5.2 General rules around protected information

Summary

Protected information should not be handled in any way by an officer of the National Redress Scheme without a genuine reason for doing so. This includes collecting information, recording information, disclosing information to another officer, and using information. This is a necessary protection to ensure the safety and privacy of information collected about persons and institutions, and to ensure the public retains confidence in the Scheme overall.

When can protected information be handled?

As a general rule, protected information can be handled if it's necessary for doing something as part of the Scheme. For example, the Scheme cannot make a determination on an application for redress without using protected information collected from the person or participating institution. This means that an officer of the Scheme is permitted to do the following to obtain the information required to make a determination:

  • obtain protected information through a person's application form, and obtain protected information from institutions through a request for information
  • make a record of the person's protected information collected through their application form, and storing this information on the Scheme's dedicated case management system
  • disclose protected information from a person's application to the institution when requesting additional information, and
  • use protected information to make a recommendation on whether the person meets the requirements to be offered redress.

An officer can also use protected information to make reports about the Scheme, so long as this information does not directly or indirectly identify a specific person or institution. This means the Scheme can use protected information to find and report on aggregated data such as patterns and trends in the Scheme's operation. This permission to use protected information is necessary, for example, to prepare an annual report about the Scheme to Parliament.

Act reference: NRSAct section 93 Main authorisation-obtaining, recording, disclosing or using protected information

Last reviewed: 5 November 2018