Page 1 of 5

HR-P-014 Privacy and Confidentiality of Information

1.PURPOSE

This procedure has been developed to ensure consistent and effective work practices with regard to the handling of personal information relevant to volunteers, employees and clients of MacKillop Family Services (MacKillop).

MacKillop is committed to protecting the privacy of personal information of all children, young people and families who use our services, as well as employees, volunteers, donors and board members.

Protecting privacy is the obligation that MacKillop has to use information for authorised purposes and to protect it from misuse as well as unauthorised disclosure.

Protecting confidentiality is the obligation that MacKillop has to not disclose information where it has been provided in confidence.

MacKillop collects and uses personal information when providing all our services across Australia.

We recognise that much of the personal information that we collect and use is sensitive, and requires extra protection to ensure that it is securely protected.

MacKillop is bound by the following Federal and State legislation:

  • Privacy Act 1988 (Commonwealth)
  • Privacy Amendment (Private Sector) Act 2000 (Commonwealth)
  • Information Privacy Act 2000 (Victoria);
  • Health Records Act 2001 (Victoria);
  • Children, Youth and Families Act 2005 (Victoria);
  • Adoption Act 1984 (Victoria);
  • Privacy and Personal Information Protection Act 1998 (NSW);
  • Health Records and Information Privacy Act 2002 (NSW);
  • Children and Young Persons (Care and Protection) Act 1998 (NSW); and
  • Any other Federal or State Act that may be relevant from time to time.

Accordingly, MacKillop collects and uses personal information in a mannerconsistent with the attached Privacy Statement.

MacKillop is committed to providing appropriate access to collected information, and has developed practices to enable this to happen.

2.SCOPE

This procedure applies to all MacKillop Board Members, Employees and Volunteers.The procedure, as per (HR-F-018 Confidentiality Agreement), also applies when any Board Member, employee or volunteer/s cease their service or employment with MacKillop Family Services.

3.DEFINITIONS

Term / Definition
Employee / All permanent, fixed term and casual employeescovered by an Enterprise Bargaining Agreement and or Award to which MacKillop is a respondent or has a common law contract in place.
Foster Carer / A foster carer is a person who looks after children in their own home on a full-time, short term, emergency or respite basis as part of their family.
Volunteer / Volunteers, for the purpose of this Procedure, include all individuals listed in VO-M-01 Volunteer Practice Manual; students completing a placement or internship; lead tenants and tutors.
Client / Any child, young person, adult or family receiving a service provided by MacKillop regardless of the length of service or type of service. This also applies to past clientsof MacKillop
  1. Procedure

Principles for Employee and Volunteer Information

4.1Collecting Information

4.1.1The purpose for collecting information should be clearly defined.

4.1.2Only information necessary and relevant for the stated purpose(s) should be collected. Reasons such as “nice to have” or “may be useful in the future” are not acceptable.

4.1.3Personal information should only be collected directly from the employee or volunteer concerned, or authorised by them to be collected from another source. Exceptions to this clause would only apply in extraordinary circumstances. These may include:

  • The individual is unable to provide the information or authorise access to another source because of age, mental illness or disability, a medical condition or other recognised circumstance;
  • For a lawful purpose;
  • It is in the employee's or volunteer's interests.

Such circumstances must be subsequently defensible.

4.1.4In the event that the purpose for the collection of information is not obvious, MacKillop will take reasonable steps to ensure the purpose is explained to the employee, volunteer or their representative.

4.1.5Personal information should be collected by lawful means and by means that are appropriate, not unreasonably intrusive, and sensitive to the employee or volunteer’s circumstances, including cultural awareness.

4.2Storage and Security

4.2.1Only persons who “need to know” will have access to employee or volunteer personal details (see section 4.5.2 of this procedure).

4.2.2Every effort will be made to ensure that employee and volunteer information is protected in a secure environment. This includes not having confidential information visible on desk tops or computer screens in open work areas. If it is necessary to transmit information to another person and/or organisation the information will be protected with adequate security measures in transit.

4.2.3Employee or volunteer personal information will not be passed on to other organisations, or to individuals not connected with MacKillop without the permission of the employee or volunteer. An exception to this clause will be when MacKillop is legally obliged to disclose information or when it is deemed to be in the employee or volunteer’s best interest as approved by the CEO, Executive Director of Operations or Director, Human Resources as appropriate. In the latter circumstance MacKillop must be able to subsequently justify its action.

4.2.4Discussions regarding employee’s personal orprofessional practice, conduct and behaviour will at all times be kept to the minimum necessary for good work practice. Any such conversationswill be held in confidence with the minimum number of people present to deal with the matter, and in a private place, e.g. a closed office.

4.3Openness and Access

4.3.1Employees and volunteers are encouraged at any time to query MacKillop practice with regard to the collection, storage, and distribution of information, and to propose any necessary improvements.

4.3.2Employees and volunteers are able to request the type of information that MacKillop holds about them and be able to requestaccess to the information.Access will be provided within a reasonable time of receiving the request. A request may be refused in certain circumstances including providing access would have an unreasonable impact on the privacy of other employees; the request for access is frivolous or vexatious; and providing access would be unlawful.

4.3.3The onus is on MacKillop to reasonably ensure that all information held by the agency is correct and up to date

4.3.4Where employeesmake a request to correct or alter their personal informationMacKillop will amend the information. Where a request for correction or alteration of personal information is denied the employee is to be provided with reasons for the denial (except if providing the reasons would undermine them) and information about they can make a complaint about the denial.

4.4Retention and Disposal

4.4.1Information should not be kept for longer than it is reasonably required except to meet legal obligations.

4.4.2Archived information must be kept in a secure environment which allows access to authorised persons only.

4.4.3When information is no longer required it must be disposed of in a secure manner.

Procedure for Handling Client Information

4.5Clients

Information relating to clients and service users is to be managed in accordance with CO-P-07 Collection, Recording, Maintenance and Storage of Client Information. The provision of access to client and service user information is to be managed in accordance with state and federal privacy legislation (see Procedure CO-P-05 Access to Client Information, CO-P-06 Third party requests for the provision of client and employee records).

Procedure for Handling Employee and Volunteer Information

4.6Employees

4.6.1All personal employee information, including that gathered during the recruitment process for successful applicants, will be stored at Central Office in individual Personnel Files and in computerised data bases. The only exception to this will be will be Supervision and Feedback Records which will be held in a secure location by the appropriate Supervisor or Manager.

4.6.2Access to individual’s personnel files will be limited to the CEO, Executive Director of Operations, Director of Finance & Business Services, Director Human Resources, relevant members of the Human Resources Team and the individual concerned. An individual may make an appointment with the Director Human Resources or their delegate to view the contents of their personnel file and any information held on computerised data bases. Reasonable access will be granted.

The Director Human Resources has the authority to grant access to staff files for approved individuals for the purpose of internal and external audit.

4.6.3 Under no circumstances can employee personnel files, or information contained therein, be used, copied, or removed from the central office without prior permission from the Director, Human Resources.

4.6.4Access to computerised data bases will be on a password basis, which will only allow access to “need to know” information.

4.6.5Requests for personal information from external persons or organisations such as banks, credit agencies or landlords will be refused unless prior authorisation has been received from the employee. MacKillop will make an exception to this clause if legally required to do so or in the case of an emergency.

4.6.6All employees likely to have regular access to individual personal details including those mentioned at 4.6.2 and all Managers will be required to sign a Confidentiality Agreement (HR-F-018 Confidentiality Agreement).

4.6.7The Director, Human Resources is responsible for the implementation and maintenance of Section 4.5 of this procedure. As such all queries and suggestions regarding the application of this section should be addressed to the Director, Human Resources.

4.7Foster Carers and Volunteers

4.7.1All personal foster carer and volunteer information, including that gathered during anytraining and assessment process for authorised or accredited MacKillop volunteers will be securely stored at local office sites in individual Foster Carer or Volunteerfiles and in centralised computerised data bases.

4.7.2 MacKillop may use de-identified information from centralised data bases for organisational reporting.

4.7.3Access to any foster carer or volunteer files will be limited to those working directly with that foster carer or volunteer (such as case worker/ manager) or their direct supervisor/ managerspecifically for the purposes of supporting the volunteer in the service they are undertaking.

4.7.4The CEO, Executive Director of Operations, Principle Practitioner, the General Manager/ Directorof that service or the General Manager Policy and Innovation may, from time to time, request access to a foster carer or volunteer file. The purposes of this request will be directly related to the support and /or oversight of the foster carer or volunteer in their service with MacKillop

4.7.5A foster carer or volunteer may make an appointment with the Manager of their service at a mutually arranged time to view the contents of their file and any information held on computerised data bases. If there is an individual request to view the file is of a volunteer family (such as a foster care family) it is the Manager’s responsibility to ensure that the information provided is specifically relevant to the individual request. This may require the permission of a spouse or partner to view the complete file.

4.7.6There may be, from time to time, external audit processesthat require the viewing of information contained within foster carer or volunteer files to ensure compliance with legislative and contractual obligations of MacKillop. All external audits of information contained within foster carer or volunteer files are dealt with in the strictest of confidence are not used for any other purposes.

4.7.7The Managers of the particular volunteer service are responsible for the implementation and maintenance of section 4.7 of this procedure.

REFERENCES

  • Privacy Act 1988 (Commonwealth)
  • Privacy Amendment (Private Sector) Act 2000 (Commonwealth)
  • Information Privacy Act 2000 (Victoria);
  • Health Records Act 2001 (Victoria);
  • Children, Youth and Families Act 2005 (Victoria);
  • Adoption Act 1984 (Victoria);
  • Privacy and Personal Information Protection Act 1998 (NSW);
  • Health Records and Information Privacy Act 2002 (NSW);
  • Children and Young Persons (Care and Protection) Act 1998 (NSW); and
  • Any other Federal or State Act that may be relevant from time to time.

Attachments

  • HR-F-018 Confidentiality Agreement

HR-P-014 Privacy and Confidentiality ProcedureVersion 1Issued:

Authorisation: Review Date: