IM 01 PRIVACY

Scope: All CatholicCare Central Queensland Management, Staff and Volunteers

Policy Statement:

It is the policy of CatholicCare Central Queensland to manage personal information provided to or collected by it. Reasonable steps will be taken to ensure information collected is accurate, complete, up-to-date; relevant to the stated purpose; stored securely and any disclosure to other parties is transparent to the owner of that information.

Accountability:

Management Accountability: Line Managers are responsible for implementation and for ensuring that staff are aware of this policy and related procedures.

Staff Accountability: All staff are responsible for compliance with this policy and related procedures.

Consequences: Failure to comply with this policy and associated procedures may result in the instigation of a performance management process.

References:

  • Privacy Act 1988
  • National Privacy Principles (NPPs)
  • Information Privacy Act 2009 (Qld)
  • Notifiable Data Breaches (NDB) scheme
  • Aged Care Quality Standards 1
  • Dept of Communities Standards 4.2; 4.3; 4.4; 4.5
  • Family Law Act 2006 and relevant amendments
  • FRSP 12.1; 14.1
  • Human Services Quality Standard 1.1; 1.7
  • Home Care Standards 3.2
  • Integrity in the Service of the Church: Principle 1.2; 5.1; 5.5
  • NDIS Practice Standards and Quality Indicators 1; 3

Updating Policy No: IM 01 Privacy

Approval:

Ratification Date: 19 November, 2018

Review Date: May 2023

Framework

This framework sets out how CatholicCare Central Queensland manages personal information provided to or collected by it.

CatholicCare Central Queensland is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988. In relation to health records, CatholicCare Central Queensland is also bound by the Information Privacy Act 2009 (Qld).

CatholicCare Central Queensland may, from time to time, review and update the Privacy Policy to take account of new laws and technology, changes to operations and practices and to make sure it remains appropriate to the changing Community Services environment.

What Kinds Of Personal Information Does Catholiccare Central Queensland Collect And How Is It Collected?

The type of information CatholicCare Central Queensland collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:

  • Clients, family members of clients and other people connected to clients before, during and after the delivery of a range of services provided by CatholicCare Central Queensland;
  • Job applicants, staff members, volunteers and contractors; and
  • Other people who come into contact with CatholicCare Central Queensland.

Personal Information You Provide

CatholicCare Central Queensland will generally collect personal information held about an individual by way of forms filled out by/for clients, face-to-face meetings and interviews, emails and telephone calls. On occasions, people other than clients will provide personal information.

Personal Information Provided by Other People

In some circumstances CatholicCare Central Queensland may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another service.

Exception in Relation to Employee Records

Under the Privacy Act 1988 and Information Privacy Act 2009 (Qld), the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to CatholicCare Central Queensland’s treatment of an employee record, where the treatment is directly related to a current or former employment relationship between CatholicCare Central Queensland and employee.

How Is Personal Information Provided By An Individual Used?

CatholicCare Central Queensland will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected by you, or to which you have consented.

Clients
In relation to personal information of clients, CatholicCare Central Queensland’s primary purpose of collection is to enable CatholicCare Central Queensland to provide services to clients in line with funding CatholicCare Central Queensland / IM 01_Privacy_V4 Page 3 of 5 requirements and relevant service standards. This includes satisfying the needs of clients, CatholicCare Central Queensland and funding bodies throughout the whole period the client is serviced by CatholicCare Central Queensland or as required by the relevant funding agreement.

In some cases where CatholicCare Central Queensland requests personal information about a client, if the information requested is not provided, CatholicCare Central Queensland may not be able to commence or continue the provision of services to the client.

Job Applicants, Staff Members and Contractors
In relation to personal information of job applicants, staff members and contractors, CatholicCare Central Queensland’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be. The purposes for which CatholicCare Central Queensland uses personal information of job applicants, staff members and contractors include:

  • Administering the individual’s employment or contract, as the case may be;
  • Insurance purposes;
  • Seeking donations and marketing for CatholicCare Central Queensland; and
  • Satisfying CatholicCare Central Queensland’s legal obligations, for example, in relation to child protection legislation.

Volunteers
CatholicCare Central Queensland also obtains personal information about volunteers who assist in its functions or conduct associated activities, to enable CatholicCare Central Queensland and the volunteers to work together and meet any legal obligation.

Marketing and Fundraising
CatholicCare Central Queensland treats marketing and seeking donations for the future growth and development of CatholicCare Central Queensland as an important part of ensuring that CatholicCare Central Queensland continues to provide a quality service in which both clients and staff thrive. Personal information held by CatholicCare Central Queensland may be disclosed to organisations that assist in CatholicCare Central Queensland’s fundraising. Clients, staff, contractors and other members of the wider community may from time to time receive fundraising information, publications, like newsletters and magazines.

Who Might Catholiccare Central Queensland Disclose Personal Information To And Store Your Information With?

Only with prior consent from the client or their carer/guardian, if appropriate, CatholicCare Central Queensland may disclose personal information, including sensitive information, held about an individual to:

  • Another service;
  • Government departments;
  • Medical practitioners;
  • People providing services to CatholicCare Central Queensland, including contractors;
  • Recipients of CatholicCare Central Queensland publications, such as newsletters and flyers;
  • Anyone you authorise CatholicCare Central Queensland to disclose information to; and
  • Anyone to whom we are required to disclose the information to by law.

How Does Catholiccare Central Queensland Treat Sensitive Information?

In referring to ‘sensitive information’, CatholicCare Central Queensland means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

Management And Security Of Personal Information

CatholicCare Central Queensland staff are required to respect the confidentiality of clients’ personal information and the privacy of individuals. CatholicCare Central Queensland has in place steps to protect held personal information from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.

Storage Timeframes and Disposal

Records will be retained for the period required by regulations, legislation and contractual arrangements. Documents that are not required to be retained are destroyed.

Access And Correction Of Personal Information

Under the Commonwealth Privacy Act 1988, an individual has the right to obtain access to any personal information which CatholicCare Central Queensland holds about them and to advise CatholicCare Central Queensland of any perceived inaccuracy.

There are some exceptions to these rights set out in the applicable legislation. To make a request to access or update any personal information CatholicCare Central Queensland holds about you, please contact the Director of CatholicCare Central Queensland in writing. CatholicCare Central Queensland may require you to verify your identity and specify what information you require. When considering a request from an advocate or client representative to access a client’s personal information, CatholicCare Central Queensland will first determine whether the person is an appropriately authorised representative of the client.

CatholicCare Central Queensland may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, CatholicCare Central Queensland will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.

Notifiable Data Breaches

An Eligible Data Breach occurs when the following criteria are met:

  • There is unauthorised access to or disclosure of personal information held by an entity (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
  • This is likely to result in serious harm to any of the individuals to whom the information relates.
  • CatholicCare Central Queensland has been unable to prevent the likely risk of serious harm with remedial action.

CatholicCare Central Queensland is obligated [under the Notifiable Data Breaches (NDB) scheme (Part 111C of the Privacy Act)] to notify individuals at likely risk of serious harm and notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable if there are reasonable grounds to believe an eligible data breach has occurred.

Enquiries And Complaints

If you would like further information about the way CatholicCare Central Queensland manages the personal information it holds, or wish to complain that you believe that CatholicCare Central Queensland has breached the Australian Privacy Principles please contact the Director of CatholicCare Central Queensland who will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as is practicable after it has been made. To make contact with the Director, please submit a hard copy letter signed by you to:

The Director
CatholicCare Central Queensland
PO Box 819
Rockhampton QLD 4700