The Do Network recognises the importance of protecting the privacy of personally identifiable information collected about the people we support and is committed to protecting and upholding people’s right to privacy. The Do Network is bound by Australian Privacy Act 1988, Australian Privacy Principles (APP) which impose specific obligations when it comes to handling information.

The Do Network will:

Only collect information about you that is directly relevant to effective service delivery and duty of care responsibilities;

Not use or disclose personal information about you for a purpose other than:

• The purpose for which it was collected

• A related purpose which you would reasonably expect

• A purpose required or permitted by law

• A purpose for which we have obtained your consent or the consent of your family member or guardian

• Take all reasonable steps to make sure that the personal information we collect, use or disclose is accurate and up to date

• Take all reasonable steps to protect and safeguard the personal information we collect

• Make available our policies on our management of personal information

• Provide you with access to your personal information that we hold, except where we are required or entitled by law to refuse access

• Provide you with the option of being anonymous or using an alias, where it is lawful and practical

• Tell you if your privacy has or may have been breached and explain what is being done to deal with the breach

The Do Network will only collect personal information if it is necessary for us to do so. Situations in which we may collect personal information include, but are not limited to:

• When dealing with any request for services

• When surveying people to identify areas of service improvement and/or expansion

• When presenting seminars, conducting workshops or other functions

• When dealing with certain government agencies

• When required by law

• When dealing with people who contact us regarding our activities, or the activities of our members. Personal information may include sensitive information as defined in the Australian Privacy Act 1988, Australian Privacy Principles (for example, information about your racial or ethnic origin, sexual orientation or practices, your criminal record and health information about you)

We collect personal information in person, in writing, by telephone, and through other methods of communication with the people we support, their families and guardians.

The people we support provide personal information to us over the telephone to The Do Network, when they start receiving services from The Do Network and when there are changes in their circumstances.

The Do Network occasionally receives information from third parties, such as GPs and other referrers, regarding people who might like to access our services. It is presumed that the potential clients will have provided their consent for the third party to provide The Do Network with information.

The Do Network takes several steps to ensure the security of information about the people we support and to manage risks. These measures include:

• Password protection of all computers

• All files are stored in lockable filing cabinets

• Regular supervision of workers to ensure confidentiality is upheld

• External quality auditing

We use personal information to maintain client records, provide information and enable service provision. Your file may be reviewed to ensure compliance or personal information from your file may be used as part of reporting required by the granting entity.

The Do Network may disclose your personal information to third parties. These may include our contractors (including organisations used by us, such as “cloud” data storage contractors, to store information in an electronic format), insurers, and other entities. We will only do so in accordance with the Australian Privacy Act 1988, Australian Privacy Principles and our policy.

There are certain circumstances in which we may be legally required to provide personal information to government agencies, other organisations or individuals, for example if it will prevent or lessen a serious and imminent threat to somebody’s life or health.

In certain circumstances, if your communication with us raises safety concerns, we will try and contact you to check that you and/or others are safe. If necessary, we may need to pass on your contact information (if you have supplied it) to authorities who can help protect you and/or others, such as a crisis service or the police. Where possible we will work with you openly, letting you know if our concerns reach the point where we need to involve other services.

We are obliged to try to protect you and/or others if the information you submit tells us that:

• You are being seriously hurt by someone else

• You are thinking of seriously harming yourself

• Someone else is being, or is likely to be, seriously hurt by you or another person

If The Do Network is provided with unsolicited information, The Do Network will not release that unsolicited information to any third party without the written consent of the person providing that information, or their guardian.

The Do Network will start to collect your personal information when you first contact us by telephone, online form, email, letter, in person, or through another medium. We will take reasonable steps to ensure that an individual is aware of:

• Who we are and our full contact details

• The purposes for which the personal information is collected

• The organisations (or types of organisations) we will usually disclose or transfer that personal information to

• Any law which requires us to collect the personal information

• The main consequences (if any) if all or part of the personal information requested by us is not provided

The Do Network has put systems and processes in place to ensure that electronic data is secure including:

• Regular backups of a secure central server to ensure information is not lost

• Antivirus programs and active firewalls to prevent unauthorised external access

• Regular installation of computer program updates

• Education of employees about when access to personal information is permitted and use of emails and websites

As stipulated in the Act, if there is an electronic data breach of any of your personal information that is likely to result in serious harm, The Do Network will notify you whenever possible, within 30 days. This notification will include:

• A description of the data breach

• The kinds of information concerned

• Recommendations about the steps you should take in response

The Do Network will also inform the Australian Information Commissioner.

Examples of data breach that cause serious harm include when:

• A device containing your personal information is lost or stolen

• A database containing your personal information is hacked, or

• Your personal information is mistakenly provided to the wrong person

Personal information is considered to be your name, address and/or phone number, and could also include:

• Sensitive information about your health

• Documents used for identity fraud such as tax file number, Medicare card, driver’s licence, or

• Financial information

Requests for access to your personal information should be made in writing to our Practice Manager. In most circumstances we will make available to you the personal information about you that we have collected. In certain circumstances we might not allow you access to your personal information. These circumstances include, where:

• It would have an unreasonable impact on the privacy of others

• The information relates to legal proceedings with you

• The information would reveal our commercially sensitive decision-making process

• Providing access to the information would prejudice certain investigations

• We are required by law not to disclose the information. This includes duties we may have under common law

We will respond to a request for access to information as a priority and will seek to do so within a maximum of 10 days. We will not charge you for requesting access to your own personal information.

If we decide we cannot provide you with information you have requested, we will explain, as far as practicable, why we cannot provide the information. We will also inform you who you can complain to if you are not satisfied with our decision.

If you believe that any information that we hold about you is inaccurate or out of date, please contact us and we will review and update the relevant information.

The Do Network wants to improve our systems and procedures to give you full confidence in our ability to respect and safeguard the privacy of the personal information you provide to us. If we have not fulfilled our commitment to you, please tell us by contacting our Practice Manager.