Privacy and confidentiality

A privacy policy is a general statement about how personal information flows through an organisation. It should cover:

  • Collecting information – the sort of personal information you gather and why
  • Using and disclosing information – when and how personal information is accessed
  • Who can access personal information
  • Record keeping processes and security.

Your organisation might find it makes sense to have a separate records management policy or a confidentially agreement that volunteers must sign before they have access to information. Depending on their role, you might need to consider having a copyright or intellectual property policy as well.

Records management

Your organisation will also need to ensure that any personal information is collected, kept and used in a way that meets the requirements of privacy legislation. This means that only information that is necessary should be collected and that it needs to be kept securely.

To ensure that you are keeping your records properly, you will need to establish:

  • What information is required
  • Who is responsible for collecting the information
  • What procedure will be used collect the information
  • Where it is kept
  • How long it is kept for
  • How you dispose of records.

This links to National Standards for Involving Volunteers No.2 – Management responsibilities.

Confidentiality agreement

A volunteer confidentially agreement is a document that a volunteer signs to declare that they will follow the privacy policy and related procedures in an appropriate manner. This relates to the collection, storage, access and disposal of records.

It is useful to have a confidentially agreement if your organisation has volunteers accessing personal information or confidential documents, or if they handle client information.

This links to National Standards for Involving Volunteers No.3 – Recruitment.

Back to top


Tools and resources

Our Community - Policy Bank
A collection of policy samples for community organisations. Many of these could be adapted for volunteer organisations and some volunteer policies are included as examples

PilchConnect - Document Retention requirements for community organisations
Outlines some frequently asked questions and answers about keeping records and documents.

Privacy Victoria - Drafting and Reviewing a Privacy Policy
This information sheet is for organisations that are bound by the Information Privacy Act 2000 (Vic) and includes a checklist of items your policy should contain.

Volunteering Victoria - Fast Facts - Privacy and Confidentiality (PDF 440KB)
This fact sheet provides an overview of confidentiality and intellectual property issues for volunteer-involving organisations, including sample policy wording.

Volunteering Victoria - Sample Privacy Policy and Procedures (DOC 66KB)
Sample privacy policy and procedures for the collection and management of volunteers' personal information, including a volunteer acknowledgement statement.

Back to top

personal information form with pencil