Privacy Policy



APPROVED BY: Board of Management

APPROVAL DATE: 25 March 2020


The following revisions have been made to this document. Date

Revision Number

Revision description


Version 1

Initial document prepared and adopted.


Version 2

Initial document reviewed, updated and transferred to new policy template

Version 3

Policy updated to specifically cover management of personal information.


Version 4

Document updated with new review date to allow full review as part of improved Policy Framework


Children and Young Persons (Care Protection) Act 1998 (NSW)

Privacy and Personal Information Protection Act 1998

Federal Privacy Act 1988

Australian Privacy Principles 


The Board of the Organisation is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person.


The purpose of this document is to provide a framework for the Organisation in dealing with privacy considerations.


This policy applies to all workers and of other people who might be affected by the work of the Organisation including but not limited to permanent and casual employees, business partners, sub-contractors, labour hire employees, volunteers and work experience students.




The Organisation collects and administers a range of personal information for the purposes of its activities. The organisation is committed to protecting and upholding the right to the privacy of personal information it collects, holds, and administers.

The Organisation is bound by Privacy Act 1988 as well as other laws, which impose more specific obligations when it comes to handling information. The organisation has adopted the Australian Privacy Principles as minimum standards in relation to handling personal information.

In broad terms this means that we:

  • Collect only information which the organisation requires for its primary functions;
  • Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
  • Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent;
  • Store personal information securely, protecting it from unauthorised access; and
  • Provide stakeholders with access to their own information, and the right to seek its correction.

It is of the utmost importance that every employee observes strict confidence in regard to his or her duties.



The Organisation will:

  • Only collect information that is necessary for the performance and primary functions of the Organisation.
  • Notify stakeholders about why we collect the information and how it is administered.
  • Only collect information by lawful or fair means.
  • Notify stakeholders that this information is accessible to them.

Use and Disclosure

The Organisation will:

  • Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
  • For other uses we will obtain consent from the affected person.

Data Quality

The Organisation will:

  •  Take reasonable steps to ensure the information we collect is accurate, complete, up-to-date, and relevant, to the functions we perform.

Data Security and Retention

The Organisation will:

  • • Safeguard the information we collect and store against misuse, loss, unauthorised access and modification.


The Organisation will:

  • • Ensure stakeholders are aware of the Organisation’s Privacy Policy and its purposes.
  • • Make this information freely available in relevant publications and on the Organisations website.

Access and Correction

The Organisation will:

  • Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up-to-date.



The Organisation will:

  • Give stakeholders the option of not identifying themselves when completing evaluation forms or opinion surveys.

Making information available to other service providers

The Organisation will:

  • Can only release personal information with that person’s expressed written permission, or unless requested under section 16A of the Children and Youth Persons (Care and Protection) Act 1988. For personal information to be released, the person concerned must sign a release form (Appendix A General Consent to Release Personal Information Form).
  • Can release information to third parties where it is requested by the person concerned.


The Organisation requires staff and volunteers to be consistent and careful in the way they manage what is written and said about individuals. Any discussion or disclosures of confidential information concerning clients, staff or services generally is a serious betrayal of the service’s trust and may lead to instant dismissal.

On no occasion must information be disclosed to the press, radio, television or social media except through the Service Manager, General Manager or Executive Officer.

All staff or volunteers who have access to confidential records and client information shall sign a confidentiality agreement upon induction.




Appendix A General Consent to Release Personal Information Form

Appendix B Confidentiality Agreement including Schedule 1 Australian Information Privacy Principles


The Policy Officer will ensure that following a review of a policy, version numbers are updated and obsolete versions are destroyed.


This policy is valid at the time of writing, and should be reviewed every two years.


Scroll to Top