Your privacy and confidentiality

Anglicare Tasmania Inc. respects the privacy rights of all individuals and is required to comply with the principles contained within the following privacy legislation:

• Privacy Act 1988 (Cth) (Privacy Act)
• Right to Information Act 2009 (Tas)
• Personal Information and Protection Act 2004 (Tas) (PIP Act)

We must also comply with the:

• Australian Privacy Principles (Cth) (APP)
• Personal Information Protection Principles (Tas) (PIPP)
• Health Complaints Act 1995 (Tas)

Anglicare Tasmania is committed to the protection of personal privacy.  Here we identify how your personal information will be collected, stored, used, disclosed and disposed of.  We also explain how you can access and amend your personal information and what you can do if you think your privacy has been interfered with.

Personal information – collection and use

Information and data collection (some of which is personal information) is a requirement of many Anglicare funding contracts with Government.  Anglicare also collects personal information that is reasonably necessary to enable us to perform our functions and activities, which may include:

• the provision of disability, mental health and NDIS services;
• aged and home care services;
• housing support services;
• financial counselling;
• alcohol and drug support services;
• children, young people & family services; and
• research to improve the quality and types of service we provide.

We collect personal information by lawful and fair means.

The type of personal information we collect includes, but is not limited to:

• identity, address and other contact details;
• next of kin contact details;
• information about funding for services (claims number);
• other services clients are receiving from other organisations;
• financial information; and
• health Information.

Personal information will only be collected directly from you, from a third party if you consent, or from your legally recognised or appointed representative. In some circumstances, consent is not required for the collection of personal information by us.  This includes where the collection, use or disclosure of the personal information is required by law.  Examples include where disclosure is necessary to lessen or prevent a serious threat to life, health, safety or welfare of an individual.

If a child is under 16 years of age and it is not reasonable or practicable to collect the information directly from them, the information may be collected from a parent or guardian without the child’s consent.

When we collect personal information from you, we do this:

• by using written forms;
• through contact over the telephone, your mobile or other messaging technology;
• the internet, via our website;
• email transmission; and/or
• directly in person.

In most cases we will require you to acknowledge your consent to any collection, use or disclosure of your personal information by us.  Your acknowledgement may be required in writing or by specific acts such as when you click an acknowledgement on our website or when verbal acknowledgement is sought from you.

Your consent or acknowledgement may also be implied through conduct such as when:

• you speak to a staff member;
• you provide us with personal information that we have not specifically requested; or
• when we have provided you with the opportunity to choose (via opt in or opt out) and you have chosen accordingly.

We will not collect your Sensitive Information including Health Information unless:

• you consent;
• the collection is required or permitted by the PIP Act (and/or Privacy Act where applicable); or
• you are an employee of Anglicare and the information collected is employee information.

Can you be anonymous or use a pseudonym?

Anglicare, where it is lawful and practical, give individuals the option of not identifying themselves when entering into transactions with Anglicare.  However, in most situations, it is not possible for Anglicare to provide services or progress any transaction with you if you use a pseudonym or remain anonymous.

Privacy statement/collection notice

We will ensure you are aware when we collect your personal information and the primary purpose of its collection.  When you interact with Anglicare you will receive a privacy statement or personal information collection notice from us.  That notice provides information about how we manage personal information generally and may be delivered to you in a number of ways, including verbally, by hard copy paper, electronically or via a link to our website. If you access supports through Anglicare’s services, you will be provided a Service Agreement that will provide summaries and links to our website.

If Anglicare does not obtain the personal information requested, we may not be able to perform or provide you with requested services.

Disclosure of personal information

Where necessary for our activities and reporting, your personal information may be disclosed to Government funding bodies, at Federal & State level, Anglicare sub-contractors (for the purposes of any project work that Anglicare requires an external party to conduct in the areas of service delivery), other service providers or professional advisors based in Tasmania and/or based in other states (for example to IT service providers, accountants, auditors, lawyers or insurers), Anglicare organisations based in other states and other service providers at the time of client discharge/exits/transfer to another organisation (summary notes and any other relevant information considered necessary to include in summary notes to another service provider based in Tasmania and/or other states). Where relevant and possible, Anglicare will de-identify your personal information and data before sharing with external parties.

We will take reasonable steps to ensure the personal information we disclose to others is accurate, up-to-date, complete and relevant, having regard to the reasons why it is being disclosed.

Circumstances for disclosure

Under the following circumstances your personal information may be shared when the following are identified:

• an assessment is made that a client/personnel is likely to harm themselves or others,
• a client/personnel has disclosed a serious criminal activity or family violence,
• children are at risk of harm or neglect,
• assisting in locating a missing person,
• when approached by police requesting assistance,
• we are required to by legislation,
• a client’s file has been subpoenaed by law, or
• an employee is summoned to appear before a court of law.

Security of personal information

Anglicare have implemented technology and security standards, policies and procedures to protect personal information we have under our control from accidental loss, unauthorised access, improper use, unsanctioned modification and unlawful or accidental destruction.  Personal information will not be made available by Anglicare to any unauthorised person.  Anglicare uses a cloud based system held within Australia to store your personal information.

Access and amendment of information

You may request access to the personal information we hold about you using our contact details below.  If you request access to your personal information, it will be provided by way of copies or allowing you to inspect the requested personal information, without unreasonable expense or delay, unless:

• this would pose a serious and imminent threat to the life, health or safety of any individual;
• this would unreasonably affect the privacy of other individuals;
• the information is related to existing or anticipated legal proceedings between Anglicare and yourself and this information could not be obtained by the legal process of discovery in those proceedings;
• it would be unlawful to provide access;
• denying access is required or authorised by law; or
• providing access would be likely to prejudice an investigation into possible unlawful activity.

Usually we will need to verify your identity before providing access to your personal information.

We will provide you with access to your personal information or reasons for our refusal with 20 working days of receipt of your written request.

Where your file contains personal information that relates to a third party, this information may be redacted before you can access your file.

Anglicare will take reasonable steps to make sure the personal information it collects, uses and/or discloses is accurate, complete and up-to-date.

If your personal information changes or you believe our records are not up-to-date, complete and accurate please contact us to update the personal information you have provided to Anglicare by using the details below.

If we agree the information needs correcting, we will take reasonable steps to correct that statement.  If we do not agree that the information needs correcting, you can ask us to put a statement with the personal information explaining why it needs to be corrected.

We will respond to your request to update or correct inaccurate information within 20 working days of receiving your request.

Interstate and overseas disclosure

Anglicare may transfer personal information interstate or overseas where it is necessary for the purpose it was collected. Anglicare will comply with the requirements in the PIPP Act and/or Privacy Act (as applicable) to ensure recipient(s) of the personal information interstate or overseas are subject to similar privacy laws.

Destroying personal information

Anglicare will securely destroy or de-identify personal information when it is no longer required, except where it is required to be kept in compliance with the Archives Act 1983 (Tas) or another Australian law.

Supporting documentation

Australian Privacy Principles

Data breach notification guide: A guide to handling personal information security breaches; Office of the Australian Information Commissioner (OAIC); August 2014

Personal Information Protection Act 2004

Privacy Act 1988 (Cth)