Data Management and Security Policy

Data Management Policy for Compass Retreats

Purpose: The Data Management Policy establishes guidelines for the collection, storage, processing, and sharing of participant information within Compass Retreats. This policy aims to ensure compliance with relevant privacy laws and regulations, including the Australian Privacy Act 1988, while safeguarding the confidentiality, integrity, and availability of participant data.

Scope: This policy applies to all staff, clinicians, and contractors involved in the data management processes related to Compass Retreats.

1. Data Collection

Types of Data Collected: The Gateways Program may collect the following types of data:

Personal identification information (e.g., name, contact details)

Health information (e.g., medical history, psychological assessments)

Program participation details (e.g., attendance records, progress notes)

Informed Consent: All participants must provide informed consent prior to data collection, clearly understanding what data will be collected, the purpose of collection, and how data will be used.

2. Data Storage and Security

Secure Storage: All participant data must be stored in secure systems that protect against unauthorised access, loss, or damage. This may include the use of encrypted databases, secure servers, and limited access protocols.

Access Control: Access to participant data should be limited to authorised personnel only. Staff members will be granted access based on their role and responsibilities within the program.

Data Backup: Regular backups of all participant data must be performed to ensure data integrity and continuity in the event of a system failure or data loss.

3. Data Processing

Data Use: Participant data will only be processed for the purposes specified at the time of collection, such as:

Providing psychological services

Monitoring and evaluating program effectiveness

Complying with legal and ethical obligations

Data Minimisation: Only the minimum amount of information necessary for program operations will be collected and maintained.

4. Data Sharing

Confidentiality: Participant data must be kept confidential and will not be shared with external parties without explicit consent, except where required by law or in specific circumstances (e.g., reporting abuse or threats to safety).

Data Transfer: If sharing data with third parties (e.g., external consultants or researchers), ensure that appropriate agreements are in place to protect the confidentiality and integrity of the data.

5. Data Retention and Disposal

Data Retention Period: Participant data must be retained only for as long as necessary to fulfill the purposes for which it was collected or to meet legal, regulatory, or operational requirements.

Secure Disposal: When data is no longer needed, it must be disposed of securely to protect confidentiality. This may include securely deleting electronic files and shredding paper documents.

6. Participant Rights

Access to Data: Participants have the right to access their personal data upon request. The program will provide a mechanism for participants to request access to their information and respond within a reasonable timeframe.

Correction of Data: Participants may request corrections to their personal information if they believe it is inaccurate or incomplete.

8. Policy Review

This Data Management Policy will be reviewed annually or as necessary to ensure it remains current and compliant with changing laws, regulations, and best practices. Staff will be notified of any updates or revisions to the policy.

Conclusion: The Gateways Program is committed to protecting the privacy and confidentiality of participant data. By adhering to this Data Management Policy, we strive to ensure that all data is managed responsibly, securely, and in alignment with legal and ethical standards.