Breaches of privacy

Breaches of privacy, privacy, information sharing, incident report, Unsatisfactory Work Performance, Misconduct
This topic sets out Child Protection’s approach in the event of an alleged or actual breach of privacy, and the processes to be followed.
Document ID number 3063, version 6, 13 October 2023.

The department's policy and procedure for responding to breaches of privacy by child protection staff is located on the department’s SharePoint site.

The following policy is also relevant:

See Information sharing in child protection practice for details about sharing information under the CYFA, and other legislation that governs the management and sharing of particular information held by the department.

Breaches of privacy

Actual or ‘near miss’ incidents where a child protection practitioner or manager has inappropriately accessed, disclosed or managed client information must be handled according to the department's privacy policy. 

In all cases of actual or ‘near miss’ privacy incidents, supervisors must complete a privacy incident report and consult with the Feedback, External Oversight and Privacy (FEOP) team at

The department’s ‘Guidelines for managing privacy incidents’ provides guidance for managers in responding to a privacy incident.

The Area Operations Manager, Child Protection Director and Area Executive Director should be informed of possible privacy incidents.

Careful consideration must be given to the circumstances of the possible breach to determine whether the CYFA, Child Wellbeing and Safety Act, Family Violence Protection Act, Privacy and Data Protection Act, the Health Records Act or information sharing schemes have been breached and whether staff misconduct has occurred.