We take your privacy seriously. All our staff are trained in managing your personal information and need to follow these rules at all times.
There can be serious consequences for people who don’t follow these rules when they handle protected Agency information. This includes when they:
- access your information
- use your information, or give it to other people
- offer to give your information to someone else.
People who don’t follow the rules could lose their job. They could also get a large fine or go to prison for up to 2 years.
It might also be a criminal offence for other people to ask us for your personal information, when they’re not allowed to know.
What happens if there’s a notifiable data breach?
We also need to follow the Notifiable Data Breaches scheme. This means we have to follow certain steps if:
- we lose your personal information, or someone uses your information when they’re not allowed to
- this is likely to cause serious harm to you, or someone else affected by it
- we couldn’t stop this harm.
If this happens, we’ll:
- make sure your information doesn’t get shared further
- investigate and work out what happened
- tell you, and anyone else affected by the breach
- report it to the Office of the Australian Information Commissioner.
Find out more about the Notifiable Data Breaches scheme on the Office of the Australian Information Commissioner website .
Can we remove or delete your information?
We keep your information so we can access it later if needed. This means we have all the information we need to create your plan, and you don’t need to tell us the same information.
The law says we can’t delete your information. For example, we can’t delete information from your application form to become a participant, even if you ask us to.
But you can always give us new information, for example to tell us one of your documents is wrong. Learn more about what happens if your information is wrong, outdated or incomplete.
We need to keep your information even if you leave the NDIS .