GET HELP - if in immediate danger, call 000

Menu

Privacy and Confidentiality Policy

1. Purpose

No to Violence (NTV) is committed to responsibly handling and protecting the privacy of personal information which the organisation collects, holds, and administers, and to protect an individual’s right to privacy. Accordingly, NTV is committed to full compliance with its privacy obligations. This includes personal information collected from job applicants, service users (including current and potential service users), and members.

The purpose of this policy is to ensure that all employees of NTV protect the privacy of all personal information collected and recognise the importance of treating personal information confidentially and in line with the requirements of relevant legislation.

It also provides guidance to service users and members of the public on how they can access or seek correction to their personal information or make a complaint about a breach of the Australian Privacy Principles (APPs).

2. Scope

This policy applies to all individuals associated with NTV, including staff (including temporary, contractors, or casual staff), volunteers, directors, and students on placement. It applies to service users of NTV, and any of their representatives. The scope of this policy encompasses personal information including sensitive information and health information from both internal and external parties. Regardless of whether the personal information originates from a service user, stakeholder, or employee, it will be handled in accordance with this policy.

3. Policy

NTV respects the rights of individuals to privacy and the right to have any information about them held securely and in confidence in a way that is compliant with relevant legislation. NTV collects and uses personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APP) and a range of relevant state-based privacy legislation.

Our values and obligations concerning privacy are reflected in and supported by the organisation’s core values and principles.

NTV collects and administers a range of Personal Information for the purposes of employment, membership, training and providing telephone counselling and referrals to men who use violence; men who are victims of violence, family members, colleagues, and acquaintances of men who use violence; and other workers in the Family Violence sector.

The organisation is committed to satisfying all legal and ethical obligations regarding the protection of personal, private, and confidential information.

4. Definitions

Service user informationIn the context of this policy, this refers to personal, sensitive and health information.
Personal InformationPersonal information is information or an observation that is recorded in any form and about an individual whose identity is apparent or can reasonably be ascertained from the information or observation. This can include letters, sounds, images, videos and numbers and combinations of them.
Sensitive InformationSensitive information is a subset of personal information and is given a higher level of protection under the Australian Privacy Principles (APPs). Sensitive information is defined in the Privacy Act to mean information or an opinion about an individual’s: Racial or ethnic origin Political opinions Membership of a political association Religious beliefs or affiliations Philosophical beliefs Membership of a professional or trade association Membership of a trade union Sexual preferences or practices Criminal record. Sensitive information also includes health information and information about an individual that is not otherwise health information. This can include an individual’s history of family violence or current use of family violence. Sensitive information is subject to a higher level of privacy protection than other personal information handled by organisations in the following ways: Sensitive information may only be collected with consent, except in specified circumstances. Consent is generally not required to collect ‘personal information’ that is not sensitive information. Sensitive information must not be used or disclosed for a secondary purpose unless the secondary purpose is directly related to the primary purpose of collection and within the reasonable expectations of the individual. Sensitive information cannot be used for the secondary purpose of direct marketing.
Health InformationHealth information means information or an observation about: The physical or mental health (at any time) of an individual. A disability (at any time) of an individual. An individual’s expressed wishes about the future provision of health services. A health service provided, or to be provided, to an individual that is also personal information. Other personal information about an individual in a form which is or could be predictive of the health (at any time) of the individual or of any of their descendants.
LGBTIQA+ InformationLGBTIQA+ information means information about a service user’s gender identity, sexual orientation, and/or intersex status.
Eligible Data BreachIs considered to have occurred where personal information held by an agency is lost or subjected to unauthorised access, modification, disclosure, or other misuse of interference as defined by the Privacy Act 1988 (Cth).
National Privacy Principles (NPP)There are 13 Australian Privacy Principles, and they govern standards, rights and obligations around: The collection, use and disclosure of personal information An organisation or agency’s governance and accountability Integrity and correction of personal information The rights of individuals to access their personal information. A breach of an Australian Privacy Principle is an ‘interference with the privacy of an individual’ and can lead to regulatory action and penalties.
Information Privacy Principles (IPP)The 10 Information Privacy Principles (IPPs) are the core of privacy law in Victoria. They set out the minimum standard for how Victorian agencies should manage personal information.

5. Application and Procedures

5.1. Collection

NTV will only collect information:

  • That is necessary for its functions and activities.
  • Which is necessary to provide its services, conduct research and evaluation and for reporting purposes.
  • When the individual has consented or is deemed to have consented by virtue of their engagement with the service.
  • When required by law or contractual arrangements with government funding bodies.
  • Where the information can assist NTV in improving the quality and safety of its service delivery to service users.
  • Where provided to NTV with legal authority including police referrals and/or in accordance with legislated family violence and/or child safety information sharing schemes.

If it is reasonable and practicable, NTV will collect personal, sensitive and health information directly from individuals. When collecting personal, sensitive or health information, NTV will take reasonable steps to advise people of:

  • What personal information is being collected.
  • Why it is collected
  • How it will be used
  • How it will be stored
  • How long it will be kept
  • With whom it will be shared
  • Whether any law requires the collection of the information and the main consequences, if any, of not providing the information.

Collection may be inclusive of sensitive information as defined by law, health information and personal information including use of family violence, substance use issues, victimisation, housing and employment status, diverse sex characteristics, gender identities and sexual orientations.

LGBTIQA+ Privacy Rights

The right to privacy is of particular importance to members of the LGBTIQA+ community, as breaches of privacy can have significant consequences, including increased risk of discrimination.

The Privacy Act 1988 (Cth) gives protection to information about an individual’s sexual orientation or practices. Under the terms of the Act, information about a person’s sexuality is classified as sensitive information.

Information about gender identity and sex is not classified as sensitive information. However, subsets of this information, such as whether a person has an intersex variation, is transgender, or identifies as gender diverse or non-binary, can be sensitive and NTV treats such information with additional care.

NTV staff will use the name, gender and pronouns that service users have nominated, not their previous name, gender or pronoun.

Anonymity

NTV, wherever it is lawful and practicable, will give individuals the option of not identifying themselves when supplying information or interacting with its services, as long as this does not impede NTVs ability to carry out its functions.

Consent

Consent may be obtained verbally and/or via a webchat, text message, email or other electronic means.

Implied consent is consent that can reasonably be inferred from an individual’s actions. Where, for example, a person lodges an official complaint with NTV, it can be inferred that they have consented to the use and disclosure of their personal information as is reasonably necessary to investigate the complaint

Employee, Volunteer, Student, Applicant and Member files

If required, the following types of personal information, sensitive information and health information are collected directly from an applicant/employee/student or volunteer to allow NTV to assess the suitability of individuals for a particular role at NTV and manage an effective employment arrangement or student placement.

  • Employment applications including resumes, statements addressing the criteria and referee reports
  • Notes from the interview panel and any written tasks undertaken by the employee during the selection process
  • Employment contracts or student agreements and other terms and conditions relating to employment or student placement
  • Details of financial and other personal interests supplied by some employees/volunteers and their immediate family members for the purposes of managing perceived or actual conflicts of interests
  • Proof of Australian citizenship or residency
  • Copies of qualifications
  • Records relating to employee salary, benefits, leave, taxation and superannuation details
  • Medical certification and health related information supplied by an employee or their medical practitioner

NTV collects personal information from our membership applications and current members to allow us to communicate directly with members and engage participation in membership activities.

Indirect Collection of personal information

NTV may collect personal information from a third party, or publicly available source, but only if it is reasonable to expect we would do so, or when NTV has been given consent. Examples of this could be collecting information from an external referee.

6. Use

NTV will only use personal information, sensitive information and health Information for purposes that you would reasonably expect, or for purposes which directly relate to one of our functions or activities listed below, or if consent has been provided.

  • NTV uses personal, health and sensitive information for research purposes and to deliver and continually improve services to service users and comply with regulatory and contractual obligations.
  • NTV will use service user information for the primary purposes for which it was collected, a related secondary purpose that service users may reasonably expect, such as referrals to other service providers (with the exception of sensitive information), as required by law, or with service user permission or consent.
  • NTV will use unique identifiers and assign a number to identify a person if the assignment is reasonably necessary to carry out its functions effectively.
  • NTV may use deidentified service user information for research purposes and to inform our peak body work where relevant.
  • Where lawful and practicable, NTV will give the service user the option of not identifying themselves when supplying information or entering into transactions with it.

Use/disclosure of employee information

NTV may share employee information with data hosting providers or other service providers who assist in managing our organisation and supporting our systems. These providers access information only under our direction and are bound by contractual obligations. Additionally, NTV may disclose employee information when required by law or to prevent a serious threat to life, health, or safety.

Other examples of where NTV may disclose personal information would include:

  • A member of staff contacts a referee
  • Conducting a police check for the purpose of pre-employment screening
  • Entering and storing personal information into a third-party hosting or service provider’s system for administration related to your employment

6.1. Disclosure and Transfer of Service user Information

Limited Confidentiality

The content of counselling sessions and interactions with NTV, including information disclosed in any telephone calls or webchats is confidential. However, under certain circumstances limited confidentiality may apply and NTV may share information with third parties. These include:

  • When subpoenaed by a court of law
  • When required by law. For example: mandatory reporting under the child information sharing scheme or information disclosed in connection with our services in Victoria that is prescribed under the family violence information sharing (part 5a of the Family Violence Protection Act 2008) and child information sharing (the Children Legislation Amendment (Information Sharing) Act 2018) schemes. This applies to similar laws outside of Victoria and may not require consent of the individual.
  • When failure to disclose information would place you or another person at risk of serious harm

Through our funding and reporting requirements, NTV is required to provide information in relation to serious and critical incidents involving service users.

Any personal information disclosed to government departments, health or human service organisations, child protection agencies, Police or Community Corrections in relation to an incident involving service users must relate to the specific circumstance that is being dealt with.

Under the Information Privacy Principles (IPPs), NTV may only transfer personal information, sensitive information and/or health information about an individual to someone (other than the organisation or the individual) who is outside Victoria (other states and territories) when specifically permitted by the by the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic). For example, if the individual consents or if the recipient of the information is subject to a law or binding scheme that is substantially similar to the Victorian IPPS.

In cases where personal information is being transferred to a jurisdiction whose privacy lawsalign with Victorian privacy laws, NTV may require a Privacy Impact Assessment to be undertaken before the data is sent.

In cases where serious harm is assessed as imminent, all staff are empowered to immediately disclose any information to Police, emergency services and/or approved information sharing entities. Wherever possible and practical, staff should seek advice from their line manager and/or the Privacy Officer prior to the release of personal or sensitive information.

6.2. Disclosure of personal information overseas.

NTV does not share personal information with parties outside of Australia, unless we are working with data hosting or other third-party service providers who may store information in different countries or require access to personal information from overseas locations while providing support or services.

6.3. Storage, Security and Data Quality

NTV will take reasonable steps to ensure the personal, health and sensitive information it holds is accurate, complete, up to date at the time of use or disclosure, and relevant to the functions it performs.

NTV holds information in many different formats and will take all reasonable steps to protect information from misuse, loss, unauthorised access, modification, or disclosure.

NTV will endeavour to maintain a secure system for storing personal, health and sensitive information.

NTV will archive and dispose of personal, health and sensitive information where it is no longer necessary to fulfil the purposes for which the information was collected or as required by law.

NTV operates a fully networked computerised system that has ‘firewall protection’ to stop unauthorised people from accessing data. All NTV computers and systems are password controlled and have multifactor authentication to protect information collected by NTV that is stored as electronic files and/or computerised data records

NTV will strive to protect data transmission over the Internet. NTV does not guarantee the security of any information that is transmitted over the Internet and any information transmitted is done at the service user’s own risk.

Generally, information is destroyed or permanently de-identified when it is no longer required. However, most service user information held by NTV is subject to the Public Records Act (1973) and is required to be disposed of under the relevant retention and disposal guidelines such as the Records retention guide for organisations funded under the service agreement.

All NTV staff sign a confidentiality agreement at the commencement of their employment.

6.4. Access and Correction

Any person wishing to access their personal information details held by NTV may contact:

Privacy Officer

No to Violence

Email: privacy@ntv.org.au

Mail: PO Box 277, Flinders Lane VIC 8009

Phone: 03 9487 4500.

Anyone who believes that their information is inaccurate, incomplete or out of date may request NTV to correct the information. Each request will be dealt with in accordance with the applicable law.

Access will be provided except in the circumstances, as provided for by legislation, where:

  • Providing access would pose a serious and imminent threat to life or health.
  • Providing access would have an unreasonable impact on the privacy of others.
  • The request for access is frivolous or vexatious.
  • The information relates to existing legal proceedings between the organisation and the individual, and the information would not be accessible by the process of discovery or subpoena in those proceedings.
  • Providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice the negotiations.
  • Providing access would be unlawful.
  • Denying access is required or authorised by or under law.
  • Providing access would be likely to prejudice an investigation of possible unlawful activity.
  • It relates to the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of a law.
  • It relates to the enforcement of laws for the confiscation of the proceeds of crime.
  • It relates to the protection of public revenue.
  • It relates to the prevention, detection, investigation or remedying of seriously improper conduct.

It relates to the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its orders by or for a law enforcement agency, if access is restricted, the service user will be informed of the reason for this in writing.

6.5. Communication and Openness

NTV will make this policy available by:

  • Publishing it on the NTV website.
  • Providing verbal information via a recorded message when contacting the service and ensuring service users have been provided this information at intake.

Staff will ensure service users can access the NTV privacy policy through one or more of the above means.

6.6. Feedback, information request forms and email

NTV may preserve the content of any feedback form, information request form, email, or other electronic message received. Any personal information contained in that message will only be disclosed in ways set out in this policy. NTV will not use personal information for mailing lists without provided consent.

6.7. NTV Websites

Users of NTV websites are advised that there are inherent risks in transmitting information across the internet. Individuals may contact NTV by phone or mail if they have concerns about making contact via the internet.

Cookies

Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes. The cookies simply operate as a unique identifier, which help NTV to know what its service users find interesting and useful on its websites. Data collected from website use does not identify the user, allowing users to remain anonymous in NTV’s data collection.

Most web browsers are set to accept cookies, however, if service users do not wish to receive any cookies, browsers may be set to refuse them. In some instances, this will mean that users will not be able to take full advantage of parts of the website that provides improved service.

When an individual closes their browser the session cookie set by our websites is destroyed and no Personal Information is maintained which might identify an individual should they visit NTV’s website at a later date.

Collection

When individuals only browse NTV websites, NTV does not collect their Personal Information. Sometimes, NTV collects Personal Information that individuals choose to provide via online forms or by email, for example when individuals:

  • Ask to be on an email list
  • Send NTV a written comment

When an individual looks at NTV’s website a record is made of the individual’s visit and NTV logs the following information for statistical purposes:

  • The individual’s server addresses
  • The individual’s top level domain name (e.g. .com, .org, .au)
  • The pages the individual accessed, and documents downloaded
  • The previous site the individual visited and
  • The type of browser being used.

NTV does not identify users or their browsing activities except, in the event of an investigation or when reporting concerns for the safety or wellbeing of staff, service user(s) or the community and/or where a law enforcement agency may exercise a warrant to inspect server logs.

Use and disclosure

When an individual’s email address is received by NTV, the email address will not be sold to a third party or added to a mailing list without the individual’s consent.

Data Quality and Security

NTV maintains and updates Personal Information collected from or published on its website as necessary or when it is advised by individuals that their Personal Information has changed. Individuals who choose to join NTV’s email lists, apply to become members, complete online forms or lodge enquiries will have their contact details stored on password protected databases. Staff members associated with website maintenance have access to NTV’s website backend system which is password protected. NTV’s website server is also password protected. When no longer required, Personal Information collected via the website is destroyed in a secure manner or deleted in accordance with the requirements of our funding bodies and applicable laws.

Data Breaches

In the event of an Eligible Data Breach, NTV will notify affected individuals and the Office of Australian Information Commissioner (OAIC) as required by the Privacy Act 1988 (Cth), if the breach is likely to result in serious harm.

Examples of serious harm related to an Eligible Data Breach include:

  • Identity theft, which can affect your finances and credit report
  • Financial loss through fraud
  • A likely risk of physical harm, such as by an abusive ex-partner
  • Serious psychological harm
  • Serious harm to an individual’s reputation.

Remedial Action

Under the Notifiable Data Breach Scheme, NTV typically has a 30-day window to assess whether a data breach is likely to result in serious harm and take proactive measures to address it, potentially avoiding the need for notification. If a data breach occurs, NTV strives to minimise the likelihood of harm to individuals. If successful and the breach is not expected to cause serious harm, no notifications are sent to individuals to prevent unnecessary anxiety.

How we inform on data breach

In the event of a serious data breach there are various ways NTV may notify affected individuals. This could be in the form of an email, text message or phone call. The notification will include:

  • NTV’s name and contact details
  • The kinds of personal information involved in the breach
  • A description of the data breach
  • Recommendations for the steps you can take in response.

NTV will ensure information of the data breach is provided through notification via social media, news articles or advertisements.

6.8. Complaints

Where a service user believes NTV has acted in contravention of this policy, or feels their privacy has been breached, they can make a complaint in accordance with the Feedback and Complaints Policy and Procedure. NTV will support them in accessing this complaints process if required.

Privacy Officer

Email: privacy@ntv.org.au

Mail: PO Box 277, Flinders Lane VIC 8009

Phone: 03 9487 4500.

An individual may complain to the Privacy Commissioner about NTV’s management of privacy and where NTV has received notification of complaints to these bodies.

7. Staff Training

NTV is committed to promoting privacy awareness across the organisation. NTV integrates privacy into our induction program for new employees and provides regular staff training programs on privacy to staff (including short-term staff and contractors) in relation to their privacy obligations.

8. Responsibilities

8.1. All Staff

  • Privacy is everyone’s responsibility, and all NTV staff have an obligation to manage the personal information collected, accessed, used, re-used, or disclosed during their engagement with NTV in accordance with this policy.
  • All staff are required to participate in privacy training as required to ensure they stay up to date with current practices.

8.2. Managers

  • Managers are required to ensure that privacy principles and practices are implemented and suspected, or actual breaches of this policy are reported.
  • Managers must ensure staff are informed of this policy as part of their induction and during ongoing performance processes.

8.3. Privacy Officer

The Privacy Officer is appointed by the CEO and is responsible for:

  • Reviewing the Privacy Policy
  • Supporting staff to conduct privacy impact assessments as required.
  • Ensuring all staff are provided privacy training in consultation with the People and Culture team
  • Providing a central contact point about Privacy at NTV and providing advice to staff as required
  • Monitoring compliance with this policy and reporting on privacy complaints and breaches
  • Investigating privacy breaches, incidents, or complaints.

9. Related Policies, Documents and Resources

  • Feedback and Complaints Policy and Procedure
  • Privacy Statement
  • ARP Privacy Notice
  • Information Collection Policy (LGBTIQA+)
  • Data Breach Procedure

10. Legislation and Standards

  • Privacy Act 1988 (Cth)
  • Privacy and Data Protection Act 2014 (Vic)
  • Victorian Information Privacy Principles (IPP)
  • Australian Privacy Principles (APP)
  • Health Records Act 2001 (Vic)
  • Family Violence Information Sharing (Part 5A of the Family Violence Protection Act 2008)
  • Child Information Sharing (The Children Legislation Amendment (Information Sharing) Act 2018)
  • Records management for organisations funder under the Service Agreement Fact Sheet 4 Record disposal and transfer
  • Public Records Act 1973 (Vic.)
  • NSW Automatic Referral Pathway Privacy Code of Practice and Health Privacy Code of Practice
  • Information Privacy Act 2009 (Qld) (IP Act)
  • Privacy and Personal Information Protection Act 1998 (NSW)
  • Health Records and Information Privacy Act 2002 (NSW)
  • Personal Information and Protection Act 2004 (Tas)
  • Freedom of Information Act 1992 (WA).