Purpose

To ensure that management of personal information for participants meets all relevant legislative and regulatory requirements.

This policy and procedure applies to current and potential participants, their carers and family members. 

Risk

Because people with disabilities are more vulnerable to exploitation and abuse than others in the community, workers with access to participant information automatically occupy risk-assessed roles under the NDIS Commission.

The primary risk to privacy and confidentiality arises from the collection, storage and sharing of participant information. Access by non-authorised persons may expose participants to risk. Safe storage and access policy protects participants from abuse and exploitation. This policy addresses these issues.

There is a risk that information will be shared inadvertently and without the intention to do harm. Information may be unintentionally disclosed by careless use of tablet or phone-based software, shared with a participant’s supporters against the participant’s wishes, or disclosed to peers on the assumption that the information is publicly known. Cultural assumptions around sharing information are diverse and change rapidly. Social media platforms may allow participants to be identified. This risk may be minimised by:

•  raising staff awareness of privacy and confidentiality

• ensuring consent is obtained before gathering data (including audio and photographic data) 

• ensuring that consent is specific to the use of data, and that consent is current

• encouraging participants to provide feedback and complaints about the use of their information.

These issues are addressed in this policy. 

Definitions

Personal information – Recorded information (including images) or opinion, whether true or not, from which the identity (including those up to thirty years deceased) could be reasonably ascertained.

Sensitive information – Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political party, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preference or practices, or criminal record. This is also considered to be personal information.

Health information – Any information or an opinion about the physical, mental or psychological health or ability (at any time) of an individual.

Information Privacy – refers to the control of the collection, use, disclosure and disposal of information and the individual’s right to control how their personal information is handled. 

Applicability

When

• applies to all personal information and sensitive personal information including the personal information of employees and participants

• applies to all company confidential information - that is any information not publicly available.

Who

• applies to all representatives including key management personnel, directors, full time workers, part time workers, casual workers, contractors and volunteers.

Documents Relevant to this Policy

• Privacy and Confidentiality (easy read)

Policy

Sparrow Collective is committed to the transparent management of personal and health information about its participants and staff.

This commitment includes protecting the privacy of personal information, in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cwlth) amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth) and in accordance with the Privacy Policy, Department of Human Services, endorsed June 2002 (amended August 2005) (Vic), the Health Records Act 2001 (Vic), the Information Privacy Act (2000) (Vic), and the Freedom of Information Act 1982 (Cwlth).

Sparrow Collective’s Privacy and Confidentiality Policy and Procedure is made publicly available.