Privacy is more often taken to mean ‘the right to be left alone’. The term privacy usually attaches to individuals. Confidentiality is a much broader concept. Information may be confidential that is not personal.
Legally, organisations do not have privacy rights — individuals do. In community services personal information may become subject to confidentiality procedures and policies but that will not affect the rights of the individual who is the owner of that information. Information about an individual may be given to others for legitimate purposes under ethical standards of confidentiality. Privacy is an obligation to the individual who is the owner of the information and applies regardless of who is providing the information.
The NSW Privacy Committee Data Protection Principles outline the privacy principles that all NSW community services organisations must follow.
These guidelines are to protect client rights and ensure that only essential information about the client is collected.
- collect information directly from the client, except if: a) the client agrees otherwise b) the other information source also follows these principles.
- Make sure the client knows whether it is compulsory or optional to give the information.
- Make sure the client knows the purpose for collecting the information.
- Make sure the client knows who you usually pass information on to (and who they usually pass it on to).
- Make sure the client can look at and correct their information (unless the law stops this), and the client knows this right.
- Make sure the information is actually needed for your purpose.
- Limit your use of the information to: a) the purpose you collected it for b) other purposes with the client’s consent c) preventing harm to the client or someone else.
- Make sure the information is accurate, up-to-date and complete.
- Make sure the information is protected from unauthorised access.
- Make sure the information is kept for no longer than necessary for the purpose it was collected for.
- Make sure that the information is only used or disclosed with the freely given, clear written consent of the client if the information concerns their: a) ethnic or racial origin b) political opinions c) religious or philosophical beliefs d) trade union membership e) health f) sexual life.