Privacy policy
This procedure should be read in conjunction with the Legislation Policy.
Rationale
Olympic Adult Education is committed to protecting the privacy of personal information in communications and the confidentiality of all records and other information pertaining to them.
Relevant Legislation
Commonwealth legislation on responsible collection and use of personal and sensitive information.
Health Records Act 2001
Victorian legislation applies to all organisations that handle health information.
Privacy and Data Protection Act 2014
Victorian legislation applies to personal and sensitive information collected as part of DHHS and DET contracted servicesInformation
Privacy Act 2000 – Victorian Legislation
The Privacy Principles contained in the Victorian Privacy laws are a guide for minimum standards in relation to handling personal information.
In broad terms we
Collect only information which we need for a specified primary purpose
Ensure that the person knows why we collect it and how we will handle it
Use and disclose it only for the primary or a directly related purpose, or for another purpose with the person's consent (unless otherwise authorised by law)
Store it securely, protecting it from unauthorised access
Retain it for the period authorised by the Public Records Act 1973
Provide the person with access to their own information, and the right to seek its correction
Definitions
Health information
Health information means information or opinion about a person’s physical, mental or psychological health or disability that is also personal information. This includes information or opinion about a person’s health status and medical history.
Personal information
Personal information means recorded information or opinion, whether true or not, about a person whose identity is apparent, or can reasonably be ascertained, from the information. The information or opinion can be recorded in any form.
Sensitive information
Sensitive information means information or opinion (that is also personal information) about a person’s racial or ethnic origin, political opinions, religion, philosophical beliefs, sexual preferences or practices, membership of a political association, professional/trade association or trade union, or an individual’s criminal record.
Staff Duty of Confidentiality
All members of staff, including volunteers, have a duty of confidentiality towards participants’ personal / health information in accordance with this policy and the relevant legislation.
Collection of Information
We collect information necessary for the running of our programs and activities. This includes contact details, information required by our funding bodies and information required to determine educational & support needs of students.
We also collect some personal information for planning, funding, monitoring and evaluating our services and functions, but where practicable we remove identifying details from information used for these purposes.
Security of Information
At all times, information about participants will be kept secure. This includes phone numbers and addresses, and the opinions that staff members form in their professional interaction with participants.
Application
Personal / health information is usually collected at enrolment or as part of the initial assessment process. The assessor is to hand out /read through the Privacy Notice at this time.
A record of consent is to be kept if personal/health information is to be disclosed toanyone, unless the disclosure is required by law or necessary to prevent an imminent threat to life, health or safety.
Students, volunteers and staff are asked for permission to be in photos for publication and sign a photo permission form.
Change of details forms are to be readily available for participants to update their details.
Professional discussions concerning personal or health information between staff who work with the participant should take place out of hearing of other staff and participants. Only information which is clearly relevant for other staff should be discussed.
All student information, including student files, rolls, enrolment forms and class lists is to be treated confidentially. This information is not to be left unattended and/or uncovered. Information may be left in staff pigeonholes for short periods of time however all care is to be taken to protect this information.
Student information is only to be taken off site where strictly necessary such as outreach programs, and all care is to be taken to protect this information.
Student files are to be locked in filing cabinets and student data on the computer network is to be password protected with backups kept locked away.
Staff and Volunteers files are kept secure and in lockable rooms.
Personal/health information that needs to be disposed of is to be shredded.
Access to Personal Information:
Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up-to-date. Where that individual is unknown to the staff member, a visible form of identification is required.
Ensure all requests for information disclosure are referred to the CEO. In some cases consistent with the Privacy Act, OAE may refuse to give participants access to personal information it holds about them. In such cases, reasons for refusal will be provided.
Reasons for denying access include:
Where the request is frivolous or vexatious
Where providing access would have an unreasonable impact on the privacy of other individuals
Where providing access would post a serious threat to the life or health or any person
Where OAE is involved in the detection, investigation or remedying of serious improper conduct and providing access would prejudice that.