Confidentiality AND Privacy
- Managing Director
- Managers, Supervisors and Team Leaders
- Students/ Volunteers, People on Work Experience
- Requirements / Procedure
- Type of Information Collected
- Third Party Collection of Data
- How the Information is Used
- Anonymity & Pseudo Anonymity
- Authorisation for Collection & Release of Information
- Keeping Information Accurate & Up to date
- Keeping Information secure
- How you can access or correct your information
- Destroying of Personal Information
- Breaches of Australian Privacy Principles
To ensure that all people involved with the service have the right to the protection of their personal information. To fulfil this obligation we will ensure all information is kept in a secure place and is accessible to only those people who need the information to complete their responsibilities in relation to the function and activities with the Hessel group or have a right to know.
This policy applies to all individuals who by way of association with the Hessel group provide or have access to personal information of those Individuals.
1988 Privacy Act & National Privacy Principles
Enhancing the Privacy Protection Act 2012
Workplace Health and Safety Act & Regulations 2012
Children’s Services Act 1985-1.1.2012
Education and Care Services National Regulation and National Law.
Skills for all NCVER, STELA
NVR 16 & 20
|Confidentiality||Confidentiality is the process by which the right to privacy of all users is protected. The practice of confidentiality relates to the accessibility, storage and destruction of written records and also care and consideration in dealing with verbal information|
|APP||Australian Privacy Principles -13 principles structured to reflect the information life cycle — collection, use and disclosure, quality and security, access and correction of personal information.|
|Personal Information||Information or opinion about an individual whose identity is apparent or can be ascertained from the information.|
5.1 Managing Director
The Managing Director has the obligation to provide adequate resources to ensure this policy is implemented, monitored and reviewed in a timely and effective manner to ensure the effectiveness of the policy is realised to its full potential.
5.2 Managers, Supervisors and Team Leaders
- Managers must ensure that the National Privacy Principles, (1988 Privacy Act), are adhered to at all times.
- Management will ensure that individuals who are required to disclose personal information to the Hessel group for the purpose of conducting their business are informed of who will be collecting the personal information about them, the purpose for the collection and what happens to the information after it is collected.
- Management will inform staff of their responsibilities with confidentiality in regards to private information that they have access to.
In the course of employment with the Hessel group employees may have access to confidential information regarding the organisation, clients or fellow workers.
- All staff will undergo training in the requirements of this policy.
- Employees must ensure that the National Privacy Principles, (1988 Privacy Act), are adhered to at all times.
- All Staff will sign F 172 Confidentiality & Intellectual Agreement at the time of employment.
- It is one of each employee’s prime responsibilities to be sure that they in no way reveal information that is private either within or outside the organisation including via internet facilities.
- Employees are not to release information via social media e.g. Facebook or other forms of communication that could be seen to be defamatory to the Hessel group.
- Confidential conversations between individuals will be conducted in a quiet/ confidential area away from others.
- Staff will not discuss any child related matters / details with anyone other than centre staff, parents or legal guardians without parental or legal guardians consent.
- Staff home and/or private mobile telephone numbers will not be given to parents.
5.4 Students/ Volunteers, People on Work Experience
Students/volunteers, people on work experience will not make staff, children or their families the object of discussion outside the centre, nor will they use family names when recording information
6. Requirements / Procedure
6.1 Type of Information Collected
The Hessel group collects personal information directly from you. We may also collect information directly about you, but only in circumstances where you would reasonably expect it, or where you have consented. Examples include referee comments and criminal checks in relation to recruitment if it is for or directly relates to one or more of the Hessel group’s functions or activities.
The information we collect is reasonably necessary to;
- Provide the quality services and care
- Maintain your contact information
- Fulfil our legal obligations under applicable laws and rules as those outlined in Section 3, References
We generally hold personal information relating to;
The services we provide or have provided to you.
- Your name, contact details and any medical information that is required by use to maintain a healthy and safe working environment.
- Tax file number, drivers licence, Medicare numbers, qualifications, health conditions (for recruitment purposes).
- Records of training / qualifications
- Visa / passport information in relation to funded training with Enhance Training & Recruitment
- Bank and credit card details in relation to fees payments.
We do not generally collect sensitive information about the individuals unless required or authorized by or under an Australian law, rule or a court/tribunal order. Should sensitive information be required, your consent will be sought prior to collection of the information.
Sensitive information includes information relating to;
- Political or religious beliefs
- Sexual preference
- Membership of professional or trade associates or unions
- Person’s life
6.2 Third Party Collection of Data
6.3 How the Information is Used
The Hessel group only use and disclose personal information for the purpose for which it was disclosed to us or related purposes which would be reasonably expected without your permission. For example, we may use and disclose personal information to process applications, administer and manage our services including monitoring, auditing and evaluating of those services and communicate with you and deal with any complaints or enquiries.
We may from time to time also use your personal information to inform you of changes to our services which we expect may be of interest to you. However we do respect your right to opt-out of receiving marketing material in communications we have with you, such as forms, letters, or emails, or you can contact us at www.hesselgroup.com.au
6.4 Anonymity & Pseudo Anonymity
Individuals under the APP have the option of not identifying themselves, or of using a pseudonym.
However when dealing with the Hessel group in relation their function and services this is impracticable to deal with individuals who have not identified themselves or have used a pseudonym.
Hessel is required under an Australian law to deal with individuals who have identified themselves.
6.5 Authorisation for Collection & Release of Information
All personal information will be collected in a lawful and fair way.
All enrollment forms will include written authorisation from the individual for the collection of necessary personal information.
Written authorisation will be obtained from the individual prior to the release of personal photos, images or testimonials.
The authorisation must state what the material is to be used for and when (e.g. promotion, publication etc.). Refer F450 Release of Information
6.6 Keeping Information Accurate & Up to date
Hessel will take all reasonable steps to ensure that all information we hold is as accurate, up to date and complete as is possible. Individuals are able to contact us at any time and ask for a correction if they feel the information we have about them is incorrect.
In addition to this parents and guardians are required to update their personal information at least annually.
6.7 Keeping Information secure
Information about staff members will only be accessed by the Administration unit, Director or the individual staff member concerned. Staff will not be able to access the file storage, personal files will be handed to the individual staff requiring the access.
- Staff will only be able to access personal information on a ‘need to know’ basis.
- To protect the information all hard copies of personal information will be stored in locked cabinets to protect it from;
- Misuse, interface and loss.
- Unauthorised access, modification or disclosure.
- The Hessel group information handling practices will be regularly monitored to ensure they are secure.
6.8 How you can access or correct your information
Individuals can contact a Hessel group representative to request access to or correction of your personal information. The request must be in writing. In normal circumstances we will give the individual full access or make the requested corrections to your information in a reasonable period after the request. However, there may be some legal or administrative reasons to deny these requests;
- The reason for the request is vexatious; or giving access would have unreasonable impact on the privacy of other individuals; or
- The information relates to existing or anticipated legal proceeding’s between the organisation and the individual and would not be accessible by the process of discovery in those proceedings.
- Hessel group has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the organisation’s functions or activities has been, is being or may be engaged in, and giving access would likely to prejudice the taking of appropriate action in relation to the matter.
If the request is denied, Hessel will provide you with the reason why. Where we decide not to make the requested correction to the individual’s personal information and they disagree, the individual may ask to make a note of their requested correction with the information.
Refer to Section 6.10 Breaches of Australian Privacy Principles in relation to the mechanisms available in relation to the refusal.
6.9 Destroying of Personal Information
If the personal information is no longer required and there is no law that says that the Hessel group must retain the information refer to I- 151 Document Control & Record Keeping then the information will be destroyed in the following ways;
- De-identifying the information
- Shredded or destroyed personal information
- Files will be destroyed of in security bins
- Electronic records or files will be deleted
6.10 Breaches of Australian Privacy Principles
Inquires or complaints from individuals about the Hessel group’s compliance to the APP should be in line with P-16 Reporting Grievances & Complaints policy.
- Management will deal with privacy complaints promptly and in a consistent manner, following the centre’s grievance procedures.
- The Privacy Act gives individuals the right to complain if they think their personal information has been mishandled. Refer to www.privacy.gov.au/privacy rights/complaints.