Privacy and Data Security for Associated Providers

Handling personal information with care is a legal and ethical obligation for all Associated Providers. Suncare, and everyone who works with us, must comply with strict privacy requirements under the Aged Care Act 2024, the Privacy Act 1988, and other relevant legislation.

Key Principles:

• Access and sharing: Only access or share customer information when it is necessary to deliver approved services, with the customer’s consent, or when legally required (such as to protect health or safety).
• Secure storage: Store all information securely, using authorised systems and protocols. Do not keep information longer than necessary.
• Data breaches: If you suspect or become aware of a security or privacy breach—such as lost records, unauthorised access, or data leaks—you must report it immediately to Suncare in line with our Cyber Incident Response Plan. If the breach is likely to result in serious harm, you must also notify the Office of the Australian Information Commissioner (OAIC) and affected individuals without delay.
• Compliance: Suncare is certified against the ISO 27001:2022 standard, which sets out requirements for managing information security in supplier relationships. You must cooperate with risk assessments, notify us if you subcontract services, and inform us of any incidents—even if they do not directly involve Suncare data.

What this means for you:

• Follow all data protection standards outlined in your supplier agreement.
• Use secure data storage and transmission protocols.
• Limit access to authorised personnel only.
• Participate in regular staff training on data protection.
• Securely delete data once it is no longer required.
• Be prepared for annual reviews of your data security posture.

By following these practices, you help protect the privacy and dignity of every customer and maintain trust in the aged care system.