This policy outlines Blue Knot’s commitment to Privacy. |
1. Objectives
Blue Knot Foundation is committed to protecting the privacy of individuals. This policy aims to ensure employees understand their obligations in relation to privacy and to ensure that any legal or ethical obligations are met by Blue Knot.
Service users as well as Members of the Helpline and Redress team should read this policy in conjunction with the Helpline and Redress Support Service Privacy Policy.
Service users as well as Members of the National Counselling and Referral Service team should read this policy in conjunction with the National Counselling and Referral Service Privacy Policy.
2. Application
This policy applies to all personal information collected, stored or used by Blue Knot. It also applies to any person or entity that is provided with access to Blue Knot’s data or similar, that contains any personal information. This may include, but is not limited to employees, contractors, sub-contractors, and volunteers. For the purpose of this policy this group is collectively referred to as employees.
Nothing in the policy is intended to replace legislation. Where there is an inconsistency between this policy and the legislation, the legislation will prevail. Where a situation occurs not explicitly described in this policy, legislation will be applied.
3. Commitment
Blue Knot is committed to ensuring the security and protection of all personal information.
We will deliver training, support and resources to all employees to ensure the highest standards of compliance and ethical behaviours are met in relation to meeting our objectives.
We are also committed to ensuring that the management of any personal information we hold, is done so in an open and transparent way by ensuring our policies are readily available and clearly expressed.
4. What is Privacy?
Privacy legalisation aims to protect and promote the privacy of individuals and how their personal information is collected, used and stored.
In order to meet our obligations under the Act, and ensure best practice principles are applied, Blue Knot has adopted the 13 Australian Privacy Principles (APP).
5. What is Personal Information?
Under the Privacy Act 1988, personal information is defined as: ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.’
For personal information to be protected under the Privacy Policy that information must be about an identified or reasonably identifiable individual.
Personal information includes sensitive information, health information, credit information, employee records information (unless an exemption applies) and tax file number information.
6. Anonymity and pseudonymity
Blue Knot will provide individuals with the option to use a pseudonym or remain anonymous where possible.
Due to the nature of some services or activities, this is not always possible. Where this option is not available, the security of the individual’s personal information will be protected as outlined in this policy.
7. Collection of information
Blue Knot will only collect information by fair and lawful means when it is reasonable and practicable to do so in order to provide accurate information, effective services, and to meet our legal and ethical obligations.
When the information we request is not provided, we may not be able to provide a service (partially or in whole), or the information requested about a service or product.
The information we collect may be collected directly by us, provided to us by a third party or by using publicly available information.
Our systems may assign a unique identifier to personal information so that we can securely store it and report on it in a de-identified way.
8. Notification of the collection of personal information
Blue Knot takes reasonable steps to notify individuals of the collection, usage and storage of their personal information where reasonably practical to do so. Blue Knot achieves this by publishing a number of notices on its website, and in its terms of service, contracts or similar documents.
Blue Knot will also notify individuals about the collection of their personal information when the collection of that information could not be reasonably assumed by the individual. We will provide this notification either before collection of the information, or as soon as possible afterwards.
9. Unsolicited personal information
From time to time, Blue Knot may receive unsolicited personal information about an individual. When this occurs, Blue Knot will review the information received and determine if that information is required to conduct its business or services. This includes assessing if the information provided to us is accurate and reliable. When Blue Knot determines that the information is not required, it will be either securely destroyed, or de-identified. When the information is required, it will be stored in accordance with our Privacy Policies.
10. Disclosures
Blue Knot may disclose personal information to another person, entity, authority or government body in some circumstances. This may include when:
- We are required by law to do so
- We are ordered to do so by a court or tribunal order
- There is an immediate or imminent risk of serious harm to the individual, an identified third party or the general public
- We are made aware of engagement or suspected engagement in an unlawful activity or serious misconduct
- A permitted health exemption applies
We may also disclose personal information to our funders to meet our contractual obligations and service agreements.
Where possible, personal information will be de-identified.
When disclosing your information, we will ensure that the recipient of the information has suitable and adequate Privacy policies and procedures in place that reflect relevant obligations under Australian law.
We may also disclose or use your information to seek feedback on our services.
11. Marketing
At times Blue Knot may use the personal information we collect to provide you with information about our products and services, or to seek your feedback on them.
All individuals have the right to opt out of any marketing material. Instructions on how to opt out are included within the marketing material that is sent out.
12. Responsibilities
All employees are expected to abide by the Privacy policies and procedures in place at Blue Knot. Additionally, employees are expected to participate in training when instructed, to maintain their knowledge of Privacy practices and to ensure that they seek support or advice when they are not certain.
All employees at Blue Knot may come to access or know private or confidential information in the course of their employment either as a necessary requirement of their job or unintentionally while performing their duties e.g. overhearing a telephone conversation.
Employees who come into contact with personal information are expected and required to maintain the privacy and confidentiality of that information by not sharing or disclosing it in any way. This includes not repeating or sharing any information you have learnt during your employment and after the cessation of your employment.
Furthermore, employees are not to share personal information with colleagues if the information is not relevant to that person’s position or authority.
It is also unacceptable for any employee to use any personal information or confidential information for personal gain.
13. Security of personal information
Blue Knot takes all reasonable steps to protect any personal information against misuse, interferences, loss, or unauthorised access, modification or disclosure.
This includes destroying or de-identifying personal information where appropriate.
Some of the steps we take include:
- Placing privacy and confidentiality requirements on employees via contracts and policies
- Providing training and resources to staff on privacy
- Restricting access to private and personal information
- Ensuring systems and methods of storage are secure utilising appropriate technology and best practice processes
- Continuous review and assessment of policies, practices, and systems.
14. Access to personal information
Individuals are entitled to access the personal information we hold about them. To access the personal information held by Blue Knot a written request can be made to the relevant service or directly to the Privacy Officer via email: [email protected] or post: PO Box 597, Milsons Point, NSW, 1565. Request to access information should include the person’s name, address, and contact information. Blue Knot will take reasonable steps to confirm a person’s identity and right to access the information before providing that personal information. Any person acting on behalf of another will need to provide evidence they have permission to access the information e.g., a letter from the individual authorising access.
We may charge a fee to cover any reasonable costs incurred in meeting a request for access. Reasonable costs include labour, translation of documents, collating information, posting documents etc.
We aim to provide individuals with access to their information within 30 days of the request.
There are instances where Blue Knot may not provide access to personal information. We may deny a request if:
- It would be unlawful to provide access
- Denying access is required by law or a court or tribunal order
- Providing it would prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
If access to personal information is denied, written notice with be provided explaining the reason for the decision.
15. Correction of personal information
Blue Knot will take all reasonable steps to ensure the information we collect and hold about an individual is correct and up to date.
If an individual believes the information we hold about them is inaccurate they may request, in writing, that we update that information. Where Blue Knot is satisfied that the information we hold is inaccurate, we will take all reasonable steps to correct this information within 30 days. If we determine the information held does not require correction, we will advise the individual in writing.
Anyone wishing to correct their information can make their request in writing to the service they have accessed or directly to Privacy Officer.
16. Privacy Officer
The Privacy Officer is available to provide assistance in relation to privacy matters including responding to privacy requests. The Privacy Officer can be contact via:
Email: [email protected]
Mail: PO Box 597, Milsons Point, NSW, 1565
Phone: 02 89203611
17. Privacy Complaints
Anyone not satisfied that Blue Knot is adhering to their privacy obligations, or with the way their privacy concerns or requests have been addressed, may raise a complaint as per the Complaints Policy.
Individuals may also make a complaint related to breaches under the Privacy Act to the Officer of the Australian Information Commissioner (OAIC). See the OAIC’s website for more information here: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us/
Alternatively, individuals based in NSW, Victoria or the ACT may be able to make a complaint in relation to their health information*. For further information, please see the relevant website listed below:
State | Body | Website |
NSW | NSW Information and Privacy Commission | https://www.ipc.nsw.gov.au/ |
VIC | Office of the Health Services Commissioner | https://hcc.vic.gov.au/ |
ACT | ACT Health Services Commissioner | https://hrc.act.gov.au/health/ |
*Health information is a type of personal information. It includes any information about an individual’s health or disability including opinions about an individual’s illness, injury or disability.
18. Related
- Privacy Act 1988 (Cth)
- Health Records and Information Privacy Act 2002 (NSW)
- Health Records Act 2001 (VIC)
- Information Privacy Act 2000 (VIC)
- Health Records (Privacy and Access) Act 1997 (ACT)
- Complaints Policy