1. POLICY RATIONALE
The aim of this policy is to provide principles and guidelines to the privacy rights of all – residents, clients staff, volunteers of, and contractors working for Amana Living.
2. POLICY STATEMENT
The type of privacy covered by the Act is the protection of people's personal information.
In basic terms, personal information is information that identifies you or that could identify you. The Act’s definition of personal information is:
"... information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a) whether the information or opinion is true or not; and
b) whether the information or opinion is recorded in a material form or not."
Consent (Express or Implied)
(a) Express consent is given explicitly, either orally or in writing;
(b) Implied consent arises where consent may be reasonably inferred in the circumstances from the conduct and / or behaviour of the individual and Amana Living.
4. KEY RESPONSIBILITIES
All staff, volunteers and contractors have a responsibility to comply at all times with the regulations of the Act and with this Policy.
4.1 Senior Staff
- Must ensure that all employees within their areas fully understand their responsibility to ensure all Personal Information is collected and maintained in accordance with this Policy.
- Be capable of responding to requests for information from statutory, health care, regulatory or other lawful bodies entitled to the information.
- Must immediately inform your Manager if you have reason to believe there has been a notifiable data breach.
4.2 Leadership Team
- Adhere to the Data Breach Response Plan in the event there is a notifiable data breach
5. IMPLEMENTATION AND GUIDELINES
5.1 Open and transparent management of personal information
5.2 Personal Information
Personal information means information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. The personal information which Amana Living collects, stores, uses and discloses may include the following information for employees, residents, clients, guardians, immediate family member(s) and / or powers of attorney:
- contact details (including emergency contact details);
- driver's license and car registration details;
- employment history;
- banking details (including tax file numbers);
- information in relation to financial circumstances;
- social security details and other identifiers, including government related identifiers such as Medicare numbers;
- educational qualifications including which languages are spoken;
- photos and videos e.g. CCTV security cameras; and
- certain other details such as date of birth, marital status and occupation.
Some personal information is considered 'sensitive information' for the purposes of the Act.
The sensitive information which Amana Living collects, stores, uses and may disclose includes information or an opinion about an individual's:
- health, including health information provided by medical, allied health and referral professionals involved in care, genetic information, and biometric information;
- culturally specific information related to the delivery of care;
- religious beliefs or affiliations;
- membership of a professional or trade association;
- criminal record;
- sexual orientation; and
- next of kin and those contacts in care networks to ensure well-being and access to relevant care services.
5.3 Anonymity and Pseudonymity
In most circumstances, it is impractical for people to communicate with Amana Living anonymously. We need to identify you to assist you effectively. However, in circumstances where it is lawful and practicable to do so, Amana Living will provide you with the option of not identifying yourself, or using a pseudonym, when communicating with us.
5.4 Collection of solicited personal information
Amana Living only collects personal information by lawful and fair means, where reasonably necessary for our functions or activities, as an aged care agency of the Anglican Diocese of Perth.
We collect personal information which:
- you provide to us in the course of applying to become a resident at one of Amana Living's facilities and/or for engaging Amana Living to provide services to you;
- you provide in the course of applying for employment positions at Amana Living;
- is provided to us by third parties who have disclosed that information to us with your consent (and only if it would be unreasonable or impractical to collect the information directly from you);
- is provided to us by third parties which have a relationship with you (such as a social worker or government agency who has been involved in your referral to Amana Living) and only if it would be unreasonable or impractical to collect the information directly from you;
- is provided to us by medical professionals in relation to the services they provide to you (and only if it would be unreasonable or impractical to collect the information directly from you);
- you provide to us in the course of updating or changing your details, or in relation to any feedback, compliments or complaints you make;
- is contained in documents or correspondence you provide to us; or
- you provide to us in person, by phone, by post, by email, via our website or via other forms of electronic communication (including via social media).
Subject to certain exceptions under the Act, we only collect sensitive information about you if you consent to the collection of the information and the information is reasonably necessary for one or more of Amana Living's functions or activities. The provision of sensitive information to Amana Living on a voluntary basis (including, for example, information you supply when applying to become a resident at one of Amana Living's facilities) will be taken to be consent for this purpose.
In all cases, Amana Living will take reasonable steps to tell you why we are collecting your personal information and how it will be used at the time of collection.
When you visit our website, Amana Living utilises 'cookies' to enable us to monitor usage patterns and serve you more efficiently and help improve your online experience. A cookie does not identify you personally, but it does identify your computer. You can set your browser to notify you when you receive a cookie, and this will provide you with an opportunity to either accept or reject it in each instance. If you reject a cookie, some of the parts or features of Amana Living’s website that you are interacting / accessing with may not function properly.
CCTV recordings devices may be in place at Amana Living’s Retirement Villages and Aged Care Facilities to ensure the safety and security of residents, visitors and staff. CCTV footage remains the property of Amana Living.
5.5 Collection of unsolicited personal information
From time to time, Amana Living may receive unsolicited personal information.
Where we determine that we could not have collected the unsolicited personal information had it been solicited, we will destroy or de-identify that unsolicited personal information as soon as practicable,
5.6 Use or disclosure of personal information
Amana Living may collect, store (in hard copy or electronic form), use or disclose your personal information for the primary purpose of conducting and supporting its business activities as an aged care agency providing care, accommodation and services for older Western Australians.
We may also collect, store, use or disclose your personal information:
- to process your application for a place at one of Amana Living's facilities;
- to provide services to you (or for your benefit) as a resident of one of Amana Living's facilities;
- to provide other services to you (or for your benefit), for example, Amana Living's Home Care services;
- to process your application for employment, including payment of salary;
- to contact you should we need to;
- to address any enquiries, complaints or feedback from you; or
- to do anything Amana Living is required or authorised by law to do.
Further, we may disclose your personal information to:
- third parties where you have given your consent (express or implied), including organisations for research purposes;
- government agencies or other similar entities as required or permitted by law; and
- our professional advisors, contractors or other service providers whom Amana Living may engage from time to time to carry out, advise or assist with the carrying out of the business activities of Amana Living.
Amana Living will not use your personal information for a secondary purpose unless:
- you consent to the use or disclosure or you would reasonably expect us to use it for a secondary purpose which is related (or directly related in the case of sensitive information) to the primary purpose;
- the use or disclosure is required or authorised by law; or
- the use or disclosure is otherwise permitted by the Act (for example, as a necessary part of an investigation of suspected unlawful activity).
5.7 Social Media
Amana Living records all information posted to its social media pages and uses that information for the purposes of administering the pages, for record keeping, for considering and / or addressing any comments made and for running competitions and campaigns. No attempt will be made to further identify social media subscribers except where requested and authorised by law.
The social networking services may also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Twitter, Facebook and YouTube (a Google company) on their websites.
5.8 Cross-border disclosure of personal information
If we choose to store your personal information with an overseas recipient, we will take all steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the Act.
5.9 Adoption use or disclosure of government related identifiers
Where we collect your personal information, it will usually be identified by a common identifier, such as your name, address, contact details or a randomly generated unique number.
Subject to certain exceptions under the Privacy Act, Amana Living will not disclose identifiers assigned by Government agencies or its agents, such as tax file numbers, or use those identifiers to identify your personal information.
5.10 Direct Marketing
Unless you request otherwise, Amana Living may also use your personal information for marketing purposes to send you news, information about our activities and general promotional material which we believe may be useful or of interest to you. If you do not want Amana Living to use your personal information in this manner, please contact us using the contact details provided above in "Section 5.1 - Open and transparent management of personal information" and we will give effect to your request as soon as possible and, in any event, within 7 days.
5.11 Spam Mail
All electronic communications will include an unsubscribe facility. The Spam Act 2003 (Cth) prohibits sending unsolicited commercial emails, SMS, and MMS messages for commercial purposes. While non-for-profit organisations such as Amana Living do have exemptions from the Spam Act, we are guided by the Code of Practice developed by the Association for Data-Driven Marketing and Advertising (ADMA).
5.12 Security of personal information
Amana Living takes reasonable steps to protect your data from misuse, interference and loss, and from unauthorised access, modification or disclosure. This includes appropriate physical and technological barriers and security measures to protect your personal information in both hard copy and electronic form.
5.13 Access to personal information
Subject to any exceptions in the Act, if you have provided Amana Living with personal information, you have a right to request access to it. If you are of the belief that Amana Living holds personal information relating to you and you wish to obtain access to this information, please contact us on the details provided above. We may ask you to provide proof of your identity if you request access to or correction of your personal information.
In the event that a request for access is made, Amana Living will review our records to determine what personal information relating to you we hold and endeavor to respond to your request within a reasonable period after the request is made, but in any event, within 30 days.
Once Amana Living has notified you of the nature of the personal information relating to you which we hold, we will give you access to your personal information in the manner requested by you, if it is reasonable and practicable to do so.
We do not levy a charge in respect of the making of a request for access to personal information held by us. However, we may charge you for the reasonable costs incurred by us in providing you with access to the personal information held by us.
The Act provides instances where a holder of personal information may refuse to provide an individual with access to their personal information. If Amana Living refuses to give you access to your personal information, we will give you a written notice that sets out our reasons for the refusal and the mechanisms available to complain about our refusal.
5.14 Correction of personal information
Amana Living takes reasonable steps to keep your personal information as accurate, complete and up-to-date as possible. We make an effort to ensure this data is of high quality, but this relies on the accuracy and frequency of data provided by you.
You can assist Amana Living by notifying us if your circumstances change, such as if your name or address changes. If Amana Living holds personal information about you and you request that we correct the information, we will take reasonable steps to rectify the situation free of charge if we are satisfied that the information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading. If we refuse to correct your personal information, we will give you a written notice setting out our reasons for the refusal and the mechanisms available to complain about the refusal.
5.15 Notifiable Data Breaches (NDB)
Amana Living has information security obligations under the Act and from 23 February 2018 must notify the Australian Information Commissioner (Commissioner), and individuals whose information was involved, about eligible data breaches. Once Amana Living has reasonable grounds to believe there has been an eligible data breach, we will take such steps as are reasonable in the circumstances and as required under the NDB scheme, including:
- investigating the suspected breach and determining the scope of any breach that has occurred and the risk of harm to affected individuals whose information may have been compromised;
- notifying the individual involved and the Privacy Commissioner of the potential breach; and
- taking steps to minimise any harm caused to affected individuals as a result of the breach.
5.16 Complaints, questions or further information
If you wish to make a complaint about a breach of your privacy by Amana Living, you may contact us using the contact details provided above. All complaints will be investigated by an appropriately qualified representative of Amana Living. We will assess your complaint as quickly as possible, usually within 30 days. We will notify you of the outcome of the investigation, including how we propose to resolve your complaint and what, if any, corrective measures we will implement.
If you are not satisfied with our handling of your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). For more information about doing so, visit: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us/
6. RELEVANT LEGISLATION
Privacy Act 1988 (Cth), Privacy (Notifiable Data Breaches) Act 2017 (Cth) and related Australian Privacy Principles (APPs)
Aged Care Act 1997 (Cth)
Coroners Act 1996 (WA)
Spam Act 2003 (Cth)
Code of Practice 2015 (ADMA)
Notifiable Data Breach (NDB) Scheme
Date Effective: 23/11/2018
Review Period: Two Yearly
Author: Amanda Kierath, Corporate Services Manager
Document Number 7.0
Approved By: Stephanie Buckland, CEO