TASC National Limited (TASC) is committed to protecting and upholding the right to privacy of clients, staff, volunteers, Directors and representatives of agencies with which we deal. In particular TASC is committed to protecting and upholding the rights of our clients to privacy in the way we collect, store and use information about them, their needs and the services we provide to them.
TASC requires staff, volunteers and Directors to be consistent and careful in the way they manage what is written and said about individuals and how they decide who can see or hear this information.
TASC is not subject to the Right to Information Act 2009. TASC will follow the guidelines of the Information Privacy Act 2009 and Australian Privacy Principles in its information management practices.
TASC will ensure that:
- It meets its legal and ethical obligations as an employer and service provider in relation to protecting the privacy of clients and organisational personnel.
- Clients are provided with information about their rights regarding privacy.
- Clients and organisational personnel are provided with privacy when they are being interviewed or discussing matters of a personal or sensitive nature.
- All staff, Directors and volunteers understand what is required in meeting these obligations.
This policy conforms to the Federal Privacy Act (1988) and the Australian Privacy Principles which govern the collection, use and storage of personal information.
(Note: The Federal Privacy Act does not apply to organisations with an annual turnover under $3m, but many funding contracts require that funded organisations comply with the Privacy Principles).
This policy will apply to all records, whether hard copy or electronic, containing personal information about individuals, and to interviews or discussions of a sensitive personal nature.
Collection of personal information
The Australian Privacy Principles rely upon TASC to be open and transparent in the management of personal information collected. TASC will only collect information where it is necessary for the delivery of services, or for one or more of its functions at the time.
The Chief Executive Officer is responsible for safeguarding personal information relating to TASC clients, staff, Directors, volunteers and contractors.
In dealing with personal information, TASC staff will:
- ensure privacy for clients, staff, volunteers or Directors when they are being interviewed or discussing matters of a personal or sensitive nature.
- use fair and lawful ways to collect personal information.
- collect personal information only by consent from an individual.
- ensure that people know what sort of personal information is held, what purposes it is held for and how it is collected, used, disclosed and who will have access to it.
- ensure that personal information collected or disclosed is accurate, complete and up-to-date, and provide access to any individual to review information or correct wrong information about themselves.
- take reasonable steps to protect all personal information from misuse and loss and from unauthorised access, modification or disclosure.
- Destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired.
The kinds of personal information collected and held by TASC are:
- Identifying information such as name, date of birth, address, phone number(s), email address(s)
- Next of kin details
- Information pertaining to the matter/case
- TASC will not collect personal information revealing political opinions, religious or philosophical beliefs, trade-union membership, or details of health or sexual preferences unless the collection is required or specifically authorised by law
Wherever possible, TASC will collect personal information directly from the person concerned in an unobtrusive and objective manner. If the individual has a disability which prevents him or her providing information directly to TASC, then gaining information from the person’s carer or support person may be acceptable provided that a signed authority has been given by the individual. In this case TASC will take reasonable steps to ensure that the person has been made aware of the collection.
USE AND DISCLOSURE OF PERSONAL INFORMATION
TASC will only collect and use the personal information of clients to provide a high quality and appropriate service. It will not use this information for purposes other than service provision unless the person has first been informed of this and given permission for their information to be used in this way.
TASC will only disclose personal information with the prior written permission of the client. This consent will include areas of non-consent where the client may indicate organisations or individuals to whom consent is not given for disclosure.
TASC may need to use or disclose personal information about a client for a purpose other than the primary purpose of collection (a ‘secondary purpose’) under the following conditions:
- If the secondary purpose is related to the primary purpose of collection and the service user would reasonably expect TASC to use or disclose the information for the secondary purpose;
- If TASC reasonably believes that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety;
- If the use or disclosure is required or specifically authorised by law.
TASC will take reasonable steps to make sure that all personal information it collects, uses or discloses is accurate, complete and up to date.
RESPONSIBILITIES FOR MANAGING PRIVACY
TASC will take all reasonable steps to protect the personal information it holds from misuse and loss and from unauthorized access, modification or disclosure. All employees, Directors and volunteers must be aware of their responsibilities to keep private information confidential and that breaches of confidentiality will be treated as official misconduct and disciplinary action may be taken.
- are responsible for the management of personal information to which they have access, and in the conduct of research, consultation or advocacy work.
- will ensure that private information obtained is appropriate and restricted to the purposes for which it is required.
- will take reasonable steps to ensure that personal information collected is accurate, complete and current.
- will take reasonable steps to protect personal information from misuse, loss and from unauthorised access, modification or disclosure.
- will destroy or permanently de-identify personal information if it is no longer needed for any purpose.
- will ensure that computer access passwords are not disclosed to others will ensure that files are not left in places where the public may view or access them.
The Chief Executive Officer
The Chief Executive Officer is responsible for content in TASC’s publications, communications and web site and must ensure the following:
- appropriate consent is obtained for the inclusion of any personal information about any individual including TASC personnel.
- information being provided by other agencies or external individuals conforms to privacy principles.
- that the website contains a Privacy statement that makes clear the conditions of any collection of personal information from the public through their visit to the website.
- access to computerised records is granted only to employees requiring such information in the course of their duties.
- service users have the right to correct or update their personal information and any incorrect information will be rectified as soon as it comes to TASC’s attention.
The Privacy Contact Officer
The Privacy Contact Officer will be the Chief Executive Officer. The Chief Executive Officer will be responsible for:
- ensuring that clients and other relevant individuals are provided with information about their rights regarding privacy.
- handling any queries or complaint about a privacy issue.
ACCESS TO PERSONAL INFORMATION BY AN INDIVIDUAL
The client has a right to access and to correct or update their personal information unless there is an exception which applies under the Act, for example where TASC has a legal duty not to disclose the information or where I may be harmful to the person to do so. For other exceptions please refer to the Act.
The client can request access to their personal information through the Organisational Development Coordinator. The client may view their information in a private area of the office but must not remove personal information from their file. The Organisational Development Coordinator or delegate must be present whilst a client accesses their personal information.
BREACHES OF PRIVACY
Where a client believes that their privacy has been breached, a complaint may be made to the CEO, or if the complaint concerns the CEO, to the Directors. In order to enable a formal complaint to be properly investigated, it should identify the person whose privacy is alleged to have been breached. Please refer to Managing Complaints Policy 02-POL-029 for information on how to make a complaint.