Privacy Policy

POLICY/PROCEDURE NAME & REVIEW PROCESS

PRIVACY AND CONFIDENTIALITY POLICY

This policy and procedure has been created to provide all stakeholders with clear guidelines and transparency to our practices and procedures.

We welcome feedback and input from all stakeholders at any time and this policy is subject to review based on feedback or due date of annual review.

NATIONAL QUALITY STANDARD

QUALITY AREA 7 GOVERNANCE AND LEADERSHIP

7.1 GOVERNANCE

7.1.2 Management systems.

7.1.3 Roles and responsibilities.

7.2 LEADERSHIP

7.2.1 Continuous improvement.

NATIONAL LAW AND REGULATIONS

170-Policies and procedures to be followed

171-Policies and procedures to be kept available

172- Notification of change to policies or procedures

177-Prescribed enrolment and other documents to be kept by approved provider

181- Confidentiality of records kept by approved provider

183- Storage of records and other documents

184- Storage of records after service approval transferred

RELATED POLICIES and RECORDS

  • Archive record
  • Complaints Policy
  • Enrolment record
  • Privacy and confidentiality declaration record

SCOPE OF POLICY

This policy applies to all children, educators, families, management, students, volunteers and visitors at our service.

AIM OF POLICY

To ensure that our service has strong guidelines, procedures, and practices in place regarding Privacy and confidentiality in order to meet government regulation and abide by the Australian Privacy Principles. Our aim is to provide a clear policy, implement the policy, support practices relating to the policy, train staff regarding the policy and maintain and update the compliance of the policy for all our stakeholders.

SERVICE IMPLEMENTATION

Implementation

The Privacy Act 1988 (Privacy Act) is an Australian Law which regulates the handling of personal information about individuals. This act aims to protect each individual and ensures their rights to privacy and privacy of their personal information.

Small business such as childcare centres are obligated to protect their client’s data that is collected. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Each service is governed to abide by the Privacy act and will follow the 13 Australian Privacy Principles (APP) as per below:

APP 1 — Open and transparent management of personal information

Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.

APP 2 — Anonymity and pseudonymity.

Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

APP 3 — Collection of solicited personal information

Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.

APP 4 — Dealing with unsolicited personal information

Outlines how APP entities must deal with unsolicited personal information.

APP 5 — Notification of the collection of personal information

Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.

APP 6 — Use or disclosure of personal information

Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

APP 7 — Direct marketing

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

APP 8 — Cross-border disclosure of personal information

Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

APP 9 — Adoption, use or disclosure of government related identifiers

Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

APP 10 — Quality of personal information

An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

APP 11 — Security of personal information

An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

APP 12 — Access to personal information

Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

APP 13 — Correction of personal information

Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.

Personal information from families will be collected for the following reasons

  •  To correctly enrol the child in the service and to identify the children in the service and their families and will be collected in the form of an enrolment record. Once data is collected it will be placed into the computers software

    system for the purpose of linking child and family to the Childcare Subsidy scheme. It will store relevant data such as medical history, immunisation, social media permission, emergency contacts and various other permissions.

  • In some cases, personal information may be collected via email or software product, through completion of forms, phone conversation and surveillance cameras, where an individual is identifiable or reasonably identifiable.

    To monitor the health and well-being of the children in the service.

  • To assist educators when planning programs and activities for individuals and groups of children.

  • To monitor developmental levels, skill acquisition and special needs of the children in the service.

  • To understand the desires, concerns and opinions of the children in the service and their families.

  • To establish and maintain good relationships with the children in the service and their families.

After collection, the service will ensure the following:

  • All the information that occurs in the service is kept confidential and any incidences within the service are not disclosed or discussed outside of the service.
  • There will be no disclosure of any personal information that relates to children and/or their families, to anyone other than the responsible parent/guardian, unless prior written approval by the responsible parent/guardian is obtained or it is required or authorised under Australian Law or a court/tribunal order.
  • Employee and family files will be kept secure at all times. All files and documents relating to employees and families will be kept in a locked cabinet.
  • Computers in office area that contain sensitive information will be password protected and have a limited number of personnel who have access, in most cases it will only be the approved provider and or nominated supervisor.
  • When placing children’s names in learning stories day sheets etc we will only use children’s christian names and not disclose surnames.
  • Parents have access to the files and records of their own children but do not have access to information about any other child.
  • Educators will not discuss personal information given by parents with other members of staff unless it relates to the care of a child.
  • Educator induction includes an awareness of the importance of confidentiality in relation to the service and staff will sign off to state that they have understood and abide by the privacy and confidentiality policy by completing a privacy and confidentiality declaration record.
  • Students /trainees do not have access to children’s files and are supervised whilst observing children in the service.
  • All students/trainees are advised of the service confidentiality policy on induction to the service.

  • Children’s progress in learning records will only be shared with other professionals involved in a child’s care with consent from the child’s parent.

  • Paper records containing personal information that are no longer needed are either securely shredded or archived.

  • Social media is off limits for sharing any information or airing complaints. The use of social media is to upload events, marketing and program images for children that have consent from parents/guardians.

Disclosure of personal information

The only time personal information will be passed on is for the following reasons.

  • Entities that support the service such as third-party service providers as in our software provider for CCS assignment, debt collection agency, law firms if legal advice is required.
  • A potential purchaser of the business in the event that the service was to be sold.
  • Child protection agencies or family support agencies when we reasonably believe that a child is at risk of significant harm.
  • Regulatory authority when requested and usually in the event of a serious incident or complaint.
  • In the event that information is requested by a court order or police.

Breach of Privacy

In the event that a stakeholder feels there has been a breach of policy, the process will be the same as outlined in our complaints policy.

In addition, Notifiable Data Breaches (NDB) scheme requires childcare organisations to disclose and give notice to the Office of the Australian Commissioner and the affected people as to any data breach. This includes any data leak likely to cause serious harm.

Failing to notify in accordance with the NDB can result in a fine of up to $360,000 for individuals or up to $1.8 million for an organisation.

Privacy and Confidentiality:

Victoria– Victoria has privacy rights under the Privacy and Data Protection Act 2014 (Vic) which contains ten information privacy principles outlining how public sector organisations are to handle individuals’ personal information. Under the Victorian law of privacy and confidentiality Act, “person information” includes your name, email, address, contact number, signature, fingerprint, photos or surveillance footage, comments about you, and your financial information.

Certain personal information such as race, ethnicity, religion, criminal record, sexual orientation, or membership to a professional or trade association are subject to higher security.

Each member of the team plays an important role in the implementation of each policies guidelines, and they are outlined as below but not limited to the following:

The Approved Provider

  • Will ensure that obligations under the Education and Care Services National Law and National Regulations are met.
  • Ensure they take reasonable steps to ensure that the nominated supervisor, educators, staff and volunteers follow the policy and procedures.
  • Ensure they provide the nominated supervisor, educators, staff and volunteers the documentation to perform their role, follow policy, procedure, and document according to regulatory and service requirements.
  • Will ensure that adequate induction process is provided to all staff to ensure they have time to read and understand policies and procedures and seek further information if unsure.
  • Ensure that the nominated supervisor and staff are equipped with ongoing professional development and training they require to comply with this policy
  • Will encourage feedback from stakeholders regarding the policy’s effectiveness, particularly in relation to identifying and responding to child safety concerns.
  • Ensure the policy is kept up to date with current legislation, research and best practice.

The Nominated Supervisor

  • Will adhere to and implement the obligations under the Education and Care Services National Law and National Regulations.
  • Ensure they adhere to the Australian Privacy Principles and protect all collected data from families by locking filing cabinets, locking office doors when unattended, protecting computers with passwords.
  • Will sign the privacy and confidentiality declaration record and ensure that they abide by it.
  • Will refrain from discussing family’s information with other stakeholders.
  • Check staff posts on social media prior to uploading to ensure that children have permission to be on social media.
  • Ensure they take reasonable steps to ensure that the educators, staff and volunteers follow the policy and procedures.
  • Ensure they provide the educators, staff and volunteers the documentation to perform their role, follow policy and procedure and ensure they are checking the documentation according to regulatory and service requirements.
  • Ensure that a rigorous recruitment process is completed, and a thorough induction process is provided to all staff to ensure they have time to read and understand policies and procedures and seek further information if unsure.
  • Ensure that the staff are supported with ongoing professional development and training they require to comply with this policy.

  • Will encourage feedback from stakeholders and staff regarding the policy’s effectiveness, particularly in relation to identifying and responding to child safety concerns.

  • Ensure the policy is kept up to date with current legislation, research and best practice.

  • Conduct regular staff meetings to address policy compliance with legislation, policy implementation, changes to policy and or collect feedback for annual review of policy.

Educators

  • Will adhere to and implement the obligations under the Education and Care Services National Law and National Regulations.
  • Will sign the Privacy and Confidentiality declaration record and ensure that they abide by it.
  • Refrain from disclosing private information regarding families and children to other stakeholders.
  • Check before posting childrens photos to social media, that the child doesn’t have a social media restriction.
  • Be aware of the Australian Privacy Principles and what they mean.
  • Ensure they take reasonable steps to follow the service policy and procedures and seek advice or further support if unsure.
  • Ensure they complete and document any related records regarding the implementation of this policy and practice requirements of the service.
  • Will attend any ongoing professional development, staff meetings and training they require to comply with this policy and practice requirements of the service.
  • Will provide feedback to the nominated supervisor or approved provider regarding the policy’s effectiveness, particularly in relation to identifying and responding to child safety concerns.
  • Will provide feedback regarding policy review when required.

Families

  • Must provide accurate and updated information when requested.
  • Not take photos of children other than their own and be aware when posting on social media that some families have restrictions.
  • Can request information or records from the service however if sharing certain information was to place other parties at risk of harm or exposure to their privacy the nominated supervisor may decline your access. If your access is declined a reasonable explanation will be provided.

 

REGULATION IMPLEMENTATION

The following procedures outline and support all stakeholders to understand and implement the regulatory guidelines of this policy.

In regard to regulation 170-Policies and procedures to be followed.

Approved Provider will

  •  Ensure that all staff and volunteers are made aware of Regulatory policies and procedures by ensuring that this forms a part of the induction process.
  • Ensure probationary reviews will be conducted once new staff are appointed at the 3- month and 6-month mark to ensure that they are following policy and procedure and to review and revise regulatory policies.

  •  Ensure staff meetings will be conducted on a regular basis to allow for review of policy and procedure and further training and revision of procedural practices in relation to policy and procedure.

  • Ensure annual review and revision of policies and procedures will be conducted, and all educators will be given the opportunity for input.

In regard to regulation 171-Policies and procedures to be kept available. 

Approved Provider will

  • Ensure that policies and procedures are available to all staff and the Policies and location and availability will form a part of the induction process. 

  • Ensure policies will be available on request for all staff members to have access when required.

  • Ensure policies will be available when required for staff members to download copies and/or print out if required in order to complete assignments or to form part of their research and/ or update their knowledge.

  • Ensure policies will be available for all stakeholders when requested and when updating.

In regard to regulation 172-Notification of change to policies or procedures

Approved Provider will

  • Ensure staff meetings will be conducted on a regular basis to allow for review of policy and procedure.

  • Ensure stakeholders will be invited to provide feedback for policies and procedures at any time, not just on annual review but will also be invited to add feedback at review time or after an event that may require change to policy or procedure.

  • Ensure policies and procedures will be emailed or put on display in the foyer for stakeholders to have the ability to provide feedback.

  • Ensure feedback will be considered from stakeholders and educators and may result in a change in policy.

  • Ensure policy and procedure may be changed at any time if there has been an incident in the service that has required a change to be implemented for the safety and health of children and or educators.

  • Ensure in the event of a change to a policy after feedback or a situation that occurs, we will provide 14 days’ notice to all stakeholders before the change takes effect.

In regard to regulation 177- Prescribed enrolment and other documents to be kept by approved provider and 181-Confidentiality of records kept by approved provider and 183- Storage of records and other documents and 184- Storage of records after service approval transferred

Approved Provider will

  • Ensure that there is a dedicated physical space for the secure storage of paper records, preferably in a locked filing cabinet or a dedicated room that can be locked by nominated supervisor.

  • Ensure that the service computer is password protected and has current security protection for the storage of documents and records on the system.

  • Ensure that nominated supervisor regularly reviews records and archives accordingly.

  • Have a system to store, retain and dispose of records and archive correctly by utilising the archive record.

  • Ensure that there is a process to update relevant records.

  • All records relating to children and staff are to be kept confidential and private except when needing to access medical records for children or in the event of a regulatory authority visit and an officer requires access to documentation.

  • Certain records are kept for different periods of time and when archiving the nominated supervisor /staff member must box documents according to the length of storage time required.

  • Until a child is 25 years after any Incident, injury trauma and illness that occurred at the service and is recorded.

  • 7 years after the death of a child.

  • 3 years in the case of any other record relating to a child enrolled at the education and care service, until the end of 3 years after the last date on which the child was at the service.

  • Any record relating to the approved provider, until the end of 3 years after the last date on which the approved provider operated the education and care service.

  • Any record relating to a nominated supervisor or staff member of an education and care service, until the end of 3 years after the last date on which the nominated supervisor or staff member provided education and care on behalf of the service.

  • In the event of any other record, until the end of 3 years after the date on which the record was made.

  • Once records have run their use by date they will be shredded and disposed of. Records must not be thrown away without destroying them first- (as in shredding)

  • In the event of a service approval being transferred under the Law, the transferring approved provider must transfer the documents referred to in regulation 177 relating to children currently enrolled with the service to the receiving approved provider on the date that the transfer takes effect.

  • The transferring approved provider must not transfer the documents relating to a child under subregulation (1) unless a parent of the child has first consented to that transfer.

KEY TERMS

  • Court Order– is defined as an order, direction or other instrument made by a court, a tribunal, a judge, a magistrate, a person acting as a judge or magistrate, a judge or magistrate acting in a personal capacity, and a member or an officer of a tribunal.
  • Stakeholder – a person or group of people who have an interest in a business, a person such as an employee or customer. They have a sense of responsibility toward it and an interest in its success.

WE GRATEFULLY ACKNOWLEDGE THE FOLLOWING SOURCES

  • Australian Children’s Education & Care Quality Authority. ACECQA

  • Australian Government Department of Education 2023 -Childcare Provider Handbook

  • Code of Ethics

  • Education and Care Services National Law Act 2010.

  • Education and Care Services National Regulations.

  • Guide to the Education and Care Services National Law and the Education and Care Services National Regulations.

  • Guide to the National Quality Framework.

  • National Quality Standard.

  • Privacy Act 1988 www.oaic.gov.au/privacy/the-privacy-act

  • United Convention on the Rights of the Child

Last review date July 2024
 

Dream. Explore. Achieve.

Believe Early Learning Pty Ltd is family owned and locally operated, run by qualified childcare experts across Australia.

© Believe Early Learning Pty Ltd 2024

© Believe Early Learning Pty Ltd 2024

Believe Early Learning respectfully acknowledges the Traditional Owners of the land on which our services are located and pays respects to their Elders past and present. 

Scroll to Top