<Service name>
Privacy and Confidentiality Policy
Forming a partnership with stakeholders is central to providing quality care. These
partnerships are characterised by open and honest communication, which is
respectful of, and sensitive to cultural or other differences.
Services need to develop practices that respect privacy and confidentiality so that
stakeholders begin to trust services and exchange information with staff/carers,
which may be important to the care of a child.
Please note: There are legislative Acts and regulations for each state and territory.
The Commonwealth Privacy Act 1988, referred to in this document, covers all federal
government agencies, private businesses and some small businesses. It does not
apply to state or territory agencies (this includes state or territory local governments).
Services may need to investigate how their state or territory legislation can affect
their Privacy and Confidentiality Policy.
Policy Number
<number>
Link to CCQA Principles
Family Day Care Quality Assurance (FDCQA)
Quality Practices Guide (2004) – Principle 1.3, 1.4, 2.3, 3.1,
4.1, 4.4, 4.3, 4.5, 4.6, 5.1, 5.3, 5.4, 6.1, 6.4 /
Outside School Hours Care Quality Assurance (OSHCQA)
Quality Practices Guide (2003) – Principle 2.1, 6.4, 7.1, 8.1,
8.52, 8.3, 8.6 /
Quality Improvement and Accreditation System (QIAS)
Quality Practices Guide (2005) – Principle 2.1, 3.2, 5.1
Policy statement

Services need to develop procedures for collecting, storing, disclosing and
disposing of the personal information of persons1 appropriately.

The personal information that the service collects are:
o contact details of children, families, staff/carers, students, volunteers
and management;
o children, families, staff/carers, students, volunteers, emergency
contacts contact details;
o children’s health status, immunisation and developmental records and
plans, external agency information, custodial arrangements, incident
records, and medication records;
For the purpose of this policy, 'persons' include <children, families, staff, carers, carers' family, management,
coordination unit staff, ancillary staff (administrative staff, kitchen staff, cleaners, maintenance personnel), students,
volunteers, visitors, local community, school community, licensee, sponsor and/or service owner>.
1
Page 1 of 8
o
o
o
staff/carers documentation relating to recruitment and selection,
performance reviews, qualifications, work history, child protection
checks, health status, immunisation records and workers’
compensation claims;
student and volunteer work history, child protection checks; and
information relating to families’ Child Care Benefit (CCB) status and any
other additional funding arrangements.

<Service> ensures that all information collected from persons will be
considered private and confidential and not disclosed without the prior
knowledge or consent from the individual or legal representative.
For children, their legal representative is their parent or guardian.

The service will inform persons, prior to collecting information, of the
circumstances when information will be disclosed to other parties2.
This can include where staff/carers’ qualifications or first aid status may be
disclosed to a selection committee or to families in a newsletter. It may also
include any issues of a child protection nature, where information obtained by
the service is required to be disclosed to the relevant government authorities.

Before collecting personal information, the service will inform stakeholders:
o of the purpose for collecting information;
o what types of information will be disclosed to the public or other
agencies;
o when disclosure will happen;
o why disclosure needs to occur;
o how information is stored;
o the strategies used to keep information secure;
o who has access to the information;
o the right of the individual to view their personal information
o the length of time information needs to archived; and
o how information is disposed of.

It is understood by staff/carers, children and families that there is a shared
responsibility between the service and other stakeholders that the Privacy and
Confidentiality Policy and procedures accepted as a high priority.

In meeting the service’s duty of care, it is a requirement under the
Commonwealth Privacy Act 19883 that management and staff/carers
implement and endorse the service’s Privacy and Confidentiality Policy.

The service’s policy on the collection, storage, use, disclosure and disposal of
personal information is aligned with relevant state/territory legislation and/or
licensing regulations.
For the purpose of this policy, ‘other parties’ signifies those individuals or legal/government bodies who
may require the disclosure of personal information. For example, selection committees, community
services departments and police force.
3 There are legislative Acts and regulations for each state and territory that address the issue of
confidentiality and privacy. Services are advised to seek information that is relevant to their jurisdiction.
2
Page 2 of 8
Rationale
The rationale represents a statement of reasons that detail why the policy and/or
procedures have been developed and are important to the service.
Services may already have a code of ethics or conduct that addresses the right for
individuals to be afforded a level of confidentiality and privacy regarding their
personal information.
The service may decide to include information about the:
 United Nation’s Convention on the Rights of the Child, or
 Early Childhood Australia (ECA) Code of Ethics (2005).
 Services can link this section by stating:
Please refer to the service’s Diversity and Equity Policy.
Please refer to the service’s Philosophy Statement.
Refer to the following reference materials:
 Privacy Act 1988 (Cwlth)
 Information Privacy Principles contained in the Privacy Act 1988
Strategies and practices
These are examples. Services are encouraged to develop and adapt the following
strategies and practices to meet their individual circumstances.
Collection of personal information
 Brief and concise detail of the service’s strategy.
 This section describes why and how the service collects information from its
stakeholders.
 Services should consider the following reflective questions:
o Why is the information being collected?
o Does the service explain to stakeholders:
 who will read the information;
 how the information will be used; and
 when it is disclosed to other parties?
For example, staff/carers generally disclose qualifications, employment
history and first aid status when applying for a position. The service can
state to applicants that some of the information obtained from a
resume or selection criteria may be disclosed to other parties, such as a
selection panel and should receive permission to do so.
o Does the service explain to stakeholders how the information will be
stored and disposed of prior to collecting the information?
o When is the information being collected? For example, is it during the
enrolment process, employment of child care professionals, through
ongoing children’s developmental plans, or when administering
medication to a child?
o How is the information collected? For example:
 standard government form, such as staff/carers tax declaration
form or a working with children check document;
 standard document created by the service, such as an
enrolment or medication authorisation form, selection criteria for
employment of a child care professional or building and
equipment safety checklist; or
 anecdotal records of children’s development.
Page 3 of 8
Children
 Brief and concise detail of the service’s strategy.
 Examples of children’s personal information collected by the service can
include:
o contact details;
o health status;
o immunisation records;
o developmental records and plans;
o external agency information;
o custodial arrangements;
o incident records;
o medication records; and
o behaviour guidance management plans.
Families
 Brief and concise detail of the service’s strategy.
 Examples of families’ personal information collected by the service can
include:
o contact details; and
o information relating to CCB status and any additional funding
arrangements.
Staff/Carers
 Brief and concise detail of the service’s strategy.
 Staff/carers should be aware of the service’s commitment to maintaining and
respecting an individual’s privacy when children’s behaviour management
strategies are developed and implemented.
 Examples of staff/carers’ personal information collected by the service can
include:
o contact details;
o recruitment and selection documentation;
o qualifications, employment history, child protection checks;
o wages/salary, tax file number, superannuation, bank account details;
o performance reviews;
o health insurance;
o health status;
o immunisation records; and
o workers’ compensation claims.
Students/volunteers
 Brief and concise detail of the service’s strategy.
 Students/volunteers should be aware of the service’s commitment to
maintaining and respecting an individual’s privacy when children’s behaviour
management strategies are developed and implemented.
 Examples of students’ and volunteers’ personal information collected by the
service can include:
o contact details;
o recruitment and selection documentation;
o qualifications, employment history, child protection checks;
o student reviews and plans;
Page 4 of 8
o
o
health status; and
immunisation records.
Management/Coordination unit staff
 Brief and concise detail of the service’s strategy.
 Examples of management/coordination unit staff personal information
collected by the service can include:
o contact details;
o recruitment and selection documentation;
o qualifications, employment history, child protection checks;
o wages/salary, tax file number, superannuation, bank account details;
o performance reviews;
o health insurance;
o health status;
o immunisation records; and
o workers’ compensation claims.
External agencies
 Brief and concise detail of the service’s strategy.
 The service may collect information about children and families from external
agencies, such as inclusion and support facilitators, or health care
professionals.
 The service can state how this information is collected and to whom it is
communicated. For example, a child may be enrolled in speech therapy. The
speech therapist may decide that the strategies planned for the child need to
be implemented by staff/carers. In this situation, permission may need to be
obtained from the family for the service and the therapist to communicate
with one another an exchange of the child’s information between the
therapist and the service.
Storage and security of personal information
 Brief and concise detail of the service’s strategy.
 Services should consider the following reflective questions:
o How is information stored in the service?
o Where is the information stored?
o How is hard copy information, such as paper files, securely stored?
o How is electronic information securely stored on a computer? For
example, the use of passwords and access to these.
Updating personal information
 Brief and concise detail of the service’s strategy.
 Services should consider the following reflective questions:
o Who is authorised to update stakeholder personal information?
o What type of information may require updating? For example:
 child’s health status;
 child or staff/carer immunisation records; or
 children’s and families’ contact details.
Page 5 of 8
The role of the record keeper in the service
 Brief and concise detail of the service’s strategy.
 Services should consider the following reflective questions:
o How is the record keeper nominated to the position? Are they aware of
their legal responsibilities?
o What level of knowledge or training is required to be the record
keeper?
o Has the service developed a clear set of guidelines that reflect the
record keeper’s role and responsibilities?
o If the service has more than one record keeper, how does it trace the
actions of each record keeper? For example, the service may decide
to nominate which records each person is responsible for, such as one
record keeper maintains the personal information of families, the other
maintains the personal information of staff/carers. Alternatively, multiple
record keepers may have different computer passwords.
Disposing of personal information
 Brief and concise detail of the service’s strategy.
 Services should consider the following reflective questions:
o Who is authorised to dispose of information in the service?
o How is hard copy information disposed of?
o How is electronic information disposed of? For example, services should
seek professional advice when upgrading computer facilities.
o What type of information is required to be archived and for what
period of time? For example:
 children’s records, such as incident and medication;
 staff/carer information, such as performance reviews and
working with children checks;
 sign in and out timesheets for families; and
 families’ CCB records.
Protective Behaviours and Practices
Staff, carers, students and volunteers as role models
 Brief and concise detail of the service’s strategy.
 Children learn through example and modelling is an important way to teach
children about issues dealing with privacy and confidentiality.
 Staff/carers, students and volunteers must comply with the Privacy and
Confidentiality Policy.
Staff/Carer professional development opportunities
 Brief and concise detail of the service’s strategy.
 The service can describe how it aims to maintain and strengthen the skills and
knowledge of staff/carers in relation to privacy and confidentiality.
Communication with different stakeholders
Children
 Brief and concise detail of the service’s strategy.
Page 6 of 8
Families
 Brief and concise detail of the service’s strategy.
Staff/Carers
 Brief and concise detail of the service’s strategy.
Management/Coordination unit staff
 Brief and concise detail of the service’s strategy.
Policy review



The service will review the Privacy and Confidentiality Policy and procedures,
and related documents, including behaviours and practices every
<timeframe>.
Families are encouraged to collaborate with the service to review the policy
and procedures.
Staff/carers are essential stakeholders in the policy review process and will be
encouraged to be actively involved.
Procedures
The following are examples of procedures that a service may employ as part of its
practices.
Examples:
 Employee induction procedure.
 Policy development and review procedure.
 Procedure for non-compliance of the Privacy and Confidentiality Policy and
procedures by a:
o child;
o staff/carer;
o parent or family member;
o student/volunteer; or
o visitor.
 Student and volunteer induction procedure.
Measuring tools
Service may further specify tools that assist in measuring the effectiveness of the
policy.
Links to other policies
The following are a list of examples:
 Behaviour guidance
 Child protection
 Diversity and equity
 Emergency
 Employment of child care professionals
Page 7 of 8










Enrolment of new children and families to the service
Gathering and maintaining documentation of children’s experiences
Grievances and complaints management
Healthy eating
Illness
Immunisation
Medication
Staff/carers as role models
Supporting children’s individual needs
The role of carers’ families in family day care
Sources and further reading


Privacy Act 1988 (Cwlth)
State and Territory Privacy Laws - www.privacy.gov.au/privacy_rights/laws/#2
Policy created date
<date>
Policy review date
<date>
Signatures
<signatures>
Page 8 of 8