JavaScript is required

Handling information sharing and risk assessment complaints

Types of complaints approved organisations may receive under the information sharing schemes and record keeping requirements.

Information Sharing Entities (ISEs) should update their existing complaints policies and procedures to receive complaints in relation to the Family Violence Information Sharing Scheme and the Child Information Sharing Scheme (the Schemes).

Complaints about how an organisation is applying the Schemes should be made to the organisation in the first instance. ISEs should have policies in place about how to respond to privacy complaints, as well as any other complaints about decisions made by the organisations regarding information sharing.

Privacy complaints may also be made to the Office of the Victorian Information Commissioner or the Health Complaints Commissioner in relation to any interference with privacy as a result of information sharing.

For organisations that are subject to Commonwealth privacy laws, complaints may also be made to the Office of the Australian Information Commissioner.

These policies and procedures should be made available so that clients are aware of their right to make a complaint.

Types of complaints

ISEs may receive complaints from:

Individuals in relation to privacy breaches

For example, if the ISE has:

  • misidentified an adult victim survivor as a perpetrator and shared information about them without consent
  • shared information that is not relevant to the purpose for which it was shared

Other ISEs in relation to how the ISE is sharing information under the Schemes

For example, an ISE may make a complaint about:

  • another ISE refusing to share relevant information that should be shared
  • the timeliness of responses

When updating complaints policies and procedures ISEs should:

  • consider whether affected individuals should be notified of possible privacy breaches, how that privacy breach should be dealt with given the nature of the breach, and any relevant risk factors associated with the breach
  • consider any relevant existing Memorandum of Understanding or agreements with other services that should be followed when resolving complaints
  • consider the nature of the complaint and the best way to address the complainant’s concerns, particularly the different approaches that may be relevant where the complaint is from a client or another organisation
  • ensure that there are appropriately authorised and trained personnel to investigate complaints
  • consider whether an external mediator should be used to resolve some complaints
  • provide advice on expectations for how complainants should be treated, including:
  • reassurance that the complaint is being treated seriously
  • that the nature of the complaint is understood
  • that the complainant will be kept up to date about the progress of the complaint
  • provide advice on proposed responses to complaints (e.g. apology, changes in operational
  • practices, change in organisational policies and procedures to address systemic issues, compensation, upskilling of staff in identified areas)
  • consider the timeliness of responding to complaints, taking into account the nature of the complaint and any risk factors, and provide guidance on the expected timeframes that the organisation should respond to complaints
  • ensure protocols are in place for how a complainant should be notified of an outcome
  • ensure that the policies and procedures allow for complainants to respond to a decision
  • ensure that there is a process for referring any unresolved complaint to the relevant Commissioner
  • ensure that record keeping obligations in relation to complaints are included

Record keeping

The following information must be recorded if a complaint is received under the Schemes:

  • date the complaint was made and received
  • nature of the complaint
  • action taken to resolve the complaint
  • action taken to lessen or prevent the issue from recurring
  • time take to resolve the complaint
  • if the complaint was not resolved, further action that was taken