Anglicare’s Approach to Privacy
The new 13 APP’s appear in Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), which amended the Privacy Act 1988. The APP’s are structured to reflect the personal information lifecycle.
They are grouped into five parts:
Part 1 - Consideration of personal information privacy (APPs 1 and 2)
Part 2 - Collection of personal information (APPs 3, 4 and 5)
Part 3 - Dealing with personal information (APPs 6, 7, 8 and 9)
Part 4 - Integrity of personal information (APPs 10 and 11)
Part 5 - Access to, and correction of, personal information (APPs 12 and 13)
Purpose and Objectives
Anglicare provides a wide range of services to our clients and we need to collect our client’s personal information to ensure a holistic approach to care and the services we offer. Anglicare recognises and respects the inherent right to privacy of people, their families and the personal information they provide. Anglicare will collect, control, secure, store, use and disclose personal information obtained in compliance with the Privacy Act 1988 as amended and other legislation as applicable.
Collection of Personal Information
Anglicare will only collect personal information to provide clients with services or as required for organisational activities. Any personal information collected must be necessary to Anglicare’s particular (Primary) purpose.
If Anglicare obtains personal information that is not required, that information will be destroyed; if lawful to do so.
Personal information will be stored in appropriate and secure locations to reflect the sensitive nature of the information. Personal information containing contact details of clients or staff and their personal history will be stored in secure locations; where only authorised persons can access. However, less sensitive information will be stored within a secure electronic environment or in clearly labelled archive boxes, in specific filing rooms or archival areas in Anglicare buildings. Personal information will not be left uncontrolled on desks or around offices where accidental access could occur. Staff also consider the position of computer screens in relation to information privacy within the office environment.
Our clients have the right to not identify themselves or use a pseudonym when requesting services from Anglicare. However this will not apply if it is impracticable for Anglicare to provide services to the individual.
The information typically collected by Anglicare includes:
- Telephone number
- Email addresses
- Personal details relating to items such as gender, marital status, Date of Birth etc.
- Details of Next of Kin, family members and Power of Attorney's
- Medical records and histories
- Financial records
- Government related identifiers such as Medicare, Centrelink and Veteran Affairs
Anglicare will only collect personal information from that person with their prior knowledge and consent and for the Primary purpose for which it was collected.
Use of Personal Information
Anglicare will only use methods that are lawful and fair to collect personal information. Where reasonable and practicable to do so, personal information will be collected from the individual directly.
Personal information will only be used by Anglicare for the particular (Primary) reasons it was collected. In the majority of situations, Anglicare will collect personal information to provide suitable services. Anglicare will not share personal information with other internal programs without our client’s prior approval.
Anglicare does not use personal information for any marketing or promotional activities without that person’s approval.
Purpose of Collecting, Using & Disclosing Personal Information
Anglicare will collect, use or disclose personal information, for the particular (Primary) purpose it was collected. Anglicare will not disclose personal information, unless required by law; such as when Anglicare is subpoenaed.
Anglicare records data gained from people and companies accessing our website and this is used to optimise our ongoing interactions with web users. Anglicare does not use that data to identify website visitors.
Anglicare uses de-identified client data for research and advocacy. De-identified data is personal information that has names, aliases and addresses removed and typically retains information such as age, gender, ethnicity, geographical area, services sought and other non-personal details.
Clients Accessing & Correcting Personal Information
If Anglicare holds any personal information, access will be granted to the individual to review or correct their information upon presentation of appropriate identification, unless access is denied under law. The individual must make a request to Anglicare to access their personal information. Anglicare will provide access within a reasonable time of receiving the request, and not charge the individual for making the request or supplying their personal information.
Anglicare may seek to update existing information from clients to ensure details are current and valid. Therefore Anglicare will provide access for our clients to correct their personal information.
If an individual is denied access, it will be for the following reasons:
- Providing access would pose a serious or imminent threat to the life or health of any individual;
- The privacy of others would be unreasonably affected;
- The request is frivolous or vexatious;
- The Personal Information relates to existing or anticipated legal proceedings with the individual;
- Providing access would prejudice negotiations between Anglicare and the individual;
- Providing access would be unlawful; or
- Denying access is required or authorised under Australian Law or Court/Tribunal Order.
In some instances Anglicare may need to share personal information with lawyers, auditors or data specialists and they are bound by the same obligations as us.
Anglicare receives funding from various government sources and some of the obligations of that funding require Anglicare to provide reports to government agencies. In the majority of instances, those reports contain de-identified personal information but in some instances such as our residential aged care facilities, full details are utilised and the transfer of that type of information is exempted within the APP’s.
Security of Personal Information
Anglicare will secure personal information and protect it from unlawful access, dissemination, misuse or transmission. Personal information kept in electronic or hard copy will be given comparable levels of security. Anglicare has a records retention management policy and procedure that provides detail about how records are retained and when they are destroyed.
Destruction of Personal Information
Anglicare will retain personal information for various lengths of time dependent upon legislation and data retention requirements.
If a client seeks to have their personal information held by Anglicare destroyed, that request must be made in writing. That request will be complied with subject to our legislative and lawful requirements.
Breaching Australian Privacy Principles - Client’s complaint about Breach
If a client feels that Anglicare has breached the Australian Privacy Principles; they should put their concern in writing and forward to Anglicare’s Compliance Department (Property & Infrastructure Division), as per the requirements of Section 40 (1A) of the Privacy Act 1988. Anglicare will review the letter and forward a reply to the client within 30 days of receipt of initial letter. Complaints will be dealt with according to Anglicare’s Complaint Policy.
Our online donations system and the information it contains is held internally and we do not release that information for external use at all. Donation processing is secured by 128-bit SSL encryption to protect the transfer of personal and financial information between your browser and our server. Each donation is secured, and credit card details are not stored at any time. The only information collected and retained is the amount of the donation, transaction date, name and contact details as completed on the donation form.
Where donations are made over the phone or via mail, a copy of that donations is retained for tax and audit purposes in a secure location. Please feel free to contact us if you have any queries or feedback regarding our donations process.
PO Box 427
PARRAMATTA NSW 2124.
Information and Privacy Commission NSW
GPO Box 7011
Sydney NSW 2001
1 Castlereagh Street
Tel: 1800 472 679
Last updated: July 2015