Privacy and Confidentiality Policy



QA7 7.1.2 Systems are in place to manage risk and enable the effective management and operation of a quality service.


National Regulations

Reg 181 Confidentiality of records kept by approved provider
181-184 Confidentiality and storage of records



This policy is to address the issues of privacy and confidentiality of children, educators, volunteer workers and parents using the service. It aims to protect the privacy and confidentiality by ensuring that all records and information about individual children, families, educators and management are kept in a secure place and are only accessed by or disclosed to those individuals who need the information to fulfil their responsibilities at the service or have a legal right to know.

Related Policies

Educator and Management Policy
Enrolment Policy
Family Law and Access Policy
Medical Conditions Policy
Record Keeping and Retention Policy
Social Networking Usage Policy

Who is affected by this policy?


National Privacy Principles

NPP 1: collection
Describes what an organisation should do when collecting personal information, including what they can collect, collecting from third parties and, generally, what they should tell individuals about the collection.

NPP 2: use and disclosure
Outlines how organisations may use and disclose individuals' personal information. If certain conditions are met, an organisation does not always need an individual's consent to use and disclose personal information.  There are rules about direct marketing.

NPPs 3 & 4: information quality and security
An organisation must take steps to ensure the personal information it holds is accurate and up-to-date, and is kept secure from unauthorised use or access.

NPP 5: openness
An organisation must have a policy on how it manages personal information, and make it available to anyone who asks for it.

NPP 6: access and correction
Gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.

NPP 7: identifiers
Generally prevents an organisation from adopting an Australian Government identifier for an individual (e.g. Medicare numbers) as its own.

NPP 8: anonymity
Where possible, organisations must give individuals the opportunity to do business with them without the individual having to identify themselves.

NPP 9: trans-border data flows
Outlines how organisations should protect personal information that they transfer outside Australia.

NPP 10: sensitive information
Sensitive information includes information such as health, racial or ethnic background, or criminal record.  Higher standards apply to the handling of sensitive information.


Service Privacy Guidelines

  • Personal information will only be collected in so far as it relates to the service’s activities and functions, and in line with relevant legislation. (National Privacy Principle 1.1 - Privacy Act 1998.)
  • Collection of personal information will be lawful, fair, reasonable and unobtrusive. (National Privacy Principle 1.2 - Privacy Act 1998.)
  • Individuals who provide personal information will be advised of: the name and contact details of the service; the fact that they are able to gain access to their information; why the information is collected; the organisations to which the information may be disclosed; any law that requires the particular information to be collected; and the main consequences for not providing the required information. (National Privacy Principle 1.3 – Privacy Act 1998).
  • The use or disclosure of personal information will only be for its original collected purpose, unless the individual consents or unless it is needed to prevent a health threat, or is required or authorised under law. (National Privacy Principle 2.1 – Privacy Act 1998).
  • The service will take steps to ensure the personal information collected, used or disclosed, is accurate, complete and up to date. Parents will be required to update their enrolment details annually, or whenever they experience a change in circumstances. Computer records will be updated as soon as new information is provided. (National Privacy Principle 3 – Privacy Act 1998).
  • Personal information will be kept in a secure and confidential way, and destroyed by shredding or incineration, when no longer needed. (National Privacy Principle 4 – Privacy Act 1998).
  • Individuals will be provided with access to their personal information and may request that their information be up-dated or changed where it is not current or correct. (National Privacy Principle 6 – Privacy Act 1998).
  • Individuals wishing to access their personal information must make written application to the Co-ordinator, who will arrange an appropriate time for this to occur. The Co-ordinator will protect the security of the information by checking the identity of the applicant, and ensuring someone is with them while they access the information to ensure the information is not changed or removed without the Co-ordinator/Supervisor’s knowledge.
  • The Co-ordinator will deal with privacy complaints promptly and in a consistent manner, following the Service’s Grievance Procedures. Where the aggrieved individual is dissatisfied after going through the grievance process, they may appeal in writing to “The Director of Complaints, Office of the Federal Privacy Commission, GPO Box 5218, Sydney NSW 1042, or phone the Commissioner’s Hotline on 1300 363 992. (Privacy Act 1998).
  • Every employee and the Operator is provided with clear written guidelines detailing:
  1.  What information is to be kept confidential and why
  2. What confidential information they may have access to in order to fulfil their responsibilities and how this information may be accessed.
  3. Who has a legal right to know what information?
  4. Where and how the confidential information should be stored.
  • Every enrolling parent/guardian is provided with clear information about:
  1. What personal information is kept, and why.
  2. Any legal authority to collect personal information.
  3. Third parties to whom the service discloses such information as a usual practice.
  • Confidential conversations that educators have with parents, or the Co-ordinator has with educators will be conducted in a quiet area away from other children, parents and educators. Such conversations are to be minuted and stored in a confidential folder.
  • Personnel forms and employee information will be stored securely. (Workplace Relations Act 1996).
  • Applicants, students or volunteers will be informed that their personal information is being kept, for what reason, for how long, and how it will be destroyed at the end of the time period.
  • Applicants will be asked for their consent before their references are checked. Unsuccessful applicants will be advised of when and how their personal information will be destroyed.
  • Information about educators will only be accessed by the Co-ordinator, Area Management Team and individual educator concerned. (Workplace Relations Act 1996.)
  • All matters discussed at staff meetings will be treated as confidential. (Privacy Act 1998.)
  • No member of educators may give information or evidence on matters relating to children and/or their families to anyone other than the responsible parent/guardian, unless prior written approval by the responsible parent/guardian is obtained.  Exceptions may apply regarding information about children when subpoenaed to appear before a court of law.  Notwithstanding these requirements, confidential information may be exchanged in the normal course of work with other educators at the Service and may be given to the Operator, when this is reasonably needed for the proper operation of the Service and the wellbeing of users and educators. (Privacy Act 1988).
  • Reports, notes and observations about children must be accurate and free from biased comments and negative labelling of children.
  • Educators will protect the privacy and confidentiality of other educators by not relating personal information about another educator to anyone either within or outside the Service.
  • Students/individuals on work experience/volunteers will not make educators/children or families at the Service, an object for discussion outside of the Service (e.g. college, school, home etc.), nor will they at any time use family names in recorded or tutorial information.
  • Students/individuals on work experience/volunteers will only use information gained from the Service upon receiving written approval from the Service to use and/or divulge such information, and will never use or divulge the names of individuals.



National Quality Standard
Education and Care Services National Regulation
Privacy Act 1988
Information Privacy Principles as stipulated in the Privacy Act 1988
United Nations Convention of the Rights of a Child
Freedom of Information Act 1989



The policy will be reviewed annually, or earlier if required.

Established April 2016        Reviewed March 2018     Date for next review:   March 2019

Complaints and Enquiries
If you have any queries or complaints about our Privacy Policy please contact us at:
Postal Address: Suite 4, Level 3, 13 -15 Lake St., Caroline Springs VIC – 3O23
Number: (03) 8348 5346