The department's policy and procedure for responding to breaches of privacy by child protection staff is located on the department’s Privacy intranet page.
The following policies and procedures are also relevant:
-
Critical Client Incident Management Instruction (Technical update 2014)
- Managing Unsatisfactory Work Performance and Misconduct Policy – Victorian Public Service 2012
See Information sharing in child protection practice for details about sharing information under the CYFA, and other legislation that governs the management and sharing of particular information held by the department.
Actual or alleged instances where a child protection practitioner or manager has inappropriately accessed, disclosed or managed client information must be handled according to the department's privacy policy. See the department’s Privacy intranet page for advice.
The department’s ‘Guidelines for managing privacy incidents’ and the ‘Privacy Breach Checklist’ (available on the department’s Privacy intranet page) provide guidance for managers in responding to a breach of privacy.
In all cases of actual or alleged privacy breaches, supervisors must complete an incident report and consult with the divisional privacy contact officer.
The divisional area operations manager/director, child protection and area executive director should be informed of the actual or alleged breach. Careful consideration must be given to the circumstances of the actual or alleged breach to determine whether the CYFA, Child Wellbeing and Safety Act, Family Violence Protection Act, Privacy and Data Protection Act or the Health Records Act has been breached and whether staff misconduct has occurred.
Much of the information handled by child protection staff is of a personal and sensitive nature. It is therefore essential that practitioners and managers are familiar with the advice provided in Information sharing in child protection practice to ensure that personal information is managed appropriately.