Privacy and Confidentiality
1.1. Speech & Language Development Australia (SALDA) is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act. The purpose of this policy is to detail how we protect the privacy of our clients, students and staff and how we comply with the requirements of the Privacy Act and the 13 Australian Privacy Principles. The Policy also describes:
1.1.1. the types of personal information collected and held by us;
1.1.2. who we collected information from;
1.1.3. how this information is collected and held;
1.1.4. the purposes for which personal information is collected, held, used and disclosed;
1.1.5. how clients and staff can gain access to their personal information and seek its correction;
1.1.6. how a complaint or inquiry can be made about our collection, handling, use or disclosure of personal information and how that complaint or inquiry will be handled; and
1.1.7. whether we are likely to disclose personal information to overseas recipients.
1.2. This policy applies to personal information held by SALDA and its services.
2.1. What kind of personal information does SALDA collect?
The kind of personal information SALDA collects is largely dependent upon whose information is being collected and why it is being collected. At all times we try to collect only the personal information required to carry out our functions or activities. In general terms, the organisation may collect:
2.1.1. Personal Information including names, addresses and other contact details; dates of birth; next of kin details; financial information; photographic images; staff records; and attendance records.
2.1.2. Sensitive Information (particularly in relation to client records) including health and medical information; religious beliefs; government identifiers; nationality; country of birth; languages spoken at home; professional memberships; family court orders; and criminal records.
2.1.3. Any other information that is relevant to providing you with the services you are, or someone else you know is seeking.
2.2 Who does SALDA collect information from?
SALDA collects personal information directly from parents, prospective parents, job applicants, volunteers and others including past students, contractors, visitors and others that come into contact with the organisation.
It is noted that employee records are not covered by the Australian Privacy Principles where they relate to current or former employment relations between the organisation and the employee.
2.3 How does SALDA collect personal information?
How personal information is collected will largely depend on whose information is being collected. If it is reasonable and practical to do so, SALDA will collect personal information directly from the individual to whom the information relates to, or a person authorised to act on the individual’s behalf (e.g. parent or guardian of an individual).
Where possible, the organisation has attempted to standardise the collection of personal information by using specifically designed forms (e.g. enrolment forms), and/or through specific permission (e.g. research activities). However, given the nature of SALDA’s operations, personal information may also be received by email, letters, notes, over the telephone, in face to face meetings, and through financial transactions.
SALDA may also collect personal information from other people (e.g. a personal reference) or independent sources (e.g. a telephone directory), however will only do so where it is not reasonable or practical to collect the information directly from the individual the information relates to. We will usually notify the individual about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.
Sometimes SALDA may be provided with personal information without having sought it through the normal means of collection. This is referred to as “unsolicited information”. Where SALDA has collected unsolicited information, it will only be held, used and/or disclosed if SALDA could have collected the information by normal means. If the unsolicited information could not have been collected by normal means, then it will be destroyed, permanently deleted or de-identified as appropriate.
2.4 How does SALDA use personal information?
Generally, the personal information that we collect and hold about you, depends on your interaction with us. SALDA will only use personal information about an individual that is reasonably necessary for one or more of its functions or activities (the primary purpose) or for a related secondary purpose that would be reasonably expected by the individual the information relates to, or where consent has been granted. Generally, we collect, use and hold your personal information for the purposes of:
2.4.1. providing education, pastoral care, and extra-curricular services;
2.4.2. providing health services;
2.4.3. keeping parents informed about matters related to their child’s schooling and/or health care, which may include the distribution of newsletters and magazines, as well as other forms of correspondence;
2.4.4. satisfying our internal business operations, including the fulfilment of legal obligations, and duty of care and child protection obligations;
2.4.5. providing information about other services that we offer that may be of interest;
2.4.6. marketing, promotional and fundraising activities;
2.4.7. the organisation’s administration, including for insurance purposes;
2.4.8. the employment of staff;
2.4.9. the engagement of volunteers;
2.4.10. continuous improvement of day-to-day operations, including staff training, systems development, developing new programs and services, and undertaking planning, research and statistical analysis.
2.5 How does SALDA treat sensitive information?
Sensitive Information is a subset of personal information and includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or preferences or criminal record and health information about an individual.
SALDA will only collect sensitive information that is reasonably necessary for one or more of its functions or activities, if consent has been given by the individual to whom the sensitive information relates, or if consent is provided by a person acting on the individual’s behalf (e.g. parent or guardian of an individual).
SALDA may also collect sensitive information as permitted under the Australian Privacy Principles or otherwise permitted by law, or if the collection is necessary to lessen or prevent a serious threat to life, health or safety, or another permitted general situation (such as locating a missing person) or permitted health situation (such as the collection of health information to provide a health service) exits.
SALDA will only use or disclose sensitive information for a secondary purpose if the individual would reasonably expect SALDA to use or disclose the information and the secondary purpose is directly related to the primary purpose.
2.6 Exchange of information between services
There may be occasions in which personal and/or sensitive information is exchanged between SALDA’s service providers; namely The Glenleighden School, Clinic Services, and School Support Services. Such information will only be exchanged where it is reasonably necessary for the organisation to fulfil its service obligations, and the individual to whom the information relates would reasonably expect the exchange, or where consent has been granted.
2.7 Storage and security of personal information
SALDA stores personal information in a variety of formats, including on databases, in hard copy files, and on personal devices such as laptop computers, mobile phones, cameras and other recording devices. The security of personal information is important and SALDA takes all reasonable steps to protect the personal information it holds from misuse, loss, unauthorised access, interference, modification or disclosure.
These steps include:
2.7.1. restricting access to information on the organisation’s databases on a need to know basis with different levels of security being allocated to staff based on their roles and responsibilities and security profile.
2.7.2. Ensuring all staff are aware that they are not to reveal or share personal passwords.
2.7.3. Ensuring where sensitive information is stored in hard copy files that these files are stored in lockable filing cabinets in lockable rooms. Access to these records is restricted to staff on a need to know basis.
2.7.4. Implementing physical security measures around the organisation’s buildings and grounds to prevent break-ins.
2.7.5. Implementing ICT security systems, policies and procedures, designed to protect personal information storage on computer networks.
2.7.6. Implementing human resources policies and procedures, such as email and internet usage, confidentiality and document security policies, designed to ensure that staff follow correct protocols when handling personal information.
2.7.7. Providing adequate training to staff about privacy and the handling of personal information.
2.7.8. Undertaking due diligence with respect to third party service providers who may have access to personal information, including cloud service providers, to ensure as far as practicable that they are compliant with the Australian Privacy Principles or a similar privacy regime. Personal information held by SALDA that is no longer needed is destroyed in a secure manner, deleted, or de-identified as appropriate.
2.8 Failure to provide information
If the personal information you provide to SALDA is incomplete or inaccurate, we may be unable to provide you or someone else you know, with the services you, or they, are seeking.
2.9 Internet users
If you access our website, SALDA may collect additional information about you in the form of your IP address or domain name. SALDA’s website(s) may contain links to other websites. SALDA does not share personal information with those websites and is not responsible for the privacy practices of linked websites. Any linked websites are not subject to our privacy policies and procedures. Please check their privacy policies.
2.10 Disclosure of personal information
SALDA will only use personal information for the purposes for which it was collected, or for purposes which are related (or directly related in the case of sensitive information) to one or more of its functions or activities. SALDA may disclose personal information to:
2.10.1 The Glenleighden School, Clinic Services and School Support Services;
2.10.2 government agencies;
2.10.4 recipients of SALDA publications (including publications of The Glenleighden School, Clinic Services, and School Support Services);
2.10.5 other parents, schools, visiting teachers, counsellors and coaches, service providers, agents, contractors, business partners and other recipients from time to time, only if one or more of the following apply:
2.10.6 consent to disclose the information has been granted;
2.10.7 the individual to whom the information relates would reasonably expect SALDA to use or disclose their personal information in this way;
2.10.8 SALDA is authorised or required to do so by law;
2.10.9 disclosure will lessen or prevent a serious threat to life, health or safety of an individual or to public safety;
2.10.10 where another permitted general situation or permitted health situation exception applies;
2.10.11 disclosure is reasonably necessary for a law enforcement related activity.
In some circumstances, the law may permit or require us to use or disclose personal information for other purposes (for instance where you could reasonably expect us too and the purpose if related to the purpose of the collection).
2.11 Personal information of a minor
The Privacy Act does not differentiate between adults and children and does not specify an age after which individuals can make their own decisions with respect to their personal information.
At SALDA a common sense approach is taken to dealing with a minor’s personal information and generally requests for personal information will be referred to the individual’s parents/carers. SALDA will treat notices provided to parents/carers as notices provided to the client/student, and will treat consents provided by parents/carers as consents provided by the client/student.
SALDA is however cognisant of the fact that children do have rights under the Privacy Act, and that in certain circumstances (especially when dealing with older clients/students and especially when dealing with sensitive information), it will be appropriate to seek and obtain consent directly from the client/student. SALDA also acknowledges that there may be occasions where a client/student may give or withhold consent with respect to the use of their personal information independently from their parents/carers.
There may also be occasions where parents/carers are denied access to information with respect to their child(ren), because to provide such information would have an unreasonable impact on the privacy of others, or result in a breach of the organisation’s duty of care to the client/student.
2.12 Disclosure of personal information to overseas recipients
SALDA is not likely to disclose personal information overseas. SALDA will take all reasonable steps not to disclose an individual’s personal information to overseas recipients unless:
2.12.1. we have the individual’s consent (which may be implied); or
2.12.2. we are satisfied that the overseas recipient is compliant with the Australian Privacy Principles, or a similar privacy regime; or
2.12.3. we form the opinion that the disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety; or
2.12.4. we are taking appropriate action in relation to suspected unlawful activity or serious misconduct.
2.13 Ensuring the quality of personal information
SALDA takes all reasonable steps to ensure the personal information it holds, uses, and discloses is accurate, complete and up to date. These steps include ensuring that the personal information is accurate, complete and up to date at the time of collection and when using or disclosing the personal information. SALDA maintains and updates personal information on an ongoing basis, as and when individuals advise of changes or when SALDA becomes aware through other means that the personal information being held has changed.
SALDA expects the individual, or their parent/carer (if applicable), to contact the organisation if any of the details they’ve provided change. SALDA should also be contacted if the individual believes the information held by the organisation is inaccurate, incomplete or not up to date.
2.14 Access to and correction of your personal information
An individual may request access to the personal information SALDA holds about them, or request that their personal information be changed, by contacting SALDA, or its applicable service provider (namely The Glenleighden School, Clinic Services, or School Support Services) in writing.
Should SALDA not agree to provide an individual with access to their personal information, or to change the information as requested, SALDA will notify the individual, and provide reasons for the refusal (unless it would be unreasonable to provide those reasons) and provide the individual with a statement regarding the mechanisms available to make a complaint. If the rejection relates to a request to change personal information, the individual may make a statement about the requested change, which will be attached to the individual’s record.
SALDA may require an individual to verify their identity and specify what information they require. SALDA may charge a fee to cover the cost of verifying, locating, retrieving, reviewing and providing access to any material requested (but not for making the request for access). If the information sought is extensive, SALDA will advise the likely cost in advance.
2.15 Privacy complaints
A complaint about a breach by SALDA of the Australian Privacy Principles may be made in writing and can be submitted by email, letter, or by personal delivery to the organisation’s Privacy Officer as noted below. A complaint may also be made verbally. SALDA will respond to a complaint within a reasonable time (usually no longer than 30 days) and may seek further information from the complainant in order to provide a full and complete response.
Complaints may also be taken to the Office of the Australian Information Commissioner.
2.16 How to contact SALDA
An individual can contact SALDA about this Policy or their personal information by:
2.16.1. Emailing firstname.lastname@example.org
2.16.2. Calling 1300 881 763
2.16.3. Writing to the Privacy Officer at:
Speech & Language Development Australia
33 Cubberla Street
FIG TREE POCKET QLD 4069
If practicable, an individual can contact SALDA anonymously (ie. without identifying themselves) or by using a pseudonym. However, if an individual chooses not to identify themselves, SALDA may not be able to provide the requested information, or the assistance they might otherwise be able to provide.
3.1. All SALDA employees are responsible for complying with this Policy.
4.1. Privacy Act 1988
5.1. This policy is due to be reviewed every year from the date of approval, or as appropriate, to take account of new laws and technology, changes to the organisation’s operations and practices and to make sure it remains appropriate to the changing environment.