Policy

Protecting the privacy of clients' information is a critical aspect of PPC Worldwide's information management strategy. PPC Worldwide is bound by the National Privacy Principles (NPP) and other requirements under The Privacy Amendment (Private Sector) Act 2000, and the Health Records Act 2002. A further measure of PPC Worldwide's commitment is our adherence to the ethical standards governing confidentiality and privacy contained within the Code of Ethics of the state Psychologist Registration Board and Australian Association of Social Workers.

The following statement describes the policies adopted by PPC Worldwide for the collection and management of personal information, and compliance with the NPP, The Privacy Amendment Act and the Health Records Act. The Policy applies to all information collected after December 21, 2001, and any already existing information that is used or disclosed after December 21, 2001.

What is Personal Information?

Personal information that PPC Worldwide holds can be classified into two categories:

• Personal information
• Sensitive information

Personal information is information gathered, received, and stored, both electronically and hardcopy, that is of a private and confidential nature that is not public knowledge. This information is generally comprised of clients' names, address, date of birth, telephone contacts, and employment details.

Sensitive information is a subset of personal information, and generally includes information or opinion which is relevant to the psychological service being provided. This information is generally compiled by a Counsellor or Consultant and may include, but is not limited to, clients' case file notes, session plans, assessment report, assessment results, consulting and training documentation, and critical incident documentation.

Purpose of Collection of Information

The broad purpose of collecting personal information is to set-up and administer a service, determine client's requirements, and provide the appropriate service.

Information is gathered primarily as part of the assessment, diagnosis and intervention relevant to the psychological service being provided to the individual.

The information is retained in order to document what happens during sessions, and enables the Counsellor or Consultant to provide a relevant and informed service.

An additional primary purpose for collecting personal and sensitive information is for the provision of statistical reports to organisations. The reports may include overall service delivery information, trends within and across organisations, and client satisfaction and feedback information. These reports do not include information, which identifies individuals.

A secondary purpose for collecting personal information is for invoicing procedures, where applicable and as complies with contractual obligations.

Personal information is held in either secure filing cabinets, secure archives, or stored electronically in a computer database. Access is limited to authorised employees and relevant contractors only. Information is destroyed after seven years in accordance with gazetted guidelines.

Use and Discolsure of Personal Information

Use of information is strictly limited to the primary purpose for which it was originally collected. All clients are provided with written information regarding the purpose, use and management of both personal and sensitive information to be collected, and they must consent to this in writing prior to service delivery. Information can only be used or disclosed for a secondary purpose with the written consent of the individual, except for the following exemptions:

Exemptions

The National Privacy Principle lists the following exemptions whereby information can
be disclosed without consent:

• To reduce the risk to a client or other's life
• Use of the information for research
• Use or disclosure where required by law, or where reasonably necessary for the investigation of a criminal offence.

While the NPP states that Counsellors and Consultants can disclose information, the guidelines specifically defer to professions' Code of Ethics, which can help determine whether a practitioner will choose to disclose.

Where a client is incapacitated, the Counsellor or Consultant may disclose the information to someone who is responsible for the client. This includes (but is not limited to) a parent, adult child, spouse, guardian, or a person who has an intimate personal relationship with the client.

Data Quality

PPC Worldwide will take every reasonable step to ensure the personal and sensitive information it collects, uses or discloses is accurate and complete.

Data Security

PPC Worldwide will take every reasonable step to protect the personal information its holds from misuse, and loss, and from unauthorised access, modification or disclosure.

Openness

A copy of the Privacy Policy is available upon request, and is also freely available on our website. On request, PPC Worldwide will take every reasonable step to let that person know, generally, the nature, purpose, collection, uses, and disclosure of information.

Provision of Privacy Officer

A Privacy Officer will be designated in each state head office to function as the point of contact for client enquiries and requests for access of information.

Access and Correction of Information

The Privacy Amendment (Private Sector Act) 2000 and NPP require that PPC Worldwide allow persons to access all their personal information, including obtaining a photocopy, and the right to correct it, or at least attach a personal statement of correction.

Requests for access to personal information can be made by contacting the relevant PPC Worldwide state office, or by writing to The Privacy Officer in the relevant state office. Receipt of requests will be confirmed in writing.

The request for access should state specifically the details of the personal information and/or correction of personal information required. There is no fee for lodging a request for personal information, and/or for correction of personal information. PPC Worldwide is entitled to set a reasonable fee to cover the administrative cost of actually providing or correcting the information.

If the individual has made a written request for access, PPC Worldwide will acknowledge the request as soon as possible or at least within 14 days.

If granting access is straight forward, PPC Worldwide will grant access within 14 days, or if giving it is more complicated, within 30 days.

An appointment may be made with the client where necessary for clarification purposes.

The NPP provide that in certain circumstances PPC Worldwide may deny access to information and/or refuse to correct information held. If a request is denied, PPC Worldwide will explain this decision in writing by reference to The Privacy Amendment (Private Sector Act) 2000 and the NPP.

Identifiers

PPC Worldwide will not use as its own identifier for a client the identifier assigned by a third party agency.

Anonymity

Where it is lawful and practicable, PPC Worldwide will not require individuals to identify themselves when entering into transactions with PPC Worldwide. Furthermore, individuals may decline to provide personal or sensitive information to their Counsellor or Consultant. Individuals will be made aware that retaining anonymity may in some cases, impact the nature of service delivery.

Transborder Data Flow

PPC Worldwide undertakes not to transfer personal information about a client to another person in a foreign country that is not subject to a comparable privacy scheme (except with the client's consent).

Complaints Procedure

Concerns about any aspect of the management of personal information should be directed initially to the Privacy Officer in the relevant PPC Worldwide state office. Complaints will be managed by the existing Service Incident and Customer Complaint protocols.

Where clients are dissatisfied with any decision made by PPC Worldwide, they will be informed in writing that the matter can be referred to the National Privacy Commissioner.

The National Privacy Commissioner can be contacted by writing to:

The Director of Complaints
Office of the Federal Privacy Commissioner
GPO Box 5218
SYDNEY NSW 1042

Or by telephoning 1300 363 992.

Authority

Authorised by the Chief Executive Officer.