Privacy and Confidentiality Policy

At Mora Disability, we are committed to respecting and protecting the privacy and confidentiality of all individuals associated with our organisation, including participants, providers, employees, contractors, and community partners.


Privacy and Confidentiality Guidelines


Purpose of Information Collection

We collect personal information to deliver tailored services in a safe and healthy environment. This data helps us meet duty-of-care obligations, provide appropriate referrals, and conduct business activities supporting participant services.


Compliance

We strictly comply with the Privacy Act, Australian Privacy Principles, Privacy Amendment (Notifiable Data Breaches) Act, and all regulations relevant to disability service providers.


Consent Requirements

We adhere to the consent protocols outlined in the NDIS Quality and Safeguarding Framework and applicable state or territory regulations.


Access to Privacy Information

Individuals are informed about how their data is handled and can opt out of providing or consenting to using their details.


Access to Personal Records

Participants can request access to their records through their assigned contact person or coordinator.


Reporting to Funding Bodies

Reports provided to government funding bodies are non-identifiable, including only information related to service hours, age, disability, language, and nationality.


Use of Personal Information

Personal information is used exclusively by Mora Disability and is not shared without explicit consent unless required by law (e.g., reporting abuse, neglect, or court orders).


Images and Video Consent

Participant images or video footage are only used with prior consent.


External Audits

Participants may voluntarily participate in external NDIS audits.


Security of Information

We implement stringent measures to safeguard personal information, including password-protected IT systems, locked filing cabinets, and restricted access to authorised personnel only.


Disposal of Information

Personal information no longer required is securely destroyed or de-identified.


Data Breach Prevention and Response

We proactively prevent data breaches by storing information securely and limiting access. In the event of a suspected or known breach, we will promptly mitigate harm, notify affected individuals, and, if necessary, inform the Office of the Australian Information Commissioner.


Incident Management

Privacy breaches are treated as incidents and managed through our internal resolution process. Deliberate breaches may lead to disciplinary action, including termination of employment.


Definitions


Data Breach

A security incident where personal, sensitive, or confidential information is accessed, shared, or used without authorisation, posing potential harm. Reportable breaches are escalated to the Office of the Australian Information Commissioner.


Personal Information

Includes any data that can identify an individual, such as:

  • Name
  • Address
  • Contact details
  • Date of birth
  • Recorded opinions or notes.


Sensitive Personal Information

Includes private details like:

  • Health information
  • Ethnicity
  • Political or religious beliefs
  • Sexual orientation
  • Criminal record
  • Biometric data (e.g., fingerprints).


Mora Disability remains committed to upholding the highest standards of privacy and confidentiality, ensuring all individuals feel secure and respected in their interactions with us.