Privacy & Confidentiality Policy

 

Purpose

Carers SA is committed to protecting and maintaining the privacy of carers and their families, Carers SA members, employees, volunteers, board members, students and representatives of agencies and organisations with which we deal, and to maintain the confidentiality of the personal, health and sensitive information we hold about them.

Carers SA complies with the Privacy Amendment (Notifiable Data Breaches) Act 2017, the Privacy Act 1988 and the Australian Privacy Principles.

Scope

This policy applies to our employees (including full-time, part-time and casual), students on work experience placement, volunteers and Board Directors. (For the purposes of this policy, the above will collectively be referred to as Staff).

The Privacy and Confidentiality Policy applies to all personal, health or sensitive information about individuals, collected, used, stored, disclosed, shared and destroyed by Carers SA, regardless of the format of the information.

It also applies to organisational information which is not to be used or disclosed by Board Directors, staff or volunteers.

Policy

  • Carers SA protects the personal information of the people we support.
  • We only collect personal information for purposes directly related to Carers SA services. We collect personal information directly from the person using our services (usually a carer).
  • We always obtain consent to collect personal information. The people we support may choose to remain anonymous although this may limit the services then available to support them.
  • Carers SA obtain consent from the carer (and or person being cared for) before referring the client to other service providers.
  • Carers SA use the secured referral email platform ‘SendSafely’ when providing carers’ (and or the person that they care for’s) personal information. We will not use unsecured email to refer any personal information.
  • Carers SA, after gaining consent, when needing to send information to Federal Government regarding sensitive and or personal information regarding carers (and or the person that they provide care for) and or program services and deliverables, will use the secure Government platform ‘Filepoint’.
  • We only use personal information for the purpose for which it was provided to us, for related purposes or as required or permitted by law.
  • Carers SA use secure IT platforms and software to store confidential information.
  • Carers SA are committed to the Information Sharing Guidelines (ISG,) these Guidelines are for use when advising clients about their limits of confidentiality, their right to privacy and explaining duty of care incumbent on Carers SA staff when sharing carers’ information. Under the ISG framework, Carers SA will seek your consent to share your information, and only whenever it is safe and possible to do so. In certain circumstances your information may be provided to other agencies or organisations without your consent in order to protect you and others from serious threats to health or safety or if we are required to do so by law.

Types of personal information we collect and hold

For our Carers (and the person that they care for) we only collect information that is necessary for our work and to helps us to provide the support to our carers. Some examples of information that we may collect and hold are:

  • Personal details, like name and date of birth (of the carer and or the person that they care for)
  • Address and contact details
  • Details about health, family, care supports and or other issues relating to carer needs
  • Information on whether you meet eligibility criteria for our services and prioritisation to access services
  • Information to help us measure your progress
  • other information to assist us in carrying out our services and activities or requested as part of funding agreements and guidelines.

We collect information on our Staff, in relation to the normal course of human resource management and the operation of a community service organisation. This information is not limited to but includes: recruitment information, address, required clearances, bank details, emergency contract and drivers licence

How we collect information

We only collect personal information by lawful and fair means.  We usually collect personal information from:

  • Telephone calls
  • Face-to-face meetings and interviews
  • Membership information;
  • Application forms: such as application forms for government assistance programs and services administered by us, application forms to join or participate in programs provided by us;
  • Consent forms: such as a consent form to use your name and photo in our publications;
  • Fundraising events: for example, from donations and fundraising event registrations;
  • Electronic communications: for example, e-mails and attachments (including CVs); forms filled out by people, including as part of acquiring a product or service from us;
  • Third parties: for example, from a carers parents or guardians, recruitment agencies, referees, representatives or agents; and
  • Our website: including; from the page ‘contact us’, engage in the discussion forum, give us feedback or to make a donation.

Use and disclosure

We will only use your sensitive information for the purpose for which it was initially collected or for a directly related purpose, as required or permitted by law, or where you consent to such use.

Carers SA uses de-identified carer (and the person that they car for) data to provide statistics and reporting to our Grant Funding body.  This is done through the Government de-identified IT reporting platform (DEX).

Carers SA may also use your de-identified information for internal research, to assess the effectiveness of our programs and to plan for future activities.

Disclosure of personal information

Staff may make referrals, for carers (and the person that they support) to access services. For this to happen, Carers SA will obtain consent.

In some cases, we may disclose your personal information to researchers, contractors or others working directly on our behalf who are also bound by privacy laws and confidentiality obligations.  We will always get your consent to use and disclose your personal information for research (where your information is usually de-identified) or in any publicity or marketing activities.

Carers SA will not otherwise disclose your personal information without your consent, unless we are required or authorised under law to do so.

How we keep personal information secure

Carers SA takes the security and confidentiality of your information very seriously. We actively ensure that all personal information we hold is protected from misuse, interference and loss, and from unauthorised access, modification or disclosure. This is done through ITC protection, our CRM protocols, our staff filing framework, our SendSafely email protocols and electronic data transmission procedures.  Further communications made online through our website is secure.

Our Staff are trained in relation to their obligations in relation to this policy and have signed a declaration to follow the policy as part of their employment.

Where information is held and it is no longer needed or required by law to be held, we will take reasonable steps to ensure the information is destroyed or de-identified.

Notifiable Data Breaches

In the unlikely event of a data breach, Carers SA will notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches via a Notifiable Data Breach Statement – Form.

Note: an eligible data breach is one which is likely to result in serious harm to any individual affected.

Should a data breach occur, Carers SA will undertake a full assessment of the incident and take steps to mitigate the risk of a data breach happening again in the future.

Access

Carers SA takes special care to ensure that the personal information it holds is accurate and up to date.  You can request access to the personal information Carers SA holds about you, or you can request that we change that personal information.

We will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act 1988, or other relevant law to withhold the information.

Personal Information can be updated by carers and members by calling the Carer Advisory Service on 1800 422 737 with any general queries.  Personal information is also updated when conducting carer reviews.

Links to other websites

The Carers SA’s privacy policy does not apply to external links, social media or non-Carers SA web pages. Such third party websites may collect your personal information. We encourage you to read the privacy policies of external website. Carers SA does not accept responsibility for any content contained on sites.

Confidentiality statement re Government funding requirement to collect a Minimum Data Set

There are Minimum Data Set requirements about information that must be collected from clients under our State and Commonwealth funding agreements.

Therefore, Carers SA advises the users of its services that we may provide such data set de-identified information (does not disclose name, or address) to the National or State Data Repository.

Users of Carers SA services are advised that this will enable the collection of information about services and service users. This information is used for statistical purposes only and cannot be used to affect individual entitlements to, or access to, services.

How to contact us

If you wish to contact us about our services, obtain access to or change your personal information, have any questions about this policy or make any other enquiries contact Carers SA’s Privacy Officer, CEO David Militz:

  • by email to: info@carerssa.com.au
  • by writing to: Privacy Officer, David Militz, Carers SA, PO Box 422, Fulham Gardens SA 5024
  • by telephone: (08) 8291 5600

Definitions

Privacy – Keeping certain personal information free from public knowledge and having control over its disclosure and use.

Personal information – Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.

Confidential information – The names, details and information relating to carers; matters of a technical nature; trade secrets; technical data; marketing procedures and information; financial information; strategic and business plans; and other information which Carers SA informs a staff member or volunteer is confidential.

Sensitive information – Type of personal information) Information or an opinion about an individual’s race or ethnicity, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences, trade or professional associations, union membership, criminal record, health or genetic information or biometric information.

Confidentiality Declaration – A separate legal concept to privacy, confidentiality applies to information given to a person or organisation under an obligation not to disclose that information to others unless there is a statutory requirement or duty of care obligation to do so. Confidentiality also applies to organisational information which is not to be used or disclosed by Board Directors, staff or volunteers.

De-identified Information and DEX reporting  – That is the processes that personal data that has been encrypted to take out/remove identify information ie name and address of the carer (and the person that they care for) so that the remaining data can be used for program and performance reporting, service evaluation, strategic program development and policy planning.

SendSafely – Encrypted (secure) email platform. Details of use is outlined in the Carer Gateway Service Provider, Operating Manual

ISG – Information Sharing Guidelines prescribe a regulatory framework for Carers SA to sharing personal information to other organisations.

Filepoint – Encrypted (secure) information sharing link, used by the Governments to send and receive sensitive and or personal information

Effective date: 12 March 2014
Current and updated: April 2020