Child Link

Information management and security for Child Link

Child Link has been designed with security and privacy as a core principle. Access, transmission, and storage of information for Child Link aligns to strict security protocols built into the system, which adheres to relevant privacy and data security law in Victoria.

A full suite of safeguards has been included in both the legislation and system design for Child Link, which aim to prevent unauthorised access and misuse of information on Child Link.

Even though the system is secure and there are legislative safeguards, with access to confidential information about Victorian children comes a degree of responsibility and thoughtful consideration around how information is managed by Child Link Users. It is the User’s responsibility to ensure Child Link is always accessed and used safely and appropriately by using Child Link in accordance with this policy and guidance.

Auditing and monitoring

The department records and monitors access to and usage of Child Link by all Child Link Users. This includes periodic, semi-targeted audits of the usage of Child Link by Users.

Investigation may also occur if a User’s access or usage varies from anticipated behaviour, and prompts auditing activities. Auditing may require the User to verify usage behaviour against their Child Link User purpose for access, use and disclosure.

Unauthorised use of Child Link is an offence.

Unauthorised access, use or disclosure

Child Link Users must only use and share information displayed on Child Link in accordance with this policy and guidance.

Examples of unauthorised use or disclosure of confidential information that has been accessed through Child Link, which is not permitted, include:

• copying, such as through screen shots or taking photos of information on Child Link
• viewing entries of children that a Child Link User is not authorised to access, such as children the Child Link User is not providing education and care and related services to in their professional role
• disclosing confidential information from Child Link to individuals in the Child Link User’s personal life, to other children, or to other children’s families.

For more information on how to appropriately access, use and disclose information on Child Link see the 'User Practice Guidance – How to use the information on Child Link' which is accessible to all Child Link Users on the help section on Child Link. The expectations concerning appropriate access, use and disclosure of information are also outlined in the Child Link terms of use.

Offences

There are offences and penalties that apply for unauthorised access, use and disclosure of information from Child Link. For example:

• unauthorised access to Child Link is an offence where a person accesses Child Link and is not a Child Link User or person otherwise authorised to access Child Link
• a User accessing Child Link for an unauthorised purpose (accessing Child Link for a purpose other than the purpose for access, use and disclosure for which the Child Link User is granted access to Child Link)
• unauthorised use and disclosure of confidential information contained in Child Link is an offence (other than in accordance with the legislation).

Offences also apply under the Information Sharing Schemes for unauthorised and intentional or reckless use or disclosure of confidential information and for impersonating an information sharing entity. For more information, refer to the Child and Family Violence Information Sharing Schemes.

Privacy information

Child Link operates in conjunction with privacy law. Child Link Users are required to handle personal information and unique identifiers in accordance with the Privacy and Data Protection Act 2014, or in accordance with the Privacy Act 1988 (Cth) where that Act applies to them.

Security and privacy are core to the design and implementation of Child Link, with technological and operational safeguards in place to protect a child’s information.

Access, transmission and storage of information for Child Link aligns to strict security protocols built into the system, under the Victorian Protective Data Security Framework.