Privacy Policy

The purpose of this policy is to ensure that All Plan Management Pty Ltd (All Plan Management) meets our legislative responsibilities under the Privacy Act 1988 and ensure NDIS participants access supports that respect and protect their dignity and right to privacy.

This policy applies:

• to all personal information and sensitive personal information including the personal information of employees and participants
• to all company confidential information – that is any information not publicly available.

This policy is applicable to all All Plan Management representatives including key management personnel, directors, full-time workers, part-time or casual workers contractors and volunteers.

All Plan Management is committed to protecting and handling personal information in accordance with NDIS and relevant privacy legislation. We acknowledge an individual’s right to privacy while recognising that personal information is required to be collected, maintained and administered in order to provide a safe working environment and a high standard of quality.

The information we collect is used to provide services to participants in a safe and healthy environment with individual requirements, to meet duty of care obligations, to initiate appropriate referrals, and to conduct business activities to support those services.

To support the privacy and confidentiality of individuals:

• We are committed to complying with the privacy requirements of the Privacy Act, the Australian Privacy Principles and Privacy Amendment (Notifiable Data Breaches) as required by organisations providing disability services.
• We are fully committed to complying with the consent requirements of the NDIS Quality and Safeguarding Framework and relevant state or territory requirements.
• We provide all individuals with access to information about the privacy of their personal information.
• Each individual has the right to opt out of consenting to and providing their personal details if they wish.
• Individuals have the right to request access to their personal records by requesting this with their contact person.
• Where we are required to report to government funding bodies, information provided is non-identifiable and related to services and support hours provided, age, disability, language, and nationality.
• Personal information will only be used by us and will not be shared outside the organisation without permission unless required by law (e.g. reporting assault, abuse, neglect, or where a court order is issued.
• Images or video footage of participants will not be used without their consent.
• Participants have the option of being involved in external NDIS audits if they wish.

To keep information secure:

• We take reasonable steps to protect the personal information we hold against misuse, interference, loss, unauthorised access, modification and disclosure.
• We ensure personal information is accessible to the participant and is able for use only by relevant workers.
• We ensure security for personal information includes password protection for IT systems, locked filing cabinets and physical access restrictions with only authorised personnel permitted access.
• We ensure personal information no longer required is securely destroyed or de-identified.

As part of information security responsibilities:

• We will take reasonable steps to reduce the likelihood of a data breach occurring including storing personal information securely and accessible only to relevant workers.
• If we know or suspect personal information has been accessed by unauthorised parties, and we think this could cause harm, we will take reasonable steps to reduce the chance of harm and advise the identified individual of the breach, and if necessary, the Office of the Australian Information Commissioner.

• A breach of privacy and confidentiality is an incident, follow the All Plan Incident Management and Reporting procedure to resolve.
• A breach of privacy and confidentiality may require an investigation.
• An intentional breach of privacy and confidentiality will result in disciplinary action up to and including termination of employment.

Standards / Legislations:

• National Disability Insurance Scheme Act 2013
• NDIS (Code of Conduct) rules 2018
• NDIS (Complaints Management and Resolution) Rules
• NDIS Practice Standards 
• Privacy Act 1988 
• Privacy Amendment (Notifiable Data Breaches) Act 2017

• SCSS: Southern Cross Support Services