tender loving care disability services logo
Make A Referral
tender loving care disability services logo

privacy policy

Hand-in-Hand w/ You
On Your NDIS Journey

Purpose

Tender Loving Care Disability Services is committed to upholding the privacy, dignity, and confidentiality of all individuals, especially NDIS participants. This policy ensures the collection, handling, storage, and disclosure of personal and sensitive information is conducted in accordance with Australian privacy laws, the NDIS Practice Standards, and ethical best practice.

Privacy ensures individuals maintain control over their personal information. Dignity ensures individuals are treated with respect, autonomy, and fairness. Together, these principles underpin Tender Loving Care Disability Services’ person-centred, rights-based approach to disability support.

Scope

This policy and procedure apply to:

  • All Tender Loving Care Disability Services employees, contractors, students, volunteers, and board members
  • All service users, including participants, families, advocates, and carers
  • All forms of personal information and records, whether digital or hard copy
  • All interactions involving personal, health, or sensitive information

LEGISLATIVE AND REGULATORY FRAMEWORK

This policy is guided by the following:

  • Privacy Act 1988 (Cth)
  • Australian Privacy Principles (APPs)
  • NDIS Act 2013
  • NDIS Code of Conduct
  • NDIS Practice Standards
  • NDIS (Protection and Disclosure of Information) Rules 2013
  • Disability Discrimination Act 1992 (Cth)
  • Relevant State/Territory privacy, guardianship, and health records legislation

DEFINITIONS

Access and Correction – the individual’s right to view and correct their personal records.

Confidentiality – the obligation to protect personal information from unauthorised access or disclosure

Informed consent – voluntary agreement based on a clear understanding of what will be collected and how it will be used

Personal Information – Any information or opinion (true or not) which identifies an individual (e.g. name, address, DOB, contact, NDIS number.

Sensitive Information – Includes information about a person’s health, disability, cultural background, sexuality, religion, or criminal history

ROLES AND RESPONSIBILITIES

Role

Responsibilities

All Staff

Comply with this policy; protect information; attend training

Team Leaders/Managers

Oversee implementation; ensure team compliance

Chief Executive officer / Quality and Compliance

Lead compliance; manage breaches and complaints; ensure

review of practices

Policy

Tender Loving Care Disability Services is committed to:

  • Ensuring the privacy and dignity of every participant and staff member
  • Being transparent in how information is collected and used
  • Providing accessible communication and consent processes
  • Minimising information collection to what is necessary
  • Ensuring secure storage and restricted access to personal information
  • Only sharing information with appropriate consent or legal obligation
  • Responding promptly to complaints and breaches of privacy

Privacy and dignity are promoted across all environments (home, community, clinical, virtual) where Tender Loving Care Disability Services delivers supports.

Procedure

Collection & Consent

Personal and sensitive information will only be collected when it is:

  • Necessary to deliver services, fulfil legal obligations, or ensure safety
  • Collected lawfully and fairly

Information will be collected:

  • Directly from the person wherever possible
  • Using accessible formats (Easy Read, interpreters, translated documents)

Informed consent will be obtained before:

  • Collecting, storing, or sharing information
  • Taking photos, videos, or recordings of a participant

Consent forms are maintained as part of participant records and reviewed annually or when circumstances change.

Use & Disclosure

Personal information is only used for:

  • Providing safe, appropriate, and individualised services
  • Internal planning, monitoring, and reporting
  • Compliance with regulatory or contractual obligations

Disclosure will occur only:

  • With written participant consent
  • When required by law (e.g., subpoenas, child protection, reportable incidents)
  • In life-threatening emergencies

Verbal disclosures (e.g., by phone) require verification of identity.

Record-Keeping & Storage

Participant records:

  • Hard copies stored in locked cabinets with key-restricted access
  • Electronic files stored in secure, password-protected systems with role-based access
  • Home-held participant files stored discreetly, per participant preference

Staff records:

  • Include employment history, contracts, screenings, payroll, and emergency contacts
  • Access is limited to the management team or as required by law

Access & Correction

Participants and staff may:

  • Request access to their own records at any time
  • Request correction of inaccurate, outdated, or incomplete information

Requests must be:

  • Provided in writing
  • Responded to within 30 calendar days

Reasons for refusal (if applicable) will be provided in writing, including appeal options.

Privacy in Practice

Privacy and dignity are upheld during:

  • Personal care and support (e.g., changing clothes, toileting, mealtimes)
  • Clinical assessments or sensitive discussions
  • Behaviour support planning and restrictive practice authorisation

Tender Loving Care Disability Services ensures:

  • Confidential conversations occur in private spaces
  • Only relevant staff are present during support or care tasks
  • Participants are offered choice in who supports them

Staff Responsibilities

All staff must:

  • Sign a confidentiality agreement at commencement
  • Complete mandatory privacy training during induction and annually thereafter
  • Report suspected breaches of privacy or unauthorised access to management immediately
  • Securely dispose of records in accordance with retention laws and data destruction policies

Privacy Breaches & Complaints

Tender Loving Care Disability Services treats privacy breaches seriously. A breach may include:

  • Loss or theft of files
  • Unauthorised access or sharing
  • Information sent to the wrong person

In the event of a breach:

  • It must be reported immediately to the Privacy Officer
  • An internal investigation will be conducted
  • The affected individual(s) will be notified
  • If required, the breach will be reported under the Notifiable Data Breaches Scheme

Complaints regarding privacy may be submitted:

  • Verbally or in writing to the Director or Privacy Officer
  • Through the Tender Loving Care Disability Services
  • To the Office of the Australian Information Commissioner (OAIC) or NDIS Commission if unresolved

Monitoring & Review

This policy will be reviewed:

  • At least annually, or
  • When there is a change in privacy law, NDIS regulation, or internal process
  • Following a significant privacy breach or complaint

The review will include:

  • Input from participants and staff
  • Audit of information management practices
  • Alignment with changes to NDIS or national privacy legislation

Related Documents

  • Participant Rights and Responsibilities Policy
  • Records Keeping and Management Policy and Procedure
  • Management of Data Breach Policy and Procedure
  • Information Management Policy and Procedure
  • Intake and Consent Form
  • Complaints, Compliments and Feedback Policy
  • Employee Code of Conduct
  • NDIS Practice Standards and Code of Conduct
  • Easy Read Privacy Statement

About This Release

Version

Author

Reviewer

Changes in this issue

Approval

Date

1.0

Quality&

Compliance

CEO

Initial release

CEO

04/09/2020

2.0

Quality & Compliance

Quality/CEO

New organisation branding Combined policy and procedure

Processes streamlined to enhance staff

understanding

CEO

24/10/2025