privacy policy
1. Purpose:
- The purpose of this Privacy and Confidentiality Policy and Procedure is to establish guidelines and protocols for the collection, use, storage, and sharing of personal information within WHATEVER Whanganui in a manner that respects individuals' privacy rights and complies with the privacy laws and regulations of New Zealand.
- This policy aims to safeguard the confidentiality of personal information and ensure that it is only accessed and disclosed to relevant parties as necessary, considering the age and competency of the client.
2. Scope:
- This policy applies to all individuals involved with WHATEVER Whanganui, including clients, employees, volunteers, and contractors.
It covers the handling of personal information collected by WHATEVER during its operations, including information obtained through client intake processes, assessment forms, case management, and any other relevant activities.
3. Principles:
- Consent: WHATEVER will obtain written or verbal consent from individuals before collecting their personal information, and inform them about the purpose, use, and potential disclosure of their information, unless such disclosure is required by law or for the safety and well-being of the individual or others. When dealing with minors or individuals lacking competency, consent may be obtained from their legal guardians or advocates.
- Data Minimisation: WHATEVER will only collect and retain personal information that is necessary for the provision of services and support, and ensure that it is accurate, up-to-date, and relevant, considering the age and competency of the client.
- Security: WHATEVER will implement appropriate security measures to protect personal information against unauthorised access, loss, misuse, or disclosure, with additional safeguards in place for vulnerable clients.
- Sharing of Information: WHATEVER may share personal information with relevant agencies or entities when required or permitted by law, and when it is deemed necessary to ensure coordinated support and service delivery to clients. When dealing with minors or individuals lacking competency, information sharing will be conducted in accordance with applicable privacy laws and regulations, taking into consideration the best interests of the client.
4. Prerequisites:
All WHATEVER employees, volunteers, and contractors must:
- Familiarise themselves with this Privacy and Confidentiality Policy and Procedure.
- Understand and adhere to the privacy principles and procedures outlined in this policy.
- Receive training on the proper handling of personal information, including confidentiality, consent, and data security, with a focus on age-appropriate practices and sensitivity towards clients' competency levels.
5. Policy Statement:
- WHATEVER is committed to maintaining the privacy and confidentiality of personal information obtained during its operations, while considering the age and competency of the client.
- Personal information collected by WHATEVER will be used for the purpose of providing services and support to clients, and will only be accessed, used, or disclosed by authorised individuals in accordance with the provisions of this policy and applicable privacy laws.
- WHATEVER will take all reasonable steps to ensure the security and integrity of personal information in its possession or control, with additional safeguards in place for vulnerable clients.
6. Roles and Responsibilites:
WHATEVER Management:
- Ensure that privacy and confidentiality policies and procedures are in place and communicated effectively to all employees, volunteers, and contractors in induction
- Provide training and resources to educate staff on their responsibilities regarding the collection, use, storage, and sharing of personal information, with a focus on age-appropriate practices and sensitivity towards clients' competency levels.
- Designate a Privacy Officer eg (Manager) responsible for overseeing compliance with privacy laws, handling privacy-related inquiries, and addressing any privacy breaches, including those involving minors or individuals lacking competency.
Employees, Volunteers, and Contractors:
- Handle personal information with utmost care and confidentiality, ensuring compliance with this policy and applicable privacy laws.
- Explain the confidentiality agreement and its implications to clients during the enrollment process, ensuring they understand their rights and the limitations of confidentiality.
- Seek written or verbal consent from clients or their legal guardians/advocates before collecting, using, or disclosing their personal information, unless such disclosure is required by law or for the safety and well-being of the individual or others.
7. Measurement criteria:
Compliance with this policy will be measured through:
- Regular privacy audits to assess the implementation and effectiveness of privacy controls and procedures.
- Incident reporting and tracking of privacy breaches, including their resolution and preventive measures taken.
8. References:
- Privacy Act 2020 (New Zealand)
- Office of the Privacy Commissioner - New Zealand