach, Carers SA will notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches via the Notifiable Data Breach Statement – Form.
Note: an eligible data breach is one which is likely to result in serious harm to any individual affected.
Should a data breach occur, Carers SA will undertake a full assessment of the incident and take steps to mitigate the risk of a data breach happening again in the future.
Carers SA takes special care to ensure that the personal information it holds is accurate and up to date. You can request access to the personal information Carers SA holds about you, or you can request that we change that personal information.
We will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act 1988, Freedom of Information Act 1982 or other relevant law to withhold the information.
Personal Information can be updated by carers and members by calling the Carer Advisory Service on 1800 242 636 with any general queries.
Links to other websites
Confidentiality statement re HACC requirement to collect a Minimum Data Set
HACC is the Home and Community Care Program, a joint Commonwealth and State/Territory Program providing funding and assistance for Australians in need and a funding partner for Carers SA.
The HACC Program has Minimum Data Set requirements about information that must be collected from clients.
Therefore Carers SA advises the users of its services that we may release information about HACC clients (which is de-identified i.e. does not disclose by full name, or address) to HACC and to the National or State Data Repository.
Users of Carers SA services are advised that this will enable the collection of information about HACC services and their consumers. The information will be kept confidential. This information is to be used for statistical purposes only and will not be used to affect individual entitlements to, or access to, services.
How to contact us
If you wish to contact us about our services, obtain access to or change your personal information, or make any other enquiry, please call Carers SA on 1800 815 549.
Confidentiality – A separate legal concept to privacy, confidentiality applies to information given to a person or organisation under an obligation not to disclose that information to others unless there is a statutory requirement or duty of care obligation to do so. Confidentiality also applies to organisational information which is not to be used or disclosed by board members, staff or volunteers.
Privacy – Keeping certain personal information free from public knowledge and having control over its disclosure and use.
Personal information – Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.
Sensitive information – (Type of personal information) Information or an opinion about an individual’s race or ethnicity, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences, trade or professional associations, union membership, criminal record, health or genetic information or biometric information.
Confidential information – The names, details and information relating to carers; matters of a technical nature; trade secrets; technical data; marketing procedures and information; financial information; strategic and business plans; and other information which Carers SA informs a staff member or volunteer is confidential.
5. Related Documents
- Board and Staff Code of Conduct
- Service Delivery Policies and Procedures
- Information Sharing Guidelines
- Privacy and Confidentiality Declaration
- Notifiable Data Breach Statement – Form – https://forms.business.gov.au/smartforms/landing.htm?formCode=OAIC-NDB
Available upon request.
6. Related Legislation
- Privacy Amendment (Notifiable Data Breaches) Act 2017 (Commonwealth)
- Privacy Act 1988 (Commonwealth)
- Freedom of Information Act 1982
- Privacy Amendment (Notifiable Data Breaches) Act 2017
- Australian Privacy Principles.
Effective date: 12 March 2014
Current and updated: March 2018