Privacy & Confidentiality Policy
POLICY STATEMENT
This Privacy and Confidentiality Policy ("Policy") outlines the principles and procedures that Disability Support Solutions Pty Ltd (‘DSS’) (we/us/our business) follows to protect the confidentiality of client’s personal information in compliance with the Privacy Act 1988, Privacy Amendment (Enhancing Privacy Protection) Act 2012 and the NDIS Code of Conduct. This Policy applies to all employees, contractors, volunteers, and third parties who may have access to personal information in the course of their duties.
PURPOSE
The purpose of this Privacy and Confidentiality Policy is to outline the principles, obligations, and procedures that our business follows to protect personal and confidential information.
This Policy aims to:
Safeguard the personal information of participants, staff, and third parties.
Establish clear expectations regarding the collection, use, storage, and disclosure of personal information.
Prevent unauthorised access, use, or disclosure of confidential information.
Promote a culture of privacy awareness and compliance within the organisation.
SCOPE
This Policy applies to all individuals who collect, access, or handle personal or confidential information in the course of their work with our business. This includes, but is not limited to:
Employees (full-time, part-time, and casual staff)
Contractors and subcontractors
Volunteers
Support workers
Third parties or service providers engaged by our business.
This Policy covers all types of personal and confidential information, including information collected in verbal, written, electronic, or other formats. It applies across all business operations, including interactions with participants, service provision, administration, and digital data management.
DEFINITIONS
Personal Information: Any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether it is recorded in a material form or not, as defined by the Privacy Act 1988.
Confidential Information: Personal information and any other sensitive or proprietary information that is not publicly available.
Non-Disclosure: The act of refraining from disclosing or sharing confidential information with unauthorised individuals or entities.
Confidentiality Obligations
All employees, contractors, volunteers, and third parties must maintain the confidentiality of personal information obtained in the course of their duties.
Personal information must only be used for the purpose for which it was collected, or for a directly related purpose, unless the individual has consented to its use for another purpose, or it is required by law.
Access to personal information should be limited to authorised individuals who require such access to perform their duties.
Personal information must be stored securely to prevent unauthorised access, use, or disclosure.
Non-Disclosure Obligations
All employees, contractors, volunteers, and third parties must adhere to non-disclosure obligations regarding confidential information.
Confidential information must not be disclosed or shared with unauthorised individuals or entities, both during and after employment or engagement with our business.
Non-disclosure obligations apply to verbal, written, electronic, and any other form of communication containing confidential information.
Disclosure of personal information may be permitted in certain circumstances, including but not limited to:
Where necessary to prevent a serious threat to the life, health, or safety of an individual.
Where required or authorised by law, such as in response to a court order or subpoena.
Where disclosure is necessary for the performance of a lawful function or activity.
SECURITY MEASURES
Our business will take reasonable steps to protect personal information from misuse, interference, loss and theft in accordance with requirements of the Privacy Act 1988.
Security measures will include:
Storing in a locked carrycase if personal information is in a work vehicle and the support worker is not in the vehicle.
Storing in a locked filing cabinet or carrycase if kept in a home office.
Password, face identification or fingerprint protected access to any files stored online or on a device.
Securely destroying personal information and documents our business no longer needs unless required by law to retain it.
Limiting access to records to only those persons who need it for their role.
Ensuring that digital deletion methods are complete and unrecoverable.
DOCUMENTATION AND RECORD KEEPING
These guidelines ensure that all staff, participants and their nominees have the necessary information and understanding of our privacy and confidentiality obligations, all information is stored securely, and legal record-keeping requirements are met:
Accessibility
This policy and procedure will be kept in a form that is accessible by persons with disability receiving supports or services from our business, and their families, carers and advocates.
Storage
All records will be kept private and confidential using secure document storage methods.
Record Keeping period
All records will be kept by us for 7 years from the day the record is made.
Training and Education
We will provide ongoing training and/or education to all staff, participants, and their nominees to ensure they are aware of their responsibilities and the correct procedures to follow.
ROLES AND RESPONSIBILITIES
ROLE / RESPONSIBILITY
Director
Ensure compliance with relevant legislation.
Implement security measures to protect personal and confidential information.
Approve the privacy and confidentiality policy and procedure and ensure it remains up to date with legislative changes.
Investigate serious breaches of confidentiality and determine appropriate action, including legal compliance.
Oversee the training and education of staff regarding privacy obligations.
Serve as the primary contact for privacy-related inquiries, complaints, and breaches.
Provide guidance and support to staff on privacy-related matters.
Oversee the secure disposal of records and personal information when no longer required.
Supervisor / Team Leader
Ensure staff understand and comply with this policy.
Implement and enforce data protection procedures in the workplace.
Ensure secure storage, handling, and disposal of confidential information.
Investigate reported privacy breaches and escalate serious concerns to the Business Owner or Director.
All Staff
Maintain strict confidentiality and follow procedures for handling personal information.
Access personal information only when necessary for performing job duties.
Use secure storage, passwords, and other protective measures to prevent unauthorised disclosure.
Report any suspected privacy breach to a supervisor or management immediately.
Complete privacy and confidentiality training as required
Participant and/or Nominee
Provide accurate and up-to-date personal information to the organisation.
Notify the organisation of any concern or request related to personal information
Breach of Policy
Any breach of this Policy, including unauthorised disclosure of confidential information, may result in disciplinary action, termination of employment or engagement, and legal consequences.
Individuals who become aware of any actual or suspected breaches of this Policy must report them immediately to their supervisor or the designated privacy officer.
Contact Information
For inquiries about this Policy or concerns regarding the handling of personal information, individuals may contact Disability Support Solutions Pty Ltd on info@disabilitysupportsolutions.com.au or 0406 404 176.
Review of Policy
This policy and procedure will be reviewed annually or as needed to reflect changes in legislation, regulations, or organisational practices. Amendments to this document will be communicated to staff, participants, and/or their nominees.
Version No: 1.0
Policy Review Period: 12 months
Review Date: 23/04/2025