1. About this policy 

This Policy explains how we collect, use, share and manage your personal information in line with the Privacy Act 1988 (Cth) (Privacy Act) and all other relevant state laws. 

2. Our commitment 

Disability Advocacy is part of Advocacy Law Alliance and is committed to maintaining your right to privacy across the whole organisation. We do this by ensuring that all staff and volunteers know and abide by all relevant privacy laws, you are informed about your rights regarding privacy, and you are given privacy when discussing personal matters. We will take reasonable and robust steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. 

This applies to all hard copy and electronic records, interviews and discussions that contain personal information. 

3. Types of information we collect 

We collect different types of information that may be considered personal or sensitive. 

3.1 Personal information 

In this Policy, ‘personal information’ has the meaning given to it in the Privacy Act. It generally covers any information that can be used to identify you, such as your: 

  • name 
  • address 
  • phone number 
  • email address 
  • job 

3.2 Sensitive information 

In this Policy, ‘sensitive information’ has the meaning given to it in the Privacy Act. It is personal information given a higher level of protection because it may include information about your:

  • race or ethnic background, such as if you are an Aboriginal or Torres Strait Islander
  • health 
  • sexual preference or gender identity.

4. Why we collect information about you 

We collect information to help us monitor the work we are doing for you and to provide you with the best possible advocacy service. 

As well as providing a service for you, this information also allows us to answer enquiries about our services, plan, conduct research and improve our service, respond to complaints, and comply with rules and regulations that govern us. 

5. Collection of information 

Any information we collect about you is regarded as confidential. It will only be used to provide quality advocacy support. You will be made aware of what information we keep and who will have access to it. We will never share, sell, rent or disclose information for marketing or promotion. We will never use or disclose a government-related identifier for any other purpose than to provide advocacy. 

6. How we maintain your privacy 

Our staff are trained on how to manage any personal information they have access to in the conduct of research, consultation or advocacy work. 

The Executive Officer is responsible for ensuring all the content in our communications, such as publications and our website adhere to privacy standards. This includes:

  • individual consent is obtained before including any personal information about you
  • all information collected from other agencies or individuals also conforms to privacy rules.
  • personal information and tracking data are not collected from website visitors. 

6.1 Who is in charge of privacy 

The Privacy Contact Officer will be the Manager Advocacy. They will: 

  • ensure all staff are familiar with this Privacy Policy and the correct way to handle personal information. 
  • ensure you are provided with information about your privacy rights 
  • handle any queries or complaints about a privacy issue 
  • comply with our information barriers policy 

7. Access to information 

We are committed to being transparent about what we do and how we work. We balance this commitment with upholding your right to privacy.

We will prevent unauthorised persons from gaining access to an individual’s confidential records, and permit you to access your records when this is reasonable and appropriate. Access to some documents and records will be limited to people who are authorised to see them, such as team members working with you. 

7.1 How you can access your records 

You have the right to access your records and let us know if anything is incorrect. Requests can be made in writing or in person, you will need to provide appropriate identification. 

It may take up to two (2) weeks to receive a copy of the requested information. Generally, you will receive a photocopy of the documents requested. A record of the request, and what information was provided will be kept in your file. 

The request will be approved by the Manager Advocacy who will consult with the Executive Officer to ensure fair and appropriate access to your information. 

Any external requests for your information will be referred to the Manager Advocacy. They will also contact you to obtain consent before any information is released. 

7.2 How you can appeal a decision 

If you are refused access to your own records or information files, you may appeal the decision by contacting the Manager Advocacy. They will review the decision in the context of this Policy. 

8. Who has access to your records 

Your records will only be accessible by a DA staff member or approved volunteer. Anyone else must obtain your consent before getting access to your files. 

Before your information is given to another individual or organisation, you will need to give written or verbal permission. Verbal permission is used when you have an urgent reason for doing so. If verbal permission is given, the advocate will make clear notes for the reason, date and time that verbal permission was given. Written consent will still need to be obtained as soon as possible. 

There are some occasions when information may need to be shared without your explicit consent. 

8.1 Subpoena (unless legally privileged information) 

A subpoena is a legal order to produce documents or give evidence. If your files are subpoenaed, we will let you know as soon as possible. Only information ordered by subpoena may be copied and released for this purpose. The CEO should be notified of the subpoena, using de-identified information. The CEO will delegate authority to the Executive Officer to manage our response. The Executive Officer will be notified immediately and potentially seek legal advice to ensure the subpoena complies with legal requirements. 

8.2 Necessity (reporting abuse or neglect) 

We are committed to ensuring that people with a disability are not abused or neglected. We seek to deal with complex ethical decisions consistently while protecting a person’s right to self-determination. 

Where possible, we will provide information to the person with disability (and their families and carers, if appropriate) about their right to live free from abuse and their entitlement to independent advocacy and support if their human rights are infringed. 

We may need to share your information if we believe it is necessary to prevent:

  • a serious and imminent threat to a person’s life, health or safety 
  • a serious threat to public health or safety. 

A decision to share your information to seek help or protect you will take into account your capacity to make decisions. Any need to share your information based on necessity will be discussed with our Executive Officer wherever possible. There are some exceptions where information may need to be shared without the explicit consent of the client. 

All reports of abuse and neglect, subsequent deliberations and decisions will be recorded in the client’s file. 

8.3 Child protection legislation 

Under child protection legislation, we may be defined as ‘mandatory reporters’. This means team members believe on ethical grounds that they should share relevant information with the relevant child protection authority if they suspect that a child is at risk of serious harm. If a team member needs to share your information because of mandatory reporting, it will be first discussed with our AM or Manager Advocacy. 

If it is agreed that a report must be made, this should be recorded in the client file and marked as confidential using the ‘sensitive information’ check box. 

8.4 How access is given when there is a conflict of interest 

Disability Advocacy staff and volunteers may encounter a conflict of interest between you and some individuals, organisations or referring agencies. Therefore, sharing information with these individuals or organisations when a conflict of interest is present may negatively affect you. In these instances, staff will discuss with their RM or the Manager Advocacy about the potential implications of sharing authorised information with organisations or individuals who have a conflict of interest with the client.

8.5 Providing contact details 

If another organisation wishes to contact you, we will either provide you with their contact details to initiate contact or obtain your consent to give them your contact details. 

9. Standards auditing 

As part of our funding agreements, we may undergo standards auditing. This means someone outside of DA will check client files and records of complaints to ensure that we are meeting the agreed reporting standards. 

This counts as a secondary purpose within privacy legislation (checking that disability advocacy is done correctly) as it relates to the primary purpose of gathering your information (providing high-level advocacy). The Client Handbook will explain the audit process, and staff can further explain key policies such as confidentiality at the initial meeting to anyone who may have difficulty understanding the Handbook. 

If you receive targeted advocacy assistance that requires an Advocacy Agreement (services longer than three hours), you will be given the option to participate in the standards audit process. In this instance, you will need to sign an audit consent form. Your decision regarding audit consent will be stored in your case file and a copy of the form will be saved in the files section. If you only provide verbal consent, that will be noted as a file note on SF labelled ‘Audit Consent. If you do not provide a response or are unsure about your decision, we will consider that as an opt out of the audit. 

If your file is selected by auditors, we will contact you before the audit process begins to confirm that your consent remains current. Your details will not be provided to the auditors until this is confirmed. 

All auditors are required to sign and adhere to a confidentiality agreement that prohibits them from disclosing or identifying any client information they view during the audit. 

10. Storing and managing your information 

10.1 How your information is managed 

Our records will be filed and managed systematically to ensure we only hold the personal information we need. These include filing and storing information systematically so that:

  • material about the administration of Disability Advocacy is identified and kept for the required period. 
  • material of potential historical significance is identified and archived accordingly
  • material about people who use our service is stored, reviewed, archived and disposed of appropriately.
  • information is disposed of in a way that protects people’s privacy 

Regular reviews take place to remove and dispose of material that is no longer required. We will permanently de-identify personal information before disposal to ensure your privacy. 

10.2 Our record keeping process 

All documentation we keep should be objective, and the language that is used should be objective. All incoming and outgoing documents will be copied into the client management system and dated. Staff members are responsible for keeping your records up to date in the client management system and company drive. They will make copies of all relevant documents and emails and add them to your file. 

Our CEO, DCEO and Board do not have access to your files, unless you give explicit permission. 

10.3 How files are stored securely 

Any hard copy files will be kept in a locked cabinet when not in use. Client files will not be removed from the office except in special circumstances with supervisor permission. Files removed from the office must be kept in a plain folder with all personal details covered up. 

We store all digital information in a secure cloud-based CRM system in Australia with multi-factor authentication and up-to-date security practices that offer the best protection and mitigate risk. 

10.4 How long we keep your information 

We are obliged to keep your information for seven (7) years unless we are legally required to do otherwise. After seven years, all electronic data will be irretrievably destroyed. The archiving storage or disposal of your files is the responsibility of the Regional Manager in consultation with the Manager Advocacy. We will inform you of this obligation, and how you can access these files. 

11. Complaints process 

Disability Advocacy has a complaints process which is set out on our Contact page. The Advocacy Manager is the person to contact with any complaints. 

If you believe your privacy has been breached or you have a complaint about how we have handled your personal information, please contact us in writing. We will respond within a reasonable period (usually within 30 days of lodgement).

Write to us at: 

Advocacy Manager 
Suite 1, Level 2 Devonshire House 
408 King St 
Newcastle West NSW 2302 

Email us at: da@da.org.au 

If you are not satisfied with our response, then you may lodge a formal complaint with the Office of the Australian Information Commissioner. For more information, please visit oaic.gov.au 

12. Meanings 

References to ‘DA’, ‘we’, ‘us’ and ‘our’ are references to Disability Advocacy.