Breaches of privacy

This advice provides information regarding the processes to be followed in the event of an actual or alleged breach of privacy by child protection.

Document ID number 3063, version 3 , 2 July 2018


The department's policy and procedure for responding to breaches of privacy by child protection staff is located on the department’s Privacy intranet page.

The following policies and procedures are also relevant:

See Information sharing for information about the CYFA provisions that govern the management and sharing of particular information held by the department. That advice also describes the application of the Privacy and Data Protection Act 2014 and the Health Records Act 2001 for child protection practice.

Breaches of privacy

Actual or alleged instances where a child protection practitioner or manager has inappropriately accessed, disclosed or managed client information must be handled according to the department's privacy policy. See the department’s Privacy intranet page for advice.

The department’s ‘Guidelines for managing privacy incidents’ and the ‘Privacy Breach Checklist’ (available on the department’s Privacy intranet page) provide guidance for managers in responding to a breach of privacy.

In all cases of actual or alleged privacy breaches, supervisors must complete an incident report and consult with the divisional privacy contact officer.

The divisional area operations manager/assistant director, child protection and area director, or director, child protection  should be informed of the actual or alleged breach. Careful consideration must be given to the circumstances of the actual or alleged breach to determine whether the CYFA, the Privacy and Data Protection Act or the Health Records Act has been breached and/or whether staff misconduct has occurred.

Much of the information handled by child protection staff is of a personal and sensitive nature. It is therefore essential that practitioners and managers are familiar with the advice provided in Information sharing to ensure that personal information is managed appropriately.