SASI is committed to protecting the privacy of personal information, which directly or indirectly identifies a person. This includes how we share information with parents & carers, staff across the service and other service providers.
SASI is bound by Federal Privacy legislation, the Information Privacy Act 2000 and the Health Records Act 2001, as well as other laws, which impose specific obligations in regard to handling information.
The Australian Privacy Principles (APP) set minimum standards covering the legitimate use of personal information. SASI will use the Australian Privacy Principles as a minimum standard.
SASI collects and handles a range of personal information for the purposes of providing services, or to carry out requirements under our service and funding agreement with the Department of Human Services Victoria.
To provide information about SASI’s handling of information, it’s commitment to upholding privacy principles and procedures for collecting and sharing of information.
- In accordance with SASI’s responsibilities, our service relates to many parts of our client’s lives. SASI recognises that the nature of these services means that much of the information we handle is particularly sensitive.
- SASI recognises that privacy principles protect personal information both as a matter of individual right, and to support the public interest in ensuring Government can collect information necessary for its services.
- SASI recognise the essential right of individuals to have their information handled in ways which they would reasonably expect – protected from unauthorised access but made available to them by written request.
Collection and use of Personal Information
- SASI only collects information which is needed for a specified primary purpose.
- SASI clients or their guardian/s will be asked to sign a consent form acknowledging that they understand how their information will be used, stored and how they may have access to it. This form will be kept with the client’s personal information.
- SASI will use and disclose client information for the primary or directly related purpose stated, or for another purpose with the client’s/guardian’s written consent (unless otherwise authorised by law).
- Clients will be given access to their personal information held by SASI within 45 days of a written request being received.
- SASI will not disclose personal information to a third party without the consent of the client but will do so if disclosure is required or authorised by or under law.
- Access to client information is limited to clients and other persons (when authorised by the client) or when the client cannot authorise, parties who authorise on their behalf such as parents, guardian/s and staff who require this information as part of their duties at SASI.
- SASI may share information with other disability service providers or other government agencies for the purposes of planning supports. Where this occurs, SASI will share only as much information as necessary to facilitate such supports.
- SASI acknowledges the use of electronic devices in the storing and recording of client’s personal information. SASI will promote mandatory privacy principles and ensure staff are trained in the responsible use and practical measures to maintain client’s privacy in this context.
- SASI will store physical personal information securely, protecting it from unauthorised access. SASI will review information stored and archive in line with records management and storage principles.
- Under no circumstances will SASI sell or receive payment for licensing or disclosing personal information about employees or members.
- SASI may engage services that provide online storage and data recording related to clients. Where this occurs, SASI will engage the provider of the service in relation to security of data. SASI will only engage providers that conform to Australian Privacy laws as a minimum. Where requested, SASI will provide contact information of the provider of the service to SASI clients or guardian/s.
- Staff must never share their password for any digital service, including computer log-ins and cloud based services unless authorised by the Line Manager fro temporary access. This is potentially a serious breach in privacy and will be subject to disciplinary procedures.
- Agency staff (non SASI staff) may be given access to a temporary password for access to digital services at the service site. Passwords relating to cloud based services will be changed at regular intervals.
- Any inquiries or concerns relating to this policy should be directed the CEO.
Offsite information access
Where staff have reason to access client/s information away from service site locations by using electronic media, staff must ensure the following conditions;
- Only access information when it is safe to do, taking into account adequate supervision of client/s and environmental safety aspects.
- Be aware of surroundings and potential for others to view information displayed on the device.
- Only access information as needed for the purpose of supporting clients and limit the time spent wherever possible.
- Ensure any client information or cloud based software is closed before giving device to any other person.
- Any missing or lost device must be immediately reported to your line manager.
- Agency staff do not have access to offsite digital information. If agency staff require client information whilst offsite, they should ring SASI emergency on-call number for Accommodation Service (for urgent advice only) and Line Managers for Day services and FROC.