Your privacy and rights

Purpose

Yorgum is committed to protecting client and employee’s information. Any personal information collected will be handled in
accordance with the Australian Privacy Principles (APPs) outlined in the Privacy Act.

Yorgum is committed to protecting client and employee’s information.

Scope

This policy must be followed by all employees and Directors.

Relevant Legislation and Standards

  • Privacy Act 1988
  • Australian Privacy Principles

Related Policies and Documents

  • Records Management Policy
  • Data Breach Response Policy and Procedures
  • Client Rights and Responsibilities (Clinical)
  • Client Rights Link-Up
  • Request for Access of Information form
  • Consent to Release and Obtain Information form
  • Client Consent form
  • Photo Consent form

Definitions

Privacy – protects consumers from unfair or unauthorised use of personal or sensitive information.

Personal information – is any information that can lead to an individual being identified.

Sensitive information – any information about an individual’s racial or ethnic origin, sexuality, health, religious/philosophical/political beliefs, criminal record.

Confidentiality – relates to how information that has been disclosed in the course of a professional relationship is treated.

Personal Information Handling Practices

Collection of personal information

Yorgum will only collect personal information necessary to deliver services and conduct the business activities that support this. The following types of personal information may be collected, but is not limited to:

  • Contact and identification details.
  • Personnel matters for staff and contractors.
  • Information to meet funding and service agreement obligations.
  • Information for quality improvement and accreditation purposes.

Sensitive information will be collected, if necessary, for service provision and to meet funding body agreements. Sensitive information collected may include details of a complaint, racial or ethnic origin, and/or other health information or services sought by the individual.

Collecting personal information from children and young people

Personal information about children and young people may be collected directly, through their parents or guardians, or from their education providers. If children and young people are over the age of 16, information will be collected directly as they are likely to have the capacity to understand any privacy notices provided to them and to give informed consent to collection. For children under the age of 16, or where capacity to provide consent is at issue, a parent or guardian will be notified, and their consent sought.

Anonymous/Pseudonym

Clients have the right to remain anonymous or use a pseudonym, as per the Privacy Act (1988). However, in some of the work undertaken in Yorgum, it may be impracticable for clients to use a pseudonym or remain anonymous. There may be certain circumstances where Yorgum is required or authorised by law to only deal with identified individuals.

Methods of collecting personal information

Personal information is collected directly from individuals or their authorised representatives and through referrals from other service providers. Methods used to collect this information include:

  • Face to face interactions through client interviews and counselling sessions.
  • Forms and documents completed by the client.
  • Communication via telephone, mail, email, fax or SMS.

Storage and security of personal information

Yorgum will take all reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure and undertakes the following measures:

  • Hard copy documents are stored in secure filing systems.
  • Electronic records are stored in secure databases and are password protected.
  • Only authorised users are provided with access to individuals’ personal information.
  • Destroy or de-identify information in accordance with legal requirements for retention and disposal.
  • Conduct regular audits to ensure compliance with record keeping practices.

Use of personal information

Yorgum uses personal information for the following reasons:

  1. To provide services to clients, which may include:
    1. The provision of counselling, support and advocacy
    2. Undertake family tracing
    3. Organising and managing reunions
  2. Performing employment and personnel functions – Yorgum collects personal information from employees and job applicants and may store information for the purposes of future recruitment.
  3. Meet regulatory and funding requirements – for the purposes of internal reporting and improvement of services.
  4. Marketing purposes – Yorgum may use personal information to communicate with individuals through direct marketing to inform them about Yorgum events.

Disclosure of personal information

Yorgum will not use or disclose client’s personal information to any other persons or organisations for any other purpose unless:

  • Consent has been granted by the client to disclose their personal information to other organisations or persons.
  • The use or disclosure is for a purpose directly related to providing care to the client.
  • It is a legal requirement.

Accessing personal information and correction

Individuals may request access to the personal information that Yorgum holds about them. Requests to access personal information:

  • Must be made in writing by completing a Request for Access of Information form
  • Be addressed to the appropriate Manager.

All requests for access are processed in conjunction with privacy legislation, as soon as practicable and generally within 30 days. Yorgum can refuse a client access to their personal information only if providing access would:

  • Pose a serious threat to the life or health of any person.
  • Have an unreasonable impact on the privacy of other people.
  • Be unlawful.
  • Be likely to prejudice an investigation of possible unlawful activity.

and if:

  • The information relates to legal proceedings (existing or anticipated) between Yorgum and the person.
  • Denying access is required or authorised under another law or has been requested by a law enforcement agency.
  • The request for access has been made unsuccessfully on at least one previous occasion and there are no reasonable grounds for making the request again.
  • The person has been provided with access to their information already and is making an unreasonable repeated request for access to the same information in the same manner.

If access to view a client file is refused, a written reason for the refusal (with the reason relating to the exemptions above) will be provided.

Maintaining the quality of personal information

Yorgum will take reasonable steps to make sure that client’s personal information is accurate, complete and up to date. Counsellors will check contact details with clients before embarking on outreach or at a client appointment.

If a client needs to change their personal information that is inaccurate, incomplete or out of date, they should advise Yorgum staff and all reasonable steps to correct the information will be taken.

Unsolicited personal information

Personal information unintentionally received by Yorgum, such as misdirected mail or promotional flyers, will be disposed of accordingly.

Disclosure of personal information to overseas recipients

Yorgum does not disclose personal information to overseas recipients.

Notifiable Data Breaches Scheme

In the event of any loss or unauthorised access or disclosure of personal information that is likely to result in serious harm, Yorgum will:

  • Investigate; and
  • Notify the people concerned and the Australian Information Commissioner as soon as practicable, in accordance with the Privacy Act.

Privacy Complaints

  • If there are questions or concerns about the collection, use or disclosure of personal information, or
    non-compliance with this Privacy Policy or the Privacy Act, clients can contact Yorgum directly.
  • Yorgum will investigate the complaint and determine whether a breach has occurred and what action,
    if any, to take.
  • Yorgum will aim to resolve any such complaint in a timely and efficient manner. The target response
    time is 30 days.
  • To lodge a complaint about a privacy issue, clients can complete a Client Feedback form or contact
    Yorgum directly by telephoning, faxing, emailing or speaking to a staff member using the details set out below:

Yorgum expects its internal procedures will deal fairly and promptly with a privacy complaint. However, clients who remain dissatisfied, can make a formal complaint in writing to the Officer of the Australian Information Commissioner (OAIC):