Privacy and Confidentiality Policy

1.0 Purpose of the Policy
Adventurebilities is committed to safeguarding the confidentiality of personal or sensitive information collected with regard to the people we support. Adventurebilities is also committed to protecting the privacy of its staff and stakeholders.

2.0 Policy Context
This policy sets out how Adventurebilities complies with its obligations under the Privacy Act 1988, including the Australian Privacy Principles to ensure we meet our legal and ethical obligations to respect the rights and privacy of people we support, and its staff.

  • This policy regulates how we manage personal information, collect, use, disclose, and secure & store personal information. It also details how individuals may access that information and have it corrected if it is wrong.
  • Legislative Context
    Legislation that relates to Privacy is:
    Privacy Act 1988;
  • Australian Privacy Principles 2014
    • National Security Legislation Amendment Act (No. 1) 2014
    • Privacy Amendment (Private Sector) Act 2000
    • National Privacy Principles (2001)
    • Privacy and Personal Information Protection Act, 1988

Other Legislation
There are other laws which impact on particular aspects of privacy, such as:

  • Surveillance Devices (Workplace Privacy) Act 2006 (VIC)
  • Surveillance Devices Act 1999 (VIC)

3.0 Compliance with the Australian Privacy Principles & privacy provisions within the NDIS Practice Standards
Adventurebilities will ensure all aspects of our operations comply with the Australian Privacy Principles and the NDIS Practice Standards and the National Disability Service Standards.

The above-mentioned Standards apply to the people we support and their families. The National Privacy Principles apply to all people that the organisation holds personal information about. This includes, people we support, families, advocates, staff and students.

4.0 Responsibilities of staff, contractors and Privacy Officer
All employees, contractors and students of Adventurebilities have a responsibility to ensure that personal information is handled in accordance with this policy and that any personal and/or sensitive information accessed in the course of their duties are bound by their commitment to confidentiality.

The Operations Manager is the Privacy Officer and will respond to any concerns, complaints or alleged breaches in relation to privacy. The Privacy Officer’s responsibilities are limited to:

  • receive and respond to any requests for access to personal information; and
  • report any requests or complaints to the General Manager.

5.0 How Adventurebilities will ensure compliance
To ensure compliance Adventurebilities will develop specific procedures to effectively manage personal information, including sensitive information, in the context of the broad range of services we provide.

6.0 Ensure the quality of the data and relevance

Adventurebilities will take all reasonable steps to make sure that the personal and/or sensitive information it collects, uses or discloses is accurate is complete and up-to-date. Personal and/or sensitive information about our service users will only be collected only when it is directly relevant and needed to provide support services to that person, or where we are required by regulation to collect the information.

Adventurebilities has in place procedures to allow service users and staff the ability to access information kept about them, update and or amend their records.

8.0 Use of personal information
Adventurebilities will only use personal information for the purposes for which it was given to us, or for purposes that are directly related to one of our functions or operations.

9.0  Kinds of personal and/or sensitive information that we collect and hold
The types of personal and/or sensitive information that we collect may include your name, address, other contact details, information about your racial or ethnic origin, religious beliefs or affiliations, sexual orientation or practices, criminal record, health information and other such information that is relevant for us to provide our products and services to you in the manner that you have requested, or to comply with the Law.

10.0 How we collect and hold personal information
We generally collect personal and/or sensitive information directly from you through the use of our standard forms, interviews, via email or through a telephone conversation with you. With your consent we may collect personal and/or sensitive information from third party contractors or agents and government instrumentalities that are involved in the provision of our products and services.

11.0  The purposes for which we collect, hold, use and disclose personal information personal information.
We collect your personal and/or sensitive information for any one or more of the following reasons:

  • providing our products or services to you and to ensure they meet your requirements;
  • to assist with your queries;
  • facilitating our internal business operations, including the fulfilment of any legal
    obligations; and
  • analysing our services and client needs with a view to developing new and/or improved services.
  • Adventurebilities will not disclose identifying information without written consent

Adventurebilities doesn’t give identifying information to other agencies, organisations or anyone else unless one of the following applies:

  • the person has consented;
    – it is required by law or is necessary to protect the rights or property of our organisation or any other individual
    – it will prevent or lessen a serious and imminent threat to somebody’s life or health;
    – it relates to a criminal issue

Where the person we support is unable to provide consent, we will obtain written consent from the Person Responsible (Nominee/Guardian). In some instances verbal consent from a Person Responsible may be necessary and will be documented.

Where there is uncertainty as to the direct benefit of the release of information which does not remove the names of individuals and or other identifying characteristics such as home address, or there is doubt that individuals would not consent to the release of this information we will seek approval from the concerned people or the designated Person Responsible prior to the release of the information.

13.0 Security of Information 
Adventurebilities takes steps to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure and against other misuse.

These steps include:

  • secure handling procedures;
  • placing access restrictions on private files and information so that only the Operations Manager and General Manager have access to these files unless permission is given by these officers to key personnel who require that information to execute their duties;
  • ensuring paper-based documents are stored in locked cabinets when not in use;
  • All electronic files are password protected with restricted access for all electronic files for sensitive and personal information;
  • All servers are protected with firewalls and anti-virus and anti-spyware software that is kept up dated.

When no longer required, personal information is destroyed in a secure manner such as shredding or deleted.

14.0 Privacy Amendment (Notifiable Data Breaches) Act 2017.

In accordance with the Notifiable Data Breaches Adventurebilities will notify affected individuals and the Office of the Australian Information Commissioner when a data breach has occurred and is likely to result in serious harm to individuals whose personal information is involved in the breach.

15.0 Complaints or Concerns in Relation to Privacy 
If a service user has a complaint in relation to privacy, it should be made in writing, directed to Adventurebilities and will be investigated in compliance with our Complaints and Feedback policy. 

16.0 Communication

Communication about this policy should be implemented in a way that suits each person with regard to their cultural background and communication needs e.g. use of an interpreter, translation or easy to read documents.

This policy will be:

  • communicated to all the participants, their carers/family, key internal and external stakeholders of Adventurebilities;
  • communicated to Adventurebilities staff through induction and professional development opportunities;
  • accessible through Adventurebilities.

17.0 Other Related Policies 

  • Individual Planning & Outcomes
  • Complaints & Feedback
  • Rights and Responsibilities
  • Code of Conduct
  • Service Charter

18.0 Policy Review

This entire policy will be reviewed in consultation with people using the service, their families and carers and staff every 3 years or as changes to legislation require.