A downloadable version of this policy is available here.
1.0 Policy Statement
The purpose of this policy is to outline how Autism Tasmania collects, handles and safeguards your personal information. It also outlines how you can seek to access and make changes to your personal information and make a privacy related complaint.
2.0 Policy Principles
Autism Tasmania acknowledges and respects the privacy and confidentiality of individuals. Confidentiality relates to the treatment of information that has been disclosed during the course of a professional relationship. Employees of Autism Tasmania are obliged to respect client privacy and confidentiality at all times in their interaction with other employees and external stakeholders and are to refrain from disclosing information that is given in confidence. Staff should always use their discretion and judgement when discussing work issues, ensuring that private information is not shared outside the organisation unless required for service purposes and with appropriate written authorisation.
All personal information will be protected and managed according to the relevant legislation. This policy has been guided by:
- Privacy Act 1988
- Australian Privacy Principles (January 2014)
- Privacy Amendment (February 2018)
Autism Tasmania advise those whose information is being held, how and why information is being collected, how it is held, and whom it is shared. Information is not shared outside the organisation without the permission of the individual to whom that information pertains, or their guardian or nominee.
Please note, in accordance with the “Children, Young Persons and Their Families Act 1997”, Autism Tasmania is a mandatory reporter and has a special duty to inform Child Protection or Gateway Services if they believe, suspect or know that a child has been or is being abused or neglected. In these circumstances, we have an obligation to share required information about individuals with relevant services.
The following procedures are to be implemented to ensure that Autism Tasmania meets its legislative and policy obligations.
3.1 Autism Tasmania employees will ensure they:
- Only collect information that is directly relevant for service delivery;
- Gain written consent prior to obtaining or releasing information about individuals from any other person, agency or service;
- Ensure that personal information is stored securely and is not left for unauthorised staff, visitors, or the general public to view;
- Ensure that only staff who ‘need to know’ have access to relevant information;
- Ensure that personal information is only held by Autism Tasmania as long as it remains relevant to the delivery of services, Autism Tasmania’s duty of care, and legal obligations;
- Promptly investigate, remedy and document any complaint regarding privacy or confidentiality.
3.2 Autism Tasmania will:
- Maintain IT security protocols to ensure that personal information is kept safe and secure;
- Ensure that all personal information held is accurate to what is supplied, up to date, complete and relevant. There should be a regular review process and information should be disposed of appropriately when no longer needed/relevant;
- Gain agreement from all staff/contractors/volunteers to uphold Autism Tasmania’s policies and processes regarding safekeeping or personal information through the induction process;
- Advise individuals about the nature of personal information that is held and their right to view and request changes to their own information;
- Ensure that consent for sharing of any information is obtained prior to this occurring;
- Advise service users and their family/nominee/advocate of their right to complain and the complaints process;
- Advise service users and their family/nominee/advocate of their right to view this policy;
- Conduct regular privacy audits to ensure that Autism Tasmania is being proactive in monitoring privacy.
4.0 About the Information We Collect
4.1 Prospective and Current Employee/Volunteer Information
Autism Tasmania collects information on employees, prospective employees, contractors and volunteers to determine role suitability and to comply with legal obligations. Information collected may include some or all of the following:
- Contact details (name, address, phone numbers, email, etc);
- Personal details including personal details of emergency contact person(s);
- Personal details (eg. date of birth, gender)
- Country of birth, citizenship, residency, and/or visa details;
- Details of current/previous employment or volunteering;
- Qualifications, skills and experience;
- Bank details and tax information;
- Information and opinions from referees for prospective employees and candidates for volunteer work;
- Police Checks and Working with Vulnerable People information.
We collect this information directly from you when you apply for employment/volunteering opportunities with the organisation. We also collect and may disclose information to/from your nominated referees, and through criminal history and working the vulnerable people checks.
4.2 Service Users
Personal information is collected via membership applications, Coordination of Supports intake assessments, workshop and training registrations, and online/phone/ face book messaging enquiries. We collect contact information such as name, address, phone and email, and personal details such as date of birth and gender. We will ask whether you have an autism diagnosis and may need financial details such as bank account details if relevant to your enquiry.
Generally, personal and sensitive information is collected directly from the service user via telephone or face to face contact and completion of forms. In some situations, we may also obtain information about a service user from a third party such as a parent (in the case of a child) or NDIS nominee.
At first contact, usually by phone, staff will ask permission to collect and record basic contact information. Where more detailed information is required and provided in writing, service users are asked to complete a form or statement of ‘consent to share information’. Service users are able to review their consent to share information decisions at any time.
Personal information is collected to enable the organisation to meet the needs of users of Autism Tasmania services as well as for monitoring and evaluation of programs, production of annual reports, to comply with government funding requirements and legal requirements.
We only contact other organisations for information about a service user when we have consent to do so. Personal information is not disclosed to other organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed on to those organisations or individuals, or the disclosure is otherwise required or authorised by law. Mandatory reporting of child abuse and/or neglect is an example of this circumstance.
4.3 Donor Information
Information about donors is collected via telephone or written (eg email) communication. Contact information (name, address, email, etc), personal details (e.g. date of birth, gender), and Bank account/relevant financial details may be recorded where relevant.
4.4 Website Information
The Autism Tasmania website contains links to other websites and service providers. Users should be aware that linked websites may have different privacy policies to our organisation. To verify how any organisation/website collects and uses information, it is the responsibility of the user to check that organisation’s policy.
4.5 Online User Information
Data collected via interaction with our website includes:
- Contact details (name, address, email, etc)
- Non-personal information (e.g. visitor navigation and statistics)
- Server address, browser type, date and time of visit
Autism Tasmania uses this information to respond to user enquiries and to analyse website usage and make improvements to the website. Personal information is not matched to non-personal information collected.
4.6 Mailing Lists
Autism Tasmania maintains membership data for the distribution of our ‘Spectrum eNews’, as well as contact lists for information distribution about workshops and training and peer support for specific populations. We do not share these contact lists outside our organisation.
Personal information for contact lists are sourced directly from individuals. We update personal information in our data base when we are advised by individuals that their personal information has changed. When receiving marketing materials, recipients are free to ‘opt out’ of receiving such materials should they wish. Upon receiving a request to ‘opt out’, the individual is removed from any contact list and our database is updated.
5.0 Security of Personal and Sensitive Information
Autism Tasmania takes all reasonable steps to protect the personal and sensitive information we hold against misuse, interference, loss, unauthorised access, modification and disclosure. These steps include password protection for accessing our electronic IT system and securing paper files in locked cabinets. Only authorised personnel are permitted access.
Routine access to contact lists is limited to administration operators who have responsibility for maintaining the contact lists. When personal information is no longer required by the organisation or under an Australian Law or court/tribunal order, it is destroyed in a secure, de-identified or deleted as appropriate.
We do all things that a reasonable that a prudent entity would do to ensure that all your data is protected at all times from unauthorised access or use by a third party or misuse, damage or destruction by any person.
We provide protective measures for your data that are no less rigorous than accepted industry standards and commensurate with the consequences and probability of unauthorised access to, or use, misuse or loss of, your data.
6.0 Sharing of Information
Autism Tasmania cannot use or disclose information for a purpose other than what it was collected for unless:
- The individual consents to the use or disclosure or,
- The use or disclosure is required under an Australian Law or court/tribunal order or,
- The use or disclosure is for government related identifiers or,
- It will prevent or lessen a serious threat to somebody’s life, health or safety or to public health or safety or,
- It is reasonably necessary for the organisation to take appropriate action in relation to suspected unlawful activity or misconduct of a serious nature that relates to our functions or activities.
6.1 Sharing of information With External Agencies
From time to time, Autism Tasmania is mandated to share or provide information to approved organisations. These may include:
- Government department/agencies who provide funding for Autism Tasmania services,
- The organisation’s professional advisors, including accountants, auditors and lawyers.
Information pertaining to staff, volunteers and candidates for employment may be shared with:
- Government department/agencies who provide funding for Autism Tasmania services,
- Other regulatory bodies, such as WorkSafe,
- Referees and former employers of Autism Tasmania candidates for employee and volunteer positions.
7.0 How to Access or Correct Your Personal Information
You may, at any time, request access to, or correction of, the personal information we hold about you by contacting the Privacy Officer using the contact details below. We will seek to respond to your request as soon possible.
If you wish to make a complaint about a breach of any privacy laws by Autism Tasmania , please contact our Privacy Officer using the details provided below.
We may request that you detail your complaint in writing. There is a ‘feedback and complaints form’ available on our website for you to submit your complaint to us in writing. We will investigate any complaint and will notify you of our decision in relation to your complaint as soon as it is practicable (usually within 30 days).
You may also contact the Office of the Australian Information Commissioner. Visit https://www.oaic.gov.au/ for more information.
9.0 Contact our Privacy Officer
If you have any questions relating to this policy please contact our Privacy Officer:
Postal Address: GPO Box 388, Hobart TAS 7001
Phone: 6722 5000