Privacy Policy
Purpose
Carers TAS is committed to protecting and maintaining the privacy and confidentiality of Carers and their families. This commitment extends to the privacy and confidentiality of Carers TAS members, employees, volunteers, Board Directors, students and representatives of agencies and organisations with which we work with.
Carers TAS complies with the Privacy Amendment (Notifiable Data Breaches) Act 2017, the Privacy Act 1988 and the Australian Privacy Principles.
Scope
This policy applies to all Carers TAS’s Staff, which includes all workers (including full-time, part-time and casual), students on work experience placement, volunteers and Board Directors. Stakeholders include contractors, 3rd party providers and workplace participants. For the purposes of this policy, the above will collectively be referred to as Staff.
The Privacy and Confidentiality Policy applies to all personal, health or sensitive information about individuals, collected, used, stored, disclosed, shared and destroyed by Carers TAS, regardless of the format of the information.
It also applies to organisational information which is not to be used or disclosed by Board Directors, staff or volunteers.
Policy
Carers TAS protects the personal information of the people we support.
– We only collect personal information for purposes directly related to Carers TAS services. We collect personal information directly from the person using our services (usually a Carer).
– We always obtain consent to collect personal information. The people we support may choose to remain anonymous although this may limit the services then available to support them.
– Carers TAS obtain consent from the Carer (and or person being cared for) before referral to other service providers.
– Carers TAS, after gaining consent, when needing to send information to Federal Government regarding sensitive and or personal information regarding Carers (and or the person that they provide care for) and or program services and deliverables, will use the secure Government platform ‘Filepoint’.
– We only use personal information for the purpose for which it was provided to us, for related purposes or as required or permitted by law.
– Carers TAS are committed to the Information Sharing Guidelines (ISG,) these Guidelines are for use when advising clients about their limits of confidentiality, their right to privacy and explaining duty of care incumbent on Carers TAS staff when sharing Carers’ information. Under the ISG framework, Carers TAS will seek your consent to share your information, and only whenever it is safe and possible to do so. In certain circumstances your information may be provided to other agencies or organisations without your consent in order to protect you and others from serious threats to health or safety or if we are required to do so by law.
– Carers TAS use secure IT platforms and software to store confidential information
Carers TAS complies with the Notifiable Data Breaches scheme where we are obligated to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.
– Staff should take appropriate care and actions to ensure that information is not able to be accessed by unauthorised persons. This includes ensuring relevant conversations are private, ensuring computers are locked, not leaving confidential information in public areas of the office and or other sites.
– All Staff are informed of their obligations under this, Carers TAS Privacy and Confidentiality Policy, and must declare and abide by this policy by signing the Privacy and Confidentially Declaration (as part of their condition to employment at Carers TAS).
– Staff are expected to return materials containing confidential information at the time of separation from employment or expiration of service. The Staff member’s obligation of confidentiality will continue after the end of their employment or volunteering with Carers S
Types of Personal Information We Collect and Hold
We only collect information from Carers (and the person that they care for) that is necessary for the work undertaken by Carers TAS and to helps us to provide support to Carers. Some examples of information that we may collect and hold are:
• Personal details, like name and date of birth (of the Carer and or the person that they care for)
• Address and contact details
• Details about health, family, care supports and or other issues relating to Carer needs
• Information on whether a person meets eligibility criteria for Carers TAS services and prioritisation to access services
• Information to help us measure a Carers progress
• other information to assist in carrying out services and activities or requested as part of funding agreements and guidelines.
We collect information on our Staff, in relation to the normal course of human resource management and the operation of a community service organisation. This information is not limited to but includes: recruitment information, address, required clearances, bank details, emergency contract and drivers licence
How We Collect Information
We only collect personal information by lawful and fair means. We usually collect personal information from:
· Telephone calls
· Face-to-face meetings and interviews
· Membership information;
· Application forms: such as application forms for government assistance programs and services administered by us, application forms to join or participate in programs provided by us;
· Consent forms: such as a consent form to use a persons name and photo in our publications;
· Fundraising events: for example, from donations and fundraising event registrations;
· Electronic communications: for example, e-mails and attachments (including CVs); forms filled out by people, including as part of acquiring a product or service from us;
· Third parties: for example, from a Carers parents or guardians, recruitment agencies, referees, representatives or agents; and
· Our website: including; from the page ‘contact us’, engage in the discussion forum, give us feedback or to make a donation.
Use of Personal Informati0n
Staff may make referrals, for Carers (and the person that they support) to access services. For this to happen, Carers TAS will obtain consent.
In some cases, we may disclose your personal information to researchers, contractors or others working directly on our behalf who are also bound by privacy laws and confidentiality obligations. We will always get your consent to use and disclose your personal information for research (where your information is usually de-identified) or in any publicity or marketing activities.
Carers TAS will not otherwise disclose a person’s personal information without consent, unless required or authorised under law to do so
How we Keep Personal Information
Carers TAS takes the security and confidentiality of personal information very seriously. We actively ensure that all personal information we hold is protected from misuse, interference and loss, and from unauthorised access, modification or disclosure. This is done through ICT protection, our CRM protocols, our staff filing framework. Further communications made online through our website are secure.
Carers TAS Staff are trained in relation to their obligations related to this policy and have signed a declaration to follow the policy as part of their employment.
Where information is held and it is no longer needed or required by law to be held reasonable steps are taken to ensure the information is destroyed or de-identified.
Notifiable Data Breaches
In the unlikely event of a data breach, Carers TAS will notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches via the Notifiable Data Breach Statement – Form.
Note: an eligible data breach is one which is likely to result in serious harm to any individual affected.
Should a data breach occur, Carers TAS will undertake a full assessment of the incident and take steps to mitigate the risk of a data breach happening again in the future.
Links to Other Websites
The Carers TAS’s privacy policy does not apply to external links, social media or non-Carers TAS web pages. Such third party websites may collect your personal information. We encourage you to read the privacy policies of external websites. Carers TAS does not accept responsibility for any content contained on sites other than its own.
Confidentiality statement re Government funding requirement to collect a Minimum Data Set
There are Minimum Data Set requirements regarding information that must be collected from Carers under State and Commonwealth funding agreements.
Therefore, Carers TAS advises the users of its services that the provision of such data to the National or State Data Repository is de-identified (does not disclose name, or address).
Users of Carers TAS services are advised that this will enable the collection of information about services and service users. This information is used for statistical purposes only and cannot be used to affect individual entitlements to, or access to, services
How to Connect Carers TAS
If you wish to contact Carers TAS please email peak@carerstasmania.org or call 03 6144 3700
Definitions
- Privacy Keeping certain personal information free from public knowledge and having control over its disclosure and use.
- Personal information Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.
- Confidential information Names, details and information relating to Carers; matters of a technical nature; trade secrets; technical data; marketing procedures and information; financial information; strategic and business plans; and other information which Carers TAS informs a staff member or volunteer is confidential.
- Sensitive information Type of personal information) Information or an opinion about an individual’s race or ethnicity, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences, trade or professional associations, union membership, criminal record, health or genetic information or biometric information.
- Confidentiality Declaration A separate legal concept to privacy, confidentiality applies to information given to a person or organisation under an obligation not to disclose that information to others unless there is a statutory requirement or duty of care obligation to do so. Confidentiality also applies to organisational information which is not to be used or disclosed by Board Directors, staff or volunteers.
- De-identified Information and Dex reporting That is the processes that personal data that has been encrypted to take out/remove identify information ie name and address of the Carer (and the person that they care for) so that the remaining data can be used for program and performance reporting, service evaluation, strategic program development and policy planning.
- SendSafely Encrypted (secure) email platform. Details of use is outlined in the Carer Gateway Service Provider, Operating Manual
- ISG Information Sharing Guidelines prescribe a regulatory framework for Carers TAS to sharing personal information to other organisations.
- Filepoint Encrypted (secure) information sharing link, used by the Governments to send and receive sensitive and or personal information
Related Legislation
- Privacy Amendment (Notifiable Data Breaches) Act 2017 (Commonwealth)
- Privacy Act 1988 (Commonwealth)
- Australian Privacy Principles