5. Information management

Information management in the Child Link Secretary's Guidelines.

On this page

Identifiable information

Creating and maintaining entries

The information in Child Link is firstly extracted from the legislated source systems into the Master Data Management layer of the Child Link system. The information is then matched and merged through a sophisticated process which involves taking data from the source systems, finding possible duplicates or identical matches, and then merges these records (where required) to create an aggregated copy of the record. Once this record is completed, the information is displayed on Child Link in the form of the child’s entry.

When updates to relevant information are made in source systems, Child Link is also updated in accordance with Part 7A of the Child Wellbeing and Safety Act. The information that may be displayed on Child Link is set out in Section 1 and any restrictions which may apply to the information is set out in Section 4.

There may be instances where a decision is made that information about a child or person with parental responsibility or day-to-day care of a child, is not to be recorded on Child Link. The DE Secretary (or a delegate of the DE Secretary) may determine that information is not to be recorded on Child Link for any reason. It is anticipated that the DE Secretary (or a delegate of the DE Secretary) would only exercise this power in exceptional circumstances, such as where the recording of information on Child Link would cause a risk of harm to the wellbeing and safety of children and the recording of the information would not be in accordance with the objectives of Child Link.

Security and privacy

Security and privacy are core to the design of Child Link, and safeguards are in place to protect information. The information on Child Link is managed and stored in accordance with strict security protocols. Child Link adheres to relevant privacy and data security law in Victoria, including the Privacy and Data Protection Act 2014, the Health Records Act 2001 and the Victorian Protective Data Security Standards.

Intersections with the Privacy and Data Protection Act 2014

Child Link and CISS operate in conjunction with privacy law. Child Link Users are required to handle personal information and unique identifiers in accordance with the Privacy and Data Protection Act 2014, or in accordance with the Privacy Act 1988 where that Act applies to them.

Certain exemptions apply to the Information Privacy Principles and Health Privacy Principles in relation to Child Link, as provided in section 15B of the Privacy and Data Protection Act 2014. Specifically:

  • Child Link and Child Link Users are not obliged to collect personal or health information about an individual directly from that person (as might otherwise be required under Information Privacy Principle 1.4 or Health Privacy Principle 1.3). Child Link extracts information directly from existing source systems and provides this in a consolidated manner to Child Link Users.
  • Child Link is not obliged to notify a person that their information has been collected from a source system, and Child Link Users are not obliged to notify a person that their information has been collected from Child Link (as might otherwise be required under Information Privacy Principle 1.5 or Health Privacy Principle 1.5).
  • Child Link and Child Link Users are not obliged to obtain consent from any person before collecting information, including ‘sensitive information’ for the purposes of Information Privacy Principle 10.1 (such as information about a person’s racial or ethnic origin), if the collection, use and/or disclosure of the information is in accordance with the purpose of Child Link. The purposes in which a Child Link User may collect, use and/or disclose information on Child Link is summarised at Appendix B.

Secure access

Access to confidential information about Victorian children on Child Link must be accompanied by a degree of responsibility and thoughtful consideration of information security and data management. Child Link features strong security measures to ensure only authorised users access Child Link. In addition to a service-based email address and password required for log in, Child Link uses Multi-Factor Authentication. This is the process where a Child Link User is required to provide an additional piece of evidence to verify their identity to gain access to Child Link. It is the responsibility of each Child Link User to ensure Child Link is accessed and used safely and appropriately at all times.

Access to personal information

People may seek access to information held about them under privacy and freedom of information (FOI) laws. Under Information Privacy Principle 6, Health Privacy Principle 6 or the Privacy Act 1988, an organisation that holds personal information about an individual, such as a child or parent, must provide the individual with access to their information on request.

Information on how to contact Child Link can be found under the heading Contact Us below. More information on Child Link can be found at Child Link.

There are a range of exemptions that apply under Information Privacy Principle 6 and Health Privacy Principle 6 that may limit access to personal information. The DE Secretary may also refuse to give an individual access to their own confidential information on Child Link if they believe on reasonable grounds that giving the individual access to the information would increase a risk to the safety of a child or group of children.

Similar exemptions and limitations to the access of personal information apply to information sharing entities under CISS.

Any person may make a request to access information under the Freedom of Information Act 1982. However, a document does not have to be disclosed if it would involve the unreasonable disclosure of information relating to the personal affairs of a person (including a deceased person).

When deciding whether providing a document to a person would meet this exemption, the DE Secretary (in relation to Child Link) and/or relevant information sharing entity (on behalf of the Child Link User) must take into account whether disclosure of that information would increase the risk to the safety of a child or group of children. Organisations and services should ensure that relevant business areas responding to FOI requests are aware of the child safety risk exemption and are trained to identify child safety risk.

De-identified information

De-identified information is confidential information that no longer relates to an identifiable individual or an individual who can be reasonably identified. Only the information that can be included in Child Link in relation to a child (set out in section 46D of the Child Wellbeing and Safety Act) may be used for de-identified information.

Under section 46O of the Child Wellbeing and Safety Act, de-identified information derived from Child Link may be provided for the purposes of developing, planning, and reviewing policies, programs, and services to:

  • an employee of, or person engaged by the Secretary to DE
  • an employee of, or person engaged by the Secretary to the Department of Health
  • an employee of, or person engaged by the Secretary to the Department of Families, Fairness and Housing.

De-identified information from Child Link will enable longitudinal studies to inform effective and responsive policy and program design, evaluation, and planning. This information will be made available through specific de-identified reports which will be developed in coordination with the relevant departments noted above, and their requirements in developing, planning, and reviewing future policies, programs, and services.

Access to a child’s information on Child Link will be removed from all Child Link Users if the child dies, or after the child has turned 18 and is no longer enrolled in a registered school or registered for home schooling. The Public Records Act 1973 applies to the disposal and archiving of information on Child Link, including information about children and adults.

Contact us

For more information on Child Link, please contact the Department of Education via:

Updated

Back to top