top of page

Privacy Policy 

  1. Introduction

    1. Purpose

This Policy and the Policies and Procedures and related documentation set out in section 1.5 below (Related Documentation) supports Authentic Support to apply the Privacy and Dignity and Information Management NDIS Practice Standards.

    1. Policy Aims

Authentic Support is committed to ensuring each Client is treated with dignity and respect, can maintain their identity, make informed choices about their care and services, and live the life they choose.

In this regard, Authentic Support is committed to ensuring it:

      1. has a culture of inclusion and respect for consumers; and

      2. supports consumers to exercise choice and independence; and

      3. respects consumers’ privacy.

    1. NDIS Quality Indicators

In this regard, Authentic Support aims to demonstrate each of the following quality indicators through the application of this Policy and the relevant systems, procedures, workflows and other strategies referred to in this Policy and the Related Documentation:

Privacy and Dignity

      1. Consistent processes and practices are in place that respect and protect the personal privacy and dignity of each participant.

      2. Management of each participant’s information ensures that it is identifiable, accurately recorded, current and confidential. Each participant’s information is easily accessible to the participant and appropriately utilised by relevant workers.

      3. Each participant understands and agrees to what personal information will be collected and why, including recorded material in audio and/or visual format.

Information Management

      1. Each participant’s consent is obtained to collect, use and retain their information or to disclose their information (including assessments) to other parties, including details of the purpose of collection, use and disclosure. Each participant is informed in what circumstances the information could be disclosed, including that the information could be provided without their consent if required or authorised by law.

      2. Each participant is informed of how their information is stored and used, and when and how each participant can access or correct their information, and withdraw or amend their prior consent.

      3. An information management system is maintained that is relevant and proportionate to the size and scale of the organisation and records each participant’s information in an accurate and timely manner.

      4. Documents are stored with appropriate use, access, transfer, storage, security, retrieval, retention, destruction and disposal processes relevant and proportionate to the scope and complexity of support delivered.

    1. Scope

      1. This Policy applies to the provision of all services and supports at Authentic Support.

      2. All permanent, fixed term and casual staff, contractors and volunteers are required to take full responsibility for ensuring full understanding of the commitments outlined in this Policy.

    2. Related Documentation

The application of the above NDIS Practice Standard by Authentic Support is supported in part by and should be read alongside the Policies and Procedures and related documentation corresponding to this Policy in the Policy Register.

  1. Definitions

    1. Definitions

In this Policy:

Authentic Support means Authentic Support Pty Ltd ABN 52 658 525 172.

Client means a client of Authentic Support (including an NDIS participant).

Key Management Personnel means Jay Edward Dryden, Bronson Culpin-Lavers and other key management personnel involved in Authentic Support from time to time.

Legislation Register means the register of legislation, regulations, rules and guidelines maintained by Authentic Support.

Personal information means information or an opinion (whether true or not and whether recorded in a material form or not) about an individual who is identified or reasonably identifiable from the information.

Policy Register means the register of policies of Authentic Support.

Principal means Jay Edward Dryden and Bronson Culpin-Lavers.

Related Documentation has the meaning given to that term in section 1.1.

Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record and some types of biometric information.

Worker means a permanent, fixed term or casual member of staff, a contractor or volunteer employed or otherwise engaged by Authentic Support and includes the Principal.

  1. Policy Statement

    1. Communication of Privacy and Dignity Policy

To ensure Clients understand the subject matter of this Privacy and Dignity Policy in a manner which is responsive to their needs and in the language, mode of communication and terms that the Client is most likely to understand, Authentic Support will:

      1. use respectful, open, clear, and honest communication in all professional interactions (e.g., spoken, written, social media).

      2. consistently respect the Client’s privacy and confidentiality in how they communicate and interact with them.


      1. communicate effectively with Clients to promote their understanding of the subject matter of this Privacy and Dignity Policy (e.g., active listening, use of plain language, encouraging questions).

      2. identify potential barriers to effective communication and make a reasonable effort to address these barriers including by providing information and materials on how to access interpreter services, legal and advocacy services.

      3. work with bilingual assessment staff, interpreters (linguistic and/or sign), communication specialists and relevant advocacy agencies/services that can also assist Client participation, inclusion, informed choice and control.

      4. encourage Clients to engage with their family, friends and chosen community if Authentic Support has been directed to do so.

    1. The personal information that Authentic Support collects

The personal information that Authentic Support collects from a Client includes their:

      1. name, address, telephone and email contact details;

      2. gender, date of birth and marital status, information about their disability and support needs;

      3. health and medical information;

      4. numbers and other identifiers used by Government Agencies or other organisations to identify individuals;

      5. financial information and billing details including information about the services individuals are funded to receive, whether under the NDIS or otherwise;

      6. records of interactions with individuals such as system notes and records of conversations individuals have had with Authentic Support’s Workers; and

      7. information about the services Authentic Support provides to individuals and the way in which Authentic Support will deliver those to individuals.

Typically, Authentic Support does not collect personal information in the form of recorded material in audio and/or visual format.

    1. Sensitive information and protection of dignity

Authentic Support only collects sensitive information where it is reasonably necessary for Authentic Support’s functions or activities and either:

      1. the individual has consented; or

      2. Authentic Support is required or authorised by or under law (including applicable privacy legislation) to do so.

For example, in order to provide Authentic Support’s services to a Client or to respond to a potential Client’s inquiries about services, Authentic Support may be required to collect and hold their sensitive information including health and medical information and information relating to their disability and support requirements.

Authentic Support will treat Clients with dignity and respect and as far as reasonably practicable protect the privacy and dignity of each Participant and, in particular, their sensitive information.

    1. How Authentic Support collects personal information

Authentic Support collects personal information in a number of ways, including:

      1. when individuals correspond with Authentic Support (for example by  letter, fax, email or telephone);

      2. on hard copy forms;

      3. in person;

      4. from referring third parties (for example, the National Disability Insurance Scheme or a support coordinator);

      5. at events and forums; and

      6. from third party funding and Government Agencies.

    1. Why does Authentic Support collect personal information?

The main purposes for which Authentic Support collects, holds, uses and discloses personal information are:

      1. providing individuals with information about Authentic Support’s services and supports.

      2. answering their inquiries and delivering service to Clients.

      3. administering Authentic Support’s services and supports and processes payments.

      4. conducting quality assurance activities including conducting surveys, research and analysis and resolving complaints.

      5. complying with laws and regulations and to report to funding and Government Agencies.

      6. promoting Authentic Support and its activities, including through events and forums.

      7. conducting research and statistical analysis relevant to Authentic Support's activities (including inviting individuals to participate in research projects and activities).

      8. reporting to funding providers.

      9. recruiting employees, contractors and volunteers.

      10. answering queries and resolving complaints.

      11. evaluating Authentic Support’s work and reporting externally.

      12. carrying out internal functions including administration, training, accounting, audit and information technology.

      13. other purposes which are explained at the time of collection or which are required or authorised by or under law (including, without limitation, privacy legislation).

      14. purposes for which an individual has provided their consent.

      15. for research, evaluation of services, quality assurance activities, and education in a manner which does not identify individuals. If individuals do not wish for their de-identified data to be used this way, they should contact Authentic Support.

      16. to keep individuals informed and up to date about Authentic Support’s work, for example, changes to the National Disability Insurance Scheme or information about disability supports, either where Authentic Support has their express or implied consent, or where Authentic Support is otherwise permitted by law to do so. Authentic Support may send this information in a variety of ways, including by mail, email, SMS, telephone, or social media.

      17. where an individual has consented to receiving marketing communications from Authentic Support, that consent will remain current until they advise Authentic Support otherwise. However, individuals can opt out at any time.

    1. What third parties does Authentic Support disclose personal information to?

Authentic Support may disclose personal information to third parties where appropriate for the purposes set out above, including disclosure to:

      1. Authentic Support’s funding providers;

      2. government and regulatory bodies, including the National Disability Insurance Agency, Medicare, the Department of Social Services, the Department of Health & Human Services, and the Australian Taxation Office;

      3. people acting on their behalf including their nominated representatives, legal guardians, executors, trustees and legal representatives;

      4. the police, or to the Disability Services Commissioner, or to comply with compulsory notices from courts of law, tribunals or Government Agencies;

      5. financial institutions for payment processing;

      6. referees whose details are provided to Authentic Support by job applicants; and

      7. Authentic Support's contracted service providers, including:

        1. information technology service providers

        2. invoice processing service providers

        3. marketing and communications service providers including call centres

        4. freight and courier services

        5. external business advisers (such as recruitment advisors, auditors and lawyers).

In the case of these contracted service providers, Authentic Support may disclose personal information to the service provider and the service provider may, in turn, provide Authentic Support with personal information collected from individuals in the course of providing the relevant products or services. 

    1. How is personal information stored and used?

      1. Authentic Support holds personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities. 

      2. Authentic Support must take reasonable steps to:

        1. make sure that the personal information that Authentic Support collects, uses and discloses is accurate, up to date and complete and (in the case of use and disclosure) relevant;

        2. protect the personal information that Authentic Support holds from misuse, interference and loss and from unauthorised access, modification or disclosure; and

        3. destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Australian Privacy Principles, subject to other legal obligations and retention requirements applicable to Authentic Support.

      1. Authentic Support Workers must only access and use personal information for a valid work purpose. When handling personal information, Workers should:

        1. confirm recipient details before sending faxes or emails;

        2. always store any hard copies of confidential information that is not being used in a secure cabinet or room;

        3. be aware of the surroundings and people nearby;

        4. limit taking hard copy information away from secure sites;

        5. secure information when travelling e.g. in briefcase, folder etc.;

        6. dispose unneeded copies of information securely; and

        7. ensure the information is available to people who need to access it.

      1. Authentic Support Workers may only share personal information as set out under this policy and in circumstances permitted under law.

    1. How is personal information kept secure?

Authentic Support ensures that the personal information is protected by security safeguards that are reasonable in the circumstances to take against the loss or misuse of the information.

The steps Authentic Support takes to secure the personal information Authentic Support holds include:

      1. online protection measures (such as encryption, firewalls and anti-virus software);

      2. security restrictions on access to Authentic Support’s computer systems (such as login and password protection) and cloud based storage (using Google Drive and OneDrive),

      3. controlled access to Authentic Support’s premises

      4. personnel security (including restricting the use of personal information by Authentic Support Workers to those who have a legitimate need to know the information for the purposes set out above); and

      5. training and workplace policies.

    1. Information retention

Unless otherwise required by law, all Client records and personal information will be retained for at least seven years after a Client ceases to be a client.

    1. Information disposal

      1. Workers should ensure record retention requirements have been met prior to the disposal of any personal information.

      2. When disposing of personal information, Workers should:

        1. Place unneeded working documents or copies of information in secure bins or adequate shredders.

        2. Ensure any electronic media including computers, hard drives, USB keys etc. are sanitised when no longer required.

    1. Privacy incidents

Privacy incidents may result from unauthorised people accessing, changing or destroying personal information. Examples of situations from which incidents may arise include:

      1. the accidental download of a virus onto a Authentic Support computer;

      2. discussing or sharing of personal information on a social networking website such as Facebook;

      3. loss or theft of a portable storage device containing personal information;

      4. non-secure disposal of hard copies of personal information (i.e. placing readable paper in recycle bin or hard waste bin);

      5. documents sent to the wrong fax number or email address; and

      6. documents sent to a free web-based email account such as Yahoo!, Gmail or Hotmail.

Privacy incidents can:

      1. occur due to accidental or deliberate actions;

      2. result from human error or technical failures; and

      3. apply to information in any form, whether electronic or hard copy.

    1. Incident reporting

It is vital all privacy incidents are reported as soon as possible so that their impact may be minimised. Employees should be aware of:

      1. how to identify potential privacy incidents

      2. the reason for reporting incidents is so their impact can be minimised - not to punish individuals

      3. the need to report all incidents to their manager as soon as they become aware of them.

Authentic Support must report all Client related privacy incidents to the:

      1. Department of Health;

      2. NDIS Commission

      3. Office of the Australian Information Commissioner,

as applicable, within one business day of becoming aware of, or being notified of a possible privacy incident, or within one business day of an allegation being made of a potential breach.

A breach of Client privacy may have a major impact, a non-major impact, or be a near miss or an incident with no apparent impact on a Client. In each case, the incident has to be reported and managed in accordance with the Incident Management and Reporting Policy.

    1. Access and Correction

Clients have a legal right to request access or correction of their personal information held by Authentic Support.

Clients may ask individuals to verify their identity before processing any access or correction requests, to ensure that the personal information Authentic Support holds is properly protected.

    1. Complaints

If a Client has a complaint about how Authentic Support has collected or handled their personal information, it will be managed in accordance with the Authentic Support Feedback and Complaints Management System.

  1. General

    1. Relevant Legislation, Regulations, Rules and Guidelines

Legislation, Rules, Guidelines and Policies apply to this policy and supporting documentation as set out in the Legislation Register.

    1. Inconsistency

If and to the extent that the terms of this Policy are or would be inconsistent with the requirements of any applicable law, this Policy is deemed to be amended but only to the extent required to comply with the applicable law.

    1. Policy Details

Approved By: Jay Edward Dryden and Bronson Culpin-Lavers

Approval Date: November 2022

Next Scheduled Review: November 2024

Version: 1

bottom of page