No images? Click here

2 June 2022

 

CTARS data breach

CTARS have advised of a data breach that affects some NDIS providers and the personal information of NDIS participants receiving services and supports from affected providers.

Key points

  • The NDIS Quality and Safeguards Commission (NDIS Commission) has been informed of a data breach through the service offered to some NDIS providers by CTARS. The NDIS Commission is aware that a number of NDIS providers have been impacted by this data breach, resulting in potential breaches of privacy of NDIS participants that they support
  • Impacted providers should immediately review their data arrangements and ensure that the personal information of the people you support is secure
  • NDIS Providers must comply with their obligations under Commonwealth, state and territory privacy laws, the NDIS Code of Conduct, and if registered, conditions of registration including compliance with the NDIS Practice Standards 
  • It is a condition of registration that registered NDIS providers notify the NDIS Commission of changes and events, especially those that significantly affect their ability to comply with any conditions of their registration.
  • Detailed information about the data breach, including further actions you can take, is available on the CTARS website.

Review your arrangements and comply with your obligations

If you have been impacted by the CTARS data breach, you should undertake an immediate review of your data arrangements. You should engage with any individuals whose information may have been affected by the breach, and take steps to secure their personal information. Your organisation should ensure that you are meeting applicable Commonwealth, State or Territory laws in the jurisdiction where you operate, particularly any privacy obligations.

All NDIS providers have obligations under the NDIS Code of Conduct to respect the privacy of people with disability, and to act with honesty, integrity and transparency. If you have been impacted, you should notify all affected NDIS participants, let them know of the steps you have taken in response to the data breach, and provide us with relevant updates.

Notify the NDIS Commission of any changes

Registered NDIS providers must notify the NDIS Commission of certain changes and events, especially those that significantly affect their ability to comply with any conditions of their registration.

Use the NDIS Commission Portal to notify us of any changes or events that are not due to COVID-19.

If changes are due to COVID-19, please use the Notification of event form – COVID-19 (registered providers).

Further information

You can find more information about your obligations under privacy law through the Office of the Australian Information Commissioner, or your State and Territory Privacy Commissioner.

Contact us

Call: 1800 035 544 (free call from landlines). Our contact centre is open Monday to Friday (excluding public holidays), 9.00am to 4.30pm in the NT, and 9.00am to 5.00pm in all other states and territories.

Email: contactcentre@ndiscommission.gov.au

Website: www.ndiscommission.gov.au

 
NDIS logo
 

General Enquiries

1800 035 544 (free call from landlines)

Our contact centre is open 9.00am to 5.00pm (9.00am to 4.30pm in the NT) Monday to Friday, excluding public holidays.

To provide feedback, contact the NDIS Commission by emailing 
contactcentre@ndiscommission.gov.au.

Connect

Facebook button
LinkedIn button
Website button
 
 
NDIS Quality and Safeguards Commission
PO Box 210
Penrith NSW 2750

This alert is sent to subscribers as well as registered providers. If you are a registered provider, please note that unsubscribing from this newsletter will unsubscribe you from other important correspondence from the NDIS Commission, including renewal reminders
Unsubscribe