Privacy and Confidentiality Policy


Able2 Pty Ltd (Able2) is committed to protecting and upholding the right to privacy of clients, staff, students, volunteers, Board members and representatives of agencies we deal with. In particular, Able2 is committed to protecting and upholding the rights of our clients to privacy and confidentiality in the way we collect, store and use information about them, their needs and the services we provide to them.Able2 requires staff, students, volunteers and Board members to be consistent and careful in the way they manage what is written and said about individuals and how they decide who can see or hear this information. 

Able2 is subject to the legislation outlined below when dealing with the privacy and confidentiality of young people. The organisation will follow the guidelines of the Australian Privacy Principles.
Able2 will ensure that:

  • it meets its legal and ethical obligations as an employer and service provider in relation to protecting the privacy of clients and organisational personnel.
  • clients are provided with information about their rights regarding privacy.
  • clients and organisational personnel are provided with privacy when they are being interviewed or discussing matters of a personal or sensitive nature.
  • all staff, students, Board members and volunteers understand what is required in meeting these obligations.

This policy will apply to all records, whether hard copy or electronic, containing personal information about individuals, and to interviews or discussions of a sensitive personal nature. 


The following legislation relates to this policy:

  • Children and Young Persons (Care and Protection)
Act 1998
Sections: 8–12, 14, 29(1)(f), 29(3A–6), 105, 140, 142–144, 149B–K, 160, 162, 163, 185, 245, Chapter 16A, 248, 254 
  • Children and Young Persons (Care and Protection) Regulation 2012
Clauses: 8, 14, 20, 34, 37, 40, 42, 87,
Schedule 3 – Clause 5–7, 11 
  • United Nations Convention on the Rights of the Child 
  • This policy conforms to the Federal Privacy Act (1988) and the Australian Privacy Principles which govern the collection, use and storage of personal information. 

Note: The Federal Privacy Act applies to organisations with an annual turnover over $3m or organisations that are health service providers, operators of a residential tenancy database, a contractor that provides services under a Commonwealth contract, an organisation that is related to a larger organisation or one which trades in personal information.


1. Dealing with personal information

Staff should refer to Able2’s Client Information and Records Management Policy for detailed information regarding young people’s information and records management.

In dealing with personal information, Able2 staff will:

  • ensure privacy for clients, staff, students, volunteers or Board members when they are being interviewed or discussing matters of a personal or sensitive nature
  • only collect and store personal information that is necessary for the functioning of the organisation and its activities
  • use fair and lawful ways to collect personal information
  • collect personal information only by consent from an individual
  • ensure that people know what sort of personal information is held, what purposes it is held it for and how it is collected, used, disclosed and who will have access to it
  • ensure that personal information collected or disclosed is accurate, complete and up-to-date, and provide access to any individual to review information or correct wrong information about themselves
  • take reasonable steps to protect all personal information from misuse and loss and from unauthorised access, modification or disclosure 
  • destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired.
2. Limits to confidentiality

Whilst it is important to maintain the privacy and confidentiality of individual’s information, there are some situations where able2 staff may be permitted or required to share information about a child or young person and their family, without their consent:Chapter 16A of the Children and Young Persons (Care and Protection) Act 1998 prioritises the safety, welfare and wellbeing of a child or young person over an individual’s right to privacy. 

able2’s Child Protection Policy provides the guidelines and processes for reporting children at risk of significant harm under Chapter 3 of the Children and Young Persons (Care and Protection) Act 1998 and the exchange of information about a child or young person under Chapter 16A.

3. Responsibilities for managing privacy
  • All staff are responsible for the management of personal information to which they have access, and in the conduct of research, consultation or advocacy work. 
  • All staff are responsible for safeguarding personal information relating to able2 clients, staff, students, Board members, volunteers, contractors.
  • The able2 Manager is responsible for content in able2 publications, communications and web site and must ensure the following:
    • appropriate consent is obtained for the inclusion of any personal information about any individual including able2 personnel 
    • information being provided by other agencies or external individuals conforms to privacy principles 
    • that the website contains a Privacy statement that makes clear the conditions of any collection of personal information from the public through their visit to the website 
  • The Able2 Manager will be responsible for:
    • ensuring that all staff are familiar with the Privacy and Confidentiality Policy and administrative procedures for handling personal information, in particular that staff understand the Client Information and Records Management Policy, the Organisational Information and Records Management Policy.
    • ensuring that clients and other relevant individuals are provided with information about their rights regarding privacy
    • handling any queries or complaint about a privacy issue
4. Privacy information for clients

At initial assessment and throughout their engagement with able2, the able2 Manager and/or a client’s case coordinator will advise young people of the following:

  • That young people have a right to privacy (see Client Rights Policy)
  • That young people’s personal privacy will be respected (see Meeting Needs in Care Policy)
  • The type of information able2 collects and records about the young person and how this information will be used (see Client Information and Record Management Policy and related attachments)
  • How the privacy of the young person and their family will be protected (see Client Information and Record Management Policy)
5. Privacy for interviews and personal discussions

To ensure privacy for clients or staff when discussing sensitive or personal matters, the organisation will ensure that confidential discussions take place in appropriate interview rooms at able2 offices

6. Participants in research projects

People being invited to participate in a research project must be:

  • given a choice about participating or not
  • given the right to withdraw at any time
  • informed about the purpose of the research project, the information to be collected, and how information they provide will be used. 
  • given copies of any subsequent publications.

The collection of personal information will be limited to that which is required for the conduct of the project. Individual participants will not be identified. 

Related Documents

  • Client Information and Records Management Policy
  • Child Protection Policy
  • Client Rights Policy
  • Meeting Needs in Care Policy
  • Organisational Information and Data Management Policy
  • Staff Confidentiality Agreement