The Australian Privacy Principles
The Australian Government introduced new legislation, effective 12 March 2014, which further protects the privacy of individuals. These principles replace the National Privacy Principles that came into force on 21 December 2001. You can find out more about these principles by calling the Office of the Australian Information Commissioner on 1300 363 992 or through their website.
The Buttery Private respects and upholds everyone’s right to privacy protection under the Australian Privacy Principles in regulating how we collect, use, disclose and hold personal information. We have a detailed policy and set of procedures to ensure that only authorised staff have access to personal information and that it remains confidential and is only used for appropriate purposes and in accordance with this notice.
1.2.7 Participant, Client Privacy and Confidentiality
The Buttery Private takes participant privacy and confidentiality very seriously and will comply with all laws, related guidelines and relevant professional standards that apply to how the organisation goes about collecting, using, storing and disclosing/releasing information about clients. There are currently myriad acts, regulations and legal guidelines relating to the collection, use, storage and disclosure of information, including client information in the health care context. These include: the Commonwealth Privacy Act 1988; the Commonwealth Privacy Amendment (Private Sector) Act 2000; the Commonwealth Guidelines on Privacy in the Private Health Sector 2001; the NSW Privacy and Personal Information Protection Act 1998; and the NSW Health Records and Information Privacy Act 2002.
For Buttery Private participants, the fact that they are receiving a service can be a sensitive matter for them. Therefore, all participant information should be treated as sensitive, regardless of its nature and the reason it is collected, and clear, explicit reasons should be given for why information is needed and how it is handled.
Buttery Private clients access its services completely voluntarily. However, consent to receive a service does not, of itself, carry a consent to collect and handle information. In practice, consent to receive a service and consent to collect and handle information often occur at the same time, but they are separate, distinct authorities given by an individual.
The key elements of consent are that: it must be given voluntarily; it must be informed (i.e. individuals must know what they are consenting to); and individuals must have the capacity to give and communicate their consent. A distinction is made between express consent and implied consent. Express consent refers to consent that is clearly and unmistakably stated, whether in writing, orally, or in another form where consent is clearly given (e.g. nodding the head). Implied consent is less obvious, but involves consent being given as the result of, or in conjunction with, a particular act. Wherever practical and reasonable, Buttery Private services should rely on express consent, coupled with clear and open communication with clients as to why information is needed and how it will be handled.
There are degrees of sensitivity of information and varying expectations of participants/clients regarding privacy and confidentiality of information. All information about participants/clients, whether given by them or collected from third parties, is considered to be personal information and is protected by privacy legislation. Information directly relating to assessment and treatment is categorised as “Health Information” in the legislation and is regarded as a particular kind of personal information that must be collected and handled with great care.
The need for privacy and confidentiality of participant/client information places an obligation on all Buttery Private staff and contractors to ensure information is not used in a way that is contrary to the interests of the person or organisation that provided it. All staff and contractors are expected to know their obligations in respect of privacy and confidentiality and are required to sign a Confidentiality Agreement for Staff and Contractors of The Buttery Private.
The principles set out below relating to privacy and confidentiality of information apply to all Buttery Private services (references to participants/clients also include potential participants/clients assessed for a service):
- policies and practices for privacy and information handling should be transparent, documented and made available to anyone who requests them.
- policies and practices for privacy and information handling should be clearly communicated to clients before a service is offered. Participants/clients should be given an opportunity to discuss and clarify the policies and practices before being required to give consent.
- The Buttery Private Buttery must keep records of its participants/clients in order to provide a service. Participant/client consent to collect and handle information must be clearly expressed and should also carry a clear understanding that records will be kept. Where a client requests that no records be kept, the service must be declined.
- the only information about participant/clients collected and handled by The Buttery Private will be information necessary to assess the need for a service, to provide the service and to evaluate the service. Wherever practical, information about a client should be collected from that client. Information should be as non-intrusive and objective as possible, yet relevant and up-to-date.
- a participant/client has the right to withhold information for privacy reasons. However, where the withholding of information compromises our capacity to make an assessment or provide a service, the service may be refused or withdrawn.
- any personal, identifying information about a participant/client will not be collected without the consent of that participant/client. Collection of information from third parties that is particularly sensitive requires the express consent of the client, given in writing wherever possible. The only exception is where information is needed to deal with a serious and imminent threat to the life or health of a client, and they are unable to give their consent. In all cases of information collection, clients should be made aware of what information is collected, why it is collected and how it is used.
- personal, identifying information about a participant/client may not be released or disclosed outside the Buttery Private without consent. Information that is particularly sensitive may not be released or disclosed without the express, written consent of that client. The only exception is where there is an over-riding legal obligation to disclose information (e.g. mandatory reporting of crimes, where a court orders information to be released, where there is a serious and imminent threat to the client’s life or health and they are unable to give their consent).
- participants and clients have the right to access information about them that is collected and held, and to request corrections to that information. Access will normally be given within 14 days of the request, unless the client agrees to a longer wait. Access can be denied where it may give rise to a serious threat to the life or health of the client or another person associated with the client. A decision to deny access should be made by the CEO or relevant Program Manager. Access should only occur in the presence of a qualified staff member, to help the client understand the information and ensure corrections are made where appropriate. Participants/clients may request a copy of any information, but care must be taken to ensure the copy does not include any identifying information about other persons.
- in the course of assessing and treating participants/clients, personal information about family members and significant others may be given by the participant or client. These individuals also have a right to privacy and confidentiality of their personal information. Personal, identifying information held about them will not be used in a way that is contrary to their interests.
- from time to time The Buttery Private conducts reviews, evaluations and audits of its record keeping, administration and service delivery for quality control purposes and to ensure that records meet required standards for health record keeping. Participant/client consent must be granted before researchers and evaluators are given permission to access sensitive, identifying information, and staff should ensure that sensitive information contained in case notes are not be read by any auditor or reviewer external to The Buttery Private Service under review. In addition, all third party reviewers are required to sign the Confidentiality Agreement for Staff and Contractors of The Buttery Private before commencing the review.
- The Buttery Private may only release a participant or client’s confidential information, including whether or not they are or have been a participant or client, where:
- the participant/client has consented in writing to the release of the information. Such consent may be restricted to specific information only.
- a court of law has subpoenaed a participant/client’s file or has subpoenaed a staff member to give evidence at a trial or court proceeding.
- a particular law imposes an obligation to report information received.
1.2.8 Staff Privacy and Confidentiality
Buttery Private staff, contractors, Foundation Committee members and Board members are also entitled to privacy and confidentiality regarding their personal, identifying information. Each staff member will have a personnel file, which is to be kept securely in the Finance Office. Access to personnel files will occur on a “needs only” basis. Authorised access is limited to the CEO, appropriate Program Manager and Administration staff. Personal, identifying information about staff will only be collected, held and disclosed with their knowledge and consent and will be confined to information relating to their employment only.
Buttery Private staff who seek a service from the organisation (whether former or current staff), are also protected by the same privacy and confidentiality obligations that apply for other participants and clients. Information collected and used for the purpose of assessment and providing a service to a staff member must not constitute part of their employee record. Personal information about persons applying unsuccessfully for a position in the organisation is also subject to privacy and confidentiality.
Website and Privacy and Confidentiality
The Buttery Private is committed to protecting the privacy of web users and using technology that will give users a safe and powerful online experience. This Statement of Privacy applies to The Buttery Private Website and governs data collection and usage. By using The Buttery Private Website you consent to the data practices described in this statement.
Collection of your Personal Information
Like all website providers, The Buttery Private collects personally identifiable information, such as your e-mail address, name, home or work address or telephone number. The Buttery Private may also collect anonymous demographic information, which is not unique to you, such as your postcode, age, gender, preferences, interests and favourites.
There is also information about your computer hardware and software that may be collected automatically by The Buttery Private. This information can include: your IP address, browser type, domain names, access times and referring Web site addresses. This information is used by The Buttery Private for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of The Buttery Private Web site.
Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through The Buttery Private public message boards, this information may be collected and used by others. Note: The Buttery Private does not read any of your private online communications.
The Buttery Private encourages you to review the privacy statements of Web sites you choose to link to from The Buttery Private so that you can understand how those Web sites collect, use and share your information. The Buttery Private is not responsible for the privacy statements or other content on Web sites outside of The Buttery Private Web site.
Use of your Personal Information
The Buttery Private collects and uses your personal information to operate The Buttery Private Web site and deliver the services you have requested. The Buttery Private also uses your personally identifiable information to inform you of other products or services available from The Buttery Private and its affiliates. The Buttery Private may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
The Buttery Private does not sell, rent or lease its customer lists to third parties. The Buttery Private does not use or disclose sensitive personal information, such as race, religion, or political affiliations, under any circumstances.
The Buttery Private keeps track of the Web sites and pages our customers visit within The Buttery Private, in order to determine what The Buttery Private services are the most popular. This data is used to deliver customized content and advertising within The Buttery Private to customers whose behaviour indicates that they are interested in a particular subject area.
The Buttery Private Web sites will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on The Buttery Private or the site; (b) protect and defend the rights or property of The Buttery Private; and, (c) act under exigent circumstances to protect the personal safety of users of The Buttery Private, or the public.
The Buttery Private Web site uses “cookies” to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize The Buttery Private pages, or register with The Buttery Private site or services, a cookie helps The Buttery Private to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same The Buttery Private Web site, the information you previously provided can be retrieved, so you can easily use the Buttery Private features that you customized.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of The Buttery Private services or Web sites you visit.
Security of your Personal Information
The Buttery Private secures your personal information from unauthorized access, use or disclosure. The Buttery Private secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other Web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Changes to this Statement
The Buttery Private will occasionally update this Statement of Privacy to reflect company and customer feedback. The Buttery Private encourages you to periodically review this Statement to be informed of how The Buttery Private is protecting your information.
The Buttery Private welcomes your comments regarding this Statement of Privacy. If you believe that The Buttery Private has not adhered to this Statement, please contact The Buttery Private We will use all reasonable efforts to promptly determine and remedy the problem.