Community Connect Transport (CCT) upholds the rights of service users, carers and families to privacy and confidentiality of information regarding background, health status and other personal information and takes steps to ensure that privacy is maintained under all reasonable circumstances.
CCT recognises that service users, carers and families have the right to access information about themselves, held by the service.
CCT conforms to both state and commonwealth privacy legislation requirements regarding the collection, use and protection of personal information of our Service Users and Team Members.
Confidentiality refers to the obligation of non-disclosure by this agency of personal information unless it has the consent of the person concerned.
The Service will ensure privacy and confidentiality by:
- Collecting only the information required for service delivery; Informing people of the purpose for collecting the information;
- Providing individuals with access to their information held by the Service;
- Disclosing personal information to 3rd parties only with the written consent of the individual;
- Securely storing Service Users personal information; and
- Destroying information in accordance with the Archives Act 1983.
CCT has an obligation to report personal information where there is:
- Disclosure of a crime or intended crime;
- Where the person is suicidal, his/her safety is at risk of personal harm or being abused by another; and
- To warn a third party who is in danger.
CCT adheres to the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Commonwealth legislation) which outlines 13 Australian Privacy Principles (APPs).
Principle 1: Open and transparent management of personal information
Principle 2: Anonymity and pseudonymity
‘Provides that individuals must have the option of not identifying themselves or of using a pseudonym, when dealing with an APP entity in relation to a particular matter’. This will not apply if under court order or impractical for service provision.
Principle 3: Collection of solicited personal information
‘The entity must not collect personal information unless the information is reasonably necessary for one or more of the entity’s functions or activities’.
Principle 4: Dealing with unsolicited personal information
The entity will, if it comes into possession of personal information that may not be required for service delivery, determine if the information was a result of standard data collection and if not required it will destroy the information or ensure it is de-identified.
Principal 5: Notification of the collection of personal information
The entity must take steps as soon as practicably possible to notify the individual of the reasons for collecting personal information and who is collecting it.
Principle 6: Use or disclosure of personal information
‘If an entity holds personal information about an individual that was collected for a particular purpose (the primary purpose), the entity must not disclose the information for another purpose (the secondary purpose) unless the individual has consented. If an organisation passes on personal information to third parties with the consent of the service user it must be de-identified.
Principle 7: Direct marketing
‘If an organisation holds personal information about an individual, the Organisation must not use or disclose the information for the purpose of direct marketing.’
Principle 8: Cross-border disclosure of personal information
This principle refers to the transfer of personal information to an overseas location which is not applicable to the service at this time.
Principle 9: Adoption, use or disclosure of government related identifiers
An organisation must not adopt a government related identifier of an individual as its own identifier of the individual unless it is required or authorized by law or a court/tribunal order.
Principle 10: Quality of personal information
An entity must take such steps as are reasonable in the circumstances to ensure that the personal information that is collected, used or disclosed is accurate, up-to-date, complete and relevant.
Principle 11: Security of personal information
If an entity holds personal information they must take steps as are reasonable to protect the information from misuse, interference, unauthorized access, modification, loss and disclosure. The entity must ensure that if information is no longer required that it is destroyed and/or de-identified.
Principle 12: Access to, and correction of, personal information
‘If an entity holds personal information about an individual, the entity must, on request by the individual, give the individual access to the information’
Principle 13: Correction of personal information
If the entity is satisfied that information is inaccurate, out of date, incomplete, irrelevant or misleading the entity must take steps to correct the information.
Adapted from Guidelines to the Australian Privacy Principles, Office of the Australian Information Commissioner https://www.oaic.gov.au/privacy/australian-privacy-principles/