Privacy & Confidentiality
- Brunswick Industries Association (BIA) is committed to protecting the privacy of all personal and sensitive information of all its people including staff, supported employees, customers and business partners.
- BIA ensures all staff members do not discuss supported employees’ personal and sensitive information in a public forum so that they remain confidential and private.
Collection of personal & sensitive information
- BIA is required to collect personal and sensitive information about its supported employees. The information collected is to:
- accurately assess the individuals’ needs for the provision of suitable services
- accurately tailor services to meet the specific needs of participants
The information collected and retained is only what is necessary for BIA to meet its contractual obligations and its role as a responsible employer.
Types of information which may be collected by BIA include, but are not limited to:
- Individual’s name, date of birth and address
- Individual’s disability and any supports/funding required
- Any health issues/medication
- Any other issues which may affect/impact on the individual’s ability to participate in services provided
When collecting information BIA will take all reasonably practicable steps to ensure that the individual is aware of the following:
- the purpose for which the information is collected,
- any organisations/individuals to whom BIA would usually disclose that kind of information,
- that the individual concerned, guardian, or advocate, generally understands the purpose for which the information is being collected
- that the information collected is current and complete and,
- the fact that the individual has the right to access any information which is held by BIA at any time.
5. During the course of employment BIA will collect personal and sensitive information directly from its supported employees (or those acting on their behalf) wherever possible and practicable to do so.
Where the information pertaining to supported employees is obtained from a ‘third party’, reasonable steps will be taken to ensure that the individuals are made aware of the details.
6. Where possible, BIA will allow employees to interact with the organisation anonymously or using a pseudonym. For example, if the initial contact is an enquiry with a general question BIA will not ask for a name unless it is needed to adequately handle the question.
However, for most of BIA’s functions and activities, BIA requires an individual’s name and contact information, and enough information about the particular matter to enable BIA to fairly and efficiently handle the inquiry, request, complaint or application, or to act on the report.
- The primary purpose for the use of information shall always be to provide appropriate supports and services to the individual.
In certain circumstances BIA may disclose employee information to another party. These circumstances may be when requested by:
- a representative nominated and appropriately authorised by the employee,
- law enforcement agencies provided valid reasons are given and the file annotated accordingly,
- Department of Social Services, taxation and other bodies empowered under various Government Acts to obtain such information, and
- attending medical staff in the event of injury or illness.
The conditions under which information is released are:
- written consent is obtained from an employee or his/her guardian using the Consent to Release Information form, and
- if written consent cannot be obtained, verbal consent is annotated on the employee’s file.
Data quality and security
- BIA will take reasonable steps to ensure that all information collected and disclosed is accurate, current, and complete and stored securely. This is done by:
- recording information in a consistent format
- where necessary, confirming the accuracy of information collected from a third party
- promptly adding updated or new personal information to existing records
- regularly performing record audits
- taking reasonable steps to amend any information which is incorrect
- protecting personal information held from misuse, loss, unauthorised access, modification or disclosure
- storing personal information in a secure environment with limited and password protected access to authorised staff members only as per BIA’s Document & Records Control Policy # 7
- ensuring that third party IT & cloud providers used by BIA meet Australian privacy and information security standards and are regularly reviewed
- destroying or permanently de-identifying information that is no longer needed for any purpose permitted under the Privacy Act
- In the event of a data breach where personal information about an individual is subject to unauthorised access, disclosure, or is lost, BIA will:
- contain the data breach to prevent any further compromise of personal information
- assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals and, where possible taking action to remediate any risk of harm
- notify the individual/s and the Commissioner if required under an ‘eligible data breach’ as per the Notifiable Data Scheme & BIA’s Data Breach Response Admin Procedure # 22
- review the incident and consider what actions can be taken to prevent future breaches
- A privacy complaint relates to any concern regarding BIA’s privacy practices or its handling of an individual’s personal and sensitive information. This could include matters such as how information is collected, stored, used, disclosed or how access to information is provided.
All complaints about BIA’s privacy practices can be reported to the HR Manager following the Feedback, Complaints & Grievance Admin Procedure # 1