JavaScript is required

Social Services Regulator privacy

The Social Services Regulator (the Regulator) is an independent statutory authority responsible for registering and regulating social service providers in Victoria. The Regulator collects, uses, discloses and stores personal, sensitive, health and commercially sensitive information in compliance with its obligations under relevant legislation, including the:

  • Social Services Regulation Act 2021
  • Privacy and Data Protection Act 2014
  • Health Records Act 2001
  • Public Records Act 1973

Any information provided to the Regulator is only used for the purpose/s intended and where the intention includes confidentiality, information will be treated as such unless otherwise required by law.

This page outlines the principles that guide the Regulator’s information collection and information sharing approach.

For more information, view our Interim Privacy Policy.

Social Services Regulator Interim Privacy Policy
Word 153.26 KB
(opens in a new window)

Information collection

Why we collect the information

The Regulator collects personal, sensitive, health and commercially sensitive information to assist in the performance of our statutory functions, which includes:

  • registering social service providers;
  • supporting, investigating, monitoring, and enforcing compliance with the Social Services Standards and Child Safe Standards analysis and reform;
  • reviews and inquiries;
  • investigating and responding to incidents that happened while a social service was being provided;
  • investigating the conduct of workers and carers and administering the Worker Carer Exclusion Scheme;
  • complaints handling;
  • sharing information to reduce regulatory burden;
  • responding to enquiries and correspondence; and
  • responding to requests under the Freedom of Information Act 1982.

The Regulator can collect information from individuals, social service providers and relevant agencies when conducting investigations, monitoring compliance with the Social Services Standards, and for the purposes of carrying out its other regulatory objects, functions and powers outlined under the Social Services Regulation Act 2021 (sections 7, 13 and 14).

The Regulator will collect an individual’s personal, sensitive or health information only where it is necessary for our functions and only by lawful and fair means that are not unreasonably intrusive.

How we collect the information

The Regulator collects personal, sensitive, health and commercially sensitive information from a number of different sources, including:

  • From social service providers. This can happen when social service providers report serious incidents to the Regulator, or when the Regulator is monitoring and investigating whether the services delivered by a social service provider are safe and comply with the Social Services Standards and Child Safe Standards (if applicable).
  • From other relevant agencies (including certain Regulators and government agencies) when authorised by law, sometimes in accordance with an information sharing agreement and/or a memorandum of understanding between the agencies (as outlined above).
  • From stakeholders or members of the public when we request information directly.
  • From stakeholders or members of the public when information is provided to us. This may happen when it is posted to our social media channels via a post, comment, poll entry or direct message.

When the Regulator collects this information, we take reasonable steps to ensure the information we hold is accurate, complete, up-to-date and relevant to our statutory functions, objects and powers. We use several procedural, physical and hardware safeguards, together with access controls and back-up systems to protect the information from misuse and loss, unauthorised access, modification, and disclosure.

Information sharing

Why do we need to share information?

The Regulator’s statutory functions include sharing information for the purposes of effectively using regulatory intelligence, coordinating government responses in relation to social services, and reducing regulatory burden (where appropriate).

The Social Services Regulation Act includes information sharing provisions which sets out a positive duty between the Regulator and relevant agencies and social service providers to share information in a collaborative way to ensure that safeguards are in place and that matters of safety and risks to service users are addressed with expediency and efficiency.

Information sharing, in accordance with the law, helps to:

  • support the safe delivery of social services;
  • ensure social service providers understand their role in protecting the rights of social service users;
  • allow the Regulator to monitor and enforce powers to respond to risks of harm effectively; and
  • improve information sharing between other regulators so they can identify and respond to any risks of harm to service users.

Guiding principles

The Regulator shares information with relevant agencies and social service providers in accordance with these guiding principles:

  1. The Regulator will only ask for information to be shared that is required to perform its statutory functions.
  2. The Regulator will provide a key organisational contact to enable information sharing under the information sharing protocol or memorandum of understanding.
  3. Reasonable, fair, timely and best interest of the service users recognised within the scope of the Social Services Regulation Act.
  4. The Regulator will monitor and enforce the legislative obligations on social service providers to ensure they share information to promote the safe delivery safety of social services and the safety and wellbeing of service users under the Social Services Regulation Act, Regulations and supporting guidance.
  5. The Regulator will ensure, as far as practicable, that information shared is accurate.
  6. The purpose for which the information is to be collected and shared will be clearly stated.
  7. Information will be exchanged in accordance with relevant laws, such as those relating to freedom of information, privacy, and human rights.
  8. The Regulator will only share information about individuals where there is a specific direct issue being worked on together. Where practicable, consent to share information will be sought from the individual or their legal guardian prior to sharing personal, sensitive or health information. Where possible, when sharing sensitive health or personal information, information will be de-identified.
  9. Where practicable, information will be shared in writing.

Use and disclosure

We only use or disclose personal, sensitive, health or commercially sensitive information for the purpose of our statutory functions and the exercise of our powers, or as otherwise required or authorised by law.

In addition to sharing information with relevant agencies and service providers as set out above, we may also disclose personal, sensitive, health or commercially sensitive information to a third party such as:

  • external service providers who we engage to assist us with our functions, e.g. external lawyer, economic advisor, auditor or third-party IT service providers;
  • another regulator or law enforcement agency;
  • courts and tribunals;
  • other government agencies;
  • a Royal Commission or ministerial inquiry; and
  • the public, if the personal information is required to be published in a register that can be searched by the public.

Storage and deletion

The Regulator takes reasonable steps to ensure the personal, sensitive, health and commercially sensitive information we hold is stored securely.

Secure storage includes ensuring that access to the information is strictly limited to those who need access the information to undertake their roles and responsibilities and for the performance of the Regulator’s functions.

Information will be destroyed or permanently de-identified if it is no longer needed for any purpose, in line with the Public Records Act 1973 requirements.

Access and correction

Individuals may request access to, or correction of, their personal, sensitive or health information that is in our possession.

If you would like to request correction of your personal, sensitive or health information please email enquiries@ssr.vic.gov.au.

If you would like to complete a Freedom of Information (FOI) request, please visit the Freedom of Information section of our website.

Our website

We use Google Analytics and other measurement software to help analyse how the site is used.

We also use cookies to make your site experience easier and more efficient. We do not use cookies to collect any personal information.

Feedback

We appreciate feedback. It enables us to evaluate our practices and improve our services. We understand the importance of creating a safe environment for your interactions with us. You have the option to provide feedback, whether it be a complaint, compliment, or general feedback. If you prefer, you can remain anonymous while doing so.

If you choose to provide your feedback anonymously, we:

  • may not be able to investigate your feedback fully.
  • will not be able to contact you if we need more information.
  • will not be able to let you know the outcome of your feedback.

Should you have any privacy queries, feedback, or a complaint about the way your information has been handled, please contact us at enquiries@ssr.vic.gov.au.

The Regulator undertakes to resolve privacy complaints and breaches in a timely and fair manner. However, should you not be satisfied with the Regulators’ response to your privacy query or complaint, you may also contact:

  • the Office of the Victorian Information Commissioner in relation to personal or sensitive information (PO Box 24274 Melbourne VIC 3001 or by email to privacy@ovic.gov.vic.au); and/or
  • the Health Complaints Commissioner in relation to health information (https://hcc.vic.gov.au/make-complaint), or in person/by mail at Level 26, 570 Bourke Street, Melbourne Victoria 3000, or by phone at 1300 582 113).

Updated