Home » Privacy and Confidentiality
Karakan acknowledges every individual’s right to privacy. This policy sets out how Karakan protects privacy and ensures confidentiality in compliance with:
Applicability
When |
|
Who |
|
Definitions
Term | Definition |
Data breach | A data breach is type of security incident where personal, sensitive or confidential data normally protected, is deliberately or mistakenly copied, sent, viewed, stolen or used by an unauthorised person or parties. A data breach where people are at risk of serious harm as a result, is reportable to the Office of the Australian Information Commissioner. |
Personal information | Personal information includes (regardless of its accuracy):
|
Sensitive personal information | Sensitive personal information can include personal information that is normally private such as:
|
Related documents that underpin implementation of this policy
Privacy protection practices
Openness
Karakan ensures that all relevant parties are aware of this policy and its purpose making sure this policy and related resources are publicly available and in easy read formats.
Anonymity and pseudonymity
Collecting information
Unsolicited personal information
If Karakan receives personal information that we have not solicited and is not reasonably necessary for the functions or activities of Karakan, that information will be destroyed in a secure manner.
Keeping collected information secure
Karakan takes all reasonable steps to protect the personal information we hold against misuse, interference, loss, unauthorised access, modification and disclosure by:
Use and disclosure
Only authorised persons are permitted access to use and disclose information held by Karakan. Karakan ensures this by:
Retention and destruction
Karakan retains, and when no longer required will destroy or will de-identify personal information in accordance with legal and funding body requirements.
Direct marketing
Karakan will not collect or disclose any personal information it holds for the purpose of direct marketing.
Social media
When people interact with Karakan’s social media accounts, Karakan may collect publicly available information from those interactions, such as your name and content relevant to the interaction.
The information Karakan collects from public social media profiles may be used for the purpose of responding to comments, questions, and messages, as well as for engaging in discussions related to our services, products, or relevant topics.
While Karakan aim to engage with the social media audience, we encourage people to avoid sharing details about private matters in public comments or direct messages. We recommend that discussions about private matters be communicated via the contact options on our website.
Karakan social media posts may contain links to third-party websites, articles, or content. Please note that Karakan is not responsible for the privacy practices or content on external platforms or websites.
People have the option to interact with our social media content and accounts in a way that is comfortable for them. People can choose to follow, like, share, comment, or send direct messages to our official accounts. People also have the right to unfollow or unfriend us at any time.
Breach of privacy
Access to personal information
Karakan will respond to requests for access information in a manner consistent with the Australian Privacy Principles to requests for access to personal information. Karakan will ensure that the information accessed does not have an unreasonable impact on the privacy of other individuals or is in conflict with any other legislative requirements or legal proceedings.
People have a right to seek access to information held about them subject to exceptions allowed by law.
Access would usually be provided by arranging the sighting of the information in the company of Karakan office staff.
To request access personal information, a statement detailing the requested information should be provided in one of the following ways:
If Karakan are unable to provide access to the requested information, a written reply that includes the reason/s will be provided.
Privacy complaints
Concerns or complaints about privacy should be directed to a team leader. Concerns or complaints about Karakan’s handling of a request for access to information should be directed to a manager or the Chief Executive Officer.
If you have concerns about Karakan’s handling of your request for access to information or Karakan’s handling of a privacy complaint, please contact the Quality & Risk Manager or Chief Executive Officer, depending on who handled your matter, or email qualityandsafety@karakan.com.au
At any time, any person can raise a complaint with the NDIS Quality and Safeguards Commission.
Karakan encourages people to seek external assistance as appropriate to the circumstances. A list of relevant contacts is available on the Karakan website.
Data breach management
Prevention
To prevent data breaches, Karakan will:
Reporting
Under the Notifiable Data Breach (NDB) Scheme, all notifiable data breaches must be reported to the Office of the Australian Information Commissioner (OAIC). A notifiable data breach is any breach of data that is likely to cause any person or organisation serious harm. Examples of serious harm include:
In addition to the above, if NDIA participant information was compromised during a data breach we will inform that NDIA by emailing privacy@ndis.gov.au Notification will include participant ID, name and any other identifying information about a participant or their plan.
If a data breach significantly impacts Karakan’s ability to comply with the requirements of our NDIS registration, we will notify the NDIS Quality and Safeguards Commission.
Notifiable Data Breaches
Should the information held by Karakan be subject to a notifiable data breach then Karakan will comply with the requirements of the Notifiable Data Breaches (NDB) Scheme. Information about the NDB Scheme can be sourced from the Office of the Australian Information Commissioner.
Managing Data Breaches
Karakan will take each data breach or suspected data breach seriously and respond immediately to contain, assess and remediate every incident on a case-by-case basis. When responding to a data breach or suspected data breach, we will:
CONTROLLED DOCUMENT | Privacy and confidentiality policy |
Approved by: Karakan board | Date of Initial Approval: 31/01/2008 |
Revision Number: 9 Date: 16th August 2023 |
Our Services
Quick LInks
About us
Contact Us
Let's keep in touch
Sign up for our quarterly marketing newsletter to receive regular updates.