Aa+-
Aa

Privacy & Confidentiality

1.0 INTRODUCTION

CORE is committed to protecting and maintaining the privacy, accuracy and security of clients, staff and volunteers’ personal information. We will use all reasonable efforts to protect the privacy of individuals’ personal information and to comply with the obligations imposed by the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APP), the Aged Care Act and the Aged Care Principles.

2.0 PURPOSE

2.1 Scope

This policy assists all people having access to information held by CORE to understand the requirements for keeping information private and confidential, and to assist CORE to meet Commonwealth and State legislative requirements. It will also assist to meet ethical and industry standards in the collection, use, exchange, storage and disposal of information. This policy applies to all staff (paid staff, contracted agency staff and volunteers) as well as Board members.

The purpose of this policy and procedure is to:

2.1.1 ensure personal information is managed in an open and transparent way

2.1.2 protect the privacy of personal information, including Health Information (see 15. Definitions : Health Information) of clients and staff

2.1.3 provide for the fair collection and handling of personal information

2.1.4 ensure that personal information we collect is used and disclosed for relevant purposes only

2.1.5 regulate the access to and correction of personal information

2.1.6 ensure the confidentiality of personal information through appropriate storage and security

2.2 Responsibilities

2.2.1 The Board of CORE is responsible for the establishment of this policy

2.2.2 The CEO and Management Team are responsible for implementing this policy

2.2.3 Board members, Paid staff, Volunteers, Contractors are to ensure they adhere to this policy

3.0 GENERAL POLICY STATEMENTS

3.1 If it is reasonable and practicable to do so, CORE will collect personal information about an individual only from that individual

3.2 In meeting obligations with respect to the privacy of clients, CORE will acknowledge that people with additional needs including vision or hearing impairments, and those of culturally and linguistically diverse backgrounds may require special consideration

3.3 CORE will display the Privacy Collection Statement and provide it to any individual client that request it

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management: Privacy & Confidentiality Policy Page 2 of 15

4.0 COLLECTION OF INFORMATION

4.1 Purpose of collection of Personal Information

CORE will only collect Personal Information (see 15. Definitions : Personal Information) about an individual by fair and lawful means and only if the information is necessary for one or more of our functions as a services provider, and collection of the Personal

Information is necessary to:

4.1.1 comply with the provisions of state or commonwealth law

4.1.2 provide data to government agencies to comply with state, commonwealth law

4.1.3 determine eligibility to entitlements provided under state or commonwealth laws

4.1.4 provide appropriate services and care

4.1.5 enable contact with a nominated person regarding a client’s health status

4.1.6 lawfully liaise with a nominated representative and to contact family if requested or needed

4.2 Not providing information

Some individuals may choose not to provide information to CORE. The information requested is relevant to providing them with the care and services they need. If the individual chooses not to provide CORE with some or all of the requested information, CORE may not be able to provide them with the care and services they require

4.3 Anonymity

CORE accepts the right of individuals to deal with us anonymously if it is lawful and practicable to do so

4.4 Collection of Sensitive Information

CORE will not collect Sensitive Information, including Health Information, (see 15. Definitions : Sensitive Information; Health Information) unless the collection of the information is necessary for, or directly related to, one or more of our functions and:

4.4.1 An individual has consented to the collection of this information; or

4.4.2 the collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or

4.4.3 a permitted general situation exists to the collection of the information (see 15. Definitions : General situation); or

4.4.4 a permitted health situation exists in relation to the collection of the information (see 15. Definitions : Health situation); or

4.4.5 we are a non-profit organisation and:

• the information relates to our activities; and
• the information relates only to the members of the organisation, or to individuals who have regular contact with us and our activities.

5.0 METHODS OF COLLECTION

5.1 Personal and Sensitive Information

Personal Information and Sensitive Information (including Health Information), (see 15. Definitions : Personal Information; Sensitive Information; Health Information) may recollected:

5.1.1 from a client;

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 3 of 15

5.1.2 from any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;

5.1.3 from the health practitioner of a client;

5.1.4 from other health providers or facilities;

5.1.5 from family members or significant persons of a client; and

5.1.6 from a legal advisor of a client.

5.2 CORE will collect Personal Information (see 15. Definitions : Personal Information) directly from the client, unless:

5.2.1 we have the consent of the client to collect the information from someone else; or

5.2.2 we are required or authorised by law to collect the information from someone else; or

5.2.3 it is unreasonable or impractical to do so (see 15. Definitions : reasonable).

5.3 At first assessment by CORE, a client should identify any parties from whom they do not wish Personal Information accessed or to whom they do not wish Personal Informationprovided. This should be recorded in the file of the client and complied with to the extent permitted by law

5.4 Unsolicited Information

If CORE receives Personal Information (see 15. Definitions : Personal Information) from an individual that has not been solicited, and the information could not have been obtained by lawful means, CORE will destroy or de-identify the information as soon as practicable and in accordance with the law

5.5 Staff records

CORE will keep a record in respect of staff members about:

5.5.1 basic employment details such as the name of the staff member and the nature of their employment (eg part-time, full-time, permanent, temporary or casual), as per the Employment Contract

5.5.2 pay

5.5.3 overtime hours

5.5.4 averaging arrangements

5.5.5 leave entitlements

5.5.6 superannuation contributions

5.5.7 termination of employment (where applicable)

5.5.8 individual flexibility arrangements and guarantees of annual earnings

5.6 CORE will also collect Personal Information about a staff member relating to their employment being Employee Records (see section 15. Definitions : Employee Records below)

5.7 Notification of Collection of Information

We will, at or before the time, or as soon as practicable after CORE collects Personal Information (see 15. Definitions : Personal Information) from an individual, take all reasonable steps to ensure that the individual is notified or made aware of:

5.7.1 CORE identity and contact details (who is collecting the information);

5.7.2 the purpose for which CORE is collecting Personal Information (how it will be used);

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management: Privacy & Confidentiality Policy Page 4 of 15

5.7.3 the identity of other entities or persons to whom CORE usually discloses Personal Information to (who will have access to the information);

5.7.4 that the individual has the right to access the information and correct it at any time

5.7.5 that information will only be retained according to legislative requirements

5.7.6 that this Privacy Policy contains information about how an individual may complain about a breach of Privacy, and how a complaint will be dealt with;

5.7.7 whether CORE is likely to disclose Personal Information to overseas recipients and if so, the countries in which such recipients are likely to be located

6.0 USE AND DISCLOSURE OF INFORMATION

6.1 Permitted Disclosure

CORE may not use or disclose Personal Information (see 15. Definitions : Personal Information) for a purpose other than the primary purpose of collection, unless:

6.1.1 the secondary purpose is related to the primary purpose (and if Sensitive Information, see 15. Definitions : Sensitive Information is directly related) and the individual would reasonably expect disclosure of the information for the secondary purpose;

6.1.2 the individual has consented;

6.1.3 the information is Health Information (see 15. Definitions : Health Information) and the collection, use or disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines and we reasonably believe that the recipient will not disclose the Health Information;

6.1.4 we believe on reasonable grounds (see 15. Definitions : reasonable grounds) that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety;

6.1.5 we have reason to suspect unlawful activity and use or disclose the Personal Information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities;

6.1.6 we reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal proceedings; or

6.1.7 the use or disclosure is otherwise required or authorised by law.

6.2 Unsolicited Information

If we receive Personal Information (see 15. Definitions : Personal Information) from an individual that we have not solicited, we will, if it is lawful and reasonable to do so, destroy or de-identify the information as soon as practicable.

6.3 Cross border disclosure

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 5 of 15

CORE may disclose an individual’s Personal Information (see 15. Definitions : Personal Information) to an overseas recipient. CORE will take steps to ensure that the overseas recipient does not breach the Australian Privacy Principles:

6.3.1 the overseas recipient is subject to laws similar to the Australian Privacy Principles and the individual has mechanisms to take action against the overseas recipient;

6.3.2 CORE reasonably believes the disclosure is necessary or authorised by Australian Law; or

6.3.3 the individual has provided express consent to the disclosure.

6.4 Disclosure of Health Information

CORE may disclose Health Information (see section 15. Definitions : Health Information) about an individual to a person who is responsible (see section 15. Definitions : Responsible Person) for the individual if:

6.4.1 the individual is incapable of giving consent (see section 15. Definitions : consent) or communicating consent;

6.4.2 the disclosure is necessary to provide appropriate care or treatment, or is made for compassionate reasons, or is necessary for the purposes of undertaking a quality review of our services (and the disclosure is limited to the extent reasonable and necessary for this purpose); and

6.4.3 the disclosure is not contrary to any wish previously expressed by the individual, or of which the Service Manager could reasonably be expected to be aware, and the disclosure is necessary for providing care or treatment

7.0 ACCESS TO INFORMATION

7.1 Providing Information

Any individual that has information held by CORE has a right to request that CORE provides them access to the Personal Information (see 15. Definitions : Personal Information) held about them, and CORE shall provide the information unless the request:

7.1.1 is frivolous or vexatious

7.1.2 poses a serious threat to the life or health of any individual

7.1.3 unreasonably impacts upon the privacy of other individuals

7.1.4 jeopardises existing or anticipated legal proceedings

7.1.5 prejudices negotiations between the individual and CORE

7.1.6 is unlawful or would be likely to prejudice an investigation of possible unlawful activity

7.1.7 federal/state government law enforcement body performing a lawful security function asks us not to provide access to the information; or

7.1.8 giving access would reveal information CORE holds about a commercially sensitive decision making process

7.2 Requesting access

Requests for access to information can be made orally or in writing and addressed to the Service Manager of the relevant service. CORE will respond to each request, see Privacy & Confidentiality Procedure

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 6 of 15

7.3 Declining access

An individual’s identity should be established prior to allowing access to the requested information. If unsatisfied with the individual’s identity, or access is requested from an unauthorised party (see section 15. Definitions : unauthorised party), CORE can decline access to the information.

7.4 CORE can also decline access to information if:

7.4.1 there is a serious threat to life or health of any individual;

7.4.2 the privacy of others may be affected;

7.4.3 the request is frivolous or vexatious;

7.4.4 the information relates to existing or anticipated legal proceedings involving CORE and the requesting party, and CORE has obtained legal advice; or

7.4.5 the access would be unlawful.

7.5 CORE will provide in writing the reasons for declining access to the requested information, see Privacy & Confidentiality Procedure

7.6 Granting access

On request (and after determining an individual’s right to access the information) CORE will provide access to Personal Information (see 15. Definitions : Personal Information), see Privacy & Confidentiality Procedure

7.7 Charges

CORE may charge for providing access to Personal Information

8.0 PERSONAL INFORMATION QUALITY

CORE aims to ensure that the Personal Information (see 15. Definitions : Personal Information) held is accurate, complete and up-to-date and upon notification of an issue, will take steps to correct the information held.

8.1 Correction of Information Held

If an individual establishes the Personal Information held about them is inaccurate, incomplete, out-of-date, incomplete, irrelevant or misleading CORE must take reasonable steps to correct the information

8.2 If CORE disagrees with an individual about whether information is accurate, complete and up- to-date, and the individual asks CORE to associate with the information a statement claiming that the information is inaccurate, incomplete, out-of-date, irrelevant or misleading, CORE will take steps to do so

8.3 If CORE refuses to correct the Personal Information as requested by the individual, the individual will be given written notice that sets out:

8.3.1 the reasons for the refusal;

8.3.2 the mechanisms available to complain about the refusal; and

8.3.3 any other matter prescribed by the regulations

9.0 DIRECT MARKETING

9.1 Personal Information

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 7 of 15

CORE will not use or disclose Personal Information (see 15. Definitions : Personal Information) about an individual for the purposes of direct marketing, unless the information is collected directly from the client and:

9.1.1 the individual would reasonably expect CORE to use or disclose Personal Information for the purpose of direct marketing; and

9.1.2 CORE has provided the individual with a means to ‘opt-out’ and they have not opted out

9.2 Sensitive Information

CORE will not use or disclose Sensitive Information (see 15. Definitions : Sensitive Information) about an individual for the purposes of direct marketing, unless the individual has consented to the information being used for direct marketing

9.3 An individual’s rights in relation to direct marketing activities If CORE uses information for the purposes of direct marketing, the individual may ask CORE:

9.3.1 not to provide direct marketing communications to them

9.3.2 not to disclose or use the information

9.3.3 to provide the source of the information

10.0 PERSONAL INFORMATION SECURITY

CORE are committed to keeping secure Personal Information (see 15. Definitions : Personal Information) that has been provided. CORE will take all reasonable steps to ensure the Personal Information held is protected from misuse, interference, loss, from unauthorised access, modification or disclosure.

10.1 Securing Client Information

10.1.1 CORE will keep client records in a secure storage area as per the Records Management Policy

10.1.2 If the records are being carried while providing care, only the staff member carrying the records will have access to them

10.1.3 Records of previous clients and earlier unused volumes of current clients shall be archived and stored in a locked service away from general use, see Records Management Policy

10.1.4 Only health professionals attending to the care of a client will have access to information of the client. All records shall only be used for the purpose it was intended

10.1.5 A client, or their representatives, shall be provided access to records as requested and after consultation with the Service Manager. At these times, a qualified staff member is to remain with a client or representative to facilitate the answering of any questions raised

10.1.6 Details of a client are not to be provided over the phone, unless the staff member is sure of the person making the enquiry. If in doubt, consult the Service Manager

10.1.7 Staff members will not make any statements about the condition or treatment of a client to any person not involved in the care, except to the immediate family or

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 8 of 15 representative of the client and then only after consultation with the Service Manager

10.1.8 Staff must be discrete with their comments at all times, protecting and respecting the privacy, dignity and confidentiality of all clients

10.1.9 Handovers shall be conducted in a private and confidential manner

10.2 Security Measures

Security measures include, but are not limited to:

10.2.1 training staff on their obligations with respect to Personal Information

10.2.2 use of passwords when accessing our data storage system; and

10.2.3 the use of firewalls and virus scanning tools to protect against unauthorised interference and access. Staff (including contracted staff), are required to have up-to-date virus protection software and firewalls installed on any device used to
access documents containing Personal Information

10.2.4 As soon as practicable and in accordance with the law, CORE will destroy or deidentify any Personal Information that is no longer required for CORE’s functions

10.3 Contractors

Contractors working on behalf of CORE are required to:

10.3.1 comply with the Australian Privacy Principles

10.3.2 have up-to-date virus protection software and firewalls installed on any device used to access documents containing Personal Information

10.3.3 notify CORE immediately of any actual or potential breaches of security

10.3.4 indemnify CORE in relation to any loss suffered by a breach

11.0 MEDIA

No member of staff shall make any statement to the press, radio or television station or to any reporter for the media. If a staff member is approached to make a statement or comment they must refer the person to their Service Manager. See Marketing, Advertising & the Media Policy

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 9 of 15

12.0 COMPLAINTS

12.1 If an individual wishes to make a complaint about the way CORE has managed their personal information, they may make that complaint verbally or in writing. See Handling Client Complaints Policy for process in detail

12.2 Alternatively, complaints may also be referred to a number of services as set out below:

12.2.1 Australian Information Commissioner

The Australian Information Commissioner receives complaints under the act.

Complaints can be made:

• Online: http://www.oaic.gov.au/privacy/making-a-privacy-complaint
• By phone: on 1300 363 992
• By fax: on +61 2 9284 9666
• In writing:

Address your letter to the Australian Information Commissioner at the:

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001

OR

Office of the Australian Information Commissioner
GPO Box 2999
Canberra ACT 2601 NSW 2001

12.2.2 Aged Care Complaints Scheme

When appropriate, the Aged Care Complaints Scheme may also be utilised for dealing with complaints. The scheme operates within the Department of Social Services and receives complaints under the Act. Complaints can be made:

• Online: at http://www.agedcarecomplaints.govspace.gov.au/concern
• By phone: on 1800 550 552.

If you need an interpreter you can phone the Translating and Interpretation Service on 131 450 and ask them to put you through to the Aged Care Complaints Scheme on 1800 500 552.

For hearing or speech impaired TTY users phone 1800 555 677 then ask for 1800 550 552.

For Speak and Listen users phone 1800 555 727 then ask for 1800 550 552.

For Internet relay users connect to https://www.iprelay.com.au/call/index.aSPX and enter 1800 550 552.

• In writing: address your letter to the Aged Care Complaints Scheme at the:
Australian Department of Social Services
GPO Box 9848
Sydney NSW 2000

12.2.3 NSW Ombudsman

The NSW Ombudsman deals with complaints for Community and Disability providers

• Online at www.ombo.nsw.gov.au
• By phone on : 1800 451 524

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 10 of 15

13.0 POLICY SIGNOFF

13.1 Staff, Volunteers & Board Members: Agreement to this Policy

13.1.1 I have read and had explained to me, this Policy and associated procedures

13.1.2 Breaches of this policy will not be tolerated, failure to comply with obligations under this policy may lead to disciplinary action. Serious breaches of this policy may result in termination of employment. See Staff Discipline Policy

13.1.3 I understand and agree to abide by this policy, procedure and the breach processes in place

AGREEMENT WITNESS
NAME: NAME:
POSITION: POSITION:
SIGNED: SIGNED:
DATE: DATE:

14.0 PROCEDURES

14.1 See Privacy & Confidentiality Procedure

14.2 Mandatory reporting of cases where a worker has concerns about the safety, welfare or wellbeing of a child or young person, see Mandatory Reporting Procedure

15.0 DEFINITIONS

Confidential Information

Any documentation or information received or developed during the course of employment, which is not publicly available, and relates to clients of CORE, staff members, volunteers, executive committee, students on placement or contractors OR the processes, equipment, techniques and business information used by CORE in the course of operation including all trade secrets, drawings, techniques, business, financial and marketing plans and material, manuals of any kind, gross profit and cost information, business connections including identity and requirements, concepts not reduced to material form, designs, plans, models, methods of operation, and the nature and content of contracts and documents consent FROM THE PRIVACY PRINCIPLES

B.35 Consent means ‘express consent or implied consent’ (s 6(1)). The four key elements of consent are:
-the individual is adequately informed before giving consent
-the individual gives consent voluntarily
-the consent is current and specific, and
-the individual has the capacity to understand and communicate their consent.

B.56 The Privacy Act does not specify an age after which individuals can make their own privacy decisions. An APP entity will need to determine on a case-by-case basis whether an individual under the age of 18 has the capacity to consent.

http://www.oaic.gov.au/privacy/applying-privacy-law/app-

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 11 of 15

guidelines/chapter-b-key-concepts

Employee Records A record of personal information relating to the employment of the staff member. Examples of personal information relating to the employment of the employee are Health Information (see 15. Definitions : Health Information) about the employee and personal information about all or any of the following:
• the engagement, training, disciplining or resignation of the employee
• the termination of the employment of the employee
• the terms and conditions of employment of the employee
• the employee’s personal and emergency contact details
• the employee’s performance or conduct
• the employee’s hours of employment
• the employee’s salary or wages
• the employee’s membership of a professional or trade association
• the employee’s trade union membership
• the employee’s recreation, long service, sick, personal, maternity, paternity or other leave
• the employee’s taxation, banking or superannuation affairs

General Situation FROM AUSTRALIAN PRIVACY PRINCIPLES

There are seven permitted general situations listed in s 16A:
1. lessening or preventing a serious threat to the life, health or safety of any individual, or to public health or safety (see APPs 3.4(b), 6.2(c), 8.2(d) and 9.2(d))
2. taking appropriate action in relation to suspected unlawful activity or serious misconduct (see APPs 3.4(b), 6.2(c), 8.2(d) and 9.2(d))
3. locating a person reported as missing (see APPs 3.4(c), 6.2(c) and 8.2(d))
4. asserting a legal or equitable claim (see APPs 3.4(c) and 6.2(c))
5. conducting an alternative dispute resolution process (see APPs 3.4(b) and 6.2(c))
6. performing diplomatic or consular functions — this permitted general situation only applies to agencies (see APP 3.4(b), 6.2(c) and 8.2(d))
7. conducting specified Defence Force activities — this permitted general situation only applies to the Defence Force (see APP 3.4(b), 6.2(c) and 8.2(d))
http://www.oaic.gov.au/privacy/applying-privacy-law/appguidelines/chapter-c-permitted-general-situations

Health Information Information or an opinion about:

• the health or a disability (at any time) of an individual
• an individual’s expressed wishes about the future provision of health services to him or her
• a health service provided, or to be provided, to an individual that is

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 12 of 15

also personal information

Other personal information collected to provide, or in providing, a health service

Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances

Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 13 of 15

Health Situation FROM AUSTRALIAN PRIVACY PRINCIPLES

D.2 There are five permitted health situations listed in s 16B:

1. the collection of health information to provide a health service (s 16B(1)) (see APP 3.4(c))

2. the collection of health information for certain research and other purposes (s 16B(2)) (see APP 3.4(c))

3. he use or disclosure of health information for certain research and other purposes (s 16B(3)) (see APP 6.2(d))

4. the use or disclosure of genetic information (s 16B(4)) (see APP 6.2(d))

5. the disclosure of health information for a secondary purpose to a responsible person for an individual (s 16B(5)) (see APP 6.2(d)).

http://www.oaic.gov.au/privacy/applying-privacy-law/appguidelines/chapter-d-permitted-health-situations

Mandatory Reporting The compulsory responsibility under the state/federal law to report risk of significant harm to children to Community Services Personal Information Information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion

Reasonable /

reasonable grounds FROM THE AUSTRALIAN PRIVACY PRINCIPLES

B.105 ‘Reasonable’ and ‘reasonably’ are not defined in the Privacy Act. The terms bear their ordinary meaning, as being based upon or according to reason and capable of sound explanation. What is reasonable is a question of fact in each individual case. It is an objective test that has regard to how a reasonable person, who is properly informed, would be expected to act in the circumstances. What is reasonable can be influenced by current standards and practices.[33]. It is the responsibility of an APP entity {CORE} to be able to justify that its conduct was reasonable.

In a related context, the High Court has observed that whether there are ‘reasonable grounds’ to support a course of action ‘requires the existence of facts which are sufficient to[persuade]a reasonable person’;[34] it ‘involves an evaluation of the known facts, circumstances and considerations which may bear rationally upon the issue in question’.[35] As that indicates, there may be a conflicting range of objective circumstances to be considered, and the factors in support of a conclusion should outweigh those against.
http://www.oaic.gov.au/privacy/applying-privacy-law/appguidelines/chapter-b-key-concepts

Responsible Person A person responsible is the person highest on a designated list who available and able to make decisions for a person who is unable to give informed consent. This may be a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, a guardian, an enduring power of attorney, a person who has an intimate personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 14 of 15

Sensitive Information Information or an opinion about an individual’s:
• racial or ethnic origins
• political opinions
• membership of a political organisation
• religious beliefs or affiliations
• philosophical beliefs
• membership of a professional or trade association
• membership of a trade union
• sexual preferences or practices
• criminal record
• biometric information
• biometric templates
• health information about an individual and genetic information

Unauthorised party A party that has no actual, implied or apparent authority

Unsolicited Information

All personal information received from an individual that we did not actively seek to collect

16.0 POLICY INFORMATION

RELATED DOCUMENTATION REFERENCES

The Federal Privacy Act 1988 and the Privacy Amendment (Private Sector) Act 2000

Privacy and Personal Protection Information Act 1998 (NSW)

Health Records and Information Privacy Act 2002 (NSW)

Information Protection Principles (IPPs) (2003)

Children and Young Persons (Care and Protection) Act 1998 (NSW)

http://www.legislation.nsw.gov.au/fullhtml/inforce/act+157+1998+FIRST+0+N

Education and Care Services National Regulations 2011

Early Childhood Australia (ECA) Code of Ethics (2008), the Education and Care Services National Regulations 2011 and the Privacy Legislation Australian Privacy Principles (from the Office of the Australian Information Commissioner)
http://www.oaic.gov.au/privacy/privacy-act/australian-privacy-principles

Aged Care Act 1997
https://www.comlaw.gov.au/Details/C2013C00389

Aged Care Transitional Principles 2014
https://www.comlaw.gov.au/Details/F2014L00870/Html/Text#_Toc391564969

Privacy & Confidentiality – Policy

CORE Community Services

Updated: 20/06/2015 Electronic version in P drive is controlled. Printed copies are uncontrolled.

Version: 01 Risk Management : Privacy & Confidentiality Policy Page 15 of 15

CONTACT OFFICER Operations Manager

DATE APPROVED 23 June 2015

APPROVED BY Board

DATE OF COMMENCEMENT 23 June 2015

REVIEWED 24 February 2017

Aa+-
Aa
Search