Privacy and Confidentiality Policy
The RSB is bound by State and Federal Privacy laws and has adopted the Australian Privacy Principles which are included in the Privacy Act 1988 (Cth).
This means that The RSB will:
- only collect personal information that is needed for its primary function with prior knowledge and consent of the individual;
- ensure that individuals are informed about why we collect information and how we manage the information gathered;
- use and disclose personal information only for its primary function or a directly related purpose, or for another purpose with the individual’s consent;
- store personal information securely, protecting it from unauthorised access;
- provide individuals with access to their own information.
With regard to an individual’s information, the RSB also complies with all of the requirements of the Disability Discrimination Act, Aged Care Act, NDIS Quality and Safeguarding Practice Standards and the National Standards for Disability Services and any legislative (Australian and State) requirements. This includes compliance with program specific guidelines including, but not limited to the Disability Employment Services (DES) Privacy Guidelines.
The RSB is committed to protecting the privacy of personal information which the RSB collects, holds and administers. The RSB will only collect information that is required for it to fulfil its contractual, ethical and legal responsibilities and provide quality and timely services.
The RSB recognises the essential rights of individuals to have their information administered in ways which they would reasonably expect – protected on one hand and made accessible to them on the other. These privacy values are reflected in RSB’s core values.
Employees and volunteers
The Privacy Officer of RSB is the Human Resource Manager who will:
- ensure that all employees and volunteers receive training in privacy and procedures for handling personal information
- ensure that all employees and volunteers sign an agreement to maintain and protect an individual’s privacy and confidentiality
- regularly review compliance with this policy
- investigate complaints lodged; and
- handle any requests for access or correction to personal information
Personal Information – means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
The types of personal information we collect may include name, date of birth, gender, ethnic origin, contact information, credit/debit card information, health information, service history and information we need to collect by law or funding agreement.
Some personal information is regarded as sensitive information and includes health information, opinions about an individual, person’s beliefs and affiliations, biometric information, sexual orientation and criminal record.
Records – Includes documents, information and data stored by any means including all copies and extracts.
Consent – In general terms consent is a voluntary agreement to another’s proposition, it requires an actual willingness that an act or an infringement of an interest shall occur.
Informed consent – Informed consent is providing a person with clear and understandable information prior to making an agreement between 2 or more parties. This includes decisions about service provision, collection, use and distribution of personal information.
Collection of information
The RSB will
- only collect information that is necessary for the performance and primary function of the RSB;
- inform individuals about why we collect personal information and how we manage the information gathered;
- notify individuals that personal information is accessible to them;
- collect personal information from individuals directly, unless it is unreasonable or impracticable to do so, or the individual consents to the RSB obtaining it from someone else; and
- only collect sensitive information as required by law or with the individual’s consent.
The RSB collects personal information from:
- customers of RSB
- employees, prospective employees and contractors.
- donors who contribute financially to our organisation.
- Suppliers, contractors and consultants
Use and disclosure
The RSB will
- only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose;
- only release information about an individual with that individual’s expressed informed consent, including where that consent was previously obtained.
- identify on all forms the purpose for which the personal information is collected.
- release information to third parties where that is requested by the individual concerned.
The employee’s obligation of maintaining confidentiality does not extend to confidential information that the law requires to be disclosed.
Consent can be collected both verbally and in writing. It is preferred that consent be signed by the party who is providing the consent. Where there is not possible verbal consent can be given if the details of that consent, are fully documented by the staff member obtaining the verbal consent. Consent may be withdrawn at any time on request by the individual.
Providing an individual’s information to a third Party
If you are required to provide information about an individual to a 3rd party e.g. GP, a Client Authority to Exchange Information Form must be completed and signed by the individual or authorised party. A scanned copy of this form is to be kept on the individuals CRM file under legal tab and consents as type ‘consent to share information’ and stored in the related tab.
The RSB will take reasonable steps to ensure the personal information collected is accurate, complete, up to date and relevant to its functions.
Data security and retention
The RSB will
- safeguard the information collected and store against misuse, loss, unauthorised access and modification;
- only destroy records in accordance with the records disposal schedule and in accord with contractual obligations;
- take all reasonable steps to protect the personal information held from mis-use and loss from unauthorised access, modification or disclosure. This will include ensuring that all electronic systems are protected through electronic passwords, and all hard copy personal information is securely stored and only accessible by authorised personnel;
- only release personal information to third parties without consent if required by law;
- manage records in accordance with the RSB’s Records Management Policy.
Any suspected data breach involving personal information that the association holds will be managed in accord with our Data Breach Procedures. The procedure ensures that if any data breach occurs the breach is identified, staff know the correct procedures, those affected are notified, appropriate records are kept, and the breach is reviewed, and any correctional action is taken.
Access to personal information
The RSB will ensure individuals have the right to seek access to personal information about them and request correction if their information is inaccurate, incomplete, out of date or misleading.
Participation in research
RSB will not release contact details or other personal information for research without consent.
Individuals being invited to participate in a research project will be:
- given a choice about participating or not
- given the right to withdraw at any time
- informed about the purpose of the research project, the information to be collected, and how information they provide will be used
- given copies of any subsequent publications
The collection of personal information will be limited to that which is required for the conduct of the project. Individual participants will not be identified.
Making A Complaint
Under the Privacy Act 1988 (Cth) (Privacy Act) you can make a complaint to the Office of the Australian Information Commissioner (OAIC) about the handling of your personal information.
More information can be obtained from the Commissioner’s website at www.oaic.gov.au
If you have a complaint in relation to the RSB and the Australian Privacy Principles or any applicable registered APP code, you may also direct your complaint to the RSB’s Privacy Officer.
The RSB will investigate your complaint and communicate its findings with you within 30 days.
The RSB Privacy Officer is:
Royal Society for the Blind
31 Blacks Road
Gilles Plains SA 5086
Phone (08) 8417 5564
Fax: (08) 8227 2177