Privacy

QAI’s Privacy and Confidentiality Policy

Applies to:

Management Committee, Staff, Volunteers

Standards or other external requirements:

 National Standards for Disability Services  (standards 1,2,3,4,5,6) , NACLC

Legislation or other requirements:

Privacy Act 1988 (Cth)

Contractual Obligations:

Department of Social Services  , Legal Aid

Related Policies:

File Management, Advice and Casework, Record Keeping , Data and &Advocated Persons’ Files

Forms and other organisational documents:

 

Approved Date:

27.03.2019

Next Review Date:

27.03.2020

Policy

All people in contact with QAI are entitled to have their personal information treated confidentially. QAI endeavors to protect confidentiality and to create an environment of respect and privacy.

QAI supports and complies with the Australian Privacy Principles in the Privacy Act 1988 (Cth), which regulate the collection, use, disclosure, and storage of personal information.

In this policy “personal information” has the same meaning as defined by the Privacy Act 1988 (Cth):

“information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not”.

Procedure

Collection of personal information

QAI will only collect personal information that is reasonably necessary for, or directly related to, one or more of its functions or activities.

QAI collects, holds, uses and discloses personal information for the following purposes:

  • participating in and providing systems advocacy;
  • providing individual advocacy services, including legal advice and representation and non-legal support;
  • meeting QAI’s obligations to funding bodies by providing statistics and reports;
  • applying for further funding to ensure continuation of QAI’s services and expand service provision;
  • assessing applications for employment with QAI;
  • ensuring QAI functions effectively to meet its obligations as an incorporated association and an employer of paid staff and volunteers; and
  • any other function or activity reasonably necessary for, or relating to, QAI’s functions of activities.

QAI will normally collect personal information about an individual directly from that individual. QAI sometimes collects personal information about an individual from another person or source, but only if:

  • the individual consents to the collection; or
  • QAI is required or authorised by an Australian law, or a court/tribunal to do so;

QAI will collect information in a manner which is least intrusive into an individual’s private and personal life. QAI will ensure that the manner in which personal information is collected is respectful of each individual’s privacy. For example, an interpreter or support person will only be present during the collection of information if the individual consents.

QAI endeavours to collect personal information which is accurate and relevant.

 

Use and disclosure of personal information

 QAI will not use or disclose an individual’s personal information for a purpose other than for the primary purpose of collection unless

  • the individual consents to QAI’s use or disclosure for a secondary purpose;
  • the secondary purpose is related (in the case of personal information) or directly related (in the case of sensitive information) to the primary purpose and the individual would reasonably expect QAI to use or disclose the information for the secondary purpose; or [Under the Privacy Act, the primary and secondary purpose must be “related” for personal information and “directly related” for sensitive information (such as health information).]
  • the secondary purpose is required or authorised by an Australian law, or a court/tribunal.

 QAI may disclose confidential information, including personal information:

  • where it suspects unlawful activity;
  • to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety; or
  • where a staff member is obliged by law to notify a relevant authority.

In these cases the Director of QAI or their delegate will determine the most appropriate course of action, having regard to the Australian Privacy Principles.

To properly perform its functions, QAI may disclose personal information or (if permitted) sensitive information to another person or organisation, for example:

  • to obtain an expert report from a doctor;
  • to make legal submissions to a tribunal;
  • for supervisory or debriefing purposes with an external agency; or
  • to QAI’s professional indemnity insurer.

QAI takes all reasonable steps to ensure that these people and organisations treat that personal information confidentially. 

Information gathered during interviews and meetings may be de-identified and aggregated into broad categories and used for data collection.

 

Accidental breach of personal privacy

At times, human error can inadvertently result in the accidental disclosure of personal information to an incorrect recipient.

 

Procedure

All staff must double-check addressees to all communications including emails and numbers on faxes.

Should an accidental breach of confidentiality occur, the QAI staff member concerned must as soon as possible:

  • contact the incorrect recipient, advise of the mistake, ask that the relevant documents be returned, destroyed or deleted (as appropriate), and obtain written confirmation that this has been done.
  • Seek guidance from the Director and/or Principal Solicitor as to what further steps to take. This will depend on the circumstances, but will likely include contacting the client and advising of the mistake, inform them of any action taken by QAI to prevent further disclosure, and if necessary advising of any ramification or recommended action as a result of the disclosure. Note that in some circumstances, mistaken disclosure may require further guidance form the Queensland Law Society Ethics Centre and/or notification to the Professional Indemnity Insurance representative and insurer.

All action taken must be documented on the client’s file.

The Director and/or Principal Solicitor must consider whether there should be any action to improve systems to avoid breach in the future.

 

Storage and security of personal information

QAI takes all reasonable steps to protect personal information it holds from misuse, interference, loss, unauthorised access, modification or disclosure. 

Electronic files are stored on computers which are password protected and regularly scanned for viruses. Paper files are located in a physically secure environment with restricted access. In accordance with the Legal Profession (Solicitors) Rule 2007, legal files are held for 6 years after they have been closed.

All QAI staff, volunteers and Management Committee members are required to treat any personal information held as highly confidential and in accordance with this policy.

QAI further ensures that the personal information it collects is kept private by:

  • discussing privacy and confidentiality with staff (including volunteers and contractors), the Management Committee and others QAI works with to maintain a high awareness of the importance of confidentiality; and
  • using anecdotal and personal stories at public venues with great precaution and care to ensure that privacy is protected.

QAI also takes reasonable steps to securely destroy or de-identify personal information where it is no longer needed for the purpose for which QAI collected it (and provided QAI is not required by or under an Australian law, or a court/tribunal order, to retain the information).

 

Access to personal information

An individual may request access to, or request a change to, their personal information held by QAI.

Sometimes, QAI may refuse access to personal information held about an individual for reasons consistent with the Australian Privacy Principles or because access is prevented by some other law. If access is refused, QAI will give reasons for the refusal. QAI aims to deal promptly with requests for access to personal information.

QAI will take reasonable steps to correct personal information held about an individual which QAI believes is inaccurate, incomplete, out of date or no longer relevant. QAI will also do so in circumstances where an individual requests us to correct their personal information. QAI will correct the information within a reasonable time of becoming aware it needs to be corrected, or an individual’s request. QAI will also notify relevant third parties of the correction. If QAI is not satisfied that the personal information needs amendment, QAI will take reasonable steps to record the individual’s views about the accuracy, completeness or currency of their personal information that is held by QAI.

 

Changes to the privacy policy

From time to time, it may be necessary for QAI to review and revise this privacy policy. QAI reserves the right to change this privacy policy at any time, without notice.  A current copy of QAI’s policy can be located on its website: www.qai.org.au

 

Queries or complaints

Any questions, concerns or complaints about information privacy should be directed in writing to:

Email:             qai@qai.org.au

Fax:                 (07) 3844 4220

Post:                Queensland Advocacy Incorporated, Level 2, South Central, 43 Peel St, South Brisbane Qld 4101

Individuals may also complain to the Office of the Australian Information Commissioner.

Tel:                  1300 363 992

Email:             enquiries@oaic.gov.au

Fax:                 02 9284 9666

Post:                GPO Box 5218 Sydney NSW 2001

Queensland Advocacy Incorporated

 (07) 3844 4200
 (07) 3844 4220
 1300 130 582
 qai@qai.org.au
 qai.org.au