The department's policy and procedure for responding to breaches of privacy by child protection staff is located on the department’s SharePoint site.
The following policy is also relevant:
See Information sharing in child protection practice for details about sharing information under the CYFA, and other legislation that governs the management and sharing of particular information held by the department.
Actual or ‘near miss’ incidents where a child protection practitioner or manager has inappropriately accessed, disclosed or managed client information must be handled according to the department's privacy policy.
In all cases of actual or ‘near miss’ privacy incidents, supervisors must complete a privacy incident report and consult with the Feedback, External Oversight and Privacy (FEOP) team at operations.privacy@dffh.vic.gov.au.
The department’s ‘Guidelines for managing privacy incidents’ provides guidance for managers in responding to a privacy incident.
The Area Operations Manager, Child Protection Director and Area Executive Director should be informed of possible privacy incidents.
Careful consideration must be given to the circumstances of the possible breach to determine whether the CYFA, Child Wellbeing and Safety Act, Family Violence Protection Act, Privacy and Data Protection Act, the Health Records Act or information sharing schemes have been breached and whether staff misconduct has occurred.