This policy applies to all parents and authorised persons, educators, visitors, volunteers and students working within the centre. This policy applies to centres under the umbrella of Early Learning Group.
Privacy is acknowledged as a fundamental human right. Our Service has an ethical and legal responsibility to protect the privacy and confidentiality of children, individuals and families as outlined in Early Childhood Code of Ethics, National Education and Care Regulations and the Privacy Act 1988 (Cth). The right to privacy of all children, their families, and educators and staff of the Service will be upheld and respected, whilst ensuring that all children have access to high quality early years care and education. All staff members will maintain confidentiality of personal and sensitive information to foster positive trusting relationships with families.
To ensure that the confidentiality of information and files relating to the children, families, staff, and visitors using the Service is upheld at all times. We aim to protect the privacy and confidentiality of all information and records about individual children, families, educators, staff and management by ensuring continuous review and improvement on our current systems, storage, and methods of disposal of records. We will ensure that all records and information are held in a secure place and are only retrieved by or released to people who have a legal right to access this information.
Under National Law, Section 263, Early Childhood Services are required to comply with Australian privacy law which includes the Privacy Act 1988 (the Act) aimed at protecting the privacy of individuals. Schedule 1 of the Privacy Act (1988) includes 13 Australian Privacy Principles (APPs) which all services are required to apply. The APPs set out the standards, rights and legal obligations in relation to collecting, handling, holding and accessing personal information.
The Notifiable Data Breaches (NDB) scheme requires Early Childhood Services, Family Day Care Services, and Out of School Hours Care Services to provide notice to the Office of the Australian Information Commissioner (formerly known as the Privacy Commissioner) and affected individuals of any data breaches that are ‘likely’ to result in ‘serious harm’.
Businesses that suspect an eligible data breach may have occurred, must undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected. A breach of an Australian Privacy Principle is viewed as an ‘interference with the privacy of an individual’ and can lead to regulatory action and penalties.
source: OAIC Australian Privacy Principles
Australian Privacy Principles (APPs)
APP 1 – Open and transparent management of personal information
APP 2 – Anonymity and Pseudonymity
Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply
APP 3 – Collection of solicited personal information
Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.
APP 4 – Dealing with unsolicited personal information
Outlines how APP entities must deal with unsolicited personal information.
APP 5 – Notification of the collection of personal information
Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.
APP 6 – Use or disclosure of personal information
Outlines the circumstances in which an APP entity may use or disclose personal information that it holds
APP 7 – Direct marketing
An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.
APP 8 – Cross-order disclosure of personal information
Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas
APP 9 – Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.
APP 10 – Quality of personal information
An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
APP 11 – Security of personal information
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.
APP 12 – Access to personal information
Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.
APP 13 – Correction of personal information
Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals
The personal information that the service collects are:
- Contact details of children, families, staff, students, volunteers and management
- Children, families, staff, students, volunteers, emergency contacts contact details
- Children’s health status, immunisation and developmental records and plans, external agency information, custodial arrangements, incident records, and medication records
- Staff documentation relating to recruitment and selection, performance reviews, qualifications, work history, child protection checks, health status, immunisation records and workers’ compensation claims
- Student and volunteer work history, child protection checks
- Information relating to families’ Child Care Benefit (CCB) status and any other additional funding arrangements
- Will provide lockable storage facilities, such as filing cabinets to ensure that all confidential documents are securely maintained
- Will adopt the following principles for handling personal information based on the Privacy Act (1988):
- Collection of information will be lawful and fair
- People will be told why information is collected
- Personal information collected will be of good quality and not too intrusive
- Personal information will be properly secure
- People will have access to their own records
- It will be ensure that personal information is of good quality and people will be allowed to have it changed where it is not
- It will be ensured that personal information is of good quality before use
- Use of personal information will be relevant
- The use of personal information will be limited
- The disclosure of personal information outside the agency will not be allowed
- Will ensure every employee understands that information stored in the children’s rooms is treated as confidential and is controlled under the guidelines of the policy and the Australian Privacy Act 1988 as below:
- What information is to be kept confidential
- Child contact information
- Enrolment summaries and information
- Individual child programs
- Medication, illness and incident forms
- Parent meeting minutes
- Behaviour management plans
- The Director may forward confidential information to staff in order for them to fulfil their responsibility, this information may include:
- Children’s date of birth
- Emergency contact phone numbers
- Children’s additional needs information
- Children’s allergy information
- Children’s dietary information
- Who has a legal right to know what information:
- Information regarding medication, illness and/or incident forms as well as the child’s involvement in daily activities and experiences may be shared with any authorised person collecting the child
- Any other information may only be communicated directly to the child’s parent/guardian
- Where and how the confidential information should be stored
- Any information regarding a child’s education, such as observations and goals, will be stored in the child’s online individual portfolio, accessed only by staff and the child’s parents
- Any information regarding a child’s medication, illness or accidents will be stored in the room’s medication folder, kept at reception
- Any information regarding a child’s enrolment, such as contact phone numbers and additional needs, will be stored in the room’s planning folder, kept in the child’s room
- Confidential conversations that staff have with parents, or the Director has with staff members will be conducted in a quiet area away from other children, parents and staff. Such conversations are to be minuted and stored in a confidential folder.
- Personal forms and information will be stored securely.
- No member of staff may give information or evidence on matter relating to children and/or their families to anyone other than the custodial parent/guardian, unless prior written approval by the custodial parent/guardian is obtained. Exceptions may apply regarding information about children when subpoenaed to appear before a court of law. Notwithstanding these requirements confidential information may be exchanged in the normal course of work with other staff members at the centre and may be given to the Operator, when this is reasonably needed for the proper operation of the centre and the wellbeing of users and staff.
- What information is to be kept confidential
- Provide Staff and Educators with relevant changes
- Make sure all relevant staff understand the requirements under Australia’s privacy law
- Keep up to date with the Australian Privacy Principles (this may include delegating a staff member to oversee all privacy-related activities to ensure compliance).
- Ensure personal information in protected in accordance with our obligations under the Privacy Act 1988 and Privacy amendments (Enhancing Privacy Protection) Act 2012
- Will protect the privacy and confidentiality of other staff members by not relating personal information about another staff member to anyone either within or outside the centre
- Will protect the privacy and confidentiality of children and families by not relating personal information to anyone either within or outside the centre without prior authorisation
- Students/people on work experience/volunteers will not make staff/children or families and the centre an object for discussion outside of the centre (e.g. College, school, home etc.), now will they at any time use family names in recorded or tutorial information
- Will not discuss other staff members, children or families via internet social networking site such as Facebook, Myspace, Twitter or any other social network site
- Will not use social networking systems such as Facebook, to discuss disagreements with staff, families or management
- Will not seek or accept friend requests from family members or students at the centre
- Will refrain from using the centres name or child’s room name to create web pages intended to increase their contact with other families via social networking systems such as Facebook
- Will refrain from using internet social networking systems, such as Facebook, to seek out staff to further discuss problems or disagreements with the centre
- Every enrolling parent/guardian is provided with clear information about:
- What personal information is kept, and why
- Any legal authority to collect personal information
- Third parties to whom the service discloses such information as a usual practice
- All matters discussed at Family Committee meetings will be treated as confidential
Records Archived at the centre
In accordance with the Education and Care Services National Regulations 2013, the following records must be kept:
- If the record relates to an incident, illness, injury or trauma suffered by a child while being educated and cared for by the centre, until the child is aged 25 years
- If the record relates to an incident, illness, injury or trauma suffered by a child that may have occurred following an incident while being educated and cared for by the centre, until the child is aged 25 years
- If the record relates to the death of a child while being educated and cared for by the centre or that may have occurred as a result of an incident while being educated and cared for, until the end of 7 years after the death
- In the case of any other record relating to a child enrolled at the centre, until the end of 3 years after the last date on which the child was educated and cared for by the service
- If the record relates to the approved provider, until the end of 3 years after the last date on which the approved provider operated the centre
- If the record relates to the nominated supervisor or staff member of the centre, until the end of 3 years after the last date on which the nominated supervisor or staff member provided education and care on behalf of the centre
- In case of any other record, until the end of 3 years after the date on which the record was made
Records stored at the centre will be kept in both hard and soft copy formats. This means that what can be stored on computer disc (soft copy) will be done so to save space. Otherwise original forms and documents will be stored in their paper form (hard copy).
These records will be stored in an area located on the centre property that is inaccessible to all children, families and unauthorised staff members.
Once records have been stored for their required amount of time, they will be destroyed in a manner that defies duplication. Computer discs will be erased and destroyed, all paper documents and forms will be shredded.
National Quality Standard (NQS)
|7.1||Governance||Governance supports the operation of a quality service|
|7.1.1||Service philosophy and purposes||A statement of philosophy guides all aspects of the service’s operations|
|7.1.2||Management Systems||Systems are in place to manage risk and enable the effective management and operation of a quality service|
|7.1.3||Roles and Responsibilities||Roles and responsibilities are clearly defines, and understood and support effective decision making and operation of the service|
|7.2||Leadership||Effective leadership builds and promotes a positive organisational culture and professional learning community|
Education and Care Services National Regulations
|168||Education and care services must have policies and procedures|
|181||Confidentiality of records kept by approved provider|
|181-184||Confidentiality and storage of records|
- Australian Children’s Education & Care Quality Authority.
- Guide to the Education and Care Services National Law and the Education and Care Services National Regulations
- ECA Code of Ethics.
- Guide to the National Quality Standard.
- United Nations Convention of the Rights of a child
- Privacy Act 1988
- Revised National Quality Standard
- Australian Childcare Alliance – Changes to the Australia’s Privacy law
- Office of the Australian Information Commission – Australian Privacy Principles
Notations of Amendment
- October 2018 – Large variation to the policy statement & NQS references
- January 2021 – amendment to general typed errors