Data Sharing policies, practices and procedures
Attention: Freedom of Information Officer
Dear Sir/Madam,
Re: Freedom of Information Request
I am writing to make a request under the Freedom of Information Act 1982 for access to documents related to the National Disability Insurance Scheme (NDIS) and its data sharing policies, practices, and procedures, particularly as they pertain to participants and citizens.
Specifically, I am requesting the following:
1. Legal Framework
- Copies of any laws, regulations, or policies that govern data collection and sharing within the NDIS.
2. Data Types
- A list of all types of data that are collected from NDIS participants, including but not limited to personal, financial, and health information.
3. Consent Mechanism
- Documents explaining the consent mechanisms in place for data collection and sharing, including forms that participants are required to sign.
4. Data Usage
- Information on how the collected data is used, including any third-party sharing arrangements.
5. Security Measures
- Documents outlining the security measures in place to protect the data of NDIS participants.
6. Ethical Considerations
- Any internal guidelines or policies on the ethical considerations surrounding data collection and sharing.
7. Third-Party and International Entity Information Sharing
- A comprehensive list of all entities and third parties, either located overseas or international entities, with whom NDIS shares information.
8. Ethical and Legal Responsibility for Data Breaches
- Information on who is ethically and legally responsible for data breaches within the NDIS.
9. Data Protection Measures
- Details on what is being done to ensure that privacy and data are protected and safe.
10. Compensation Plans
- Information on what will be done to compensate victims in the event of a data breach.
I am currently on a disability pension and cannot afford to pay any fees associated with this request. Therefore, I kindly request that any fees be waived, as the information I am requesting is of significant public interest.
Please process this request as a matter of urgency. I look forward to your prompt response within the statutory time frame of 30 days, as stipulated by the Freedom of Information Act 1982. I'd like to receive the response and documentation on the Right to Know website as attachments, please.
If my request is denied in whole or in part, I ask that you justify all deletions by reference to specific exemptions of the act. I will also expect you to release all segregable portions of otherwise exempt material.
Thank you for your attention to this matter.
Sincerely,
Renee
Thank you for your email to the National Disability Insurance Agency
(NDIA) Freedom of Information (FOI) team.
If your email relates to an FOI application made under the
Commonwealth Freedom of Information Act 1982 (FOI Act), we will respond to
you as soon as practicable.
This email address is for applications under the FOI Act only. Our team is
unable to respond to non-FOI related enquiries sent to this email address.
Any correspondence received that is not related to an FOI request will not
be responded to or forwarded.
Please be aware: due to a high volume of requests, our ability to respond
to you in a timely manner has been affected. However, we will action your
request as soon as possible. In addition, we are currently experiencing
delays in processing FOI requests. As a result, whilst we will endeavour
to process your matter within the [1]legislative deadlines, we may need to
ask for an extension of time. We appreciate your understanding if this is
required.
The NDIA has a number of other ways to access the documents and
information that we hold. Please visit our [2]Access to
Information webpage to find out more about accessing information
through:
o The [3]myplace portal for participants
o The [4]myplace portal for providers
o The [5]Participant Information Access (PIA) scheme
o The [6]Information Publication Scheme (IPS)
You can also request data and statistics outside of the FOI Act. Please
visit our [7]Data and insights webpage page for further information.
Information about how to make an FOI request can be found on our
website: [8]Freedom of Information | NDIS. The FOI Act sets out the
criteria that must be met for a request to be considered. The request you
send us must:
o be in writing
o state that the request is an application for the purposes of the FOI
Act
o provide enough information to allow us to identify the documents you
are requesting
o provide an address for reply, either electronic or hard copy.
If you have questions about making an FOI request, or to enquire about a
current FOI request, please email us with your preferred contact method
and an FOI Decision Maker will contact you.
Should you have a query unrelated to FOI, please contact the Agency by
email at [9][email address] or via webchat at [10]NDIA Web Chat
(ndis.gov.au). Alternatively, you can also contact us by phoning 1800 800
110.
Kind regards
Freedom of Information Team
Parliamentary, Ministerial and FOI Branch
Government Division
National Disability Insurance Agency
E: [11][NDIA request email]
References
Visible links
1. https://www.ndis.gov.au/about-us/policie...
2. https://www.ndis.gov.au/about-us/policie...
3. https://www.ndis.gov.au/participants/usi...
4. https://www.ndis.gov.au/providers/workin...
5. https://www.ndis.gov.au/about-us/policie...
6. https://www.ndis.gov.au/about-us/policie...
7. https://data.ndis.gov.au/
8. https://www.ndis.gov.au/about-us/policie...
9. mailto:[email address]
10. https://nccchat.ndis.gov.au/i3root/
11. mailto:[NDIA request email]
Dear National Disability Insurance Agency,
I'm waiting on a non automated response?
Yours faithfully,
Renee
Dear National Disability Insurance Agency,
By law, under all circumstances, the authority should have responded by now to my FOI request in regards to Data Sharing policies, practices and procedures'
Yours faithfully,
Renee
Thank you for your email to the National Disability Insurance Agency
(NDIA) Freedom of Information (FOI) team.
If your email relates to an FOI application made under the
Commonwealth Freedom of Information Act 1982 (FOI Act), we will respond to
you as soon as practicable.
This email address is for applications under the FOI Act only. Our team is
unable to respond to non-FOI related enquiries sent to this email address.
Any correspondence received that is not related to an FOI request will not
be responded to or forwarded.
Please be aware: due to a high volume of requests, our ability to respond
to you in a timely manner has been affected. However, we will action your
request as soon as possible. In addition, we are currently experiencing
delays in processing FOI requests. As a result, whilst we will endeavour
to process your matter within the [1]legislative deadlines, we may need to
ask for an extension of time. We appreciate your understanding if this is
required.
The NDIA has a number of other ways to access the documents and
information that we hold. Please visit our [2]Access to
Information webpage to find out more about accessing information
through:
o The [3]myplace portal for participants
o The [4]myplace portal for providers
o The [5]Participant Information Access (PIA) scheme
o The [6]Information Publication Scheme (IPS)
You can also request data and statistics outside of the FOI Act. Please
visit our [7]Data and insights webpage page for further information.
Information about how to make an FOI request can be found on our
website: [8]Freedom of Information | NDIS. The FOI Act sets out the
criteria that must be met for a request to be considered. The request you
send us must:
o be in writing
o state that the request is an application for the purposes of the FOI
Act
o provide enough information to allow us to identify the documents you
are requesting
o provide an address for reply, either electronic or hard copy.
If you have questions about making an FOI request, or to enquire about a
current FOI request, please email us with your preferred contact method
and an FOI Decision Maker will contact you.
Should you have a query unrelated to FOI, please contact the Agency by
email at [9][email address] or via webchat at [10]NDIA Web Chat
(ndis.gov.au). Alternatively, you can also contact us by phoning 1800 800
110.
Kind regards
Freedom of Information Team
Parliamentary, Ministerial and FOI Branch
Government Division
National Disability Insurance Agency
E: [11][NDIA request email]
References
Visible links
1. https://www.ndis.gov.au/about-us/policie...
2. https://www.ndis.gov.au/about-us/policie...
3. https://www.ndis.gov.au/participants/usi...
4. https://www.ndis.gov.au/providers/workin...
5. https://www.ndis.gov.au/about-us/policie...
6. https://www.ndis.gov.au/about-us/policie...
7. https://data.ndis.gov.au/
8. https://www.ndis.gov.au/about-us/policie...
9. mailto:[email address]
10. https://nccchat.ndis.gov.au/i3root/
11. mailto:[NDIA request email]
Dear National Disability Insurance Agency,
Please pass this on to the person who conducts Freedom of Information reviews.
I am writing to request an internal review of National Disability Insurance Agency's handling of my FOI request 'Data Sharing policies, practices and procedures'.
A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/d...
Yours faithfully,
Renee
Dear National Disability Insurance Agency,
Please pass this on to the person who conducts Freedom of Information reviews.
I am writing to request an internal review of National Disability Insurance Agency's handling of my FOI request 'Data Sharing policies, practices and procedures'.
By law, under all circumstances, the authority should have responded by now to my FOI request in regards to Data Sharing policies, practices and procedures'
A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/d...
Yours faithfully,
Renee
Thank you for your email to the National Disability Insurance Agency
(NDIA) Freedom of Information (FOI) team.
Reduced Activity Period
The NDIA have a Reduced Activity Period from Saturday 23 December 2023 to
Monday 1 January 2024.
Therefore, any enquiries received between these dates will be responded to
after Tuesday 2 January 2024.
Please note: due to a high volume of requests, our ability to respond to
you in a timely manner may be affected.
We will action your request as soon as possible and will endeavour to
process your matter within the legislative deadlines. We may need to seek
your agreement to an extension of time. We appreciate your understanding
if this is required.
Participant Information
Did you know the NDIA has other ways to access the documents and
information that we hold?
Participants, Guardians and Nominees can obtain copies of some participant
information through our National Contact Centre (NCC). For more
information about what’s available through the NCC, please contact 1800
800 110.
Please visit our [1]Access to Information webpage to find out more about
accessing information through:
* The [2]Participant Information Access (PIA) scheme
* The [3]Information Publication Scheme (IPS)
* The [4]myplace portal for participants
* The [5]myplace portal for providers
Access to Data
You can also request data and statistics. Please visit our [6]Data and
insights webpage page for further information.
If you are able to obtain your information from a source listed above, you
can withdraw your FOI request by emailing [7][NDIA request email]
Further Information
Information about how to make an FOI request can be found on our website:
[8]Freedom of Information
Should you have a query unrelated to FOI, please contact the Agency by
email at [9][email address] or via webchat at [10]ndis.gov.au.
Alternatively, you can also contact us by phoning 1800 800 110.
Kind regards
Freedom of Information Team
Parliamentary, Ministerial and FOI Branch
Government Division
National Disability Insurance Agency
E: [NDIA request email]
References
Visible links
1. https://www.ndis.gov.au/about-us/policie...
https://www.ndis.gov.au/about-us/policie...
2. https://www.ndis.gov.au/about-us/policie...
https://www.ndis.gov.au/about-us/policie...
3. https://www.ndis.gov.au/about-us/policie...
https://www.ndis.gov.au/about-us/policie...
4. https://www.ndis.gov.au/participants/usi...
https://www.ndis.gov.au/participants/usi...
5. https://www.ndis.gov.au/providers/workin...
https://www.ndis.gov.au/providers/workin...
6. https://data.ndis.gov.au/
https://data.ndis.gov.au/
7. mailto:[NDIA request email]
mailto:[NDIA request email]
8. https://www.ndis.gov.au/about-us/policie...
https://www.ndis.gov.au/about-us/policie...
9. mailto:[email address]
mailto:[email address]
10. https://www.ndis.gov.au/
https://www.ndis.gov.au/
Dear National Disability Insurance Agency,
I have been attempting to get a response in relation to this request since September this just isn't good enough
Yours faithfully,
Renee
Dear Renee
Thank you for your request for information.
I apologise it is taking us longer than expected to process your
request.
We are contacting you to seek clarification on a small portion of your
request of your request.
Scope of your request
You have requested access to:
“1. Legal Framework
- Copies of any laws, regulations, or policies that govern data
collection and sharing within the NDIS.
2. Data Types
- A list of all types of data that are collected from NDIS
participants, including but not limited to personal, financial, and health
information.
3. Consent Mechanism
- Documents explaining the consent mechanisms in place for data
collection and sharing, including forms that participants are required to
sign.
4. Data Usage
- Information on how the collected data is used, including any
third-party sharing arrangements.
5. Security Measures
- Documents outlining the security measures in place to protect the
data of NDIS participants.
6. Ethical Considerations
- Any internal guidelines or policies on the ethical considerations
surrounding data collection and sharing.
7. Third-Party and International Entity Information Sharing
- A comprehensive list of all entities and third parties, either
located overseas or international entities, with whom NDIS shares
information.
8. Ethical and Legal Responsibility for Data Breaches
- Information on who is ethically and legally responsible for data
breaches within the NDIS.
9. Data Protection Measures
- Details on what is being done to ensure that privacy and data are
protected and safe.
10. Compensation Plans
- Information on what will be done to compensate victims in the event
of a data breach.”
We consider that points 8 and 10 of the FOI request are not a valid
request for access to documents under section 15(2)(b) of the FOI Act.
This is because the items do not provide sufficient information to enable
us to identify a document that may fall within the scope of the request.
The [1]FOI Guidelines explain that under the FOI Act, an applicant has a
right to access documents that are held by an agency, rather than to
information. The FOI Act also does not require an agency to create a
document in response to a request for access (paragraph 2.33).
However as a gesture of good faith the following links may be of value in
your search for information.
8. Ethical and Legal Responsibility for Data Breaches
- Information on who is ethically and legally responsible for data
breaches within the NDIS.
[2]Governance | NDIS
[3]National Disability Insurance Scheme Act 2013 (legislation.gov.au)
[4]Privacy guidance for organisations and government agencies | OAIC
10. Compensation Plans
- Information on what will be done to compensate victims in the event
of a data breach.
[5]What happens if we don’t follow these rules when we deal with your
information? | NDIS
To assist you further, should you wish to continue with your FOI
application, can I suggest you limit your request to documents that are in
existence, rather than answers to questions. I would be happy to contact
you should you like to provide me with a telephone number and suitable
times with a view to assisting with amending the scope of your request.
Alternatively, can you please respond to this email and advise me of how
you would like to progress your matter.
Next steps
If you are happy for us to proceed with your request as outlined above,
please let me know by 27 February 2024.
Please contact us at [6][NDIA request email] if you have any questions or
require help.
Kind regards
Cooper
Triage Officer/Senior FOI Officer
Governance, Risk & Legal – Complaints Management & FOI
Government Division
National Disability Insurance Agency
E [7][NDIA request email]
[8]NDIA logo
The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.
[9]Aboriginal and Torres Strait Islander flags graphic
Hi Renee
Please find attached correspondence in relation to your request. If you
require the attachment in a different format, please let us know.
Please contact us at [1][NDIA request email] if you have any questions or
require help.
Kind regards
Cooper
Senior Freedom of Information Officer
Parliamentary, Ministerial and FOI Branch
Government Division
National Disability Insurance Agency
E: [2][NDIA request email]
[3]Title: NDIS delivered by the National Disability Insurance Agency
[4]LGBTIQA+ rainbow graphic
The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.
[5]Aboriginal and Torres Strait Islander flags graphic
From: foi <[NDIA request email]>
Sent: Thursday, February 22, 2024 2:48 PM
To: '[FOI #10667 email]'
<[FOI #10667 email]>
Cc: foi <[NDIA request email]>
Subject: FOI 23/24-0279 – Your request for information – Revision of scope
[SEC=OFFICIAL]
Dear Renee
Thank you for your request for information.
I apologise it is taking us longer than expected to process your
request.
We are contacting you to seek clarification on a small portion of your
request of your request.
Scope of your request
You have requested access to:
“1. Legal Framework
- Copies of any laws, regulations, or policies that govern data
collection and sharing within the NDIS.
2. Data Types
- A list of all types of data that are collected from NDIS
participants, including but not limited to personal, financial, and health
information.
3. Consent Mechanism
- Documents explaining the consent mechanisms in place for data
collection and sharing, including forms that participants are required to
sign.
4. Data Usage
- Information on how the collected data is used, including any
third-party sharing arrangements.
5. Security Measures
- Documents outlining the security measures in place to protect the
data of NDIS participants.
6. Ethical Considerations
- Any internal guidelines or policies on the ethical considerations
surrounding data collection and sharing.
7. Third-Party and International Entity Information Sharing
- A comprehensive list of all entities and third parties, either
located overseas or international entities, with whom NDIS shares
information.
8. Ethical and Legal Responsibility for Data Breaches
- Information on who is ethically and legally responsible for data
breaches within the NDIS.
9. Data Protection Measures
- Details on what is being done to ensure that privacy and data are
protected and safe.
10. Compensation Plans
- Information on what will be done to compensate victims in the event
of a data breach.”
We consider that points 8 and 10 of the FOI request are not a valid
request for access to documents under section 15(2)(b) of the FOI Act.
This is because the items do not provide sufficient information to enable
us to identify a document that may fall within the scope of the request.
The [6]FOI Guidelines explain that under the FOI Act, an applicant has a
right to access documents that are held by an agency, rather than to
information. The FOI Act also does not require an agency to create a
document in response to a request for access (paragraph 2.33).
However as a gesture of good faith the following links may be of value in
your search for information.
8. Ethical and Legal Responsibility for Data Breaches
- Information on who is ethically and legally responsible for data
breaches within the NDIS.
[7]Governance | NDIS
[8]National Disability Insurance Scheme Act 2013 (legislation.gov.au)
[9]Privacy guidance for organisations and government agencies | OAIC
10. Compensation Plans
- Information on what will be done to compensate victims in the event
of a data breach.
[10]What happens if we don’t follow these rules when we deal with your
information? | NDIS
To assist you further, should you wish to continue with your FOI
application, can I suggest you limit your request to documents that are in
existence, rather than answers to questions. I would be happy to contact
you should you like to provide me with a telephone number and suitable
times with a view to assisting with amending the scope of your request.
Alternatively, can you please respond to this email and advise me of how
you would like to progress your matter.
Next steps
If you are happy for us to proceed with your request as outlined above,
please let me know by 27 February 2024.
Please contact us at [11][NDIA request email] if you have any questions or
require help.
Kind regards
Cooper
Triage Officer/Senior FOI Officer
Governance, Risk & Legal – Complaints Management & FOI
Government Division
National Disability Insurance Agency
E [12][NDIA request email]
[13]NDIA logo
The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.
[14]Aboriginal and Torres Strait Islander flags graphic
Dear Renee
Thank you for your request for information.
Please find attached correspondence and documents in relation to your
request. If you require this in a different format, please let us know.
Please contact us at [1][NDIA request email] if you have any questions or
require help.
Thank you.
Kind regards
Cooper
Triage Officer/Senior FOI Officer
Governance, Risk & Legal – Complaints Management & FOI
Government Division
National Disability Insurance Agency
E [2][NDIA request email]
[3]NDIA logo
The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.
[4]Aboriginal and Torres Strait Islander flags graphic
From: foi <[NDIA request email]>
Sent: Wednesday, February 28, 2024 3:56 PM
To: '[FOI #10667 email]'
<[FOI #10667 email]>
Cc: foi <[NDIA request email]>
Subject: FOI 23/24-0279 – Communication - Request consultation process
[SEC=OFFICIAL]
Hi Renee
Please find attached correspondence in relation to your request. If you
require the attachment in a different format, please let us know.
Please contact us at [5][NDIA request email] if you have any questions or
require help.
Kind regards
Cooper
Senior Freedom of Information Officer
Parliamentary, Ministerial and FOI Branch
Government Division
National Disability Insurance Agency
E: [6][NDIA request email]
[7]Title: NDIS delivered by the National Disability Insurance Agency
[8]LGBTIQA+ rainbow graphic
The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.
[9]Aboriginal and Torres Strait Islander flags graphic
From: foi <[10][NDIA request email]>
Sent: Thursday, February 22, 2024 2:48 PM
To: '[FOI #10667 email]'
<[11][FOI #10667 email]>
Cc: foi <[12][NDIA request email]>
Subject: FOI 23/24-0279 – Your request for information – Revision of scope
[SEC=OFFICIAL]
Dear Renee
Thank you for your request for information.
I apologise it is taking us longer than expected to process your
request.
We are contacting you to seek clarification on a small portion of your
request of your request.
Scope of your request
You have requested access to:
“1. Legal Framework
- Copies of any laws, regulations, or policies that govern data
collection and sharing within the NDIS.
2. Data Types
- A list of all types of data that are collected from NDIS
participants, including but not limited to personal, financial, and health
information.
3. Consent Mechanism
- Documents explaining the consent mechanisms in place for data
collection and sharing, including forms that participants are required to
sign.
4. Data Usage
- Information on how the collected data is used, including any
third-party sharing arrangements.
5. Security Measures
- Documents outlining the security measures in place to protect the
data of NDIS participants.
6. Ethical Considerations
- Any internal guidelines or policies on the ethical considerations
surrounding data collection and sharing.
7. Third-Party and International Entity Information Sharing
- A comprehensive list of all entities and third parties, either
located overseas or international entities, with whom NDIS shares
information.
8. Ethical and Legal Responsibility for Data Breaches
- Information on who is ethically and legally responsible for data
breaches within the NDIS.
9. Data Protection Measures
- Details on what is being done to ensure that privacy and data are
protected and safe.
10. Compensation Plans
- Information on what will be done to compensate victims in the event
of a data breach.”
We consider that points 8 and 10 of the FOI request are not a valid
request for access to documents under section 15(2)(b) of the FOI Act.
This is because the items do not provide sufficient information to enable
us to identify a document that may fall within the scope of the request.
The [13]FOI Guidelines explain that under the FOI Act, an applicant has a
right to access documents that are held by an agency, rather than to
information. The FOI Act also does not require an agency to create a
document in response to a request for access (paragraph 2.33).
However as a gesture of good faith the following links may be of value in
your search for information.
8. Ethical and Legal Responsibility for Data Breaches
- Information on who is ethically and legally responsible for data
breaches within the NDIS.
[14]Governance | NDIS
[15]National Disability Insurance Scheme Act 2013 (legislation.gov.au)
[16]Privacy guidance for organisations and government agencies | OAIC
10. Compensation Plans
- Information on what will be done to compensate victims in the event
of a data breach.
[17]What happens if we don’t follow these rules when we deal with your
information? | NDIS
To assist you further, should you wish to continue with your FOI
application, can I suggest you limit your request to documents that are in
existence, rather than answers to questions. I would be happy to contact
you should you like to provide me with a telephone number and suitable
times with a view to assisting with amending the scope of your request.
Alternatively, can you please respond to this email and advise me of how
you would like to progress your matter.
Next steps
If you are happy for us to proceed with your request as outlined above,
please let me know by 27 February 2024.
Please contact us at [18][NDIA request email] if you have any questions or
require help.
Kind regards
Cooper
Triage Officer/Senior FOI Officer
Governance, Risk & Legal – Complaints Management & FOI
Government Division
National Disability Insurance Agency
E [19][NDIA request email]
[20]NDIA logo
The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.
[21]Aboriginal and Torres Strait Islander flags graphic