Ensuring your privacy policy is adequate
What is Privacy?
In Australia, information that identifies or 'could identify' a person is protected by the Privacy Act 1988. The Privacy Act regulates how this information is handled. For example, it covers:
- how your personal information is collected (e.g. the personal information you provide when you fill in a form);
- how it is then used and disclosed;
- its accuracy;
- how securely it is kept; and
- your general right to access that information.
To fulfil statutory obligations necessary to operate a children's service, early childhood educators are required to collect personal information about the children and their parents/guardians. This information is collected before and during the course of their child/children's enrolment. Under the Privacy Act 1988 there are 11 Information Privacy Principles which services must comply. These are explained below.
Complying with the 11 Information Privacy Policy Principles
Collecting purpose and use
IPP 1: manner and purpose of collection
IPP 2: collecting information directly from individuals
IPP 3: collecting information generally
IPPs 8 - 10: information use
Services should explain articulate legal reasons to seek, record and store privacy information about our staff, families and children and the strategies and procedures we have in place to protect the privacy of this information from any unauthorised access.
Basic details are usually collected directly from our staff, parents/guardians such as names, addresses, phone contacts, medical information and other important information about their children and their families. In order to provide complete quality care, it is also necessary for our staff to collect details regarding children’s name, date of birth, medical details, health, routines, likes and dislikes; all of, which make up a personal data profile for each person.
Services should specifiy reasons for the collection of this data including legal obligations such as under the Education and Care Services National Law Act 2010.
Services should also detail other information and reasons collected such as collecting and holding information regarding families’ Child Care Benefit entitlements for processing of payments.
Naturally much of the children and parent/guardian’s information is determined to be of a strictly personal nature and, at times, may be regarded as ’sensitive'.
Services should explain the methods they use to collect information including paper based forms (eg. enrolment forms), online tools including surveys, email and LIFT.
Services should outline assurances that all information collected from persons will be considered private and confidential and not disclosed without the prior knowledge or consent from the individual or legal representative. For children it should be explained that their legal representative is their parent or guardian.
Security
IPP 4: storage and security
Services need to explain clearly how information is handled securely. This should include where records are stored, who sees those records including but not limited to:
- hard copy enrollment records;
- networked electronic records including emails, surveys and forms;
- online tools like CCMS providers and LIFT.
Services should explain what steps are taken to ensure only approved persons have access to this information. How the provider will ensure that only persons with explicit permission to access these records. are accessible to persons other than [Company] staff with the explicit permission of the relevant parent/guardian.
Access and
Correction
IPPs 5 - 7:
access and amendment
Services need to outline how persons can request access to their information and make changes to their information as required, including how to change and alter:
- enrollment details;
- access to electronic collaboration tools like LIFT;
- access to CCMS tools.
Disclosure
IPP 11: disclosure
Services should clear state that they will only use or disclose personal information for the purpose it was collected, or a reasonably expected related purpose and that they will not use or disclose personal information to a third party[1] for any other purpose without consent, unless it is authorised or required by law.
Complaint
Services should outline that how the services manages complaints with regards to privacy.
Sources
Education and Care Services National Law Act 2010 retrieved 25 July 2012 http://www.legislation.vic.gov.au/Domino/Web_Notes/LDMS/PubStatbook.nsf/51dea49770555ea6ca256da4001b90cd/b73164fe5da2112dca2577ba0014d9ed!OpenDocument
NCAC (n.d.) “Policy templates..” Sourced on 1/6/2008 from http://www.ncac.gov.au/policy_development/policy_templates.asp
National Privacy Principles retrieved 25 July 2012 from http://www.privacy.gov.au/materials/types/law/view/6892
Education and Care Services National Regulations 2011 retrieved 25 July from http://www.legislation.nsw.gov.au/sessionalview/sessional/subordleg/2011-653.pdf
“Privacy…” (n.d) Source 27/1/2010 from http://www.childcare.com.au/privacy
Legislative Acts:
Privacy Act (1988)