To outline a framework for NTWC to responsibly manage the information provided to NTWC by individuals and organisations.
This policy applies wholly or in part to NTWC Board, Employees, Reviewers, Contractors and Suppliers, Service users / Clients.
NTWC acknowledges and respects the privacy of individuals and organisations and supports the Australian Privacy Principles contained in the Acts.
Accordingly NTWC will:
- only collect information with prior knowledge and consent;
- only use the information provided for the purposes for which it was collected; • not disclose information to a third party without consent;
- not disclose information to other institutions and authorities except if required by law or other regulation; and
- remove information from records when it is no longer required (except where archiving is required).
- Not seek or collect information that is not needed
The information held on a client or organisation will be up-to-date, relevant, non-obtrusive and objective. NTWC will take reasonable steps to correct inaccurate, incomplete or out-of date information on a regular basis. NTWC will have processes and policies to protect the information that NTWC has under its control from:
- a) unauthorised access;
- b) improper use;
- c) alteration; and
- d) unlawful or accidental destruction and accidental loss.
Personal Information is defined by the Privacy Act as “information about an individual who’s identity is apparent, or can reasonably be ascertained, from the information or opinion” which is maintained electronically, on video or in written form; and/or verbal information given to an employee about an individual. Although exempt under the Act, NTWC includes employee and Board records under this policy.
Individuals as defined by NTWC are:
- Board members;
- members of the public accessing NTWC programs, services and/or website; • donors;
- job applicants; and
- clients / service users
Although the Privacy Act only relates to individuals, NTWC will apply the same principles to the collection of information about organisations and businesses. Where this policy refers only to individuals it applies equally to organisations/businesses.
Employee and Board Records
Employee and Board Records means a record of personal and professional information relating to the employment of the employee or appointment of a Board member. Examples may include any or all of the following:
- engagement, training, discipline or resignation;
- termination of the employment of the employee;
- terms and conditions of appointment;
- personal and emergency contact details;
- performance and conduct details;
- hours of employment or in kind support;
- employee’s salary or wages;
- Board member or employee’s membership of a professional or trade association; • employee’s trade union membership;
- employee’s recreation, long service, sick, personal, maternity, paternity or other leave; and
- employee’s taxation, banking or superannuation affairs;
• employee’s relationships to any of NTWC’s peer or priority populations or communities.
- The Executive Director is responsible for the effective implementation of this policy.
- The Executive Director is responsible for maintaining this policy, work instructions and associated documents on the NTWC server.
- All Board members, staff, consultants and reviewers (including consumer reviewers) are responsible for complying with this policy.
- Staff are responsible for seeking a documented exemption from the Executive Director in any situations where they are unable to follow policy or procedure.
Practice Guidelines: The following guidelines establish the professional practice framework for all areas of activity within NTWC.
- NTWC regards having the confidence of individuals/organisations as a privilege. 6.1.2 Individual/organisations’ access to information about them is a right.
- The collection and storage of unnecessary information concerning individuals/organisations is considered a breach in privacy and is inappropriate.
- The formation of, or expression of a professional assessment/opinion must be recorded with care. Sensitive information will only be recorded with the individual’s/organisation’s consent unless: the collection is required by law; the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns is physically or legally incapable of communicating consent to the collection physically, and the collection is necessary for the establishment, exercise or defense of a legal or equitable claim.
- All individuals/organisations have the right to be informed on who has access to their information.
- Individuals have a right to challenge the accuracy of personal information recorded about them.
- At, or before, the time information is collected or recorded (or, if that is not practicable, as soon as practicable after), the individuals/organisations concerned should be made aware of the: nature of the contents of the information; identity of the organisation (NTWC or its agents or partner organisations) and how to contact it; individuals/organisations right to make reasonable requests to access that information; purpose for which the information is collected; period of time for which the information is kept; organisations (or types of organisations) to which NTWC may disclose information; • any law or process of law that requires the particular information to be collected; and main consequences (if any) for the individual if all or part of the information is not provided.
- Formal and informal team-briefing and supervision within NTWC is considered a professional contract which is based on professional ethics of confidentiality. The information derived from team briefing and supervision remains confidential between the participants except where:
- It is agreed by the parties to communicate information to third parties. • NTWC has a legal obligation to communicate information to third parties • The information relates to allegations of misconduct, grievances or formal complaints
- NTWC policy requires the information to be communicated to designated third parties.
- Wherever it is lawful and practicable, individuals must have the option of not identifying themselves or using a pseudonym.
Use of Disclosure of Personal Information:
- The purpose for which information is collected will be identified on all forms. The following statement will be used: NTWC requests this information in order to (INSERT REASON). Information collected maybe entered into the NTWC database which is kept private, secure and password protected. Only NTWC staff may access information for the purposes stated above, except where there is a legal requirement to provide information to a government agency.
- Where NTWC may use this information in the public domain (e.g. for promotional/marketing purposes, Annual Report etc) written consent is to be obtained. Individuals will not be photographed or filmed without seeking prior permission which outlines the proposed use of the image/s.
- In the context or external reviews of NTWC’s services or functions, NTWC routinely discloses contact information and details about the professional skills and experience regarding potential reviewers to clients and other stakeholders, in order to inform the external review process. Written consent for this will be obtained from the reviewer.
- A legal requirement to disclose personal information may override national privacy principles. Situations where this may occur include the following:
- 6.2.4 A legal requirement to disclose personal information may override national privacy principles. Situations where this may occur include the following:
- when serious criminal acts are known;
- where there is serious risk of abuse or physical harm to the individual or other person including the organisation’s employees; or
- where NTWC has mandatory reporting obligations, eg the abuse or neglect of minors.
- Where the question of a legal need for disclosure arises in practice, the employee concerned must inform and discuss the issue with the Executive Director, who then takes responsibility for any decision around breaching privacy and confidentiality.
- Privacy Act 1988
- Privacy Amendment Act 2012