Attention: Freedom of Information Officer

Dear Sir/Madam,

Re: Freedom of Information Request

I am writing to make a request under the Freedom of Information Act 1982 for access to documents related to the National Disability Insurance Scheme (NDIS) and its data sharing policies, practices, and procedures, particularly as they pertain to participants and citizens.

Specifically, I am requesting the following:

1. Legal Framework
- Copies of any laws, regulations, or policies that govern data collection and sharing within the NDIS.

2. Data Types
- A list of all types of data that are collected from NDIS participants, including but not limited to personal, financial, and health information.

3. Consent Mechanism
- Documents explaining the consent mechanisms in place for data collection and sharing, including forms that participants are required to sign.

4. Data Usage
- Information on how the collected data is used, including any third-party sharing arrangements.

5. Security Measures
- Documents outlining the security measures in place to protect the data of NDIS participants.

6. Ethical Considerations
- Any internal guidelines or policies on the ethical considerations surrounding data collection and sharing.

7. Third-Party and International Entity Information Sharing
- A comprehensive list of all entities and third parties, either located overseas or international entities, with whom NDIS shares information.

8. Ethical and Legal Responsibility for Data Breaches
- Information on who is ethically and legally responsible for data breaches within the NDIS.

9. Data Protection Measures
- Details on what is being done to ensure that privacy and data are protected and safe.

10. Compensation Plans
- Information on what will be done to compensate victims in the event of a data breach.

I am currently on a disability pension and cannot afford to pay any fees associated with this request. Therefore, I kindly request that any fees be waived, as the information I am requesting is of significant public interest.

Please process this request as a matter of urgency. I look forward to your prompt response within the statutory time frame of 30 days, as stipulated by the Freedom of Information Act 1982. I'd like to receive the response and documentation on the Right to Know website as attachments, please.

If my request is denied in whole or in part, I ask that you justify all deletions by reference to specific exemptions of the act. I will also expect you to release all segregable portions of otherwise exempt material.

Thank you for your attention to this matter.

Sincerely,
Renee

foi, National Disability Insurance Agency

Thank you for your email to the National Disability Insurance Agency
(NDIA) Freedom of Information (FOI) team.      

     

If your email relates to an FOI application made under the
Commonwealth Freedom of Information Act 1982 (FOI Act), we will respond to
you as soon as practicable.     

   

This email address is for applications under the FOI Act only. Our team is
unable to respond to non-FOI related enquiries sent to this email address.
Any correspondence received that is not related to an FOI request will not
be responded to or forwarded.    

   

Please be aware: due to a high volume of requests, our ability to respond
to you in a timely manner has been affected. However, we will action your
request as soon as possible. In addition, we are currently experiencing
delays in processing FOI requests. As a result, whilst we will endeavour
to process your matter within the [1]legislative deadlines, we may need to
ask for an extension of time. We appreciate your understanding if this is
required.   

   

The NDIA has a number of other ways to access the documents and
information that we hold. Please visit our [2]Access to
Information webpage to find out more about accessing information
through:   

o The [3]myplace portal for participants   
o The [4]myplace portal for providers   
o The [5]Participant Information Access (PIA) scheme   
o The [6]Information Publication Scheme (IPS)  

You can also request data and statistics outside of the FOI Act. Please
visit our [7]Data and insights webpage page for further information. 

Information about how to make an FOI request can be found on our
website: [8]Freedom of Information | NDIS. The FOI Act sets out the
criteria that must be met for a request to be considered. The request you
send us must:    

o be in writing    
o state that the request is an application for the purposes of the FOI
Act    
o provide enough information to allow us to identify the documents you
are requesting    
o provide an address for reply, either electronic or hard copy.     

If you have questions about making an FOI request, or to enquire about a
current FOI request, please email us with your preferred contact method
and an FOI Decision Maker will contact you.  

Should you have a query unrelated to FOI, please contact the Agency by
email at [9][email address] or via webchat at [10]NDIA Web Chat
(ndis.gov.au). Alternatively, you can also contact us by phoning 1800 800
110.   

Kind regards   

Freedom of Information Team  
Parliamentary, Ministerial and FOI Branch  
Government Division  
National Disability Insurance Agency  
E: [11][NDIA request email]     

 

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. https://www.ndis.gov.au/about-us/policie...
2. https://www.ndis.gov.au/about-us/policie...
3. https://www.ndis.gov.au/participants/usi...
4. https://www.ndis.gov.au/providers/workin...
5. https://www.ndis.gov.au/about-us/policie...
6. https://www.ndis.gov.au/about-us/policie...
7. https://data.ndis.gov.au/
8. https://www.ndis.gov.au/about-us/policie...
9. mailto:[email address]
10. https://nccchat.ndis.gov.au/i3root/
11. mailto:[NDIA request email]

hide quoted sections

Dear National Disability Insurance Agency,

I'm waiting on a non automated response?

Yours faithfully,

Renee

Dear National Disability Insurance Agency,
By law, under all circumstances, the authority should have responded by now to my FOI request in regards to Data Sharing policies, practices and procedures'

Yours faithfully,

Renee

foi, National Disability Insurance Agency

Thank you for your email to the National Disability Insurance Agency
(NDIA) Freedom of Information (FOI) team.      

     

If your email relates to an FOI application made under the
Commonwealth Freedom of Information Act 1982 (FOI Act), we will respond to
you as soon as practicable.     

   

This email address is for applications under the FOI Act only. Our team is
unable to respond to non-FOI related enquiries sent to this email address.
Any correspondence received that is not related to an FOI request will not
be responded to or forwarded.    

   

Please be aware: due to a high volume of requests, our ability to respond
to you in a timely manner has been affected. However, we will action your
request as soon as possible. In addition, we are currently experiencing
delays in processing FOI requests. As a result, whilst we will endeavour
to process your matter within the [1]legislative deadlines, we may need to
ask for an extension of time. We appreciate your understanding if this is
required.   

   

The NDIA has a number of other ways to access the documents and
information that we hold. Please visit our [2]Access to
Information webpage to find out more about accessing information
through:   

o The [3]myplace portal for participants   
o The [4]myplace portal for providers   
o The [5]Participant Information Access (PIA) scheme   
o The [6]Information Publication Scheme (IPS)  

You can also request data and statistics outside of the FOI Act. Please
visit our [7]Data and insights webpage page for further information. 

Information about how to make an FOI request can be found on our
website: [8]Freedom of Information | NDIS. The FOI Act sets out the
criteria that must be met for a request to be considered. The request you
send us must:    

o be in writing    
o state that the request is an application for the purposes of the FOI
Act    
o provide enough information to allow us to identify the documents you
are requesting    
o provide an address for reply, either electronic or hard copy.     

If you have questions about making an FOI request, or to enquire about a
current FOI request, please email us with your preferred contact method
and an FOI Decision Maker will contact you.  

Should you have a query unrelated to FOI, please contact the Agency by
email at [9][email address] or via webchat at [10]NDIA Web Chat
(ndis.gov.au). Alternatively, you can also contact us by phoning 1800 800
110.   

Kind regards   

Freedom of Information Team  
Parliamentary, Ministerial and FOI Branch  
Government Division  
National Disability Insurance Agency  
E: [11][NDIA request email]     

 

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. https://www.ndis.gov.au/about-us/policie...
2. https://www.ndis.gov.au/about-us/policie...
3. https://www.ndis.gov.au/participants/usi...
4. https://www.ndis.gov.au/providers/workin...
5. https://www.ndis.gov.au/about-us/policie...
6. https://www.ndis.gov.au/about-us/policie...
7. https://data.ndis.gov.au/
8. https://www.ndis.gov.au/about-us/policie...
9. mailto:[email address]
10. https://nccchat.ndis.gov.au/i3root/
11. mailto:[NDIA request email]

hide quoted sections

Dear National Disability Insurance Agency,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of National Disability Insurance Agency's handling of my FOI request 'Data Sharing policies, practices and procedures'.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/d...

Yours faithfully,

Renee

Dear National Disability Insurance Agency,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of National Disability Insurance Agency's handling of my FOI request 'Data Sharing policies, practices and procedures'.

By law, under all circumstances, the authority should have responded by now to my FOI request in regards to Data Sharing policies, practices and procedures'

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.righttoknow.org.au/request/d...

Yours faithfully,

Renee

foi, National Disability Insurance Agency

Thank you for your email to the National Disability Insurance Agency
(NDIA) Freedom of Information (FOI) team.
Reduced Activity Period
The NDIA have a Reduced Activity Period from Saturday 23 December 2023 to
Monday 1 January 2024.
Therefore, any enquiries received between these dates will be responded to
after Tuesday 2 January 2024.

Please note: due to a high volume of requests, our ability to respond to
you in a timely manner may be affected.
We will action your request as soon as possible and will endeavour to
process your matter within the legislative deadlines. We may need to seek
your agreement to an extension of time. We appreciate your understanding
if this is required.
Participant Information
Did you know the NDIA has other ways to access the documents and
information that we hold?

Participants, Guardians and Nominees can obtain copies of some participant
information through our National Contact Centre (NCC). For more
information about what’s available through the NCC, please contact 1800
800 110.
Please visit our [1]Access to Information webpage to find out more about
accessing information through:

* The [2]Participant Information Access (PIA) scheme
* The [3]Information Publication Scheme (IPS)
* The [4]myplace portal for participants   
* The [5]myplace portal for providers

Access to Data
You can also request data and statistics. Please visit our [6]Data and
insights webpage page for further information.
If you are able to obtain your information from a source listed above, you
can withdraw your FOI request by emailing [7][NDIA request email]

Further Information
Information about how to make an FOI request can be found on our website:
[8]Freedom of Information
Should you have a query unrelated to FOI, please contact the Agency by
email at [9][email address] or via webchat at [10]ndis.gov.au.
Alternatively, you can also contact us by phoning 1800 800 110.
Kind regards   

Freedom of Information Team  
Parliamentary, Ministerial and FOI Branch  
Government Division  
National Disability Insurance Agency  
E: [NDIA request email]    
**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. https://www.ndis.gov.au/about-us/policie...
https://www.ndis.gov.au/about-us/policie...
2. https://www.ndis.gov.au/about-us/policie...
https://www.ndis.gov.au/about-us/policie...
3. https://www.ndis.gov.au/about-us/policie...
https://www.ndis.gov.au/about-us/policie...
4. https://www.ndis.gov.au/participants/usi...
https://www.ndis.gov.au/participants/usi...
5. https://www.ndis.gov.au/providers/workin...
https://www.ndis.gov.au/providers/workin...
6. https://data.ndis.gov.au/
https://data.ndis.gov.au/
7. mailto:[NDIA request email]
mailto:[NDIA request email]
8. https://www.ndis.gov.au/about-us/policie...
https://www.ndis.gov.au/about-us/policie...
9. mailto:[email address]
mailto:[email address]
10. https://www.ndis.gov.au/
https://www.ndis.gov.au/

hide quoted sections

Dear National Disability Insurance Agency,

I have been attempting to get a response in relation to this request since September this just isn't good enough

Yours faithfully,

Renee

foi, National Disability Insurance Agency

2 Attachments

Dear Renee 

 

Thank you for your request for information. 

 

I apologise it is taking us longer than expected to process your
request.   

 

We are contacting you to seek clarification on a small portion of your
request of your request. 

 

Scope of your request 

You have requested access to: 

“1. Legal Framework

    - Copies of any laws, regulations, or policies that govern data
collection and sharing within the NDIS.

 

2. Data Types

    - A list of all types of data that are collected from NDIS
participants, including but not limited to personal, financial, and health
information.

 

3. Consent Mechanism

    - Documents explaining the consent mechanisms in place for data
collection and sharing, including forms that participants are required to
sign.

 

4. Data Usage

    - Information on how the collected data is used, including any
third-party sharing arrangements.

 

5. Security Measures

    - Documents outlining the security measures in place to protect the
data of NDIS participants.

 

6. Ethical Considerations

    - Any internal guidelines or policies on the ethical considerations
surrounding data collection and sharing.

 

7. Third-Party and International Entity Information Sharing

    - A comprehensive list of all entities and third parties, either
located overseas or international entities, with whom NDIS shares
information.

 

8. Ethical and Legal Responsibility for Data Breaches

 

    - Information on who is ethically and legally responsible for data
breaches within the NDIS.

 

9. Data Protection Measures

    - Details on what is being done to ensure that privacy and data are
protected and safe.

 

10. Compensation Plans

    - Information on what will be done to compensate victims in the event
of a data breach.”

 

We consider that points 8 and 10 of the FOI request are not a valid
request for access to documents under section 15(2)(b) of the FOI Act.
This is because the items do not provide sufficient information to enable
us to identify a document that may fall within the scope of the request.

The [1]FOI Guidelines explain that under the FOI Act, an applicant has a
right to access documents that are held by an agency, rather than to
information. The FOI Act also does not require an agency to create a
document in response to a request for access (paragraph 2.33).

 

However as a gesture of good faith the following links may be of value in
your search for information.

 

 

8. Ethical and Legal Responsibility for Data Breaches

    - Information on who is ethically and legally responsible for data
breaches within the NDIS.

[2]Governance | NDIS 

[3]National Disability Insurance Scheme Act 2013 (legislation.gov.au)

[4]Privacy guidance for organisations and government agencies | OAIC

 

 

10. Compensation Plans

    - Information on what will be done to compensate victims in the event
of a data breach.

[5]What happens if we don’t follow these rules when we deal with your
information? | NDIS

 

 

To assist you further, should you wish to continue with your FOI
application, can I suggest you limit your request to documents that are in
existence, rather than answers to questions. I would be happy to contact
you should you like to provide me with a telephone number and suitable
times with a view to assisting with amending the scope of your request.
Alternatively, can you please respond to this email and advise me of how
you would like to progress your matter.

 

Next steps 

If you are happy for us to proceed with your request as outlined above,
please let me know by 27 February 2024.   

Please contact us at [6][NDIA request email] if you have any questions or
require help. 

 

Kind regards 

 

 

Cooper

Triage Officer/Senior FOI Officer

Governance, Risk & Legal – Complaints Management & FOI

Government Division

National Disability Insurance Agency

E [7][NDIA request email]

[8]NDIA logo

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.

[9]Aboriginal and Torres Strait Islander flags graphic

 

 

 

 

-----Original Message-----

From: Renee <[10][FOI #10667 email]>

Sent: Wednesday, September 6, 2023 10:52 PM

To: foi <[11][NDIA request email]>

Subject: Freedom of Information request - Data Sharing policies, practices
and procedures

 

[You don't often get email from
[12][FOI #10667 email]. Learn why this is
important at [13]https://aka.ms/LearnAboutSenderIdentific... ]

 

Attention: Freedom of Information Officer

 

Dear Sir/Madam,

 

Re: Freedom of Information Request

 

I am writing to make a request under the Freedom of Information Act 1982
for access to documents related to the National Disability Insurance
Scheme (NDIS) and its data sharing policies, practices, and procedures,
particularly as they pertain to participants and citizens.

 

Specifically, I am requesting the following:

 

1. Legal Framework

    - Copies of any laws, regulations, or policies that govern data
collection and sharing within the NDIS.

 

2. Data Types

    - A list of all types of data that are collected from NDIS
participants, including but not limited to personal, financial, and health
information.

 

3. Consent Mechanism

    - Documents explaining the consent mechanisms in place for data
collection and sharing, including forms that participants are required to
sign.

 

4. Data Usage

    - Information on how the collected data is used, including any
third-party sharing arrangements.

 

5. Security Measures

    - Documents outlining the security measures in place to protect the
data of NDIS participants.

 

6. Ethical Considerations

    - Any internal guidelines or policies on the ethical considerations
surrounding data collection and sharing.

 

7. Third-Party and International Entity Information Sharing

    - A comprehensive list of all entities and third parties, either
located overseas or international entities, with whom NDIS shares
information.

 

8. Ethical and Legal Responsibility for Data Breaches

    - Information on who is ethically and legally responsible for data
breaches within the NDIS.

 

9. Data Protection Measures

    - Details on what is being done to ensure that privacy and data are
protected and safe.

 

10. Compensation Plans

    - Information on what will be done to compensate victims in the event
of a data breach.

 

I am currently on a disability pension and cannot afford to pay any fees
associated with this request. Therefore, I kindly request that any fees be
waived, as the information I am requesting is of significant public
interest.

 

Please process this request as a matter of urgency. I look forward to your
prompt response within the statutory time frame of 30 days, as stipulated
by the Freedom of Information Act 1982. I'd like to receive the response
and documentation on the Right to Know website as attachments, please.

 

If my request is denied in whole or in part, I ask that you justify all
deletions by reference to specific exemptions of the act. I will also
expect you to release all segregable portions of otherwise exempt
material.

 

Thank you for your attention to this matter.

 

Sincerely,

Renee

 

-------------------------------------------------------------------

 

Please use this email address for all replies to this request:

[14][FOI #10667 email]

 

Is [15][NDIA request email] the wrong address for Freedom of Information
requests to National Disability Insurance Agency? If so, please contact us
using this form:

[16]https://aus01.safelinks.protection.outlo...

 

This request has been made by an individual using Right to Know. This
message and any reply that you make will be published on the internet.
More information on how Right to Know works can be found at:

[17]https://aus01.safelinks.protection.outlo...

 

Please note that in some cases publication of requests and responses will
be delayed.

 

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

 

 

-------------------------------------------------------------------

 

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. https://www.oaic.gov.au/freedom-of-infor...
2. https://www.ndis.gov.au/about-us/governa...
3. https://www.legislation.gov.au/Details/C...
4. https://www.oaic.gov.au/privacy/privacy-...
5. https://ourguidelines.ndis.gov.au/how-nd...
6. mailto:[NDIA request email]
7. mailto:[NDIA request email]
10. mailto:[FOI #10667 email]
11. mailto:[NDIA request email]
12. mailto:[FOI #10667 email]
13. https://aka.ms/LearnAboutSenderIdentific...
14. mailto:[FOI #10667 email]
15. mailto:[NDIA request email]
16. https://www.righttoknow.org.au/change_re...
17. https://www.righttoknow.org.au/help/offi...

hide quoted sections

foi, National Disability Insurance Agency

5 Attachments

Hi Renee

 

Please find attached correspondence in relation to your request. If you
require the attachment in a different format, please let us know.

 

Please contact us at [1][NDIA request email] if you have any questions or
require help.

 

Kind regards

 

Cooper

Senior Freedom of Information Officer

Parliamentary, Ministerial and FOI Branch

Government Division

National Disability Insurance Agency

E: [2][NDIA request email]

[3]Title: NDIS delivered by the National Disability Insurance Agency

[4]LGBTIQA+ rainbow graphic

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.

[5]Aboriginal and Torres Strait Islander flags graphic

From: foi <[NDIA request email]>
Sent: Thursday, February 22, 2024 2:48 PM
To: '[FOI #10667 email]'
<[FOI #10667 email]>
Cc: foi <[NDIA request email]>
Subject: FOI 23/24-0279 – Your request for information – Revision of scope
[SEC=OFFICIAL]

 

Dear Renee 

 

Thank you for your request for information. 

 

I apologise it is taking us longer than expected to process your
request.   

 

We are contacting you to seek clarification on a small portion of your
request of your request. 

 

Scope of your request 

You have requested access to: 

“1. Legal Framework

    - Copies of any laws, regulations, or policies that govern data
collection and sharing within the NDIS.

 

2. Data Types

    - A list of all types of data that are collected from NDIS
participants, including but not limited to personal, financial, and health
information.

 

3. Consent Mechanism

    - Documents explaining the consent mechanisms in place for data
collection and sharing, including forms that participants are required to
sign.

 

4. Data Usage

    - Information on how the collected data is used, including any
third-party sharing arrangements.

 

5. Security Measures

    - Documents outlining the security measures in place to protect the
data of NDIS participants.

 

6. Ethical Considerations

    - Any internal guidelines or policies on the ethical considerations
surrounding data collection and sharing.

 

7. Third-Party and International Entity Information Sharing

    - A comprehensive list of all entities and third parties, either
located overseas or international entities, with whom NDIS shares
information.

 

8. Ethical and Legal Responsibility for Data Breaches

 

    - Information on who is ethically and legally responsible for data
breaches within the NDIS.

 

9. Data Protection Measures

    - Details on what is being done to ensure that privacy and data are
protected and safe.

 

10. Compensation Plans

    - Information on what will be done to compensate victims in the event
of a data breach.”

 

We consider that points 8 and 10 of the FOI request are not a valid
request for access to documents under section 15(2)(b) of the FOI Act.
This is because the items do not provide sufficient information to enable
us to identify a document that may fall within the scope of the request.

The [6]FOI Guidelines explain that under the FOI Act, an applicant has a
right to access documents that are held by an agency, rather than to
information. The FOI Act also does not require an agency to create a
document in response to a request for access (paragraph 2.33).

 

However as a gesture of good faith the following links may be of value in
your search for information.

 

 

8. Ethical and Legal Responsibility for Data Breaches

    - Information on who is ethically and legally responsible for data
breaches within the NDIS.

[7]Governance | NDIS 

[8]National Disability Insurance Scheme Act 2013 (legislation.gov.au)

[9]Privacy guidance for organisations and government agencies | OAIC

 

 

10. Compensation Plans

    - Information on what will be done to compensate victims in the event
of a data breach.

[10]What happens if we don’t follow these rules when we deal with your
information? | NDIS

 

 

To assist you further, should you wish to continue with your FOI
application, can I suggest you limit your request to documents that are in
existence, rather than answers to questions. I would be happy to contact
you should you like to provide me with a telephone number and suitable
times with a view to assisting with amending the scope of your request.
Alternatively, can you please respond to this email and advise me of how
you would like to progress your matter.

 

Next steps 

If you are happy for us to proceed with your request as outlined above,
please let me know by 27 February 2024.   

Please contact us at [11][NDIA request email] if you have any questions or
require help. 

 

Kind regards 

 

 

Cooper

Triage Officer/Senior FOI Officer

Governance, Risk & Legal – Complaints Management & FOI

Government Division

National Disability Insurance Agency

E [12][NDIA request email]

[13]NDIA logo

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.

[14]Aboriginal and Torres Strait Islander flags graphic

 

 

 

 

-----Original Message-----

From: Renee <[15][FOI #10667 email]>

Sent: Wednesday, September 6, 2023 10:52 PM

To: foi <[16][NDIA request email]>

Subject: Freedom of Information request - Data Sharing policies, practices
and procedures

 

[You don't often get email from
[17][FOI #10667 email]. Learn why this is
important at [18]https://aka.ms/LearnAboutSenderIdentific... ]

 

Attention: Freedom of Information Officer

 

Dear Sir/Madam,

 

Re: Freedom of Information Request

 

I am writing to make a request under the Freedom of Information Act 1982
for access to documents related to the National Disability Insurance
Scheme (NDIS) and its data sharing policies, practices, and procedures,
particularly as they pertain to participants and citizens.

 

Specifically, I am requesting the following:

 

1. Legal Framework

    - Copies of any laws, regulations, or policies that govern data
collection and sharing within the NDIS.

 

2. Data Types

    - A list of all types of data that are collected from NDIS
participants, including but not limited to personal, financial, and health
information.

 

3. Consent Mechanism

    - Documents explaining the consent mechanisms in place for data
collection and sharing, including forms that participants are required to
sign.

 

4. Data Usage

    - Information on how the collected data is used, including any
third-party sharing arrangements.

 

5. Security Measures

    - Documents outlining the security measures in place to protect the
data of NDIS participants.

 

6. Ethical Considerations

    - Any internal guidelines or policies on the ethical considerations
surrounding data collection and sharing.

 

7. Third-Party and International Entity Information Sharing

    - A comprehensive list of all entities and third parties, either
located overseas or international entities, with whom NDIS shares
information.

 

8. Ethical and Legal Responsibility for Data Breaches

    - Information on who is ethically and legally responsible for data
breaches within the NDIS.

 

9. Data Protection Measures

    - Details on what is being done to ensure that privacy and data are
protected and safe.

 

10. Compensation Plans

    - Information on what will be done to compensate victims in the event
of a data breach.

 

I am currently on a disability pension and cannot afford to pay any fees
associated with this request. Therefore, I kindly request that any fees be
waived, as the information I am requesting is of significant public
interest.

 

Please process this request as a matter of urgency. I look forward to your
prompt response within the statutory time frame of 30 days, as stipulated
by the Freedom of Information Act 1982. I'd like to receive the response
and documentation on the Right to Know website as attachments, please.

 

If my request is denied in whole or in part, I ask that you justify all
deletions by reference to specific exemptions of the act. I will also
expect you to release all segregable portions of otherwise exempt
material.

 

Thank you for your attention to this matter.

 

Sincerely,

Renee

 

-------------------------------------------------------------------

 

Please use this email address for all replies to this request:

[19][FOI #10667 email]

 

Is [20][NDIA request email] the wrong address for Freedom of Information
requests to National Disability Insurance Agency? If so, please contact us
using this form:

[21]https://aus01.safelinks.protection.outlo...

 

This request has been made by an individual using Right to Know. This
message and any reply that you make will be published on the internet.
More information on how Right to Know works can be found at:

[22]https://aus01.safelinks.protection.outlo...

 

Please note that in some cases publication of requests and responses will
be delayed.

 

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

 

 

-------------------------------------------------------------------

 

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]
4. https://intranet.ndiastaff.ndia.gov.au/h...
6. https://www.oaic.gov.au/freedom-of-infor...
7. https://www.ndis.gov.au/about-us/governa...
8. https://www.legislation.gov.au/Details/C...
9. https://www.oaic.gov.au/privacy/privacy-...
10. https://ourguidelines.ndis.gov.au/how-nd...
11. mailto:[NDIA request email]
12. mailto:[NDIA request email]
15. mailto:[FOI #10667 email]
16. mailto:[NDIA request email]
17. mailto:[FOI #10667 email]
18. https://aka.ms/LearnAboutSenderIdentific...
19. mailto:[FOI #10667 email]
20. mailto:[NDIA request email]
21. https://www.righttoknow.org.au/change_re...
22. https://www.righttoknow.org.au/help/offi...

hide quoted sections

foi, National Disability Insurance Agency

5 Attachments

Dear Renee 

Thank you for your request for information. 

Please find attached correspondence and documents in relation to your
request. If you require this in a different format, please let us know.  

Please contact us at [1][NDIA request email] if you have any questions or
require help. 

Thank you. 

 

Kind regards 

 

Cooper

Triage Officer/Senior FOI Officer

Governance, Risk & Legal – Complaints Management & FOI

Government Division

National Disability Insurance Agency

E [2][NDIA request email]

[3]NDIA logo

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.

[4]Aboriginal and Torres Strait Islander flags graphic

From: foi <[NDIA request email]>
Sent: Wednesday, February 28, 2024 3:56 PM
To: '[FOI #10667 email]'
<[FOI #10667 email]>
Cc: foi <[NDIA request email]>
Subject: FOI 23/24-0279 – Communication - Request consultation process
[SEC=OFFICIAL]

 

Hi Renee

 

Please find attached correspondence in relation to your request. If you
require the attachment in a different format, please let us know.

 

Please contact us at [5][NDIA request email] if you have any questions or
require help.

 

Kind regards

 

Cooper

Senior Freedom of Information Officer

Parliamentary, Ministerial and FOI Branch

Government Division

National Disability Insurance Agency

E: [6][NDIA request email]

[7]Title: NDIS delivered by the National Disability Insurance Agency

[8]LGBTIQA+ rainbow graphic

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.

[9]Aboriginal and Torres Strait Islander flags graphic

From: foi <[10][NDIA request email]>
Sent: Thursday, February 22, 2024 2:48 PM
To: '[FOI #10667 email]'
<[11][FOI #10667 email]>
Cc: foi <[12][NDIA request email]>
Subject: FOI 23/24-0279 – Your request for information – Revision of scope
[SEC=OFFICIAL]

 

Dear Renee 

 

Thank you for your request for information. 

 

I apologise it is taking us longer than expected to process your
request.   

 

We are contacting you to seek clarification on a small portion of your
request of your request. 

 

Scope of your request 

You have requested access to: 

“1. Legal Framework

    - Copies of any laws, regulations, or policies that govern data
collection and sharing within the NDIS.

 

2. Data Types

    - A list of all types of data that are collected from NDIS
participants, including but not limited to personal, financial, and health
information.

 

3. Consent Mechanism

    - Documents explaining the consent mechanisms in place for data
collection and sharing, including forms that participants are required to
sign.

 

4. Data Usage

    - Information on how the collected data is used, including any
third-party sharing arrangements.

 

5. Security Measures

    - Documents outlining the security measures in place to protect the
data of NDIS participants.

 

6. Ethical Considerations

    - Any internal guidelines or policies on the ethical considerations
surrounding data collection and sharing.

 

7. Third-Party and International Entity Information Sharing

    - A comprehensive list of all entities and third parties, either
located overseas or international entities, with whom NDIS shares
information.

 

8. Ethical and Legal Responsibility for Data Breaches

 

    - Information on who is ethically and legally responsible for data
breaches within the NDIS.

 

9. Data Protection Measures

    - Details on what is being done to ensure that privacy and data are
protected and safe.

 

10. Compensation Plans

    - Information on what will be done to compensate victims in the event
of a data breach.”

 

We consider that points 8 and 10 of the FOI request are not a valid
request for access to documents under section 15(2)(b) of the FOI Act.
This is because the items do not provide sufficient information to enable
us to identify a document that may fall within the scope of the request.

The [13]FOI Guidelines explain that under the FOI Act, an applicant has a
right to access documents that are held by an agency, rather than to
information. The FOI Act also does not require an agency to create a
document in response to a request for access (paragraph 2.33).

 

However as a gesture of good faith the following links may be of value in
your search for information.

 

 

8. Ethical and Legal Responsibility for Data Breaches

    - Information on who is ethically and legally responsible for data
breaches within the NDIS.

[14]Governance | NDIS 

[15]National Disability Insurance Scheme Act 2013 (legislation.gov.au)

[16]Privacy guidance for organisations and government agencies | OAIC

 

 

10. Compensation Plans

    - Information on what will be done to compensate victims in the event
of a data breach.

[17]What happens if we don’t follow these rules when we deal with your
information? | NDIS

 

 

To assist you further, should you wish to continue with your FOI
application, can I suggest you limit your request to documents that are in
existence, rather than answers to questions. I would be happy to contact
you should you like to provide me with a telephone number and suitable
times with a view to assisting with amending the scope of your request.
Alternatively, can you please respond to this email and advise me of how
you would like to progress your matter.

 

Next steps 

If you are happy for us to proceed with your request as outlined above,
please let me know by 27 February 2024.   

Please contact us at [18][NDIA request email] if you have any questions or
require help. 

 

Kind regards 

 

 

Cooper

Triage Officer/Senior FOI Officer

Governance, Risk & Legal – Complaints Management & FOI

Government Division

National Disability Insurance Agency

E [19][NDIA request email]

[20]NDIA logo

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.

[21]Aboriginal and Torres Strait Islander flags graphic

 

 

 

 

-----Original Message-----

From: Renee <[22][FOI #10667 email]>

Sent: Wednesday, September 6, 2023 10:52 PM

To: foi <[23][NDIA request email]>

Subject: Freedom of Information request - Data Sharing policies, practices
and procedures

 

[You don't often get email from
[24][FOI #10667 email]. Learn why this is
important at [25]https://aka.ms/LearnAboutSenderIdentific... ]

 

Attention: Freedom of Information Officer

 

Dear Sir/Madam,

 

Re: Freedom of Information Request

 

I am writing to make a request under the Freedom of Information Act 1982
for access to documents related to the National Disability Insurance
Scheme (NDIS) and its data sharing policies, practices, and procedures,
particularly as they pertain to participants and citizens.

 

Specifically, I am requesting the following:

 

1. Legal Framework

    - Copies of any laws, regulations, or policies that govern data
collection and sharing within the NDIS.

 

2. Data Types

    - A list of all types of data that are collected from NDIS
participants, including but not limited to personal, financial, and health
information.

 

3. Consent Mechanism

    - Documents explaining the consent mechanisms in place for data
collection and sharing, including forms that participants are required to
sign.

 

4. Data Usage

    - Information on how the collected data is used, including any
third-party sharing arrangements.

 

5. Security Measures

    - Documents outlining the security measures in place to protect the
data of NDIS participants.

 

6. Ethical Considerations

    - Any internal guidelines or policies on the ethical considerations
surrounding data collection and sharing.

 

7. Third-Party and International Entity Information Sharing

    - A comprehensive list of all entities and third parties, either
located overseas or international entities, with whom NDIS shares
information.

 

8. Ethical and Legal Responsibility for Data Breaches

    - Information on who is ethically and legally responsible for data
breaches within the NDIS.

 

9. Data Protection Measures

    - Details on what is being done to ensure that privacy and data are
protected and safe.

 

10. Compensation Plans

    - Information on what will be done to compensate victims in the event
of a data breach.

 

I am currently on a disability pension and cannot afford to pay any fees
associated with this request. Therefore, I kindly request that any fees be
waived, as the information I am requesting is of significant public
interest.

 

Please process this request as a matter of urgency. I look forward to your
prompt response within the statutory time frame of 30 days, as stipulated
by the Freedom of Information Act 1982. I'd like to receive the response
and documentation on the Right to Know website as attachments, please.

 

If my request is denied in whole or in part, I ask that you justify all
deletions by reference to specific exemptions of the act. I will also
expect you to release all segregable portions of otherwise exempt
material.

 

Thank you for your attention to this matter.

 

Sincerely,

Renee

 

-------------------------------------------------------------------

 

Please use this email address for all replies to this request:

[26][FOI #10667 email]

 

Is [27][NDIA request email] the wrong address for Freedom of Information
requests to National Disability Insurance Agency? If so, please contact us
using this form:

[28]https://aus01.safelinks.protection.outlo...

 

This request has been made by an individual using Right to Know. This
message and any reply that you make will be published on the internet.
More information on how Right to Know works can be found at:

[29]https://aus01.safelinks.protection.outlo...

 

Please note that in some cases publication of requests and responses will
be delayed.

 

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

 

 

-------------------------------------------------------------------

 

**********************************************************************
IMPORTANT: This e-mail is for the use of the intended recipient only and
may contain information that is confidential, commercially valuable and/or
subject to legal or parliamentary privilege. If you are not the intended
recipient you are notified that any review, re-transmission, disclosure,
dissemination or other use of, or taking of any action in reliance upon,
this information is prohibited and may result in severe penalties. If you
have received this e-mail in error please notify the sender immediately
and delete all electronic and hard copies of this transmission together
with any attachments. Please consider the environment before printing this
e-mail
**********************************************************************

References

Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]
5. mailto:[NDIA request email]
6. mailto:[NDIA request email]
8. https://intranet.ndiastaff.ndia.gov.au/h...
10. mailto:[NDIA request email]
11. mailto:[FOI #10667 email]
12. mailto:[NDIA request email]
13. https://www.oaic.gov.au/freedom-of-infor...
14. https://www.ndis.gov.au/about-us/governa...
15. https://www.legislation.gov.au/Details/C...
16. https://www.oaic.gov.au/privacy/privacy-...
17. https://ourguidelines.ndis.gov.au/how-nd...
18. mailto:[NDIA request email]
19. mailto:[NDIA request email]
22. mailto:[FOI #10667 email]
23. mailto:[NDIA request email]
24. mailto:[FOI #10667 email]
25. https://aka.ms/LearnAboutSenderIdentific...
26. mailto:[FOI #10667 email]
27. mailto:[NDIA request email]
28. https://www.righttoknow.org.au/change_re...
29. https://www.righttoknow.org.au/help/offi...

hide quoted sections