Carers SA is committed to protecting and maintaining the privacy and confidentiality of Carers and their families. This commitment extends to the privacy and confidentiality of Carers SA members, employees, volunteers, Board Directors, students and representatives of agencies and organisations with which we work with.
Carers SA complies with the Privacy Amendment (Notifiable Data Breaches) Act 2017, the Privacy Act 1988 and the Australian Privacy Principles.
This policy applies to all Carers SA’s Staff, which includes all workers (including full-time, part-time and casual), students on work experience placement, volunteers and Board Directors. Stakeholders include contractors, 3rd party providers and workplace participants. For the purposes of this policy, the above will collectively be referred to as Staff.
The Privacy and Confidentiality Policy applies to all personal, health or sensitive information about individuals, collected, used, stored, disclosed, shared and destroyed by Carers SA, regardless of the format of the information.
It also applies to organisational information which is not to be used or disclosed by Board Directors, staff or volunteers.
Carers SA protects the personal information of the people we support.
– We only collect personal information for purposes directly related to Carers SA services. We collect personal information directly from the person using our services (usually a Carer).
– We always obtain consent to collect personal information. The people we support may choose to remain anonymous although this may limit the services then available to support them.
– Carers SA obtain consent from the Carer (and or person being cared for) before referral to other service providers.
– Carers SA use the secured referral email platform ‘SendSafely’ when providing Carers’ (and or the person that they care for) personal information. We will not use unsecured email to refer any personal information.
– Carers SA, after gaining consent, when needing to send information to Federal Government regarding sensitive and or personal information regarding Carers (and or the person that they provide care for) and or program services and deliverables, will use the secure Government platform ‘Filepoint’.
– We only use personal information for the purpose for which it was provided to us, for related purposes or as required or permitted by law.
– Carers SA are committed to the Information Sharing Guidelines (ISG,) these Guidelines are for use when advising clients about their limits of confidentiality, their right to privacy and explaining duty of care incumbent on Carers SA staff when sharing Carers’ information. Under the ISG framework, Carers SA will seek your consent to share your information, and only whenever it is safe and possible to do so. In certain circumstances your information may be provided to other agencies or organisations without your consent in order to protect you and others from serious threats to health or safety or if we are required to do so by law.
– Carers SA use secure IT platforms and software to store confidential information
Carers SA complies with the Notifiable Data Breaches scheme where we are obligated to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.
– Staff should take appropriate care and actions to ensure that information is not able to be accessed by unauthorised persons. This includes ensuring relevant conversations are private, ensuring computers are locked, not leaving confidential information in public areas of the office and or other sites.
– All Staff are informed of their obligations under this, Carers SA Privacy and Confidentiality Policy, and must declare and abide by this policy by signing the Privacy and Confidentially Declaration (as part of their condition to employment at Carers SA).
– Staff are expected to return materials containing confidential information at the time of separation from employment or expiration of service. The Staff member’s obligation of confidentiality will continue after the end of their employment or volunteering with Carers S
Types of Personal Information We Collect and Hold
We only collect information from Carers (and the person that they care for) that is necessary for the work undertaken by Carers SA and to helps us to provide support to Carers. Some examples of information that we may collect and hold are:
• Personal details, like name and date of birth (of the Carer and or the person that they care for)
• Address and contact details
• Details about health, family, care supports and or other issues relating to Carer needs
• Information on whether a person meets eligibility criteria for Carers SA services and prioritisation to access services
• Information to help us measure a Carers progress
• other information to assist in carrying out services and activities or requested as part of funding agreements and guidelines.
We collect information on our Staff, in relation to the normal course of human resource management and the operation of a community service organisation. This information is not limited to but includes: recruitment information, address, required clearances, bank details, emergency contract and drivers licence
How We Collect Information
We only collect personal information by lawful and fair means. We usually collect personal information from:
· Telephone calls
· Face-to-face meetings and interviews
· Membership information;
· Application forms: such as application forms for government assistance programs and services administered by us, application forms to join or participate in programs provided by us;
· Consent forms: such as a consent form to use a persons name and photo in our publications;
· Fundraising events: for example, from donations and fundraising event registrations;
· Electronic communications: for example, e-mails and attachments (including CVs); forms filled out by people, including as part of acquiring a product or service from us;
· Third parties: for example, from a Carers parents or guardians, recruitment agencies, referees, representatives or agents; and
· Our website: including; from the page ‘contact us’, engage in the discussion forum, give us feedback or to make a donation.
Use of Personal Informati0n
Staff may make referrals, for Carers (and the person that they support) to access services. For this to happen, Carers SA will obtain consent.
In some cases, we may disclose your personal information to researchers, contractors or others working directly on our behalf who are also bound by privacy laws and confidentiality obligations. We will always get your consent to use and disclose your personal information for research (where your information is usually de-identified) or in any publicity or marketing activities.
Carers SA will not otherwise disclose a person’s personal information without consent, unless required or authorised under law to do so
How we Keep Personal Information
Carers SA takes the security and confidentiality of personal information very seriously. We actively ensure that all personal information we hold is protected from misuse, interference and loss, and from unauthorised access, modification or disclosure. This is done through ICT protection, our CRM protocols, our staff filing framework, our SendSafely email protocols and electronic data transmission procedures. Further communications made online through our website are secure.
Carers SA Staff are trained in relation to their obligations related to this policy and have signed a declaration to follow the policy as part of their employment.
Where information is held and it is no longer needed or required by law to be held reasonable steps are taken to ensure the information is destroyed or de-identified.
Notifiable Data Breaches
In the unlikely event of a data breach, Carers SA will notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches via the Notifiable Data Breach Statement – Form.
Note: an eligible data breach is one which is likely to result in serious harm to any individual affected.
Should a data breach occur, Carers SA will undertake a full assessment of the incident and take steps to mitigate the risk of a data breach happening again in the future.
Carers SA takes special care to ensure that the personal information it holds is accurate and up to date. Access to the personal information Carers SA holds about an individual can be requested as can changes to that personal information.
Carers SA will allow access or make the changes unless it is considered that there is a sound reason under the Privacy Act 1988, or other relevant law to withhold the information.
Personal Information can be updated by Carers and members by calling Carers SA on 1800 422 737 with any general queries. Personal information is also updated when conducting carer reviews.
Links to Other Websites
Confidentiality statement re Government funding requirement to collect a Minimum Data Set
There are Minimum Data Set requirements regarding information that must be collected from Carers under State and Commonwealth funding agreements.
Therefore, Carers SA advises the users of its services that the provision of such data to the National or State Data Repository is de-identified (does not disclose name, or address).
Users of Carers SA services are advised that this will enable the collection of information about services and service users. This information is used for statistical purposes only and cannot be used to affect individual entitlements to, or access to, services
How to Connect Carers SA
If you wish to contact Carers SA about our services, obtain access to or change your personal information, have any questions about this policy or make any other enquiries contact Carers SA’s Privacy Officer, CEO David Militz:
(a) by email to: email@example.com (b) by writing to: Privacy Officer, David Militz, Carers SA, PO Box 422, Fulham Gardens SA 5024
(c) by telephone: (08) 8291 5600 or 1800 422 737
- Privacy Keeping certain personal information free from public knowledge and having control over its disclosure and use.
- Personal information Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.
- Confidential information Names, details and information relating to Carers; matters of a technical nature; trade secrets; technical data; marketing procedures and information; financial information; strategic and business plans; and other information which Carers SA informs a staff member or volunteer is confidential.
- Sensitive information Type of personal information) Information or an opinion about an individual’s race or ethnicity, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences, trade or professional associations, union membership, criminal record, health or genetic information or biometric information.
- Confidentiality Declaration A separate legal concept to privacy, confidentiality applies to information given to a person or organisation under an obligation not to disclose that information to others unless there is a statutory requirement or duty of care obligation to do so. Confidentiality also applies to organisational information which is not to be used or disclosed by Board Directors, staff or volunteers.
- De-identified Information and Dex reporting That is the processes that personal data that has been encrypted to take out/remove identify information ie name and address of the Carer (and the person that they care for) so that the remaining data can be used for program and performance reporting, service evaluation, strategic program development and policy planning.
- SendSafely Encrypted (secure) email platform. Details of use is outlined in the Carer Gateway Service Provider, Operating Manual
- ISG Information Sharing Guidelines prescribe a regulatory framework for Carers SA to sharing personal information to other organisations.
- Filepoint Encrypted (secure) information sharing link, used by the Governments to send and receive sensitive and or personal information
- Privacy and Confidentiality and Code of Conduct Declaration
- Carers SA Code of Conduct
- Board Code of Conduct Declaration Form
- Service Delivery Policies and Procedures
- Information Sharing Guidelines
- Notifiable Data Breach Statement – Form – https://forms.business.gov.au/smartforms/landing.htm?formCode=OAIC-NDB
- DEX protocols
- Carer Gateway Service Provider, Operating Manual
- Privacy Amendment (Notifiable Data Breaches) Act 2017 (Commonwealth)
- Privacy Act 1988 (Commonwealth)
- Australian Privacy Principles
Approved Date October 2022