Breaches of privacy

This topic sets out Child Protection’s approach in the event of an alleged or actual breach of privacy, and the processes to be followed.

Document ID number 3063, version 4, 27 September 2018.

Introduction

The department's policy and procedure for responding to breaches of privacy by child protection staff is located on the department’s Privacy intranet page.

The following policies and procedures are also relevant:

See 3061 Information sharing in child protection practice for details about sharing information under the CYFA, and other legislation that governs the management and sharing of particular information held by the department.

Breaches of privacy

Actual or alleged instances where a child protection practitioner or manager has inappropriately accessed, disclosed or managed client information must be handled according to the department's privacy policy. See the department’s Privacy intranet page for advice.

The department’s ‘Guidelines for managing privacy incidents’ and the ‘Privacy Breach Checklist’ (available on the department’s Privacy intranet page) provide guidance for managers in responding to a breach of privacy.

In all cases of actual or alleged privacy breaches, supervisors must complete an incident report and consult with the divisional privacy contact officer.

The divisional area operations manager/assistant director, child protection and area director, or director, child protection should be informed of the actual or alleged breach. Careful consideration must be given to the circumstances of the actual or alleged breach to determine whether the CYFA, Child Wellbeing and Safety Act, Family Violence Protection Act, Privacy and Data Protection Act or the Health Records Act has been breached and whether staff misconduct has occurred.

Much of the information handled by child protection staff is of a personal and sensitive nature. It is therefore essential that practitioners and managers are familiar with the advice provided in Information sharing in child protection practice to ensure that personal information is managed appropriately.

1