Skip to main content
Victorian government website
State Government of Victoria, Australia
Funded Agency Channel

Client Relationship Information System for Service Providers (CRISSP) privacy guidelines

CRISSP privacy success depends on CRISSP users collecting and handling personal and health information responsibly and in accordance with identified privacy requirements. The CRISSP privacy guidelines are designed to provide NGOs with general information about the particular privacy issues that CRISSP raises as well as a comprehensive CRISSP Privacy Policy (Part Three of the Guidelines).

The CRISSP Privacy Policy focuses on CRISSP privacy issues in the context of Victorian privacy legislation:

  • Information Privacy Act 2000 (IPA)
  • Health Records Act 2001 (HRA).

The policy applies to all personal and health information collected and handled in CRISSP. All other personal and health information collected and handled outside of CRISSP must be dealt with in accordance with each NGOs existing privacy policy, and any other legislative or contractual privacy requirements.

The Department of Human Services imposes privacy obligations on its funded service providers contractually, primarily through Service Agreements, but also through the CRISSP Heads of Agreement. The aim is to ensure that clients information is collected and handled consistently for the system, regardless of whether the service is undertaken by the department or a department-funded NGO. The key objectives are:

  • to protect privacy
  • to promote transparency
  • to collect and handle personal and health information responsibly
  • to support the provision of coordinated care.

Compliance with CRISSP privacy requirements does not require NGOs to develop new privacy processes and procedures. Rather, it should build upon the privacy framework and accompanying practices developed by NGOs in response to the development of Victorian and Commonwealth privacy legislation.

The CRISSP Privacy Policy is designed to operate alongside each NGOs existing privacy policy, sometimes supplementing it, at other times updating or changing it. It ensures that personal and health information is collected and handled responsibly and in accordance with the requirements of privacy legislation. It is recommended that NGOs integrate the CRISSP Privacy Policy with their existing privacy policies.

The CRISSP Privacy Policy is broadly consistent with that developed for CRIS, the departments own client and case management system.

The CRISSP Privacy Policy has been developed to apply to NGOs using CRISSP as a comprehensive client and case management system. Where CRISSP is only used for reporting purposes, NGOs will need to apply the policy accordingly.

NGOs must comply with the CRISSP Privacy Policy.

Download print version