Coshg Home Page
Coshg  address
Starting A Group Workshops Resources Funding Group LinksGroups

Resources > Privacy


Does the new Privacy Legislation affect self help groups?

Having collected a bit of information from the government website [i] and from a workshop [ii] , I think that most groups will not be affected by the legislation. The main organisations affected by the legislation are :-

1. Those with a turn over of over 2 million, and

2. Health Service Providers.

Health Service is defined as:

(a) an activity performed in relation to an individual that is intended or claimed (expressly or otherwise) by the individual or the person performing it:

(i) to assess, record, maintain or improve the individual's health; or

(ii) to diagnose the individual's illness or disability; or

(iii) to treat the individual's illness or disability or suspected illness or disability; or

(b) the dispensing on prescription of a drug or medicinal preparation by a pharmacist.

I think that the groups most likely to be affected will be those under the umbrella of a large health organisation, such as a hospital. These groups will probably receive guidelines from their umbrella organisation. The topic of Privacy and groups that are affiliated with an umbrella organisation was discussed at a recent meeting of the Self Help Workers Group.

Other groups can be thankful not to be burdened with the extra paper work that many organisations are doing in connection with Privacy. Self help groups that are not legally required to comply with this legislation, might still be interested in considering the issue and thinking about common-sense things that small groups can do to protect people's privacy.

The following is a summary of the ten National Privacy Principles. (It is only a summary, not legal information [iii] )

1 Collection You must collect personal information only if it is necessary and in a way which is legal and fair . When collecting, you need to let the individual know: who is collecting why the information is collected how it will be used that they have a right of access to it whether you collect it directly or indirectly. Ideally you must be collect personal information directly from the individual. If you collect it indirectly you must still let the individual know.

2 Disclosure You must only use information for the primary purpose for which it was collected. You may use information for a secondary purpose in limited circumstances, subject to strict limits on use for direct marketing .

3 Data Quality You must take reasonable steps to keep information accurate, complete and up to date.

4 Data Security You must take reasonable steps to protect against misuse, loss or unauthorised access. You must destroy or de-identify information if it is no longer needed.

5 Openness You must be open about your information handling practices and have this information available for the public on request.

6 Access for individuals You must give access to an individual's record of personal information unless an exception applies. You must provide reasons if you deny access. You must take reasonable steps to correct a record if the information in it is incorrect. Alternatively, you must, if requested, record a statement on the record that the individual says the information is wrong.

7 Identifiers You must not adopt, use or disclose an identifier that has been assigned by a Commonwealth government agency (e.g Medicare card numbers) You are able to collect these, but cannot use them, for example, to identify people on your database.

8 Anonymity Where it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with you.

9 Transborder Data Flows You can only transfer personal information to someone (other than your organisation or the individual) in a foreign country in specific circumstances

10 Sensitive Information You can only collect sensitive information in specific circumstances. There is a definition of 'sensitive information'.

For self help groups that are not covered by the legislation but are wanting to be responsible about protecting the privacy of people involved with the group, I think there are three groups of people to consider:-

1. Group members

2. People who enquire about the group (including prospective members)

3. Contact people (ie members who receive enquiries about the group from the public)

1. Protecting group members

Within self help groups, it is common to find a range of attitudes to the particular condition/ problem/ issue that the group is dealing with. Some members of the group may be very open about it, and their openness can be a powerful way to reduce stigma and ignorance. Other members may be extremely anxious to protect their secret (from relatives, employers, etc). It's useful to be aware of the different attitudes within the group, so that members do not accidentally cause distress to people who are less open than they are. People who want something kept confidential may save themselves angst by mentioning at the time when they speak of the matter that it is confidential. This serves as a clarification or reminder to everyone present.

A couple of examples of varying attitudes in groups:-

- A gay rights group sent out their news sheet with the group's name on the wrapper. Some members wanted the news sheets in plain envelopes.

- A separated person who joined a singles self help group and then went back to a jealous spouse, wanted NO MORE contact from the group.

Confidentiality can be a big issue in country towns or other small communities (e.g. ethnic minorities). Some people do not tell their families or friends that they are in a self help group. Group members may need to discuss what they will do if they meet each other in the street or other public places.

If a group has a rule that what is said in support meetings is to remain confidential, it may be necessary to ensure that everyone aggress on what this means, as different groups have different definitions of 'confidential'. Does it mean that you can talk about what happened in the group, as long as you don't mention names? Or does it mean that you do not ever refer to anything that was said, even among the people who were there?

2. Protecting people who contact the group (members of the public and potential group members)

People who take phone calls for the group may need to arrange to take the calls in a part of the house where there is reasonable privacy. When returning calls and leaving messages, this can be done without identifying what the group is about, for example, 'This is Sally, returning your call from this morning. If you would like to call again, I will be here till 5 o'clock today'.. (You never know who may hear the message.)

If the people taking enquiries write down names, addresses, etc, of people who call, they can clarify what this information is to be used for. For example, they might ask 'Would you like to be on the mailing list for our quarterly news sheet?' Membership lists, phone-tree lists and so on should be updated frequently and have a date on them. Beware of using a list that someone else compiled, unless you know the list is up-to-date and appropriate for your purpose.

3. Protecting contact people (members who receive enquiries about the group from the public)

When group members take on this job, it needs to be clear what details they are prepared to make available to the public (their phone number, first name, family name, email, address?) and where this information will appear (on brochures, in directories, on the web?) When a person stops doing this job, can their name, phone number etc, be removed from public distribution?

4. Protecting relatives
Groups for partners, parents or children of people with a particular addiction/problem may need to take particular care to protect the confidentiality of the relatives who are not part of the group, but who may be referred to during support meetings.

I hope this makes sense. Any comments, ideas or information about privacy and self help groups would be welcome and will be added to this page..
Another thought: Some health self help groups do surveys of members or have questions on their membership forms about how the members are affected by the illness. If your group does this, you might consider including a statement telling people who is going to have access to the information  they give and how the information will be used.


[ii] A workshop on legal issues for community organisations was organised in November 2001 by Public Interest Clearing House and Allens Arthur Robinson. Handouts from this workshop are in the COSHG library.

[iii] Information is available from Office of the Federal Privacy Commissioner, Level 8 Piccadilly Tower 133 Castlereagh St Sydney 2000. Privacy Hotline 1300 363 992

If you have any information, ideas or questions, please contact COSHG,

Coshg email Coshg Home About Us Groups Index Self-Help Publications News Contact Us Site Map