Data Safety:
Protecting your NDIS Participant’s Data

As the country experiences its biggest leak of personal information by an organisation, conversations are increasing around what data is being stored, how it is being stored, and if it should be stored.

This raises some big questions in the disability world, as providers are privy to high-level information including confidential child safety and judicial documentation. How are NDIS Providers keeping the personal health information and data they store protected, and are they collecting more information than is needed?

Australia is in for a policy shake-up by the government looking to impose stronger penalties on companies and persons failing to protect the information of customers. So, what can NDIS Providers do to better protect the data they hold? Understanding your data and storage is the starting point, conduct a review of your current Privacy and Information management systems including:

  • Identifying, assessing the risk, and classifying the various type of data you store including NDIS Participants, workforce, and business information.
  • Identification and assessment of all information and data storage points, both physical and digital. looking at all subscription services such as Gmail, Microsoft Office, Facebook, Website hosting, storage devices such as computers, mobile phones, removable storage, and tablet devices.
  • Identifying high-risk activities where controls are not in place, such as the use of personal or non-encrypted devices to access participant information, weak passwords, or Multi-Factor Authentication (MFA) not implemented.
  • Assessment of data access, retention, and monitoring controls, have files been deleted, or accessed without approval?

Understanding what and how you use the data you store; will help you develop strategies that are best aligned with your business. Whether that be simply implementing MFA or upgrading and transferring your data to a more secure system. Now more than ever it is vital to invest time and resources into protecting the information and data you store as a NDIS Provider.

For new NDIS Providers and Independent Support Workers planning your information management strategy should be a strong focus when commencing your business. There are lots of great free app’s on the world wide web but do your due diligence, how the information you put on these is stored and accessed is not always secure.

Need help? Book a call at a time that suits you