Privacy Policy

Date effective: February 2023
Date amended: February 2025
Review date: February 2027

  • The following principles from the Privacy Act 1993 describe the key issues around privacy for our organisation:

    1. Only collect personal information if you really need it.

    2. Get it straight from the people concerned where possible.

    3. Tell them what you're going to do with it.

    4. Collect it legally and fairly.

    5. Take care of it once you've got it.

    6. People can see their personal information if they want to. Exceptions are only made, such as for evaluative material, as provided in legislation

    7. They can correct it if it's wrong.

    8. Make sure personal information is correct before you use it.

    9. Get rid of it when you're done with it.

    10. Use it for the purpose you got it.

    11. Only disclose it if you have a good reason and meet disclosure rules as provided in the legislation summarised below

    12. Only assign unique identifiers where permitted.

    Privacy principles updated in the 2020 Act include:

    • if unique IDs/customer numbers are used, the organisation must protect this information.

    • the collection of information from young people must be 'fair and reasonable'.

    Together, these principles form a 'life-cycle' for personal information.

  • Disclosure of information is subject to the following rules:

    1. Disclosure is for a legitimate purpose for which the information is obtained

    2. The source of information is publicly available.

    3. Disclosure is authorised by the individual concerned in writing.

    4. Disclosure is required under the HLC/LTTM Abuse policy.

    5. Disclosure is necessary to prevent or lessen a serious or imminent threat to public health and safety or the individual member's life or health

    6. Disclosure will not identify the individual unless required to do so under the HLC/LTTM Abuse policy.

  • When information is required to be disclosed to authorities the following procedures will be followed:

    • A written request for the information must be obtained.

    • All information will be provided in photocopy form and all non-disclosable information shall be redacted. The amended information shall be checked by another person within HLC/LTTM or by a person appointed by the CEO. Once checked a second photocopy will be made and sent to the authority concerned.

    • Where a request for information is received from the Police or from a person designated by Oranga Tamariki, the appropriate Departmental Manager of HLC/LTTM shall supervise the passing on and/or viewing of a client or worker file. No file shall be removed from HLC/LTTM unless a copy is made according to the procedure in the relevant clauses of this policy.

    • The clients, students that are served by HLC/LTTM shall be protected by the Privacy Policy.

    • Clients and students will be fully informed of who will have access to personal information that the organisation holds about them, who has access, how it is stored and how that information will be used.

    • In specific circumstances clients will be asked to sign a privacy waiver as set out in the client aims, privacy and consent intake process. The waiver is for the purpose of working collaboratively with one or more other agencies so that the client can achieve their goals.

    • Only information which is required for the wellbeing of the client or student and for the provision of services shall be obtained and recorded.

    • All clients and students have the right to access information collected about them, this includes children and young people under the age of 16 years. They all have the right to access their information, authorise collection of their information and complain about the disclosure of their information.

    • When information is collected from a child or young person, extra care will be taken to ensure it is fairly collected and not unreasonably intrusive.

    • If a parent or caregiver requests access to information of a child or young person, HLC/LTTM will take a practical approach and consider whether the child or young person's guardians/parents are acting as their representative.

    • There is a specific ground to withhold and refuse a request made by or on behalf of a child/young person under 16, where the release of the information would be contrary to that child's interests.

    • All disclosures of information shall be made in accordance with the relevant clauses in this policy.

    • HLC/LTTM will not keep client / student information longer than it’s needed and will be destroyed by confidential and secure document disposal.

  • HLC/LTTM will appoint a Privacy Officer who is responsible for:

    • Understand the principles of the Privacy Act

    • Ensuring that HLC/LTTM complies with the Act

  • Any data breaches will be treated using best practice and according to the law. All breaches or near misses will be reported to the Privacy Officer to:

    • Contain the breach and make a first assessment

    • Evaluate the risks

    • Notify affected people if necessary along with the Privacy Commissioner

    • Prevent a repeat

  • All HLC/LTTM Board members and paid or voluntary workers will ensure that the confidentiality of information is maintained as per the contracts and policies of HLC/LTTM.

    Training for all staff (employees, contractors and volunteers) will be provided on HLC/L TTM privacy policy and procedure.