Privacy and Confidentiality Policy.

1. Purpose and Scope

The Listening Projects (TLP) is committed to protecting the privacy and confidentiality of individuals, clients, staff, Board members, students, volunteers and stakeholders in the way information is collected, stored and used. TLP ensures personal information is managed in accordance with the Australian Privacy Principles (APPs) as contained within the Privacy Act 1988 (Cth). This policy provides guidance on TLP's legal obligations and ethical expectations in relation to privacy and confidentiality and complies with the APPs when collecting, using, disclosing, storing and destroying an individual's personal information.

2. Definitions

Privacy provisions of the Privacy Act 1988 govern the collection, protection and disclosure of personal information provided to TLP by individuals, clients, staff, Board members, volunteers, students and stakeholders. Confidentiality applies to the relationship of confidence. Confidentiality ensures that information is accessible only to those authorised to have access and is protected throughout its lifecycle. Confidential information may be marked as such or deemed confidential by its nature, e.g. it is information that is not available in the public domain. Consent means voluntary agreement to some act, practice or purpose. Consent has two elements: knowledge of the matter agreed to and voluntary agreement. Individual means any person such as an individual, client, staff member, Board member, volunteer, student, contractor or a member of the public. Organisational information includes publicly available, and some confidential, information about organisations. Organisational information is not covered in the Privacy Act (1988) but some organisational information may be deemed confidential. The public domain in relation to confidentiality is “common knowledge," i.e. information that can be accessed by the general public other than through unauthorised disclosure by someone with an obligation or duty of confidence.

3. Limitations

This policy is limited by:

  • Courts which have the authority to subpoena files in relation to criminal or other matters

  • Information contained within contracts set out by funding bodies

  • Requirements of professional accreditation bodies to establish or maintain accreditation

4. In Support of this Policy

  • Management will ensure that processes are in place to ensure that individuals, client, staff and organisational information remains confidential and secure

  • Management will, as part of the induction process, ensure that staff are trained appropriately

  • Individuals, clients and staff have the right to request access to their records

  • Staff will follow the processes relating to the collection, holding, disclosure and distribution of personal information and accessing of personal records

  • Staff who infringe this policy will proceed to disciplinary procedures

  • Personal information is maintained accurately and is up to date

  • Staff will ensure that confidentiality is observed in work practice at all times

5. Management of personal information in accordance with Australian Privacy Principles

5.1 What is personal information?

'Personal information' is information or an opinion about an identified individual or one who is reasonably identifiable. Personal information may include 'sensitive information' about an individual such as a person's race or ethnic origin, political opinions, religious beliefs or associations, philosophical beliefs, memberships, sexual orientation or health, genetic or biometric information. Sensitive information may include 'Health information', which includes information about a person's physical, mental or psychological health, disability or use of health services.

5.2 What personal information does TLP collect?

TLP will only collect 'personal information' that is reasonably necessary to provide relevant services to an individual. This will usually include as a minimum your name, contact details and date of birth. 'Sensitive information' will only be collected if an individual consents to the collection of the information or where permitted by the Privacy Act. If you do provide personal information, including sensitive information, to us for any reason (for example, if you provide us with information about a disability you have), you consent to us collecting that information and to us using that information in accordance with this policy for the purpose for which you disclosed it to us and as permitted by the Privacy Act.

5.3 How does TLP collect personal information?

TLP may collect personal information when:

  • A form has been completed either verbally or in writing

  • Through contact via phone, email or website

  • During the course of relevant services provided

  • In other instances, where consent has been provided

TLP will only collect information directly. Should we receive unsolicited or unauthorised information from a third party, the organisation will destroy the information or ensure that it is de-identified, except where required by law to retain the information. Where collection of personal information from a third party is authorised or required by Australian Law or a court order, TLP will: inform the individual of the information held, the reason for its collection, the main consequences (if any) for the individual if the information is not collected and the identity of anyone to whom the information is disclosed.

5.4 How does TLP use or disclose personal information?

Personal information provided is used:

  • for the purpose for which it was collected

  • to assist TLP in providing a service 

  • In practice discussions between a practitioner, when necessary

  • Where the organisation is required to allow representatives from a professional accreditation body to access personal information. When this may occur, any representatives from the accrediting body will sign a confidentiality agreement, not to disclose or share any personal information they may come across

TLP will take reasonable steps to ensure that personal information collected from an individual is accurate, up-to-date and complete. The organisation will check the individual's personal information at each occasion of engagement with the service and will update the information on the computer database.

Disclosure of Personal Information

Disclosure of personal information may occur when:

A person has provided/signed a written consent to:

  • provide non-identifying information to the Commonwealth and/or State Government agencies that fund TLP programs for management and statistical purposes.

  • disclose information to another person or service to whom an individual is being referred to for further support.

  • required or authorized by Australian law or court order or international agreement to which Australia is a party

  • The overriding duty of care to report serious matters occurs

  • Required by professional accreditation bodies to establish or maintain accreditation

  • Courts which have the authority to subpoena files in relation to criminal or other matters

TLP will not generally disclose personal information about an individual to an overseas recipient. Exceptions may apply where disclosure is required or authorised by Australian law or court order or international agreement to which Australia is a party. If the organisation is required by law to provide information or if the individual consents to disclosure overseas, TLP will not be held responsible for ensuring the recipient complies with Australian Privacy laws, however, will take reasonable steps to ensure that the overseas recipients of an individual's personal information do not breach the privacy obligations relating to the individual's personal information. Government identifiers such as a number, letter or symbol used to identify an individual will not be disclosed in relation to an individual's activity unless authorised by law. TLP also participates in service development through analysis of anonymous service data and outcomes in collaboration with relevant partner organisations, for research purposes only. In these projects' TLP will protect privacy by using anonymous personal information (identifying details are removed). Where this is not possible TLP will seek informed consent before using identifiable information.

5.5 Can an individual be anonymous or use a pseudonym?

Individuals will have the option of not identifying themselves or of using a pseudonym when accessing TLP services. Exceptions apply where it would be impracticable for TLP to provide appropriate service to the individual or where identification is required by law.

5.6 What about Direct marketing?

TLP will not use or disclose personal information for the purpose of direct marketing. TLP may access third party online services to assist in hosting of websites, communication with individuals, clients, completion of surveys and organising events. Some online services invite individual users to save their information for ease of future use or they may share information with direct marketing agencies. While TLP will seek to use reputable services individuals are encouraged to read all information before agreeing to any offers these third-party services may provide.

5.7 How does TLP store personal information?

TLP stores personal information:

  • electronically in a secure and protected client data management computer system or

  • in paper documents that are stored in secure and locked storage areas

Access to personal information will be by authorised staff only. All staff who access individual information are responsible for ensuring that the files are saved in the secure database or properly stored, and that no confidential information is stored where it is accessible by people who are not approved by TLP. As services expand and the use of internet or cloud-based technology increases there will be other third-party services TLP may choose to access to assist in managing data and improving our services to communities.

5.8 Overseas Disclosure

TLP currently uses a client management software database located in Australia. We may need to give the technical services provider access to an individual's personal information so that they can diagnose and resolve software issues. Individuals may agree to provide an email address for TLP to contact them. TLP may use third party online services to assist in communications with individual’s, surveys, organising events or to enhance the services we provide. For example, MailChimp may be used in order to contact individual’s via email, and Survey Monkey may be used to send Surveys. Both services are online software designed to distribute emails and surveys. The storage of an individual's email address and first name only will be on the MailChimp or Survey monkey server which is located in the United States.

5.9 Protection of personal information

TLP will take all reasonable steps to ensure that personal information is protected from misuse, interference, loss, unauthorised access, modification and disclosure. However, no data transmission over the internet or information stored on servers accessible through the internet can be guaranteed to be fully secure. In the event of a serious data breach, TLP is obligated to report this to the Office of the Australian Information Commissioner (OAIC).

5.10 Users of TLP website and services

Individuals can use the TLP website to send an enquiry, request a meeting, give feedback or make a complaint. In these circumstances, we will collect your name, email address, phone number and location. For individuals who wish to send an enquiry, various TLP staff may need to read your written communications with us, including emails, so the most appropriate person can respond. Most enquiries will be forwarded to the staff member responsible for the location. If TLP needs to respond via email, we will use the email address provided on the website. We may also use the information given to contact individuals so that we may offer services as appropriate, respond to a complaint or clarify a request.

5.11 Information provided by "cookies" from use of our website

TLP uses "cookies" as a reporting mechanism. Cookies identify traffic coming into and out of the TLP website and for websites for services linked to TLP. Cookies enable our web server to collect information back from an individual's browser each time you visit the TLP website. More information about the use of cookies is available at: www.cookiecentral.com. Cookies do not identify individual users. When an individual visits the TLP website, our servers may record information about their usage, the time of visit, duration, pages viewed and style settings. TLP does not collect information which can identify individuals who visit the website. However, when an individual visits the TLP site, Google Analytics compiles data that record and log each visit with the following information collected for statistical purposes only:

a.  the user's server address;

b.  the user's top-level domain name (for example, .com, .gov, .au, .uk etc.);

c.  the date and time of the visit to the site;

d.  the pages accessed and documents downloaded;

e.  the search words and referral sites used;

f.  the type of browser used.

Access to, and use of, this information is restricted to TLP. No attempt will be made by TLP to track or identify individual users or their browsing activities, except in the unlikely event of an investigation, where a law enforcement agency may execute a warrant to inspect Google Analytics logs. TLP will only use statistics obtained from cookies to ascertain and follow website usage to enable improvements, updates and maintenance of pages of the website.

5.12 How can an individual access personal information from TLP?

Individuals may request access to their personal information at any time. Subject to any requirements in the APPs, TLP will facilitate access in the manner requested by the individual if it is reasonable and practicable to do so. Individuals will not be given access to information about other people, even if they were party to the sessions the individual attended. Where access to information is denied the individual will be given written reasons for this decision.

5.13 What if an individual's personal information is not correct?

TLP will endeavour to ensure your information is accurate, TLP will endeavour to correct personal information once it is identified as inaccurate or not up-to-date by the organisation or by the individual. TLP will ensure that any other organisation to whom the individual's personal information was previously forwarded receives notification of any change, unless it is impracticable or unlawful to do so. Should TLP refuse to correct personal information as requested by the individual, written reasons for refusal will be provided to an individual.

5.14 When do we destroy personal information?

The majority of individual information is stored on our secure client data management system. For the services who maintain paper files, TLP securely destroys or de-identifies personal information when it is no longer required. 

Commonwealth Disposal Freeze

There is a current Commonwealth Freeze on the disposal of records that commenced on the 31 January 2013 and is in effect until further notice. Please refer to the National Archives of Australia Notice of Disposal Freeze for further information.

Tasmanian State Disposal Freeze

The State Freeze on the disposal of records commenced in 2019 and is in effect until 2029. Organisations are required to keep all records that contain information about children, services provided to them and employees that provide the service until 2029. Please refer to the Office of the State Archivist - Notice of Disposal Freeze on records relating to children for further information.

5.15 Limitations of Confidentiality

Confidentiality is strictly maintained. However, TLP has a duty of care to protect individuals and those close to them. TLP is therefore mandated by law to report risk of harm to self or others as well as instances of current child abuse or neglect or risk of child abuse or neglect.

5.16 How does an individual complain?

If an individual has a complaint about how TLP handles personal information, they should contact the organisation's Privacy Officer (TLP's Chief Operating Officer) on 1800 ### ### or hi@thelisteningprojects.org  All complaints will be dealt with fairly and as quickly as possible. If an individual is not satisfied with TLP's response, an individual can make a complaint about interference with their privacy to the Office of the Australian Information Commissioner.

Email: enquiries@oaic.gov.au

Post: GPO Box 5218, Sydney NSW, 2001

Phone: 1300 363 992 Fax: 02 9284 9666 Web: http://www.oaic.gov.au It may also be appropriate to direct your complaint to: Your State Ombudsman 

DSS National Client Complaints Team

Phone: 1800 634 035 Email: complaints@dss.gov.au

Post: DSS Feedback, GPO Box 9820, Canberra, ACT, 2601

Alternatively, you can submit a feedback form online https://www.dss.gov.au/contact/feedback-compliments-complaints-and-enquiries/feedback-form

Privacy and Confidentiality Policy Current Issue Date: January 2025