Stones Disability Services is committed to safeguarding the confidentiality of all personal or sensitive information collected related to the participants we support. Stones Disability Services is also committed to protecting the privacy of its staff and volunteers.
This policy sets out how Stones Disability Services complies with its obligations under the Privacy Act 1988, including the Australian Privacy Principles to ensure we meet our legal and ethical obligations to respect the rights and privacy of people we support, and its staff.
❏ This policy regulates how we manage personal information, collect, use, disclose, and secure & store personal information. It also details how individuals may access that information and have it corrected if it is wrong.
❏ Legislative Context Legislation that relates to Privacy is:
❏ Privacy Act 1988;
❏ Australian Privacy Principles 2014
❏ National Security Legislation Amendment Act (No. 1) 2014
❏ Privacy Amendment (Private Sector) Act 2000
❏ National Privacy Principles (2001)
❏ Privacy and Personal Information Protection Act, 1988
❏ Other Legislation There are other laws which impact on particular aspects of privacy, such as:
❏ Workplace Surveillance Act 2005 (NSW) – Surveillance Devices Act 2007 (NSW)
Our processes gather consent for:
❏ information gathered, stored and recorded for work to be undertaken with the participant and their support network to enable effective assessment and to develop a support plan
❏ Communicate and act with approved family/carers, advocates, third parties and government agencies. This includes:
● collaboration with other providers to share information and meet participant needs
● participant’s support network and other stakeholders in the review of feedback, compliments and incidents (BSPs)
● the required service and a transition where applicable.
Stones Disability Services captures consent in the following steps:
❏ the Sign-Up form collects permission to gather and store information to develop a consent plan and make effective assessment on support needs
❏ the Consent form
● outlines use of consent, privacy and personal information
● collects permission to share information on their behalf, and with a third party to communicate and act on their behalf
● collects three nominated person/s or organisation/s who are approved to communicate with Stones Disability Services for specified purposes
❏ social media publicity consent form
❏ the Welcome Pack includes a visual flowchart of consent, data and privacy
Stones Disability Services will review participant’s consent annually or they can withdraw or change their consenttoshareinformationand/ormypermissionforathirdpartytoactontheirbehalfatany time.
Stones Disability Services Practice Standards will ensure compliance in all aspects of our operations within the Australian Privacy Principles and the NDIS Practice Standards and the National Disability Service Standards.
The above-mentioned Standards apply to the people we support and their families. The National Privacy Principles apply to all people that the organisation holds personal information about. This includes people we support, families, advocates, staff and volunteers.
All employees, contractors and volunteers of Stones Disability Services have a responsibility to ensure that personal information is managed in accordance with this policy and that any personal and/or sensitive information accessed in the course of their duties are bound by their commitment to privacy and confidentiality.
It is an expectation of Stones Disability Services staff that they ensure any conversations (in person or on the telephone) that occur in the workplace and/or off-site, during the delivery of supports to participants are held in a private and confidential manner.
It is a requirement that conversations related to participants/families are conducted within the privacy protection framework as detailed in the Privacy Act 1988, and in accordance with The Australian Privacy Principles.
Please be aware that participants, families and members of the general public are present at times both in the office setting and in locations where supports are being provided. There is always the possibility that conversations related to participants could be observed and overheard at any time for this reason.
It is the responsibility of staff to ensure that the potential for any conversation to be overheard is minimised at all times through:
● Being aware of the potential presence of participants, families and members of the general public in workplace environments
● Using technology e.g. headsets etc. to assist in the protection of private and confidential information
● Holding conversations in private spaces e.g. at staff desks if at all possible
Monitoring of the conduct of staff to ensure that conversations related to participants/families meet the requirements of relevant legislation and practice principles will occur. Assistance to meet all privacy and confidentiality requirements will be provided by the CEO, the Executive Team and Support Squad staff.
Breaches of participant/family privacy and/or confidentiality are taken very seriously. If these occur, they will be addressed on an individual basis through supervision, a reminder of the standard of behaviour that is expected will be given, and support will be provided to enable staff to operate in accordance with policy and procedure.
If an individual staff member continues to breach privacy and confidentiality policy and procedure, a process will occur which addresses any breach with escalating seriousness in these circumstances, facilitated by the relevant State Manager and/or the National Support Manager.
Participants’ money or other property is only used with the consent of the participant and for the purposes intended by the participant.
The National Support Manager is the Privacy Officer and will respond to any concerns, complaints or alleged breaches in relation to privacy. The Privacy Officer’s responsibilities are limited to:
❏ receive and respond to any requests for access to personal information; and – report any requests or complaints to the CEO.
To ensure compliance, Stones Disability Services will develop specific procedures to effectively manage personal information, including sensitive information, in the context of the broad range of services we provide.
Stones Disability Services will take all reasonable steps to make sure that the personal and/or sensitive information it collects, uses or discloses is accurate, complete and up-to- date. Personal and/or sensitive information about participants will only be collected only when it is directly relevant and needed to provide support services to that person, or where we are required by regulation to collect the information.
Stones Disability Services has procedures in place to enable participants and staff the ability to access information kept about them, update and or amend their records.
Stones Disability Services will only use personal information for the purposes for which it was given to us, or for purposes that are directly related to one of our functions or operations.
The types of personal and/or sensitive information that we collect may include your name, address, other contact details, information about your racial or ethnic origin, religious beliefs or affiliations, sexual orientation or practices, criminal record, health information and other such information that is relevant for us to provide our products and services to you in the manner that you have requested, or to comply with the Law.
We generally collect personal and/or sensitive information directly from you through the use of our standard forms, interviews, via email or through a telephone conversation with you. With your consent we may collect personal and/or sensitive information from third party contractors or agents and government instrumentalities that are involved in the provision of our products and services.
We collect your personal and/or sensitive information for any one or more of the following reasons:
❏ providing our products or services to you and to ensure they meet your requirements;
❏ to assist with your queries;
❏ facilitating our internal business operations, including the fulfilment of any legal obligations; and
❏ analysing our services and participant needs with a view to developing new and/or improved services.
Stones Disability Services doesn’t give identifying information to other agencies, organisations or anyone else unless one of the following applies: – the person has consented; – it is required by law or is necessary to protect the rights or property of our organisation or any other individual – it will prevent or lessen a serious and imminent threat to somebody’s life or health; – it relates to a criminal issue
Where the person we support is unable to provide consent, we will obtain written consent from the Person Responsible (Nominee/Guardian). In some instances verbal consent from a Person Responsible may be necessary and will be documented.
Where there is uncertainty as to the direct benefit of the release of information which does not remove the names of individuals and or other identifying characteristics such as home address, or there is doubt that individuals would not consent to the release of this information we will seek approvalfromtheconcernedpeopleorthedesignatedPersonResponsiblepriortothereleaseof the information.
Stones Disability Services takes steps to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure and against other misuse.
These steps include:
❏ secure handling procedures;
❏ placing access restrictions on private files and information so that only the CEO, COO and NSM have access to these files unless permission is given by these officers to key personnel who require that information to execute their duties;
❏ ensuring paper-based documents are stored in locked cabinets when not in use;
❏ All electronic files are password protected with restricted access for all electronic files for sensitive and personal information;
❏ All servers are protected with firewalls and anti-virus and anti-spyware software that is kept updated.
We specify document retention periods in-line with relevant State legislation. When no longer required after seven (7) years for adults, due to auditing requirements, personal information is destroyed in a secure manner such as shredding or deleted. For children (less than 18 years old) the record will be kept until the participant is twenty five (25) years old.
PRIVACY AMENDMENT (NOTIFIABLE DATA BREACHES) ACT 2017
In accordance with the Notifiable Data Breaches Stones Disability Services will notify affected individuals and the Office of the Australian Information Commissioner when a data breach has occurred and is likely to result in serious harm to individuals whose personal information is involved in the breach.
If a participant has a complaint in relation to privacy, it should be made in writing, directed to Stones Disability Services and will be investigated in compliance with our Complaints and Feedback policy.
Communication about this policy should be implemented in a way that suits each person with regard to their cultural background and communication needs e.g. use of an interpreter, translation or easy to read documents. This policy will be:
❏ communicated to all the participants, their carers/family, key internal and external stakeholders of Stones Disability Services;
❏ communicated to Stones Disability Services staff through induction and professional development opportunities;
❏ accessible through Stones Disability Services.
Individual Planning & Outcomes
❏ Complaints & Feedback
❏ Rights and Responsibilities
❏ Code of Conduct
❏ Service Charter
This entire policy will be reviewed in consultation with people using the service, their families and carers and staff every 3 years or as changes to legislation require.