The Australian Community Support Organisation Limited (ACSO) collects information about clients to help us provide an effective service. However, this process is carefully controlled. Protecting privacy is something we value highly.
ACSO is strongly committed to protecting its clients’ rights to privacy, and complies with all applicable privacy laws.
This policy applies to ACSO's collection and handling of personal information, sensitive information, and health information. Health information and other sensitive information is subject to a higher level of protection than other personal information. These terms have specific meanings within applicable privacy laws.
Personal information generally means information or an opinion about an individual whose identity is reasonably identifiable from the information or opinion, regardless of whether the information or opinion is true and whether or not it is recorded in a material form. For example: a person's name, address, marital status or family history.
Health information generally means:
personal information about an individual's health, illness, injury or disability (for example, a medical diagnosis);
personal information about health services provided to an individual, or the individual's expressed wishes about the future provision of health services to him or her;
personal information collected to provide health services to the individual;
personal information collected for donations of body parts, organs and substances; and
genetic information about an individual that could predict the health of the individual or a genetic relative.
Sensitive information generally means information or an opinion in specific categories, including health information (as discussed above) and other genetic and biometric information, as well as information about an individual’s criminal record, racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, or sexual preferences or practices.
In addition to its duties under privacy legislation, ACSO has a responsibility to protect the security and confidentiality of all information which it collects, generates, stores and uses in the course of providing its services, whether or not that information directly relates to an individual who can be identified from the information.
To offer its services, ACSO must collect a varying range of information. This may include:
Identifying information such as name, address, telephone number, place and date of birth, gender, nationality, ethnicity, language spoken;
Next of kin details, including place and date of birth of parents and siblings, family and relationship background information, name and contact details for significant others, guardianship information;
Accommodation and respite support details, carer’s details and transport requirements;
Personal information such as unique identifiers, social security information, Medicare number and concession cards;
Sensitive content may include support requested and provided, psycho social history, counselling reports, court reports, behavioural history, likes and dislikes and interests, photos and videos of activities, assessment and therapy sessions;
Special needs information including type, extent and support required, need assessment information, health details including medical records, medical summaries, medication reviews and history, and daily activity reports; and
Program specific paperwork, forms and reports.
ACSO will only collect personal information where it is lawful to do so. We collect information by fair and lawful means and not in an unreasonably intrusive way.
Under normal circumstances ACSO collects personal information about an individual directly from that individual (for example, when you complete a form). However, if ACSO collects personal information about an individual from someone else (for example, when receiving a referral from another agency), ACSO will take reasonable steps to inform the relevant individual of the collection unless doing so would pose a serious threat to the life or health of any individual or would involve the disclosure of information given in confidence.
If you do not provide us with the personal information we request, we may not be able to respond to your requests or manage your case appropriately. In some cases, the law may require you to provide personal information to us.
Purposes for the collection and handling of personal information
ACSO collects, holds, uses and discloses personal information to:
Provide its services and meet service delivery requirements;
Provide an historical account of the operations and activities to facilitate sound decision-making;
Provide evidence of treatment, service delivery and decisions, for purposes of accountability;
Minimise or eliminate risks of poor decision-making arising from gaps in information and background;
Provide support for individuals accessing our services and their families;
(If applicable) allow government agencies to audit the services provided by ACSO;
Link clients to other services to enhance their quality of life and enable their inclusion in the everyday life of their communities.
ACSO will generally only use or disclose personal information for the purposes for which it was collected ('original purpose'). ACSO may use or disclose personal information for another purpose (called a 'secondary purpose') where permitted by law including where:
The individual has consented to the use or disclosure for the secondary purpose;
The secondary purpose is directly related to the original purpose and the individual would reasonably expect ACSO to use their information in that way;
The use or disclosure is required or authorised by law; or
It is permitted by an exception under the relevant privacy law. For example, use or disclosure may be permitted where it is reasonably necessary to lessen or prevent a serious or imminent threat to an individual's life, health safety or welfare.
ACSO must take steps that are reasonable in the circumstances to make sure that, having regard to the purpose for which the information is to be used, the personal information, sensitive information and health information it collects, uses, holds or discloses is accurate, complete, up to date, not misleading and remains relevant to its functions or activities.
Data security and data retention
ACSO must take reasonable steps to protect the personal information it holds from misuse, loss, unauthorised access, modification or disclosure.
ACSO’s client files will be stored, recorded and accessible within a secure management system. The system has security measures in place that are designed to safeguard the personal information from loss, misuse, unauthorised access and disclosure.
ACSO staff are required to ensure that all information held by ACSO remains secure against unauthorised access. This includes personal information about individuals as well as any other information about ACSO's operations that is not already public knowledge. Information about ACSO's commercial agreements and how it performs them must also be kept confidential and protected from unauthorised access or disclosure.
ACSO complies with its legal obligations for retaining health records. Otherwise, ACSO takes reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose.
'Aggregated information' may not be regarded as 'personal information' under privacy laws, however this kind of information must also only be used or disclosed as part of the duties of ACSO personnel or as directed by ACSO management.
ACSO will manage the process of dealing with actual or suspected data breach in accordance with the Notifiable Data Breach Procedure which complies with Privacy Amendment (Notifiable Data Breaches) Act 2017.
On request, ACSO will take reasonable steps to provide individuals with general information on the types of personal information it holds and for what purposes and how it collects, holds, uses and discloses that information.
Complaints, access and correction
Individuals can make a request to access or correct their personal information held by ACSO, or make an enquiry or complaint about ACSO's information-handling practices, by contacting:
Australian Community Support Organisation
Post: PO Box 14278, Melbourne 8001
Telephone: 03 9413 7000
ACSO will provide an individual with access to their personal and health information upon request, except in specific circumstances as outlined within the applicable privacy laws. If you would like to request access to your personal and health information, please complete the Gf3.2 Request for Client Information Form and return it to ACSO’s Privacy Officer.
Where ACSO holds personal or health information about an individual and the individual is able to establish that information is incorrect, ACSO will take reasonable steps to correct the information as soon as is practicable but within 30 days of the request.
If ACSO denies access or correction to such information then ACSO will provide the individual with reasons for such decision. In the event that ACSO and an individual disagree about the veracity of the personal or health information held by ACSO, then if requested by the individual, ACSO will take reasonable steps to record a statement relating to the disputed information.
An individual may complain about ACSO's handling of personal information. ACSO’s complaints resolution processes will endeavour to be fair and equitable. The privacy, confidentiality and dignity of the complainant shall be maintained. All complaints shall be investigated and followed up promptly and courteously by the Complaints Officer with active engagement of the complainant and/or their representative. All complaints received will be documented for auditing by funding and accreditation bodies, to enable review of complaints received, identify any trends or issues and identify opportunities for improvement.
A unique identifier (usually a number) is assigned by an organisation to an individual to identify that individual for the purposes of the operations of the organisation but does not include an identifier that consists only of the individual’s name.
ACSO will not adopt a government identifier (such as a drivers licence or Medicare number) as its own identifier of an individual unless it is required or authorised to do so by law.
Wherever it is lawful and practical individuals must have the option of not identifying themselves or of using a pseudonym when dealing with ACSO.
Trans-border data flows
ACSO may transfer personal information, including health information, between Australian states (for example, information entered in our data management system may be accessible by ACSO personnel across state borders).
ACSO does not generally transfer personal information overseas. ACSO will only transfer personal information overseas if permitted to do so under the relevant privacy laws.
Closure of the practice of a health service provider
If ACSO discontinues its health services it will give notice of the closure to past service users directly and by way of notice in a metropolitan newspaper.
Making information available to another health service provider
ACSO will make health information relating to an individual available to another health service provider if requested to do so by the individual.
Dealing with unsolicited personal information
If ACSO receives unsolicited information, and determines that it could not have legally collected that information, ACSO will destroy the information or de-identify the information as soon as practicable, but only if it is lawful to do so.
If ACSO determines that it could have collected unsolicited personal information, ACSO may retain that information.
ACSO will not use or disclose any information for the purposes of direct marketing.
Last updated: 27 Mar 2017