Book a Tour
    Enquire Now
      The Fearn Early Learning Centres

      Privacy and Confidentiality Policy

      NQS

      QA77.1.2Systems are in place to manage risk and enable the effective management and operation of a quality service.

      National Regulations

      Reg Title
      181 Confidentiality of records kept by approved provider
      181-184 Confidentiality and storage of records

      Child Safe Standards

      Child Safe Standard 2 Child safety and wellbeing is embedded in organisational leadership, governance and culture
      Child Safe Standards 7 Processes for complaints and concerns are child focused
      Child Safe Standard 9 Physical and online environments promote safety and wellbeing while minimising the opportunity for children and young people to be harmed

      Aim

      This policy is to address the issues of privacy and confidentiality of children, educators, volunteer workers and families using the centre. It aims to protect the privacy and confidentiality by ensuring that all records and information about individual children, families, educators and management are kept in a secure place and are only accessed by or disclosed to those individuals who need the information to fulfil their responsibilities at the centre or have a legal right to know.

      Related Policies

      1. Educator and Management Policy
      2. Enrolment Policy
      3. Family Law and Access Policy
      4. Medical Conditions Policy
      5. Record Keeping and Retention Policy
      6. Social Networking Usage Policy

      Implementation

      Early Childhood Services are required to comply with Australian privacy law which includes the Privacy Act 1988 (the Act) which was amended in February 2017, with the changes taking effect from February 22nd 2018. The new law introduces a Notifiable Data Breaches (NDB) scheme that requires Early Childhood Services, Family Day Care Services and Out of School Hours Care Services to provide notice to the Office of the Australian Information Commissioner (formerly known as the Privacy Commissioner) and affected individuals of any data breaches that are “likely” to result in “serious harm.”

      Businesses that suspect an eligible data breach may have occurred, must undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected. A failure to notify that is found to constitute a serious interference with privacy under the Privacy Act may result in a fine of up to $360,000 for individuals or $1.8 million for organisations. In order to comply with the Privacy Act, centres are required to follow the Australian Privacy Principles (APPs), which are contained in Schedule 1 of the Privacy Act 1988 (Privacy Act).

      NPP 1: Collection

      Describes what an organisation should do when collecting personal information, including what they can collect, collecting from third parties and, generally, what they should tell individuals about the collection.

      NPP 2: Use and Disclosure

      Outlines how organisations may use and disclose individuals' personal information. If certain conditions are met, an organisation does not always need an individual's consent to use and disclose personal information. There are rules about direct marketing.

      NPPs 3 & 4: Information Quality and Security

      An organisation must take steps to ensure the personal information it holds is accurate and up-to-date, and is kept secure from unauthorised use or access.

      NPP 5: Openness

      An organisation must have a policy on how it manages personal information and make it available to anyone who asks for it.

      NPP 6: Access and Correction

      Gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.

      NPP 7: Identifiers

      Generally, prevents an organisation from adopting an Australian Government identifier for an individual (e.g. Medicare numbers) as its own.

      NPP 8: Anonymity

      Where possible, organisations must give individuals the opportunity to do business with them without the individual having to identify themselves.

      NPP 9: Trans-Border Data Flows

      Outlines how organisations should protect personal information that they transfer outside Australia.

      NPP 10: Sensitive Information

      Sensitive information includes information such as health, racial or ethnic background, or criminal record. Higher standards apply to the handling of sensitive information.

      Service Privacy Guidelines

      • Personal information will only be collected in so far as it relates to the centre’s activities and functions, and in line with relevant legislation. (National Privacy Principle 1.1 - Privacy Act 1998.)
      • Collection of personal information will be lawful, fair, reasonable and unobtrusive. (National Privacy Principle 1.2 - Privacy Act 1998.)
      • Individuals who provide personal information will be advised of: the name and contact details of the centre; the fact that they are able to gain access to their information; why the information is collected; the organisations to which the information may be disclosed; any law that requires the particular information to be collected; and the main consequences for not providing the required information. (National Privacy Principle 1.3 – Privacy Act 1998).
      • The use or disclosure of personal information will only be for its original collected purpose, unless the individual consents or unless it is needed to prevent a health threat or is required or authorised under law. (National Privacy Principle 2.1 – Privacy Act 1998).
      • The centre will take steps to ensure the personal information collected, used, or disclosed, is accurate, complete and up to date. Parents will be required to update their enrolment details annually, or whenever they experience a change in circumstances. Computer records will be updated as soon as new information is provided. (National Privacy Principle 3 – Privacy Act 1998).
      • Personal information will be kept in a secure and confidential way, and destroyed by shredding or incineration, when no longer needed. (National Privacy Principle 4 – Privacy Act 1998).
      • Individuals will be provided with access to their personal information and may request that their information be up-dated or changed where it is not current or correct. (National Privacy Principle 6 – Privacy Act 1998).
      • Individuals wishing to access their personal information must make written application to the Centre Manager who will arrange an appropriate time for this to occur. The Centre Manager will protect the security of the information by checking the identity of the applicant, and ensuring someone is with them while they access the information to ensure the information is not changed or removed without the Centre Manager’s knowledge.
      • The Centre Manager will deal with privacy complaints promptly and in a consistent manner, following the centre’s Grievance Procedures. Where the aggrieved individual is dissatisfied after going through the grievance process, they may appeal in writing to “The Director of Complaints, Office of the Federal Privacy Commission, GPO Box 5218, Sydney NSW 1042, or phone the Commissioner’s Hotline on 1300 363 992. (Privacy Act 1998). www.privacy.gov.au
      • Every employee and the Operator is provided with clear written guidelines detailing:
      • • What information is to be kept confidential and why
      • • What confidential information they may have access to fulfil their responsibilities and how this information may be accessed.
      • • Who has a legal right to know what information?
      • • Where and how the confidential information should be stored.
      • Every enrolling parent/guardian is provided with clear information about:
      • • What personal information is kept, and why.
      • • Any legal authority to collect personal information.
      • • Third parties to whom the centre discloses such information as a usual practice.
      • Confidential conversations that educators have with parents or guardians, or the Centre Manager has with educators will be conducted in a quiet area away from other children, parents and educators. Such conversations are to be minuted and stored in a confidential folder.
      • Personnel forms and employee information will be stored securely.
      • Applicants, students or volunteers will be informed that their personal information is being kept, for what reason, for how long, and how it will be destroyed at the end of the time period.
      • Applicants will be asked for their consent before their references are checked. Unsuccessful applicants will be advised of when and how their personal information will be destroyed.
      • Information about educators will only be accessed by the Centre Manager, Area Management Team Head Office Team and individual educator concerned.
      • All matters discussed at educator meetings will be treated as confidential.
      • No educator may give information or evidence on matters relating to children or their families to anyone other than the responsible parent or guardian, unless prior written approval by the responsible parent or guardian is obtained. Exceptions may apply regarding information about children when subpoenaed to appear before a court of law. Notwithstanding these requirements, confidential information may be exchanged in the normal course of work with other educators at the centre and may be given to the Approved Provider, when this is reasonably needed for the proper operation of the centre and the wellbeing of users and educators. (Privacy Act 1988).
      • Reports, notes and observations about children must be accurate and free from biased comments and negative labelling of children.
      • Educators will protect the privacy and confidentiality of other educators by not relating personal information about another educator to anyone either within or outside the centre.
      • Students/individuals on work experience/volunteers will not make educators, children or families at the centre, an object for discussion outside of the centre (e.g. college, school, home etc.), nor will they at any time use family names in recorded or tutorial information.
      • Students or individuals on work experience will only use information gained from the centre upon receiving written approval from the centre to discuss such information and will never use or divulge the names of individuals.

      Sources

      1. National Quality Standard
      2. Education and Care Services National Regulation
      3. Privacy Act 1988
      4. Information Privacy Principles as stipulated in the Privacy Act 1988
      5. United Nations Convention of the Rights of a Child
      6. Freedom of Information Act 1989

      Review

      This policy will be reviewed annually, or earlier if required.

      Established April 2016

      Review Date Modifications
      March 2018 References updated to comply with revised National Quality Standards
      March 2019 Wording changes – Co-ordinator changed to Nominated Supervisor
      March 2020 No change required
      November 2020 Information about Privacy Law added
      February 2022 Child Safe Standards added
      March 2023 No Changes Required
      March 2024 Area Management Team updated to Head Office Team

      Complaints and Enquiries

      If you have any queries or complaints about our Privacy Policy please contact us at:

      I9Education.com.au

      Postal Address: Suite 4, Level 3, 13 -15 Lake St., Caroline Springs VIC – 3O23

      Email: info@thefernelc.com.au

      Number: (03) 8348 5346

      Book a Tour

      Book a Tour

      Enquiry Form

      The Fearn Early Learning Centres
      Book a Tour
      Enquire Now

      Register your interest

      Coming Mid 2026

      The Fern Early Learning Centre
      Balwyn North

      • 125 Greythorn Rd, Balwyn North VIC 3104

      Events

      Upcoming

      Past