Privacy obligations of Sanctuary Family Solutions
Personal information is information or an opinion about an individual whose identity is reasonably identifiable. Examples of personal information may include:
Name, contact details date of birth and age
Gender, details about participants’ physical or mental health, including disabilities
Information about participants or service users support requirements
Details of guardians and nominees, including names, addresses and contact details
Centrelink Customer Reference Number (CRN)
Details of feedback or complaints about services provided by us
Bank account details
You can choose to deal with us anonymously, in which case your personal information is not subject to privacy laws. However, if a person becomes, or applies to become, a participant in the NDIS or a registered provider of supports, it is impractical to deal with that person on an anonymous basis.
Privacy laws do not apply to the information of corporate entities, such as providers or community partners. However, the personal information of individuals connected with those entities (such as employees) will be protected by privacy laws.
In dealing with personal information, we abide by the obligations imposed on us under federal law, including the Privacy Act 1988 (Cth) (Privacy Act) and the National Disability Insurance Scheme Act 2013 (Cth) (NDIS Act).
The Privacy Act authorises collection of personal information where this is required to facilitate access to the NDIS, as well as other services provided by Sanctuary Family Solutions to assist performing our functions.
How will Sanctuary Family Solutions collect personal information?
We often collect personal information from people directly or from people who are authorised to represent them. While you do not have to provide us with all information requested, not providing this information to us may mean that:
We may not be able to decide whether you can become a service user
Decisions may be delayed while we seek further information
We may not be able to provide supports funded through the NDIS or other funding bodies
We sometimes collect personal information from a third party if you have consented, been told of this practice, or would reasonably expect us to collect the information in this way. An example of this is; collecting information from a healthcare service, such as a residential care facility, which is managing a participant’s care.
Federal law allows us to require the provision of information in certain circumstances. We do this in order to perform our functions, including facilitating the NDIS. The information collected is usually about participants, prospective participants, registered providers or persons with a disability who may wish to access the NDIS and is collected from other government bodies, registered providers of NDIS supports or anyone else who may hold relevant information.
If you are ever unsure about whether a person calling you is from Sanctuary Family Solutions or one of our community partners, before you give them any information you should ask the person to verify details about you. Alternatively, you should take their name and number and call them back. If you think you may have been contacted by someone wrongly claiming to be from Sanctuary Family Solutions or a community partner, please contact us by emailing firstname.lastname@example.org or calling on 0438 724 790.
How do we use and disclose personal information?
We collect, hold, use and disclose personal information for the purpose of providing services, including implementing the NDIS, conducting our operations, communicating with participants and health service providers, conducting research and evaluation on the NDIS, and complying with our legal obligations.
We make a record of some phone calls to help us in ensuring that the service we provide meets the highest standards. We may use your information to seek feedback from you regarding your level of satisfaction with our services.
If we need to disclose personal information, we will de-identify the information prior to disclosure, wherever it is practicable to do so. We will not normally disclose a person’s personal information to anyone outside the NDIA except where we refer participants to external providers of in-kind supports under an approved NDIS plan; where that person consents; or where the disclosure is authorised or required under law.
How does Sanctuary Family Solutions protect personal information?
We take steps to ensure that no-one outside our service can access information we hold about someone without that person’s consent, unless that access is authorised or required under law.
We have systems and procedures in place to protect personal information from misuse and loss, as well as from unauthorised access, modification or disclosure. These steps include:
• Paper records are held securely in accordance with Australian government security guidelines
• Access to personal information is on a need-to-know basis, by authorised personnel
• Our premises have secure access
• Storage and data systems and protections are regularly updated and audited
When no longer required, personal information is destroyed in a secure manner, archived or deleted in accordance with our obligations under federal law.
How can a person access or update the information that Sanctuary Family Solutions holds about them?
We aim to ensure that the information we hold about a person is accurate, up to date, complete and relevant before acting on it. If a person learns that personal information we hold about them is inaccurate, outdated, incomplete, irrelevant or misleading, that person should contact us so that their information can be updated.
Where a person requests us to correct personal information we hold about them, we will action this request promptly. A person can also request that we notify the changes to any other agencies or organisations that we have previously disclosed the personal information to.