Dealing with Personal Information
Residents and individuals have a right to access their information
Only use data for its primary or proper purpose
Store data only in the relevant shared drive
Each resident should have a separate file
Only the staff members working with a particular resident are permitted to access that file
You have additional obligations when working remotely
Notify the privacy@cnh.com.au if there is a suspected breach
Access
If we hold Personal Information about an individual, they have a right to access that information, correct that information and request the destruction of that information. Should you receive any of the above-mentioned requests from an individual, you must notify privacy@cnh.com.au; where the request can be considered with regard to our legal obligations. Generally, these requests must be complied with.
Use only for Primary Purpose
Personal Information which is collected by us should only be used for:
the primary purpose; or
a purpose related to the primary purpose and which the individual would reasonably expect the Personal Information to be used for.
What is the primary purpose?
This will differ depending on each resident and their needs. Where we require Personal Information about an individual, when requesting such information from a resident or related third party, it must be made clear at the outset why the information is required, and how it will be used.
If the information is disclosed to us by a resident or related third party without requesting it, we must ensure the information is actually required in order to complete the task we have been engaged for.
If it is not required, we should destroy the information.
Storage
Where Personal Information is held by us, we must ensure the information is stored securely and accurately. Accordingly, information should only be stored on approved corporate systems and should be saved to a file reserved only for information relating to a certain resident (i.e., each resident must have a separate file). Additionally, only the staff members working on a with a particular resident are permitted to access that file.
It is up to each and every staff member staff member(s), but particularly the Facility Managers and RNs, delegated to caring for a certain resident to ensure the information is kept up-to-date and accurate. Should you become aware of outdated information, you must update it.
Where Personal Information is held by us and it is no longer required for the purpose it was collected for, you should either securely destroy such information, or de-identify the information.
Privacy Obligations when Working Remotely
The requirements of the Privacy Laws continue to apply when employees work off site or from home. When working remotely and dealing with privacy and/or personal information, employees and contractors must:
avoid working in close proximity to other members of the household or visitors and ensure that video conferences and phone calls are conducted in private spaces;
Where possible, use headphones during work related calls to minimise the information that may be inadvertently overheard;
ensure that their work-related devices are locked and secured when not in use, in accordance with our Code of Conduct and corporate policies; and
documents containing personal information should not be printed out in hard copy.
What happens if there is a suspected data breach?
Immediately contact your manager and privacy@cnh.com.au
Refer to our Data Breach Response Plan
Continue to next section...
Other Policy Sections For Employees
