To provide an effective and high-quality service and to maintain appropriate accountability, we must collect, store and sometimes share relevant personal information. It is important that we are consistent and careful in the way we manage what is written and said within our organisation and how we decide who can see or hear this information.
Personal information is any information where an individual’s identity can be reasonably determined. Collecting personal information is essential to delivering a quality service to George Street Neighbourhood Centre Association Incorporated (GNSC Assoc. Inc.) clients and customers, as well as managing staff, volunteers and Management Committee members. This includes being able to make appropriate matches between potential service users and organisations, and provide a quality improved service to the wider community. If GSNC Assoc. Inc. does not collect personal information, we may be unable to provide effective referral, options, support and services as well as support and manage our staff and volunteers.
This policy applies to all GSNC Assoc. Inc. operations and services, staff, volunteers, stakeholders and management committee members. All client information including written, verbal and electronic is covered by this policy except where keeping information confidential may lead to a risk of harm to the client or another human being or where information is subpoenaed.
This policy and procedure does not form part of any contract between an employee and GSNCA Inc. nor does it form part of any contractor or volunteer’s contract for service.
3. Policy Statement
GSNCA Inc. is committed to protecting and upholding the rights of our clients, employees, volunteers and Management Committee members to privacy. This includes upholding our privacy obligations when collecting, storing and using people’s information. We want all people associated with GSNCA Inc. to have confidence that we take these responsibilities seriously.
Specifically we will:
- meet our legal and ethical obligations as employees, volunteers and managers in relation to protecting the privacy of all people associated with the organisation;
- provide clients with information about their rights regarding privacy; and
- ensure privacy for all people associated with the organisation when they are being interviewed or discussing matters of a personal or sensitive nature with staff or volunteers.
4. Procedures 4.1 Privacy
We manage our obligations in relation to protecting the privacy of our clients by compliance to all the privacy requirements of our service agreement/s that incorporate the:
- National Privacy Principles (NPP) in accordance with the Privacy Act 1988 (Cth); and/or the
- Information Privacy Principles (IPP) of the Queensland Privacy Scheme. The Privacy principles are:
- collection of personal information (NPP1) (IPPs 1,2.3);
- limits on use or disclosure of personal information (NPP 2);
- quality of personal information (NPP 3);
- security of personal information (NPP 4) (IPP 4);
- information about personal information holdings (NPP 5) (IPP 5);
- access and amendment of personal information (NPPs 6.7) (IPP 6,7);
- anonymity (NPP8);
- use of personal information (IPPs 8, 9, 10);
- collection and handling of sensitive personal information (NPP 9; and IPP 1, 4) disclosure of personal information (IPP 11).
Our obligations include:
- using personal information only for the purpose of our service agreements, unless required or authorised by law;
- not disclosing personal information without written consent, unless required or authorised by law;
- ensuring that all of our employees and volunteers do not access, use or disclose personal information other than in the performance of their duties;
- ensuring that all of our contractors and auspices who have access to personal information comply with all of our privacy obligations;
- complying with the processes for the safe, secure and systematic collection, use and storage of up-to-date client data (in hard copy and/or electronically) including information about limits to confidentiality and the consent to sharing of information.
- providing full co-operation when responding to applications for access to, or amendment of a document containing an individual’s personal information and to privacy complaints;
- notifying relevant funding bodies upon becoming aware of any breach of personal information protection; and
- notifying relevant funding bodies in the event of becoming aware that disclosure of personal information, in relation to a child/ren subject to the Child Protection Act 1999 or the Juvenile Justice Act 1992, is made or may be required by law.
- all employees, volunteers, officers and contractors of GSNC Assoc Inc abide by the Confidentiality Policy and Procedure, including signing the Confidentiality Agreement upon appointment to their position;
- Service users are to be made aware of the Privacy Notice when personal information is collected; and
- All persons providing personal information to GSNC Assoc. Inc. will have their Privacy rights explained to them and will be give a copy of the Privacy Statement.
For service specific privacy obligations relating to each of the services of GSNC Assoc. Inc. refer to the relevant current Funding Agreement.
In broad terms these requirements mean that we:
- collect only information which the organisation requires for its primary function;
- ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
- use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent;
- store personal information securely, protecting it from unauthorised access; and
- co-operate when responding to applications for access to their own information and
the right to seek its correction, and to privacy complaints;
In order to uphold service delivery quality and manage risks the GSNCA Inc. Manager will have access to all organisational files, including those containing personal information. This includes being provided with access to an updated service user list on a regular basis and being provided with spare filing cabinet keys to enable access to files as required.
4.2 Collection of Personal Information
- only collect information that is necessary for the performance and primary function of GSNC Assoc. Inc. and its auspice services;
- notify stakeholders about why we collect the information and how it is administered;
- notify stakeholders that this information is accessible to them;
- only use information for the primary purpose for which it was collected or directly related secondary purpose or other use with written consent; and
- take reasonable steps to ensure the information we collect is accurate, complete, up to date and relevant to the functions we perform.
Collecting personal information is essential to delivering quality services. This includes being able to make appropriate matches between potential consumers and organisations, and provide a quality improved service to the wider community. If GSNC Assoc. Inc. does not collect personal information, we may be unable to provide effective referral, options, support and services as well as support and manage our own volunteers and staff.
4.3 Privacy Notice
Personal information collected by GSNC Assoc. Inc. is completed always with the individual’s consent and where possible this would be in writing. All forms used to collect personal information contain the following privacy notice:
GSNCA Inc. is collecting the information on this form to assist us in providing services to you. You do not have to provide the requested information. However if you do not we may be unable to provide the services. Statistical information collected may be provided to the relevant funding bodies for the purpose of ensuring that service users are provided with a quality service. GSNC Assoc Inc will not pass this information on to anyone without your consent unless it is required to prevent harm or a risk of harm to others or yourself.
4.4 Ensuring Privacy is maintained
GSNC Assoc. Inc. ensures privacy when collecting private or sensitive information through being aware of physical spaces and ensuring that staff are appropriately trained is managing privacy. This includes:
- private counselling/interview rooms at both George Street Neighbourhood Centre (GSNC) and Shakespeare Child & Family Centre (SCFC);
- Private offices for services;
- provision of separate telephone facilities for each service and staff member
- appointments both within and outside of opening hours;
- home visits where appropriate and feasible;
- The adherence of all staff and volunteer’s to a strict code of conduct whereby client or organisational personal information is not discussed in the public or reception
areas of either GSNC or SCFC; and
All staff working within any area of GSNC Assoc. Inc. including the public or reception areas, or outside of GSNC Assoc. Inc. premises ensure client privacy is maintained at all times.
4.5 Breaches of Privacy
- An individual has the right to complain about a breach of privacy by lodging their concern or complaint with GSNC Assoc. Inc. and/or its associated funding bodies.
- Any breaches of privacy will be recorded in an Incident Report and reported to the relevant funding bodies.
5. Other related policies and documents
- Client records policy
- Confidentiality policy
- Access to confidential information policy
Forms and other organisational documents:
- GSNC Assoc. Inc. Feedback and Complaints process information booklet
- Privacy Notice
- confidentiality agreement
6. Review processes
Responsibility for review:
GSNC Assoc. Inc. Management Committee and senior staff.
Policy review frequency:
GSNC Assoc. Inc. will negotiate the review of this policy at a minimum of 12 months and maximum review period of 3 years or following a critical incident.
GSNC Assoc. Inc. Management Committee in consultation with the Manager and Team leader will conduct the review process of this policy. This may include:
- a nominated review panel (including outside expertise if required); and
- input/feedback from staff, volunteers, clients, stakeholders and community members.
key questions such as:
- is this policy being implemented?
- are procedures being followed?
- is this policy clear?
- have any stakeholders had difficulty with any aspect of this policy?; and o can stakeholder concerns be resolved?
- Documentation and communication:
The review document and policy will be ratified and dated by the Management Committee prior to implementation.
Changes to the policy will be communicated to staff via staff meetings and/or education and information sessions.