To ensure that personal information about all individuals involved in the organisation is collected, stored, accessed and corrected and used and further disclosed in accordance with the Privacy Act 1988 (Commonwealth) for services under funding agreements and all other Deadly Inspiring Youth Doing Good Aboriginal and Torres Strait Islander Corporations (DIYDG) services.
This policy applies to all DIYDG directors, employees, volunteers and students.
This policy applies to all verbal information, written information and information stored on electronic devices.
DIYDG is committed to creating an environment of respect and protecting the privacy of personal information about all individuals involved in the organisation.
DIYDG in its operations is to fulfil the requirements outlined in the –
· Information Privacy Act 2009 (Queensland) including the 11 Information Privacy Principles for its services under funding agreements with Department of Communities, Child Safety and Disability Services (Queensland) and Department of Housing and Public Works (Queensland).
· Privacy Act 1988 (Commonwealth) including the 13 Australian Privacy Principles for its services under funding agreements with the Department of Social Services (Commonwealth) that provide the legal framework for the:
· Access and correction.
· Use or further disclosure of personal information.
Personal information is only to be collected for a purpose that relates to the work of the organisation and the collection of the information is necessary for or directly related to that purpose. It must be obtained lawfully, fairly and unobtrusively.
The types of information collected by the organisation fall into various categories including:
· Personal details.
· Payroll related (including Tax File Number).
· Leave histories.
· Equal employment opportunity details.
· Staff training and development activities including supervision and performance appraisals.
· Details related to critical incidents.
· Support services provided to community members, including relevant medical information.
In some cases, information of a particularly sensitive nature is collected from community members receiving services. This information is only to be collected for the purpose of adequate service provision and with the individual’s consent. The worker is responsible to ensure the Privacy Agreement is explained to the service user in a way that is appropriate to their age and ability to understand the document.
It is important that individuals are provided with explanations about:
· Why information is collected.
· What is done with the information.
· How information is handled.
· Who can access the information.
· Processes for accessing their personal information.
· Consequences for refusing to provide information.
Use and Disclosure
· Personal information can only be used in a manner not related to the purpose it was collected for or disclosed to others if:
· Consent has been given.
· It is necessary to lessen or prevent a threat to the life or health of the individual concerned, another person or the community.
· Required or authorised by legislation.
· Required by a law enforcement body.
· It is necessary to provide information to a parent or guardian, to ensure suitable care of the individual in question.
If there is any uncertainty as to whether a request to disclose personal information fits within these guidelines the matter must be referred to the program manager or Chief Executive Officer as appropriate, prior to any information being disclosed.
Funding Departments – when applicable
The Program Manager must notify the relevant department, for instance the Department of Communities, Child Safety and Disability Services immediately in the case that they become aware that disclosure of personal information:
· Provided by the relevant department or;
· In relation to a young person subject to the Child Protection Act 1999 or Juvenile Justice Act 1992 is or may be required by law.
Storage and Security
Deadly Inspiring Youth Doing Good is responsible for ensuring that records are secured against:
· Loss or damage.
· Unauthorised access, use or modification.
· Unauthorised disclosure and misuse.
To meet this responsibility:
· All paper records are stored in cabinets that are locked when unattended.
· Electronic records are only available to individuals with login identification details.
· Records are kept securely, for example in a locked brief case or a boot of a car when being transported.
Records are to be stored in locations that:
· Are cleaned regularly.
· Are protected from water, dampness, mould, direct sunlight, heat and fire.
· Have pest management programs.
· Have adequate ventilation, air purity and lighting.
Information regarding community members will be stored in areas with access restricted to:
· Program Managers.
· Program employees.
Information regarding paid employees, volunteers and students will be stored in areas with restricted access to:
· Human Resources Manager.
· Finance Officer.
Information regarding members of the board of directors will be stored in areas with access restricted to:
· Chairperson of the board.
· President of the organisation.
· Chief Executive Officer.
· Executive Assistant
Access to personal information
Individuals are entitled to have access to records that contain personal information relating to them. Care must be taken to ensure they are not given access to another person's information in error.
Paid Employees, Volunteers and Students
If a paid employee, volunteer or student wishes to access their records, the Program Manager or Human Resources Manager will allow them to do so in their presence. Records are not to be removed from the secure area but the Human Resources Officer may supply a copy if requested.
Members of the Board of Directors
If a member of the board wishes to access their records the Chairperson, President, Chief Executive Officer or Executive Assistant will allow them to do so in their presence. Records are not to be removed from the secure area but copies can be given if requested.
If a community member wishes to access their records, the Program Manager or employee will allow them to do so in their presence. Records are not to be removed from the secure area but copies can be given if requested.
Access to personal information can be denied in situations that:
· Pose a threat to the life or health of any individual.
· Impact upon the privacy of others.
· Would be unlawful.
In any of these situations reasons for the denial of access must be provided.
Individuals may authorise or consent to another organisation or person having access to their personal information. The Act allows for either direct consent (written or, if time does not permit, verbal) or implied consent. Examples of people who may have implied consent are legal aid lawyers, translators or parents under some circumstances. In the case of implied consent, only information relevant to the nature of the enquiry may be disclosed.
Licensed Care Services
Access of records related to young people involved in a Licensed Care Service must be made available to relevant Department of Communities - Child Safety representatives as requested. Records are to be provided to a relevant Department of Communities - Child Safety representative in the event that:
• The Licensed Care Service ceases to provide services to the young person.
• The young person is no longer subject to the child protection intervention
Records that have been returned to the Department of Child Safety Youth and Women may be made available to the young person through the department’s Freedom of Information Branch.
DIYDG has adopted it’s own identifying codes through our Client Register system. An identifier includes a number or code assigned to identify an individual. An individual’s name is not an identifier.
DIYDG is responsible for ensuring personal information is accurate, up to date, complete, not misleading and relevant to the purpose for which it was collected. If an individual believes this is not the case, they may request that it be corrected, deleted or added to. Any such requests should be referred to the Program Manager, Finance Manager, Human Resources Manager, Chief Executive Officer or Chairperson as appropriate.
Archives and Disposal of Records (See Confidentiality – Service Delivery – Storage and Disposal of Confidential Information)
In no circumstances will the records of a young person in a program be destroyed except under the written direction of the relevant funding body. Program Managers are to ensure all client files are archived and/ or returned per funding body requirements.
For Department of Child Safety Youth and Women (See Confidentiality – Service Delivery – Storage and Disposal of Confidential Information):
The Program Manager is to retain copies of correspondence regarding this process.
All other documentation relating to the organisation shall be handled in accordance with relevant legislation and the Commonwealth General Disposal Schedule.
Individuals who believe that there has been inappropriate handling or use of their private information can:
· Make a complaint through grievances procedures outlined in this manual.
· Contact the Privacy Commissioner who may investigate, determine and make decisions about the situation.
The Program Manager should also notify the relevant funding department of any breaches of these procedures as soon as possible.
For further information about the Privacy Act contact the Office of the Australian Information Commissioner on 1300 363 992 or go to their website - http://www.oaic.gov.au/ .
For further information about the Information Privacy Act contact the Office of the Information Commissioner (Queensland) on 3234 7373 or go to their website - http://www.oic.qld.gov.au/ .