Privacy Policy

Privacy Statement

The Multiple Sclerosis Society of SA and NT Inc and Multiple Solutions (‘the Society’) are committed to protecting the privacy of personal information which the Society collects, holds and administers. The Society will only collect information that is required for it to fulfil its ethical and legal responsibilities and provide appropriate and timely services.

  • All Board members, employees and volunteers of the Society have an obligation to abide by this Privacy policy. Individuals found breaching privacy or confidentiality may face disciplinary action and/or possible termination.

Parameters

The Society recognises the essential rights of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in, and supported by, the Society’s core values.
The Society is bound by State and Federal Privacy laws and has adopted the Information Privacy Principles. This means that the Society will:

  • only collect information that is needed for its primary function with prior knowledge and consent of the client;
  • ensure that stakeholders are informed about why we collect information and how we manage the information gathered;
  • use and disclose personal information only for its primary function or a directly related purpose, or for another purpose with the client’s consent;
  • store personal information securely, protecting it from unauthorised access;
  • provide stakeholders with access to their own information.

Definitions

Confidential information is defined as:

  • the names, details and information relating to the business affairs of the clients or members of the Society;
  • matters of a technical nature, trade secrets, technical data, marketing procedures and information, accounting programs and procedures, financial information and like information relating to the business of the Society;
  • other information which the Society informs the employee is confidential or which, if disclosed, the employee knows or ought reasonably to know, would be detrimental to the Society; and
  • all other information which is imparted to the employee in circumstances which the employee knows or ought reasonably to know that the information is confidential to the Society or any persons with whom the Society is concerned, however, this excludes any information that is public knowledge.

Personal information is defined as:

  • information about an individual whose identity is apparent, or can be reasonable ascertained, from the information or opinion which is maintained electronically, on video or in written/printed form; and/or verbal information given to an employee about an individual.

Sensitive information means personal or health information or an opinion about a client’s;

  • racial or ethnic origin
  • political opinions
  • membership of a political association
  • religious beliefs or affiliations
  • philosophical beliefs
  • membership of a professional or trade association
  • membership of a trade union
  • sexual preferences or practices
  • criminal record.

Health information means information or opinion about:

  • the health or a disability (at any time) of an individual
  • other personal information collected to provide, or in providing, a health service.

Records: Includes documents, information and data stored by any means including all copies and extracts.

Privacy Officer: the Society’s Privacy Officer is the Chief Executive Officer who will:

  • ensure that all staff and volunteers receive training in Privacy and Confidentiality and sign an agreement to maintain and protect client privacy and confidentiality; and
  • regularly review compliance with this policy.

Procedures

Collection of information

The Society will:

  • only collect information that is necessary for the performance and primary function of the Society;
  • notify stakeholders about why we collect information and how we manage the information gathered;
  • notify stakeholders that this information is accessible to them;
  • collect personal information from clients directly , unless it is unreasonable or impracticable to do so, or the client consents to the Society obtaining it from someone else;
  • only collect sensitive information as required by law or with the individual’s consent.

Use and disclosure

The Society will:

  • only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose;
  • obtain written consent from the affected person for other uses;
  • identify on all forms the purpose for which the information is collected.

Data quality

The Society will:

  • take reasonable steps to ensure the information collected is accurate, complete, up to date and relevant to its functions.

Data security and retention

The Society will:

  • safeguard the information collected and store against misuse, loss, unauthorised access and modification;
  • only destroy records in accordance with the records disposal schedule or in accord with contractual obligations with funding organisations;
  • take all reasonable steps to protect the personal information held from misuse and loss from unauthorised access, modification or disclosure. This will include ensuring that all electronic systems are protected through electronic passwords, and all hard copy client personal and confidential information is securely stored and only accessible by authorised personnel;
  • only remove client data from its care upon court subpoena, with legislative authority, a search warrant, or coronial summons;
  • manage records in accordance with the Society’s Records Management Policy.

Openness

The Society will:

  • ensure that stakeholders are aware of the Society’s Privacy and Confidentiality policy and its purpose;
  • make this information freely available in relevant publications and on the website.

Access and correction

The Society will:

  • ensure clients have the right to seek access to information about them and to correct it if it is inaccurate, incomplete, out of date or misleading.

Anonymity

The Society will:

  • give stakeholders the option of not identifying themselves when completing evaluations, feedback or surveys.

Making information available to other service providers

The Society will:

  • only release information about a person with that person’s express written and informed consent;
  • release information to third parties where that is requested by the person concerned;
  • In accordance with the FOI Act 1982 information will not be released where:
    • medical papers exist and a doctor believes disclosure may adversely affect the client’s health;
    • it is not in the “public interest” to be disclosed;
    • the information cannot be found or does not exist;
    • medical papers are on file where permission must be sought by the author;
    • release confidential information without consent when disclosure is essential to protect a person from the risk of immanent harm.

The employee’s obligation of maintaining confidentiality does not extend to confidential information that the law requires to be disclosed.

At the end of an employee’s employment, they must return to the Society:

  • all confidential information in material form;
  • those parts of all notes and other records based on or incorporating confidential information;
  • all copies of confidential information and notes and other records based on or incorporating confidential information; and
  • all of the Society’s property in the employee’s possession or control.

The employee’s obligation of confidentiality will continue after the end of their employment in respect of all confidential information other than information forming part of the employee’s overall general skill and knowledge.

Any employee found to be in breach of this confidentiality obligation, whilst still employed by the Society will be disciplined, and in serious instances, dismissed.

Any former employee found to be in breach of this confidentiality obligation may be subject to legal action being taken against them, dependent upon the circumstances of the breach.

This Policy will operate in conjunction with the contract of employment or letter of appointment for every employee of the Society.

If an individual thinks the Society has interfered with their privacy they can complain to the Privacy Commissioner. Advice about making a complaint can be obtained from the Privacy Hotline 1300 363 992.