Privacy and Confidentiality Policy
Privacy is acknowledged as a fundamental human right. Our Service has an ethical and legal responsibility to protect the privacy and confidentiality of children, individuals and families as outlined in Early Childhood Code of Ethics, National Education and Care Regulations and the Privacy Act 1988 (Cth). The right to privacy of all children, their families, and educators and staff of the Service will be upheld and respected, whilst ensuring that all children have access to high-quality early years care and education. All staff members will maintain the confidentiality of personal and sensitive information to foster positive trusting relationships with families.
To ensure that the confidentiality of information and files relating to the children, families, staff, and visitors using the Service is always upheld. We aim to protect the privacy and confidentiality of all information and records about individual children, families, educators, staff and management by ensuring continuous review and improvement on our current systems, storage, and methods of disposal of records. We will ensure that all records and information are held in a secure place and are only retrieved by or released to people who have a legal right to access this information.
This policy applies to children, families, staff, management, and visitors of the Service.
Under National Law, Section 263, Early Childhood Services are required to comply with Australian privacy law which includes the Privacy Act 1988 (the Act) aimed at protecting the privacy of individuals. Schedule 1 of the Privacy Act (1988) includes 13 Australian Privacy Principles (APPs) which all services are required to apply. The APPs set out the standards, rights and legal obligations concerning collecting, handling, holding and accessing personal information.
The Notifiable Data Breaches (NDB) scheme requires Early Childhood Services, Family Day Care Services, and Out of School Hours Care Services to provide notice to the Office of the Australian Information Commissioner (formerly known as the Privacy Commissioner) and affected individuals of any data breaches that are ‘likely’ to result in ‘serious harm’.
Businesses that suspect an eligible data breach may have occurred, must undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected. A breach of an Australian Privacy Principle is viewed as an ‘interference with the privacy of an individual’ and can lead to regulatory action and penalties.
Further information about the APPs is included in the Appendix of this policy.
The Approved Provider/Management will
- ensure the Service acts in accordance with the requirements of the Australian Privacy Principles and Privacy Act 1988 by developing, reviewing, and implementing procedures and practices that identify:
- the name and contact details of the Service
- what information the Service collects and the source of information
- why the information is collected
- who will have access to information
- collection, storage, use, disclosure, and disposal of personal information collected by the Service
- any law that requires the information to be collected
- adequate and appropriate storage for personal information collected by the Service
- protection of personal information from unauthorised access.
- provide Staff and Educators with relevant information regarding changes to Australian privacy law and Service policy
- ensure all relevant staff understand the requirements under Australia’s privacy law and Notifiable Data Breaches (NDB) scheme
- maintain currency with the Australian Privacy Principles (this may include delegating a staff member to oversee all privacy-related activities to ensure compliance).
- ensure personal information is protected in accordance with our obligations under the Privacy Act 1988 and Privacy Amendments (Enhancing Privacy Protection) Act 2012
- ensure all records and documents are maintained and stored in accordance with Education and Care Service National Regulations
- regularly back-up personal and sensitive data from computers to protect personal information collected
- ensure all computers are password protected and install security software- antivirus protection
- ensure families are notified of the time particular records are required to be retained as per Education and Care Services National Regulations [regulation 183 (2)]
- ensure the appropriate and permitted use of images of children
- ensure all employees, students, volunteers, and families are provided with a copy of this policy
- deal with privacy complaints promptly and in a consistent manner, following the Service’s Grievance Policy and procedures
- ensure families only have access to the files and records of their own children
- ensure information given to Educators will be treated with respect and in a professional and confidential manner
- ensure individual child and staff files are stored in a locked and secure cabinet
- ensure information relating to staff employment will remain confidential and available only to the people directly involved with making personnel decisions
- ensure that information shared with the Service by the family will be treated as confidential unless told otherwise.
A Nominated Supervisor and/or Responsible Person will
- always adhere to centre Service’s policies and procedures
- ensure Educators, staff, volunteers, and families are aware of the Privacy and Confidentiality Policy.
- ensure the Service obtains written consent from parents and/or guardian of children who will be photographed or videoed by the Service
- ensure families only have access to the files and records of their children
- ensure that information given to Educators will be treated with respect and in a confidential and professional manner
- ensure only necessary information regarding the children’s day-to-day health and wellbeing is given to non-primary contact Educators; for example, food allergy information.
- not discuss individual children with people other than the family of that child, except for curriculum planning or group management. Communication in other settings must be approved by the family beforehand.
- ensure that information shared with us by the family will be treated as confidential unless told otherwise.
Educators and staff will
- always read and adhere to the Privacy and Confidentiality Policy
- ensure documented information and photographs of children are kept secure but may be accessed at any time by the child’s parents or guardian
- ensure families only have access to the files and records of their children
- treat private and confidential information with respect in a professional manner
- not discuss individual children with people other than the family of that child, except for curriculum planning or group management. Communication in other settings must be approved by the family beforehand
- ensure that information shared with the service by the family will be treated as confidential unless told otherwise
- always maintain individual and Service information and store documentation according to this policy
- not to share information about the individual or service, management information, or other staff as per legislative authority.
Australian Privacy Principles – Personal Information
Kiddie Academy is committed to protecting personal information following our obligations under the Privacy Act 1988 and Privacy Amendments (Enhancing Privacy Protection) Act 2012.
Personal information includes a broad range of information, or an opinion, that could identify an individual.
Sensitive information is personal information that includes information or an opinion about a range of personal information that has a higher level of privacy protection than other personal information.
Personal information will be collected and held securely and confidentially about you and your child to assist our Service to provide quality education and care to your child whilst promoting and maintaining a child-safe environment for all stakeholders.
The personal information our Service may request regarding enrolled children:
- Child’s name
- Date of birth
- Birth Certificate
- The language spoken at home
- Emergency contact details and persons authorised to collect individual children
- Children’s health requirements
- Immunisation records- (Immunisation History Statement)
- Developmental records and summaries
- External agency information
- Custodial arrangements or parenting orders
- Incident reports
- Medication reports
- Child Care Subsidy information
- Medical records
- Permission forms – including permission to take and publish photographs, video, work samples
- Doctor’s contact information
- Centrelink Customer Reference Number (CRN)
- Dietary requirements
The personal information our Service may request regarding parents and caregivers:
- Parent/s full name
- Phone number (mobile & work)
- Email address
- Bank account or credit card detail for payments
- Centrelink Customer Reference Number (CRN)
- Custody arrangements or parental agreement
The personal information our Service may request regarding staff and volunteers:
- Personal details
- Tax information
- Banking details
- Working contract
- Emergency contact details
- Medical details
- Immunisation details
- Working With Children Check verification
- Educational Qualifications
- Medical history
- Superannuation details
- Child Protection qualifications
- First Aid, Asthma and Anaphylaxis certificates
- Professional Development certificates
Method of collection
Information is generally collected using standard forms at the time of enrolment.
Additional information may be provided to the Service through email, surveys, telephone calls or other written communication.
How we protect your personal information
To protect your personal and sensitive information, we maintain physical, technical and administrative safeguards.
All hard copies of information are stored in children’s files in a locked cupboard.
All computers used to store personal information are password protected.
Access to personal and sensitive information is restricted to key personal only.
Security software is installed on all computers
Data is regularly backed up on the external drive and/or through a cloud storage solution.
Any notifiable breach to data is reported.
All staff are aware of the importance of confidentiality and maintaining the privacy and security of your information.
Access to personal and sensitive information
Personal and sensitive information about you and your child will be stored securely at all times. The Approved Provider will ensure that information kept in a child’s record is not divulged or communicated through direct or indirect means to another person other than:
- the extent necessary for the education and care or medical treatment of the child to whom the information relates
- a parent of the child to whom the information relates, except in the case of information kept in a staff record
- the Regulatory Authority or an authorised officer
- as expressly authorised, permitted, or required to be given by or under any Act or law
- with the written consent of the person who provided the information.
Disclosing personal and sensitive information
Our Service will only disclose personal or sensitive information to:
- a third-party provider with parent permission (for example CCS software provider)
- Child Protection Agency- Office of the Children’s Guardian and Regulatory Authority as per our Child Protection and Child Safe Environment Policies
- as part of the purchase of our business asset with parental permission
Complaints and grievances
If a parent, employee or volunteer has a complaint or concern about our Service, or they believe there has been a data breach of the Australian Privacy Principles, they are requested to contact the Approved Provider so reasonable steps to investigate the complaint can be made and a response provided.
If there are further concerns about how the matter has been handled, please contact the Office of Australian Information Commissioner on 1300 363 992 or https://forms.business.gov.au/smartforms/landing.htm?formCode=APC_PC
For any other general concerns, please contact the Group Operations Manager on firstname.lastname@example.org.