Data Management Policy

Mountain Support Services Pty Ltd
Data Management Policy

1. Purpose and Scope

This policy outlines Mountain Support Services Pty Ltd.’s commitment to managing data in compliance with the National Disability Insurance Scheme (NDIS) Practice Standards, Privacy Act 1988, and other relevant legislation. It ensures the ethical handling, secure storage, and proper use of participant and staff information.
Scope: This policy applies to all Mountain Support Services Pty Ltd employees, contractors, and third-party providers.

2. Key Principles

Mountain Support Services Pty Ltd operates under the following data management principles:
1. Privacy and Confidentiality: We protect participant data and adhere to the Australian Privacy Principles.
2. Transparency: Provide clear communication to participants about data use and ensure informed consent.
3. Security: Implement robust measures to prevent unauthorised access and data breaches.
4. Accessibility: Ensure participants can access and correct their personal information.

3. Data Collection

Mountain Support Services Pty Ltd collects data to
• Deliver high-quality, tailored services to participants.
• Comply with NDIS reporting requirements.
• Monitor and evaluate service delivery outcomes.

Consent and Purpose:
Written consent is obtained before collecting any data.
Data is collected only for specific service delivery, compliance, and improvement purposes.

Minimal Data Principle: Only the information required for the intended purpose is collected.

4. Data Storage

Digital Data:
• stored on secure servers with role-based access control.
• Sensitive information is encrypted during transmission and storage.
• Routine backups are conducted and stored securely.

Physical Data:
• Kept in locked storage cabinets in secure premises.
• Access is limited to authorised personnel.

5. Data Access

Internal Access
• Role-based access ensures staff only access data necessary for their responsibilities.
• Maintain an access log for monitoring.

Participant Access:
• Participants can access, update, or correct their data anytime by contacting Mountain Support Services Pty Ltd.
• Requests are handled promptly and transparently.

6. Data Sharing

Mountain Support Services Pty Ltd shares data:
• Only with participant consent or when legally required.
• With third-party providers who comply with NDIS and privacy standards.

Secure Data Sharing:
• Use encrypted file-sharing platforms or secure emails for data transmission.
• Agreements with third parties outline privacy and confidentiality expectations.

7. Data Retention and Disposal

Mountain Support Services Pty Ltd retains data in compliance with legal and NDIS requirements:
• Retention Period: Data is retained for seven years after a participant’s last engagement or as required by law.
• Secure Disposal:
• Hard copies are shredded.
• Digital records are permanently deleted using secure methods.

8. Incident Management

Reporting:
All data breaches or incidents must be reported immediately to the designated Data Protection Officer.

Response:
• Investigate and address the breach promptly.
• Notify affected participants and the Office of the Australian Information Commissioner (OAIC) if a notifiable breach occurs.

Prevention:
Maintain a register of incidents to identify trends and implement preventive measures.

9. Staff Training and Awareness

Mandatory Training: All staff must complete training on privacy laws, NDIS standards, and this policy during onboarding and annually thereafter.
Ongoing Awareness: Regular updates and reminders about data protection responsibilities are shared.
All staff and contractors must sign confidentiality agreements during their engagement.

10. Monitoring and Review

Mountain Support Services Pty Ltd ensures continuous improvement of data management practices by:
• Conducting annual policy reviews to reflect updates in legislation, NDIS standards, and best practices.
• Monitoring compliance through internal audits and feedback from staff and participants.

11. Responsibilities

Data Protection Officer: Oversees the implementation and monitoring of the policy.
Employees and Contractors: Responsible for adhering to this policy and reporting breaches or concerns.
Management: Ensures systems and resources are in place to maintain compliance.

12. Policy Review and Approval

Mountain Support Services Pty Ltd.’s management will review this policy annually to ensure it aligns with NDIS requirements and operational needs.

For more information or to access or update your data, contact:
Mountain Support Services Pty Ltd
Po Box 189, New Norfolk, Tasmania 7140
PH: 0405090980
Em: mychoice@mountainsupports.com.au