Privacy and Confidentiality

Policy Statement

Catholic Diocese of Parramatta Services Limited (CDPSL) is committed to maintaining all personal information and recognises and respects the importance of privacy and confidentiality as an individual right and a basis for building partnerships. This policy has been developed to comply in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and other applicable laws and are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act. CDPSL pursues the highest standard in the protection and preservation of privacy and confidentiality.

This policy outlines the type of personal information collected and how information is acquired, used and shared. We will not sell personal information to any third parties.

Goals/What are we going to do?

We will:

  • Maintain private and confidential files for employees, volunteers, students, children, and their families.
  • We will develop systems for the appropriate use, storage and disposal of records.
  • Ensure the information in these files is used only for the intended purpose and shared with relevant or authorised people.

From time to time, we may review and update this policy to take account of new laws and technology, changes to operations and practices, and to make sure it remains appropriate to the changing environment.

Strategies/How will it be done?

CDPSL aims to meet these goals through the adoption of this policy, Security of Records policy, Record Retention and Disposal Policy and Standard Collection Notice which will guide our practices in this area. The collection of personal information will only occur when individuals specifically and knowingly elect to provide this.

CDPSL will use personal information collected from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented. Sensitive information will be used and disclosed only for the purpose for which it was provided, unless you agree otherwise, or the use of disclosure of the sensitive information is allowed by law. CDPSL may disclose personal information, including sensitive information, held about an individual for educational, administrative, legal and support purposes.

Information may be disclosed without an individuals’ consent. This may occur where it is legally necessary, for instance in making a report of serious harm to the Office of the Children’s Guardian, or when documents have been subpoenaed. Access may be refused in certain circumstances, such as where access would have an unreasonable impact on the privacy of others, where access may result in a breach of our duty of care, or where children have provided information in confidence.

CDPSL will generally collect personal information held about an individual by way of forms filled out, from face-to-face meetings and interviews, in emails and from telephone calls. Occasionally, people other than parent/guardians provide us with personal information. In some circumstances, CDPSL may be provided with personal information about an individual from a third party, for example, a report provided by a medical professional or a reference from another school.

The type of personal information CDPSL collects and holds includes (but is not limited to) the following:

Information about children and parent/guardians before, during and after the course of a child’s enrolment;

  • name, contact details (including next of kin), date of birth, gender, language background, previous school, marital status, and religion;
  • parent/guardians’ education, occupation and language background;
  • medical information (eg. Details of disability and/or allergies, medical reports and name and contact details of medical practitioners, immunisation records);
  • conduct and complaint records, or other behaviour notes and/or school reports;
  • information about referrals to government welfare agencies;
  • counselling reports;
  • health fund details and Medicare number;
  • any court orders or AVO’s
  • photos and videos at service events
  • financial details for payment of fees including any relevant information from Services Australia/Centrelink
  • contact details of emergency contact / authorised nominees
  • incident, Injury, Trauma and Illness records
  • development records including observations, assessments of children’s learning, programming documentation and any communication with parent/guardians
  • permission forms

Information about job applicants, employees, volunteers, students and contractors including:

  • name, contact details (including next of kin), date of birth, and religion;
  • information on job application;
  • professional development history;
  • salary and payment information, including superannuation details;
  • medical information (eg. Details of disability and/or allergies, and medical certificates);
  • complaint records and investigation reports;
  • workers compensation claims;
  • leave details;
  • photos and videos at events;
  • workplace surveillance information;
  • work emails and private emails (when using work email address) and internet browsing history; and
  • driver’s license and car insurance details (when claiming kilometres).

Information about other people who come into contact with CDPSL, including (but not limited to) name and contact details.

Where is personal information stored?

Personal information is stored in a safe and secure manner, using locked filing cabinets or a password protected database and computer. Information is backed up electronically and securely stored. Data will not be altered or destroyed except in extraordinary circumstances. Any personal information not actively being used may be archived, in accordance with regulatory requirements. CDPSL will respond to any incidents that may affect the security of the personal information it holds in accordance with its obligations under the Privacy Act, including the Notifiable Data Breaches Scheme. If CDPSL assesses that the security of personal information is breached in such a way that cannot be remedied and that a person likely to suffer serious harm as a result of the breach, we will notify that person and the Office of the Australian Information Commissioner of the breach. CDPSL will respond to any such incidents by taking steps to contain any breach and minimise any likely harm to a person.

Access and updating personal information

Individuals may ask to access, update or delete personal information held about them at any time. Reasonable steps will be taken to verify an individual’s identity before granting access, making any corrections to, or deleting information. If a customer wishes to make a complaint, please refer to the Complaints Policy.




Ensure all relevant policies in relation to privacy are available upon request by families, employees, volunteers and students.

Ensure each employee, volunteer and students information is correct in personnel and other files. This includes information on qualifications, WWCC, criminal history checks, staff entitlements, contact and emergency information, health and immunisation information, and any relevant medical and legal information. This would include any other relevant information collected by the service.

Ensure that information collected from families, educators, board members and the community is always maintained in a private and confidential manner.

Ensure information provided by families, employees and board members is only used for the purpose it was collected for.

Ensure the Standard Collection Notice forms part of the enrolment form.

Ensure that such information is not divulged or communicated (directly or indirectly) to another person other than the ways outlined as appropriate in the Education and Care Services National

Regulations, 181, which says information can be communicated: o To the extent necessary for the education, care or medical treatment of the child;

  • To the extent necessary for the education, care or medical treatment of the child;
  • To the parent of the child to whom the information relates (except for information in staff records);
  • To the regulatory authority or an authorised officer;
  • As authorised, permitted or required to be given by or under any act or law; and
  • With written consent of the person who provided the information.
  • Ensure families are informed upon enrolment how images/photographs of their children will be used on the Internet and/or publications and gain written approval.
  • Provide families with information on the Complaints and Feedback procedure if any privacy or confidentially procedure has been breached. Individuals can make a complaint to the Approved Provider if they believe there has been a breach of their privacy in relation to the Privacy principles. The breach will be assessed by the Approved Provider within 14 days. Where the information collected is incorrect, the information will be corrected. Where a serious breach of privacy is found, appropriate actions will be negotiated between the Approved Provider and the individual to resolve the situation, in line with the Complaints and Feedback procedure.

Nominated Supervisor/

Ensure each families’ information is correct in enrolment records. This includes information on immunisation updates, income and financial details (credit card or bank information), contact details of family and emergency contact information, children’s developmental records, Family Assistance information, and any medical or legal information – such as family court documentation – required by our education and care service. This would include any information required to be recorded under the National Law and Regulations, the Family Assistance Law other relevant information collected to support the enrolment of a child.

Ensure information provided by families, employees and board members is only used for the purpose it was collected for.

Ensure that education and care service records, personnel records, CCS information and children’s and families information is stored securely reducing the chance of unauthorised access, use or disclosure and remains private and confidential within the education and care environment at all times.

Ensure that information kept is not divulged or communicated, directly or indirectly, to anyone other than:

  • Medical and developmental information that is required to adequately provide education and care for the child;
  • The Department of Education, or an authorised officer; or
  • As permitted or required by any Act or Law.

Ensure Individuals will be allowed access to their personal information as requested. Individuals must request this information in writing from the Nominated

Supervisor. Authorised persons may request to view any information kept on their child. Information may be denied under the following conditions:

  • Access to information could compromise the privacy of another individual;
  • The request for information is frivolous or vexatious; and
  • The information relates to legal issues, or there are legal reasons not to divulge the information such as in cases of custody and legal guardianship.


Maintain children’s information and store documentation according to policy at all times.

Not share information about the education and care service, management information, other educators or children and families, without written permission or legislative authority.

In keeping with the Early Childhood Australia (ECA) Code of Ethics (2008), the Education and Care Services National Regulations and the Privacy Legislation, educators and staff employed by our education and care service bound to respect the privacy rights of children enrolled and their families; educators and staff and their families and any other persons associated with the service. Educators will sign a Confidentiality Statement as it relates to privacy and confidentiality of information.


Provide all required personal information as requested. If the information requested is not obtained, the enrolment of a child may not be permitted or continued and/or the child may not be able to take part in a particular activity.

Provide updated personal information when details change in writing to the Nominated Supervisor/Responsible Person

Monitoring, Evaluation and Review

This policy will be monitored to ensure compliance with legislative requirements and unless deemed necessary through the identification of practice gaps, the service will review this policy as per the policy schedule and/or as required.

Families and EYEC employees are essential stakeholders in the policy review process and will be given opportunity and encouragement to be actively involved.

Related Legislation


Education and Care Services National Regulations: 181


National Quality Standard, Quality Area 7: Governance and Leadership


Children (Education and Care Services National Law Application) Act 2010

Education and Care Services National Regulations

Children and Young Persons (Care and Protection) Act 1998

Australian Privacy Principles –

Office of the Australian Information Commissioner –

Privacy Act 1988 (Privacy Act) –

Early Childhood Australia –


Personal information

Information that personally identifies an individual, such as a name, residential or email address and may include information relevant to the enrolment process, credit card and/or banking information, billing records, documentation of a child’s learning and development including photos, employment details and recorded information regarding complaints.