Purpose of the Policy
Achieve Australia Limited (AAL) is committed to safeguarding the confidentiality of personal or sensitive information collected with regard to the people we support. Achieve Australia is also committed to protecting the privacy of its staff, volunteers and donors.
This policy sets out how AAL complies with its obligations under the Privacy Act 1988 (C’th), including the Australian Privacy Principles (APPs) to ensure we meet our legal and ethical obligations to respect the rights and privacy of people we support, and its staff.
This policy regulates how we manage personal information, collect, use, disclose, and secure & store personal information. It also details how individuals may access that information and have it corrected if it is wrong
Legislation that relates to Privacy is:
• Privacy Act 1988 (C’th);
• National Security Legislation Amendment Act (No. 1) 2014
• Privacy Amendment (Private Sector) Act 2000
• National Privacy Principles (2001)
• Privacy and Personal Information Protection Act, 1988
There are other laws which impact on particular aspects of privacy, such as:
– Workplace Surveillance Act 2005 (NSW)
– Surveillance Devices Act 2007 (NSW)
1.3.1 – Ensure all staff & volunteers adhere to the Australian Privacy Principles & privacy provisions within the Disability Service Standards (C’th & NSW)
AAL will ensure all aspects of our operations comply with the Australian Privacy Principles and the Disability Service Standards (C’th & NSW).
The Disability Service Standards (C’th) and the NSW Standards in Action apply to the people we support and families. The National Privacy Principles apply to all people that the organisation holds personal information about. This includes, people we support, families, advocates, staff, volunteers and donors.
1.3.2 – Responsibilities of staff, contractors, volunteers and Privacy Officer
All employees, contractors and volunteers of AAL have a responsibility to ensure that personal information is handled in accordance with this policy and that any personal and/or sensitive information accessed in the course of their duties are bound by their commitment to confidentiality.
AAL has appointed a Privacy Officer to respond to any concerns, complaints or alleged breaches in relation to privacy. The Privacy Officer’s responsibilities are limited to:
– receive and respond to any requests for access to personal information; and
– report any requests or complaints to the CEO.
1.3.3 – How AAL will ensure compliance
To ensure compliance AAL will develop specific procedures to effectively manage personal information, including sensitive information, in the context of the broad range of services we provide.
1.3.4 Ensure the quality of the data and relevance
AAL will take all reasonable steps to make sure that the personal and/or sensitive information it collects, uses or discloses is accurate, complete and up-to-date. Personal and/or sensitive information about AAL service users will only be collected when it is directly relevant and needed to provide support services to that person, or where AAL is required to collect the information.
AAL will put in place procedures to allow service users and staff the ability to access information kept about them, update and or amend their
1.3.5 – Use of personal information
AAL will only use personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or operations.
When you provide AAL with personal and/or sensitive information you will be given the option to tell us that you do not want that information to be used for direct marketing purposes. You can change your mind about your preferences in respect of direct marketing and make choices at any time by following any instructions in relevant communications or by contacting:
Level 1, 1 Epping Road NORTH RYDE NSW 2113
1.3.6 – Kinds of personal and/or sensitive information that we collect and hold
The types of personal and/or sensitive information that we collect may include your name, address, other contact details, information about your racial or ethnic origin, religious beliefs or affiliations, sexual orientation or practices, criminal record, health information and other such information that is relevant for us to provide our products and services to you in the manner that you have requested, or to comply with the Law.
1.3.7 – How we collect and hold personal information
We generally collect personal and/or sensitive information directly from you through the use of our standard forms, over the internet, via email or through a telephone conversation with you. With your consent we may collect personal and/or sensitive information from third party contractors or agents and government instrumentalities who are involved in the provision of our products and services.
1.3.8 – The purposes for which we collect, hold, use and disclose personal information personal information.
We collect your personal and/or sensitive information for any one or more of the following reasons:
• providing our products or services to you, including the direct marketing of those products or services;
• to assist with your queries;
• facilitating our internal business operations,
including the fulfilment of any legal
• analysing our services and client needs with a view to developing new and/or improved services.
1.3.9 – AAL will not disclose identifying information without written consent
AAL doesn’t give identifying information to other agencies, organisations or anyone else unless one of the following applies:
– the person has consented;
– the person would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies;
– it is required by law or is necessary to protect the rights or property of AAL or any other individual
– it will prevent or lessen a serious and imminent threat to somebody’s life or health;
– it relates to a criminal issue
Where the person we support is unable to provide consent, we will obtain written consent from the Person Responsible. In some instances verbal consent from a Person Responsible may be necessary and will be documented.
Where there is uncertainty as to the direct benefit of the release of information which does not remove the names of individuals and or other identifying characteristics such as home address, or there is doubt that individuals would not consent to the release of this information AAL will seek approval from the concerned people or the designated Person Responsible prior to the release of the information.
1.3.10 – Security of Information
AAL takes steps to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure and against other misuse.
These steps include secure handling procedures, access restrictions, ensuring documents are stored in locked cabinets when not in use, password protection, and restricted access for all electronic files.
Each Business Service will ensure their own secure procedures relevant to their service and processes.
When no longer required, personal information is destroyed in a secure manner or deleted
1.3.11 – Complaints or Concerns in Relation to Privacy
If a service user has a complaint in relation to privacy, it should be made in writing, directed to:
Privacy Officer Achieve Australia Level 1, 1 Epping Road
NORTH RYDE NSW 2113
You should expect an acknowledgement within 7 days of the complaint or concern being received. You will be advised of how your complaint or concern will be dealt with.
Your complaint or concern will be investigated by the Privacy Officer in consultation with the Chief Executive. You will receive written advice of the response to your concern or complaint, or advice of further processes required, within 28 days.
If AAL’s response is not acceptable to you, we may suggest conciliation or arbitration on the matter. You may also make a formal complaint to the Privacy Commissioner.
The provisions of this subclause do not apply to Employees of AAL. Where an employee has a concern or complaint in relation to privacy it should be dealt with under AAL Grievance Procedures, or where access to the individual’s Personnel File is required, requests should be made directly to Human Resources.
1.3.12 – Requesting Access or Change to Information
Service Users may request a copy of their personal information. The request should be made in writing, be specific in detailing what information you are requesting and directed to:
Privacy Officer Achieve Australia Level 1, 1 Epping Road
NORTH RYDE NSW 2113
You should expect a response within 7 days of the request being received. You will be advised of the time it may take to provide the information, or if there is any reason why the information cannot be
1.3.13 – Disclosure of personal information to overseas recipients provided or changed in accordance with your request.
If you have requested access to information, you will also be advised of how you may need to access the information. Generally the information will be available free of charge, unless substantial copying is required, in which case, AAL may request a fee to cover the cost to gather and copy.
AAL utilises internet-based third party data storage, processing and services, or “cloud computing”, which may involve the disclosure of your personal and/or sensitive information to overseas recipients. If you consent to this disclosure of your personal and/or sensitive information subclause 8.1 of APP 8 will not apply and by engaging us to provide products or services to you and/or providing us with such personal and/or sensitive information you do consent to the disclosure of your personal and/or sensitive information outside Australia, and acknowledge that we are not required to ensure that overseas recipients handle your personal and/or sensitive information in compliance with Australian Privacy Law.