Background & Reasons for Policy
MaxxWebTech is committed to respecting the confidentiality of personal and business information of all those who are connected with us in any way,
whether client, customer, consultant, contractor or employee.
MaxxWebTech was, by virtue of its government contracts, required to adhere to the Privacy Act (1988) in respect of many operations.
Client files need to be accessed by a range of staff if we are to provide a quality service. We are also required to disclose certain information as part of our
service provision requirements. Therefore we need procedures on the handling and management of information.
Principles
The principles applied in this policy are as per the Information Privacy Principles of the Privacy Act 1988 and the National Privacy Principles of the
Privacy Amendment (Private Sector) Act 2000. The policy has been built around the right established in law for clients to know why their personal
information is being collected, what personal information MaxxWebTech holds about them, how the information will be used
by the company and to whom it will be disclosed.
Policy
MaxxWebTech will recognise and respect the confidentiality of any information relating to staff, or clients to which they have access. Underpinning these
principles is the notion that any information pertaining to any person remains the personal and private property of the individual until such time as they
give permission to become otherwise.
Unauthorised disclosure of such information is unlawful and may seriously undermine the relationship between staff members, and between staff members
and clients. It may contribute to the development of pre-conceived ideas or judgements about individuals that may influence future relationships or interactions.
Definitions
All references to staff will also apply to contractors, consultants and volunteers.
Sensitive information is information or an opinion about an individual’s:
Racial or ethnic origin
Political opinions
Membership of a political association
Religious beliefs or affiliation.
Philosophical beliefs
Membership of a professional or trade association
Membership of a trade union
Sexual preferences or practices
Criminal record or
Health information about an individual.
Procedure Collecting Information
Information about any staff member or person accessing services offered by MaxxWebTech will be
collected:
-only if it is necessary for the functions and activities of the organization
-using lawful and fair means
-by a person whose functions or nature of duties is directly related to the purpose for which it is being
collected
-for the purpose for which it is needed
-with the individual’s informed consent
-after taking reasonable steps to ensure that it is accurate, complete and up-to-date
-in a manner that is not unduly intrusive
When seeking information from a person, it is necessary to inform that person prior to the collection, or as
soon as practicable after, of:
The purpose for requiring the information
That the collection of it is authorized/required under law
Sensitive information
MaxxWebTech will not collect sensitive information about an individual unless the individual has
consented or the information will prevent serious threat to the life or health of an individual.
Confidentiality of information
Staff are only permitted to have access to information about individuals for professional and administrative
purposes. Such information must be used with the utmost respect for the dignity and privacy of the
person(s) concerned.
Staff shall not discuss customers outside the worker/customer relationship or confidential, professional
information outside the appropriate work situation.
Use and disclosure
1. Information collected about an individual will not be used for any other purpose than that to
which the individual has consented
Individual customer information cannot be given to another agency without the written consent of
the client. Exceptions are:
i. If MaxxWebTech believes on reasonable grounds that disclosure is necessary to prevent
or lessen a serious and imminent threat to the life or health of the individual concerned
or of another person;
ii. If the disclosure is required by/under law;
iii. If the disclosure is required for some law enforcement reasons
All customer records shall be protected, by such security safeguards, as it is reasonable in the circumstances, to prevent unauthorized access, use,
modification or disclosure, and to guard against other misuse.
Information about any client which is not relevant to a purpose, is out-of-date or excessively personal shall be culled.
Trans border data flows: Any transfer of data to an organisation outside Australia will be made only if the individual has consented to the transfer.
Files and Access
Only information which is relevant to administration and service provisions is to be recorded in files.
Customers/Clients will have access to all information pertaining to themselves (except in circumstances dictated by any Commonwealth law provisions)
Staff will be able to see all information pertaining to themselves as above (except in circumstances dictated by any Commonwealth law provisions)
All files held and maintained by MaxxWebTech are the property of the organisation.
Records Management
Hard copy client files will be kept in filing cabinets when not in use
Locked away at the end of each day
Shredded when no longer needed
All personal and confidential information will be shredded prior to disposal.
Computer files about client will be protected by
Passwords on all staff computers
Passwords on screen savers if the computers are in areas accessible to clients and visitors
Limited number of access attempts on computers
Only staff with direct service needs will have access to computerised client data bases.
Client files will be retained while clients continue to access the service, or where it is required of us by legislation (eg qualifications attained from our training).
Client files which are retained will be archived as per the company archiving policy and procedure and the retention schedule will be followed
Complaints Management
All Staff/Customers/Clients should approach the Privacy Officer for any complaints with regard to Privacy rights.