- Home
- Guide to the NQF
- Section 6: Reviews
- 5. Complaints about privacy
Table of contents
- Guide to the NQF
- Icons legend
- Section 1: Introduction
- Section 2: Applications and Approvals
- Section 3: National Quality Standard and Assessment and Rating
- Section 4: Operational Requirements
- Section 5: Regulatory Authority Powers
- Section 6: Reviews
- Section 7: Glossary
- Guide to the NQS reference list
5. Complaints about privacy
An individual can complain to the relevant agency (ACECQA or a regulatory authority) about the mishandling of their personal information. ACECQA or the regulatory authority should attempt in the first instance to resolve an individual’s privacy complaint. If ACECQA or the regulatory authority is not able to resolve the complaint, then the National Law provides individuals with a right to complain to the National Education and Care Services Privacy Commissioner (NECS Privacy Commissioner)
Contact details for the NECS Privacy Commissioner are available at www.necsopic.edu.au.
5.1 Addressing privacy breaches
In some circumstances, ACECQA or a regulatory authority may become aware of an interference with an individual’s privacy without a complaint. In those circumstances, the best practice response is to address the breach in a manner consistent with the OAIC’s data breach response process available on the OAIC website. A brief summary of the process is outlined below.
Addressing privacy breaches |
||
|
Step 1 |
Contain the breach and make a preliminary assessment |
|
|
Step 2 |
Evaluate the risks for individuals associated with the breach |
|
|
Step 3 |
Consider breach notification |
|
|
Step 4 |
Review the incident and take action to prevent future breaches |
|