The privacy of personal information is defined by legislation (Privacy Act 1988). At all times, Mental Health Carers ARAFMI NSW Inc acts in accordance with these legal requirements which are underpinned by the policy statements 8.1- 8.6 outlined below.

Mental Health Carers ARAFMI NSW Inc also strives to respect the confidentiality of other sensitive information. However, in the spirit of partnership, we share information with clients and other involved individuals and organisations (subject to consent), where it would be in the best interest of the client, or other individual, to do so.

Personal information collected by Mental Health Carers ARAFMI NSW Inc is only for purposes which are directly related to the functions or activities of the organisation.

These purposes include:

• Enquiry about programs
• Referral to programs
• Providing treatment and support to clients
• Administrative activities, including human resources management
• Sector development activities
• Community development activities
• Fundraising
• Complaint handling.

Mental Health Carers ARAFMI NSW Inc only uses personal information for the purposes for which it was given, or for purposes which are directly related to one of the functions or activities of the organisation.

It may be provided to government agencies, other organisations or individuals if:

• The individual has consented
• It is required or authorised by law
• It will prevent or lessen a serious and imminent threat to somebody’s life or health.

Mental Health Carers ARAFMI NSW Inc takes steps to protect the personal information held against loss, unauthorised access, use, modification or disclosure and against other misuse.

These steps include reasonable physical, technical and administrative security safeguards for electronic and hard copy of paper records as identified below.

Reasonable physical safeguards include:

• Locking filing cabinets and unattended storage areas;
• Physically securing the areas in which the personal information is stored;
• Not storing personal information in public areas;
• Positioning computer terminals and fax machines so that they cannot be seen or accessed by unauthorised people or members of the public;

Reasonable technical safeguards include:

• Using passwords to restrict computer access, and requiring regular changes to passwords;
• Establishing different access levels so that not all staff can view all information;
• Ensuring information is transferred securely (for example, not transmitting health information via non-secure email);
• Using electronic audit trails;
• Installing virus protections and firewalls.

Reasonable administrative safeguards include not only the existence of policies and procedures for guidance but also training to ensure staff, Board members, students and volunteers are competent in this area.