The purpose of this guiding document policy is to outline a framework for Launceston City Mission (LCM) to responsibly and ethically manage the information provided it by individuals and organisations in accordance with the relevant legislation and best practices. LCM is committed to protecting the privacy of personal information pertaining to all persons accessing its services and programs.
2.1 Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
2.2 Sensitive Information means information or an opinion about such things as an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual orientation or practices; or
- criminal record.
It includes Health Information.
2.3 Health Information means information or opinion about such things as:
- information or an opinion about:
- the health or a disability (at any time) of an individual; or
- an individual’s expressed wishes about the future provision of health services to him or her; or
- a health service provided, or to be provided, to an individual;
that is also personal information; or
- other personal information collected to provide, or in providing, a health service; or
- other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
- genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
2.4 Consent means express consent or implied consent.
- 3. Policy Statements
Launceston City Mission (LCM) acknowledges and respects the privacy of individuals and organisations and supports the National Privacy Principles as outlined at http://www.comlaw.gov.au
Below is a summary of the thirteen (13) Australian Privacy Principles that replaced the National Privacy Principles on 12 March 2014:
- Open and transparent management of personal information. We will have clearly articulated guidelines about the management of personal information
- Anonymity and Pseudonymity. We will only require individuals to identify themselves if it is impracticable for them to remain anonymous or use a pseudonym.
- Collection of solicited personal information. We will only collect personal information that is reasonably necessary for the provision of service
- Dealing with unsolicited personal information. We will only retain unsolicited personal information that could have been collected under principle 3.
- Notification of the collection of personal information. Where personal information about an individual is collected, we will make reasonable efforts to ensure the individual is made aware.
- Use or disclosure of personal information. We will only use and disclose information for the primary purpose for which it was collected. Individuals will be asked to consent to any other use of their personal information unless other legislation precludes this.
- Direct Marketing. We will not use or disclose personal information for the purposes of direct marketing unless an individual would reasonably expect the information to be used in such a way. We will offer individuals the means to request not to receive direct marketing communications.
- Cross-border disclosure of personal information. We will ensure that any disclosure of personal information to an overseas recipient does not breach Australian Privacy Principles.
- Adoption, use or disclosure of government related identifiers. We will not adopt, use or disclose government related identifiers without authorisation.
- Quality of personal information. We will take all reasonable steps to ensure personal information is accurate, complete and up to date.
- Security of personal information. We will take all reasonable steps to ensure that personal information is protected from misuse, loss, unauthorised access, modification and disclosure.
- Access to, and correction of, personal information. We will give individuals access to their own personal information on request. Such access may not be provided if it places the life or health of others at risk.
- Correction of personal information. We will provide access for individuals to their personal information and make any corrections they advise are necessary. Such access may not be provided if it places the life or health of others at risk.
Accordingly LCM will:
- Only collect information with prior knowledge and consent of the individual
- Advise individuals of any unsolicited personal information gained about them
- Only use the information provided for the purposes for which it was collected
- Not disclose information to a third party without consent
- Not disclose information to other organisations and authorities except if required by law or other regulation
- Remove information from records when it is no longer required except where archiving is required by law.
- Ensure information held on an individual is up-to-date, relevant, non-obtrusive and objective
- Have processes and policies to protect the information that it has under its control from:
- Unlawful or accidental destruction and/or accidental loss.
- 4. Application and Procedures
The following information and procedures are guidelines for LCM workers to follow in relation to fulfilling their responsibility to do their utmost to preserve and respect the privacy of an individual and maintain confidentiality of information.
4.1 Collection of Personal Information
- When gathering information LCM workers must;
- Be aware of why the information is needed
- Only collect information required to ensure effective service delivery
- Not collect information on the ‘off chance’ that it may be required later
- Not collect information already on file unless details have changed
- Ensure that sensitive information is collected in a private and contained environment
- When gathering information LCM workers must advise:
- Why information is being collected and who else will see it, including such things as data collection requirements and case management processes
- Of the individual’s right NOT to disclose information
- The consequences of withholding the required information e.g. some services cannot be delivered without the disclosure of pertinent personal information
- The circumstances in which personal information must be disclosed by law, without the informed consent of the individual
- Wherever possible information must be collected from the individual. However where this is not possible, information can be collected from an authorised representative in cases where:
- The person is unable due to age, intellectual incapacity, mental illness or medical condition
- It is necessary to collect information from another source other than the individual or for the maintenance of the law by a public sector agency, for the protection of public revenue or for legal proceedings conducted in a court/tribunal
- Legal requirements authorising collection from a source other than the individual
- All information must be collected in a manner that is lawful, non-intrusive, without pressure or coercion and solicited in a sensitive manner conducive to cultural sensitivity where appropriate.
- LCM is required to obtain an individual’s written consent prior to releasing or requesting information with other services and agencies (see Forms GD01-001 Consent to Gain Information and GD01-002 Consent to Release Information).
- Consent to disclose information is valid only if:
- The individual understands the nature and effect of consenting
- The consent is informed, freely given, specific and current
- Written consent must be recorded on the correct form.
- Verbal Consent may be obtained in exceptional circumstances requiring urgent action and where obtaining written consent is not possible or practicable.
- The Consent to Gain or Consent to Release must be completed whenever verbal consent is obtained.
4.3 Requests made by Other Parties
- All requests for information made by other parties e.g. support services and government departments etc. must be made in writing. Written requests must be on official letterhead and include the following information:
- Name of the external agency wishing to obtain the information
- Legislation authorising the external agency to obtain the information, if applicable
- Name and address of the individual about whom the external agency is seeking information
- What the information requested is for.
- LCM must release information about an individual without the individual’s consent if the agency seeking the information is authorised by legislation.
4.4 Compulsory Disclosure of Information
- There may be circumstances where personal information must be released regardless of whether consent has been obtained, if the information is required:
- In order to prevent or lessen a serious threat to the life or health of an individual
- To assist in ensuring the safety of a child
- By requirement of law e.g. subpoena
- To identify a deceased, injured or a reported missing individual
- All decisions relating to the disclosure of personal information without consent must be taken with the best interests of the individual as the central consideration. LCM workers should not make this decision in isolation, but rather by means of consultation with their supervisor and/or Manager.
4.5 Access to Personal and Correction of Personal Information
- Individuals have the right to request to view their personal file or any information LCM is keeping concerning them, and may request corrections to any information they believe to be inaccurate or out-of-date.
- Requests to view file information must be:
- Referred to and approved by the relevant program Manager or the CEO
- Responded to within 10 working days.
- Individuals may be denied access to their information if access to information:
- Compromises the privacy and confidentiality of others
- Poses a serious threat to life or health of any person
- Individuals denied access to their personal information must be informed in writing of:
- Reason/s for denying the request
- How to lodge a complaint
- Prior to releasing information to individuals LCM workers must:
- Check the accuracy of information and correct the information where appropriate. Any corrections must be noted including the reason for the correction, the date of correction and a signature of the individual making the correction.
- If information relates to a third party, consent to disclose must be obtained from the third party prior to disclosure being made. Where permission from the third party is not obtained the identity of the third party must be protected
- Individuals may only view their information on LCM premises in the presence of an appropriate LCM worker.
- Individuals may raise objections and request that correction/s be made to their personal information if they believe the information held is incorrect or out-of-date. A request for changing information must be made in writing citing the reasons for the change. The relevant program Manager or the CEO will authorise the changes. All authorised changes to an individual’s information will be documented.