Privacy and Confidentiality Policy for WEK Services

Privacy and Confidentiality Guidelines

Purpose of Information Collection: The information we collect is used to provide services to participants in a safe and healthy environment, tailored to their individual needs. It helps us fulfil our duty of care obligations, initiate appropriate referrals, and conduct business activities that support these services.

Compliance: We are committed to complying with the privacy requirements of the Privacy Act, the Australian Privacy Principles, and the Privacy Amendment (Notifiable Data Breaches) as required by organisations providing disability services.

Consent Requirements: We fully adhere to the consent requirements of the NDIS Quality and Safeguarding Framework and relevant state or territory regulations.

Access to Information:We ensure all individuals have access to information about the privacy of their personal data.

Right to Opt-Out: Individuals have the right to opt out of consenting to and providing their personal details if they choose.

Access to Personal Records: Individuals can request access to their personal records through their contact person/coordinator.

Reporting to Funding Bodies: When reporting to government funding bodies, the information provided is non-identifiable and relates only to services and support hours provided, age, disability, language, and nationality.

Use of Personal Information: Personal information will only be used by our organisation and will not be shared without your permission unless required by law (e.g., reporting assault, abuse, neglect, or compliance with a court order).

Use of Images or Video Footage: Images or video footage of participants will not be used without their consent.

External Audits: Participants have the option to be involved in external NDIS audits if they wish.

Security of Information Protection Measures: We take all reasonable steps to protect the personal information we hold against misuse, interference, loss, unauthorised access, modification, and disclosure.

Access Control: Personal information is accessible only to the participant and relevant workers. Security measures include password protection for IT systems, locked filing cabinets, and physical access restrictions, allowing access only to authorised personnel.

Disposal of Information: Personal information that is no longer required is securely destroyed or de-identified.

Data Breaches

Prevention: We take reasonable steps to reduce the likelihood of a data breach by storing personal information securely and making it accessible only to relevant workers.

Response to Breaches: If we know or suspect that your personal information has been accessed by unauthorised parties, and we believe this could cause you harm, we will take reasonable steps to mitigate the harm and advise you of the breach. If necessary, we will also inform the Office of the Australian Information Commissioner.



Breach of Privacy and Confidentiality

Incident Management: A breach of privacy and confidentiality is considered an incident and will be managed through our internal incident resolution process.

Investigation: Breaches may require an investigation.



Disciplinary Action: Intentional breaches of privacy and confidentiality will result in disciplinary action, up to and including termination of employment.

Definitions