BetSafe is committed to protecting and upholding the right to privacy of clients, staff, volunteers, Board members and representatives of agencies we deal with. In particular BetSafe is committed to protecting and upholding the rights of our clients to privacy in the way we collect, store and use information about them, their needs and the services we provide to them.
BetSafe requires staff, volunteers and Board members to be consistent and careful in the way they manage what is written and said about individuals and how they decide who can see or hear this information.
BetSafe is subject to legislation applying to the organisation and/or its client group. The organisation will follow the guidelines of the N.S.W. Health Privacy Principles in its information management practices.
BetSafe will ensure that:
- it meets its legal and ethical obligations as an employer and service provider in relation to protecting the privacy of clients and organisational personnel.
- clients are provided with information about their rights regarding privacy.
- clients and organisational personnel are provided with privacy when they are being interviewed or discussing matters of a personal or sensitive nature.
- all staff, Board members and volunteers understand what is required in meeting these obligations.
This policy conforms to the Privacy and Personal Information Protection Act NSW(1988), the Health Records and Information Privacy Act NSW 2002 and the NSW Health Privacy Principles which govern the collection, use and storage of personal information.
This policy will apply to all records, whether hard copy or electronic, containing personal information about individuals, and to interviews or discussions of a sensitive personal nature.
Dealing with personal information
In dealing with personal information, BetSafe staff will:
- ensure privacy for clients, staff, volunteers or Board members when they are being interviewed or discussing matters of a personal or sensitive nature
- only collect and store personal information that is necessary for the functioning of the organisation and its activities
- use fair and lawful ways to collect personal information
- collect personal information only by consent from an individual
- ensure that people know what sort of personal information is held, what purposes it is held it for and how it is collected, used, disclosed and who will have access to it
- ensure that personal information collected or disclosed is accurate, complete and up-to-date, and provide access to any individual to review information or correct wrong information about themselves
- take reasonable steps to protect all personal information from misuse and loss and from unauthorised access, modification or disclosure
- destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired.
Responsibilities for managing privacy
- All staff are responsible for the management of personal information to which they have access, and in the conduct of research, consultation or advocacy work.
- The General Manager is responsible for content in BetSafe publications, communications and web site and must ensure the following:
- appropriate consent is obtained for the inclusion of any personal information about any individual including BetSafe personnel
- information being provided by other agencies or external individuals conforms to privacy principles
- that the website contains a Privacy statement that makes clear the conditions of any collection of personal information from the public through their visit to the website.
- The General Manager is responsible for safeguarding personal information relating to BetSafe staff, Board members, volunteers, contractors and clients.
- The Privacy Contact Officer: The Privacy Contact Officer will be the General Manager. The General Manager will be responsible for:
- ensuring that clients and other relevant individuals are provided with information about their rights regarding privacy
- handling any queries or complaint about a privacy issue
Privacy information for clients
At the beginning of counselling clients will be provided with information about how their privacy will be protected and their rights in relation to their information.
Privacy for interviews and personal discussions
To ensure privacy for clients or staff when discussing sensitive or personal matters, the organisation will ensure that interviews and counseling take place in a counseling room where discussions are kept private.
Participants in research projects
- People being invited to participate in a research project must be:
- given a choice about participating or not
- given the right to withdraw at any time
- informed about the purpose of the research project, the information to be collected, and how information they provide will be used.
- given copies of any subsequent publications.
The collection of personal information will be limited to that which is required for the conduct of the project. Individual participants will not be identified.
NSW Health Privacy Principles
1. Lawful - Only collect health information for a lawful purpose that is directly related to the agency or organisation's activities and necessary for that purpose.
2. Relevant - Ensure the health information is relevant, accurate, not excessive, up-to-date and that the collection does not unreasonably intrude into the personal affairs of a person.
3. Direct - Only collect health information directly from a person concerned, unless it is unreasonable or impracticable to do so. See the handbook on Health Privacy for an explanation of "unreasonable" and "impracticable". Visit www.privacy.nsw.gov.au for definitions.
4. Open - Inform a person as to why you are collecting health information, what you will do with it, and who else may see it. Tell the person how they can view and correct their health information and any consequences that will occur if they decide not to provide their information to you. If you collect health information about a person from a third party you must still take reasonable steps to notify the person that this has occurred.
5. Secure - Ensure the health information is stored securely, not kept any longer than necessary, and disposed of appropriately. Health information should be protected from unauthorised access, use or disclosure. (Note: private sector organisations should also refer to section 25 of the HRIP Act for further provisions relating to retention).
Access & accuracy
6. Transparent - Explain to the person what health information is being stored, the reasons it is being used and any rights they have to access it.
7. Accessible - Allow a person to access their health information without unreasonable delay or expense. (Note: private sector organisations should also refer to sections 26-32 of the HRIP Act for further provisions relating to access).
8. Correct - Allow a person to update, correct or amend their personal information where necessary. (Note: private sector organisations should also refer to sections 33-37 of the HRIP Act for further provisions relating to amendment).
9. Accurate - Ensure that the health information is relevant and accurate before using it.
10. Limited - Only use health information for the purpose for which it was collected or for a directly related purpose, which a person would expect. Otherwise, you would generally need their consent to use the health information for a secondary purpose.
11. Limited - Only disclose health information for the purpose for which it was collected, or for a directly related purpose that a person would expect. Otherwise, you would generally need their consent. (Note: see HPP 10).
Identifiers & anonymity
12. Not identified - Only identify people by using unique identifiers if it is reasonably necessary to carry out your functions efficiently.
13. Anonymous - Give the person the option of receiving services from you anonymously, where this is lawful and practicable.
Transferrals & linkage
14. Controlled - Only transfer health information outside New South Wales in accordance with HPP 14.
15. Authorised - Only use health records linkage systems if the person has provided or expressed their consent.
PO Box 1031
Eastwood NSW 2122