
Privacy and Confidentiality
Privacy and Confidentiality Statement
PURPOSE
Positive Solutions (we, us or our) values and respects the privacy of the people including clients (individuals and businesses), employees, Board members, students on placement, and contractors that we deal with (you). Positive Solutions is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws and regulations.
Positive Solutions requires all staff to be ethical and accountable when collecting, storing, and using the information it collects, holds and administers. Positive Solutions only collects and stores personal information that is necessary for its functions and activities.
This policy has been developed on a premise that Positive Solutions as an organisation is committed to fair and responsible collection and handling of personal and sensitive information. The collection of personal and sensitive information includes that of both client and workforce. This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information.
DEFINITIONS
Confidential Information includes, but is not limited to;
- documentation or information received by staff in the performance of their duties;
- records, materials, trade secrets, financial information, personal details, business details and other commercially sensitive information;
- information relating to our business activities that has not been made public; and
- any other information obtained in confidence or that is, by its nature, confidential.
Personal Information
is information or an opinion about an identified individual, or an individual who is reasonably identifiable. Whether this information or opinion is true or not; and whether the information or opinion is recorded in material form or not.
Personal information may include sensitive information about the individual such as racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health, genetic or biometric information.
PRINCIPLES
Positive Solutions complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APP), covering the collection, use and storage of personal and sensitive information. Positive Solutions also complies with the provisions under the Family Law Act 1975 (Cth), with funding provided by Government for services under this Act.
Positive Solutions will ensure that:
- it meets its legal and ethical obligations as a service provider and employer, in relation to protecting the privacy of its clients, which include businesses and organisations, and their representatives;
- all staff members understand what is required of them when handling personal/sensitive information; and
- all clients have access to information about Positive Solutions’ privacy and confidentiality policies and procedures.
Positive Solutions will:
- only collect personal information which the organisation requires for its primary functions including the provision of services;
- inform stakeholders about the type of personal information that is held, and how the personal information may be used and disclosed;
- take reasonable steps to ensure that any personal information collected or disclosed is accurate and up-to-date, and amend any inaccuracies where appropriate to do so;
- provide individuals with the opportunity to view personal information that is held about them, on request;
- take reasonable steps to protect all personal information from misuse/interference/loss, and unauthorised access, modification, or disclosure;
- take prompt and effective actions in response to known or suspected data breaches, in alignment with legislative requirements;
- destroy or de-identify personal information that is no longer needed for case management and filing purposes; and
- provide individuals with information about how to make a privacy or confidentiality complaint, if requested.
All Positive Solutions employees, sub-contractors, students and volunteers ensure compliance with this policy.
WHAT PERSONAL INFORMATION DO WE COLLECT
Positive Solutions only collects personal information that is necessary to provide our services. In some circumstances this may include sensitive information.
If you do not provide us with this information, we may not be able to provide our services. This could include but is not limited to:
- personal details including your name, date of birth, country of birth, gender, marital status, employment status, employer, income details including any Government benefits, living arrangements and cultural background
- contact details including address, telephone number, email address
- your financial information to assist with assessing fees and payment methods and property mediation;
- your health information, including Government Identifiers, such as a Medicare Number if:
- the information is necessary to provide a health service to you; and
- the information is collected as required or authorised by or under law and in accordance with rules established by health or medical bodies that deal with obligations of professional confidentiality which bind the organisation
- your sensitive information if such collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:
- is physically or legally incapable of giving consent to the collection; or
- physically cannot communicate consent to the collection;
- details or copies of any family violence, keep the piece or restraint orders;
- if you are a current or former employee, information relevant to your employment, including emergency contact details
Where possible, we will give you the option to interact with us anonymously or by using a pseudonym. However, if you choose to deal with us in this way or choose not to provide us with your personal information, we may not be able to provide you with our services or otherwise interact with you.
HOW WE COLLECT INFORMATION
Positive Solutions collects personal information including sensitive information in a number of ways. This may include:
- Telephone calls
- Face-to-face meetings and interviews
- Membership information;
- Intake forms
- Consent forms: such as a consent form to use a person’s name and photo in our publications;
- Event registrations;
- Feedback forms
- Employment information including but not limited to tax file declarations and superannuation choice forms
- Electronic communications: for example, e-mails and attachments (including CVs); forms filled out by people, including as part of acquiring a product or service from us;
- Third parties: for example, from carers, employers, insurers, parents or guardians, recruitment agencies, referees, representatives or agents; and
- Our website: including but not limited to, from the page ‘contact us’.
At or before the time we collect your personal information, we will take reasonable steps to ensure that you are made aware that we are collecting your personal information. We will use your personal information for the purpose for which we collected it. We may also use your personal information for related purposes which you would reasonably expect. We only collect sensitive information with your consent and where permitted by the Privacy Act (Cth). We will not use your personal information outside its intended purpose without your consent.
In respect of face-to-face meetings and interviews, to ensure privacy for individuals when personal matters are being discussed, all sessions and interviews will be conducted in private spaces. Prior to collection, individuals will be informed of the nature of information to be collected and recorded; the purpose of collection; and circumstances in which Positive Solutions may be required to disclose information to other parties.
COOKIES
In some cases, we may also collect your personal information using cookies. When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer.
We also use cookies to measure traffic patterns, to determine which areas of our website have been visited and to measure transaction patterns in the aggregate.
Our cookies do not collect personal information. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them. We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users’ movements, and gather broad demographic information.
HOW PERSONAL INFORMATION IS USED AND DISCLOSURE
Positive Solutions uses personal information collected from an individual for the purpose for which it was collected. This usually is to perform its obligations in delivering Positive Solutions’ services, which include:
- providing you with our services;
- providing Positive Solutions staff access to personal information to carry out services;
- sending notifications of appointments/meetings to clients;
- employee engagement and management providing reports to government and other funding bodies on the services they fund us to provide. Reports are generally de-identified and cover demographic and service use information only. Personal information will not be disclosed without consent of the individual/s concerned;
- coordinating and/or communicating with healthcare providers involved in your care
Sensitive information will be used and disclosed only for the purpose for which it was collected, a directly related secondary purpose, with your consent or as required or allowed by law.
Health information will be used and disclosed only for the purpose for which it was collected, a directly related secondary purpose, with your consent or as required or allowed by law.
Personal, sensitive and health information will be used internally for Positive Solutions for the holistic management of cases, including case discussions in internal supervision. Within the limited of professional ethics, this data will also be de-identified for case discussions for the purposes of external supervision.
Positive Solutions may:
- In relation to personal information which has been collected from a person, use the personal information for direct marketing, where Positive Solutions has provided an opt out and the opt out has not been taken up.
- In relation to personal information which has been collected other than from the person themselves, only use the personal information for direct marketing if the person whose personal information has been collected has consented (and they have not taken up the opt-out).
- In each direct marketing communication with an individual or business, Positive Solutions draws to the attention, or prominently displays a notice, that they may express a wish not to receive any further direct marketing communications.
Positive Solutions will not provide personal information about individuals to external agencies/parties, unless:
- signed consent for information-sharing to occur has been provided by the business, client or their legal guardian;
- it is information, included in reports, required by insurers under Workers Compensation services;
- Positive Solutions is required to disclose information as part of mandatory reporting obligations and/or duty of care requirements;
- Australian law or a court subpoena directs Positive Solutions to provide information;
- it is the subject of a search warrant;
- it is required to deal with a serious or imminent threat to any person’s health or safety and/or to public health and safety; or
- a Memorandum of Understanding (MOU) exists between Positive Solutions and another organisation that enables information-sharing to occur for case management purposes, and the client is informed of this in advance.
Potential Employees, Students and/or Volunteers
If you are a job applicant, student, or volunteer, we may use your personal information to:
- Keep records of communication with you.
- Assess your suitability when you apply for a position with us.
- Communicate with you by phone, email and other electronic means.
Businesses and Organisations
Through many of its services Positive Solutions may collect information that relates to a business or organisation. We may use your information to:
- Communicate with the entity and their representatives by phone, email and other electronic means maintain operational functions, including but not limited to booking appointments for services, managing enquires, providing reporting, processing payments and invoices.
- Retain records of communications.
- Ensure compliance with all legislative requirements.
ARTIFICAL INTELLIGENCE (AI) ACROSS SERVICES AND OPERATIONS
Introduction to Use of AI Tools:
Positive Solutions embraces the power of AI to enhance services for Positive Solutions, the people that they support, service providers, Government Funders and other stakeholders. These advanced technologies are leveraged to augment customer service interactions, optimise internal administrative functions, and streamline communications. This commitment extends to ensuring efficiency, responsiveness, and data integrity in every aspect of Positive Solutions’ operations.
AI tools used at Positive Solutions must be approved by the CEO prior to use and under no circumstances will:
- Personal or sensitive information of a client, employee, volunteer or any other stakeholder of Positive Solutions be input to an AI system.
- Information regarding the commercial activities and business operations of Positive Solutions be input into an AI system.
Application of AI Tools:
Application of approved AI tools spans various facets of Positive Solutions. It translates into more efficient clear and concise communication, facilitating better collaboration. Internally, these tools enable Positive Solutions’ staff to minimise the time allocated to routine administrative tasks, reallocating that time to focus on supporting Tasmanians.
Data Protection and Ethical Use:
The approved AI tools employed by Positive Solutions are selected with a stringent focus on data security, ensuring that no personal or sensitive information is used to enhance AI models.
PRIVACY OF CLIENT AND STAFF IN PUBLIC PLACES
Positive Solutions staff members will not approach clients or seek to engage them in conversation in public places. Where a staff member is providing ongoing counselling and/or any other support to a client who they are likely to see in public places, the staff member may facilitate a discussion about how to manage this.
Positive Solutions’ suite of service deliver types includes walk and talk sessions, which are held in public spaces. Whilst all efforts are made to maintain confidentiality for walk and talk sessions, due to the nature of being in a public space, there is possibility of conversations being overheard by other people. Clients who participate in the walk and talk sessions acknowledge the limitations of confidentiality through the signed of an Informed Consent form.
Positive Solutions respects the right of staff members to privacy outside of the organisation and does not hold an expectation that staff should or will engage with clients and/or other staff members outside of their working hours.
PROTECTION OF INFORMATION
Positive Solutions will take reasonable steps to ensure that the personal information that we hold is kept confidential and secure, including by:
- having a robust physical security of our premises and databases / records;
- taking measures to restrict access to only personnel who need that personal information to effectively provide services to you; and
- having technological measures in place (for example, multi-factor authentication, anti-virus software, fire walls).
WEBSITES LINKED TO OUR WEBSITE
Positive Solutions is not responsible for the practices employed by websites linked to or from our website or the information or content contained therein. Often links to other websites are provided solely as pointers to information on topics that may be useful to the users of our website. Please remember that when you use a link to go from our website to another website, our Privacy Policy is no longer in effect.
Your browsing and interaction on any other website, including websites which have a link on our website, is subject to that website’s own rules and policies. Please read over those rules and policies before proceeding.
ACCURACY AND QUALITY OF INFORMATION
Positive Solutions takes reasonable steps to ensure that all personal information stored about individuals is accurate, up-to-date, complete, relevant and not misleading. Individuals are encouraged to inform the organisation if there are changes to their contact information or circumstances.
To ensure that the personal information we collect is accurate, up-to-date and complete we:
• record information in a consistent format; and
• promptly add updated or new personal information to existing records.
ACCESSING AND CORRECTING PERSONAL INFORMATION
Any individual has the right to ask for access to the personal information that Positive Solutions holds about them and request that Positive Solutions corrects that personal information. An individual can ask for access or correction by contacting Positive Solutions and Positive Solutions must respond within 30 days. If a client asks, Positive Solutions must provide access to their personal information and take reasonable steps to correct it if considered incorrect, unless there is a law that allows or requires Positive Solutions not to.
Any request for client file access is governed by the Records Management Policy and Procedures.
STORAGE OF INFORMATION AND DESTRUCTION OF PERSONAL INFORMATION
Positive Solutions’ staff must safeguard sensitive and personal information (including file notes, written correspondence, and phone messages) from accidental or deliberate scrutiny of others. The Client Information Management system is password-protected by multi-factor authentication and contains client related data.
Hard-copy files for adult and child clients who were exited before 30th September 2020 are stored securely.
Positive Solutions will not keep personal for longer than needed to. In most cases, this means that we will only retain personal and/or sensitive information for the duration of the relationship with us unless we are required to retain your personal information to comply with applicable laws, for example record-keeping obligations as outlined in the Records Management Policy and Procedures
Storage of client files is detailed in the Records Management Policy and Procedures.
Positive Solutions securely destroys or de-identifies personal information when it is no longer required. Positive Solutions will upon written request from an individual that Positive Solutions holds personal information about, destroy or de-identify their personal information unless there is a legal or other requirement to retain that personal information.
TRANSBORDER DATA FLOWS
Sometimes Positive Solutions may send your personal information overseas, including to:
- service providers or third parties who store data or operate outside Australia (including but not limited to our online booking system service provider)
- organisations we partner with to provide products and services
- comply with laws and help government or law enforcement agencies
If we do this, we make sure there are appropriate privacy, data handling and security arrangements in place to protect your personal information. We will take reasonable steps to ensure that the third parties do not breach the APPs.
The country in which the recipients are likely to be located includes, but is not limited to, Canada.
INTERNAL ACCESS TO INFORMATION
Service files of clients are accessible to all staff members who have a client information management system username and password. Case information, including personal, sensitive and health information may be shared at Client Services meetings and discussed in internal supervision sessions. If a Positive Solutions’ staff member becomes aware of a personal association or relationship with a Positive Solutions’ client, they should inform other staff that they are not to be included in any discussions or information-sharing about that client.
If a client has concerns about accessing the service based on any personal associations or relationships with Positive Solutions’ staff members or other representatives (e.g. Board members), they will be provided with an opportunity to discuss these during intake. If necessary, the staff member should forward the query to management, for follow up.
SHARING INFORMATION WITH EXTERNAL PARTIES
Before disclosing any information to any external party, the client must have signed a Consent to Exchange Information Form, or an equivalent form/authorisation from another agency. Note: consent is not required if a worker believes that disclosure is necessary to prevent a serious threat to the individual’s life or to public safety or for mandated reporting, as outlined below.
Where a client is a minor there are further considerations and complexities to be made in respect to their engagement in a therapeutic environment, including confidentiality and information sharing and their rights and the rights of their legal guardian. Information regarding confidentiality in relation to minors is outlined in the Engaging with Minors Policy and Procedures.
Positive Solutions’ employees are mandated reporters of child abuse and neglect, and work in accordance with the Children, Young Persons and their Families Act 1997 (Tas). The Act requires that a Child Protection notification is made when a worker suspects that a person under the age of 18 years has experienced abuse or neglect (or is assessed as being at risk of abuse or neglect), or a disclosure is made to the worker. The Act also allows for information-sharing without consent to take place between mandatory reporters, where Child Safety Services have received information about a child; and/or there are assessment or care and protection orders in place. Positive Solutions may share information with:
- authorised government employees;
- disability service providers;
- providers of Alcohol and Other Drug (AOD) services;
- medical practitioners/nurses;
- police;
- teachers;
- child care workers; and
- agencies that provide health, welfare, education, child care or residential services wholly or partly for children;
where the information relates to concerns about the safety, welfare, or wellbeing of a child.
Positive Solutions’ employees are also mandated reporters under the Firearms Act 1996 (Tas). The Act requires that the Commissioner (being via the Firearms Office of Tasmania Police) is notified when they believe that the client is:
- likely to possess or use a firearm; and
- such possession or use would be unsafe, for the client or another person –
- because of the client’s mental or physical condition; or
- because the client would be a threat to public safety.
Positive Solutions Management is required to comply with the Tasmanian Reportable Conduct Scheme, as governed by the Child and Youth Safe Organisations Act 2023. Where there are concerns of conduct related to child abuse regarding a Positive Solutions’ worker (including volunteer or student on placement), Positive Solutions’ Management is required to report the information to the Independent Regulator of the Scheme.
COMPLAINTS
If you have an enquiry about our privacy or confidentiality processes, you may contact the Operations Manager of Positive Solutions’:
Email: [email protected]
Phone: 03 6223 5612
Post
Attention: Operations Manager
Address: 165-167 Davey Street, Hobart, Tasmania, 7000
If you wish to make a complaint, Client Services will provide you with a copy of Positive Solutions’ Feedback Form, available here. The complaint will be forwarded to the Operations Manager for attention and response. The complaint will be handled in accordance with Positive Solutions’ Complaints Policy, which is available on request.
You can make a complaint about interferences with your privacy to the Office of the Australian Information Commissioner. Their contact details are:
Email: [email protected]
Post: GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992