Understanding Boundaries and Privacy, Newcastle

National Disability Services Regional Support Worker Conference, Newcastle NSW, 31 May 2013 by NSW Privacy Commissioner Dr Elizabeth Coombs

Speech: Understanding boundaries and privacy, 31 May 2013 (PDF)

Thank you. Before I begin, I’d like to acknowledge the traditional owners of the land on which we’re gathered today, the Awabakal people and their elders, past and present.

I’m delighted to be speaking to you, and to be here at this regional conference.

I hope this presentation will challenge you and inspire questions, but because we have such a large audience, and quite a lot of material to cover, I may shorten my formal speech notes and address the issues you raise.

As support workers, you touch the lives of so many people in your communities.

The work you do and the services you provide are of such great benefit to people with disability across New South Wales.

I don’t have an in-depth understanding of the professional challenges you face in your fields of expertise, but I do know that we all share a belief in the importance of privacy, both in our personal and professional lives.

Privacy is equally important to your clients, who rely on the privacy practices of the organisations you work for, and your own commitment to those practices.

National Disability Services (NSW) represents many non-government organisations.

Its aim of enabling you and your organisations to provide quality services and life opportunities for Australians with disability complements the approach we at the Information and Privacy Commission take to promoting privacy. That is, we work with others to help them achieve their goals.

When I was invited to speak to you on the topic of privacy and social networking and the implications for your profession, I was impressed with this proactive approach to considering privacy.

For many professions, this is still quite unchartered territory and I applaud National Disability Services for taking this lead in including this challenging topic in its regional conferences.

It is vital and timely to consider ethical and professional boundaries in the context of social networking, in order to ensure that the ethical responsibilities of community support work in the “real” world remain the same in the “virtual” world.

The nature of your role in providing individualised support for people with disability, with its person-centred focus, has always presented challenges.

In terms of maintaining the boundaries between your personal and professional lives, the advent of social media presents perhaps the greatest challenge when we consider the concepts of communication, friendships and networking. The meeting in Goulburn in April this year had much to say on this topic.

From my perspective, it is the concept of privacy which is at the heart of this debate.

General rights to privacy

As New South Wales’ Privacy Commissioner, I always like to begin any discussion about privacy by talking about our rights. Privacy – and our right to privacy – touches the very core of our expectations of in-alienable human rights.

Our ability to exert our right to privacy speaks to our position of control and self-determination – the respect we have for ourselves, the respect we receive from others, and very importantly, the respect we give to others – including clients.

Because of the significance of privacy to our ability to function as respected members of society, we find it enshrined in some of the most powerful international conventions.

Among the most profound is the Universal Declaration of Human Rights.


Specifically for our topic, in Article 12 it says that:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.[i]


And, to reinforce this message in the context of people with disabilities, the United Nations’ Convention on the Rights of Persons with Disabilities includes Article 22 on Respect for Privacy. It says:

No person with disabilities, regardless of place of residence or living arrangements, shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence or other types of communication or to unlawful attacks on his or her honour and reputation. Persons with disabilities have the right to the protection of the law against such interference or attacks.

And, importantly, “States Parties shall protect the privacy of personal, health and rehabilitation information of persons with disabilities on an equal basis with others.”[ii]

Here we have not just the use of the broad term “privacy”, but a very specific reference to the protection of information – personal information, health information and rehabilitation information.

The Australian Government signed the Convention on the Rights of Persons with Disabilities at the United Nations on 30 March 2007.

As you know, these principles are reflected in supporting legislation at the State and Commonwealth levels. And in a number of instruments that regulate and guide service provision to people with disabilities.

But before I go on to those points, let me just say a few words about my role.


As Privacy Commissioner of NSW, I have responsibility for two Acts. The first is the:

  • NSW Privacy and Personal Information Protection Act 1998 (PPIP Act)

The PPIP Act covers NSW public sector agencies, that is, NSW Government agencies, local councils and universities. The Act also provides reserve power for the Privacy Commissioner to research and make public statements about any matter relating to the privacy of individuals generally. And, when appropriate, make such inquiries and investigations into privacy related matters.

The second Act is the:

  • NSW Health Records and Information Privacy Act 2002 (HRIP Act)

The HRIP Act covers NSW organizations, both public and private, that deal with health-related information.

In service delivery, privacy is critical, but is sometimes taken for granted. As we become familiar with people, boundaries can blur and sometimes privacy can suffer for both the employee and the client.


In relation to that earlier point about the right to privacy being reflected in legislation and other instruments, Standard 1 concerning ‘Rights’ produced by the NSW Department of Ageing, Disability, Home Care (ADHC NSW) in 1998, requires service providers to be aware of the United Nations’ Convention on the Rights of Persons with Disabilities and, to apply its guiding principles... in all aspects of service delivery.[iii]

The significance of privacy to the maintenance of dignity and control over all aspects of one’s life makes it absolutely fundamental to people living with disabilities.

Role of support workers

As support workers, your role gives you a special place in a client’s life.

Providing such valuable support in people’s lives can sometimes involve you in situations with clients and their friends and families where you may have access to private or confidential information. You may be seen as more than a paid employee; almost a member of the family. Or at least someone with a special connection to the person who is receiving assistance.

As a result, you may encounter situations where you are confronted with needs, requests or demands for services or support that are not part of your role.

Setting ethical and professional boundaries is vital in providing the most effective support to your clients, and protecting yourself and your employer from unrealistic expectations or misunderstandings.

Rather than acting as a barrier, these boundaries contribute to the effectiveness of your role as support workers.

Among the many attributes required in your field, outstanding communication skills are perhaps the key to successful interaction.

Clearly, one of the most dramatic influences on the way we now communicate is social media.

The social networking phenomenon has become firmly entrenched in our society.


MYTH: Privacy is dead?

In fact it is so ingrained in our daily lives, that we often hear technology commentators claiming that privacy is dead.

They say no one cares about privacy anymore, not with everybody sharing their most personal details and opinions on the internet for all to see.

Their philosophy is that humans are social beings and it’s all about connecting to others.

Yes, many privacy breaches are the result of people’s own laziness or negligence when it comes to protecting their personal information.

Yes, people put up on their social networking profile, names, ages, addresses, hobbies, affiliation with community groups and photos of themselves and their friends. And in many cases viewable by anyone. All freely provided.

But just because your clients may not always be vigilant in protecting their own personal information on social networking sites, don’t assume for a moment that they won’t care if you adopt the same approach to their personal information.



The latitude all of us give to mistakes made by ourselves is far more generous than we give to mistakes made by others. This is even more the case when your mistakes impact poorly on others. It’s just the way it is; no-one can say that human beings are always logical and consistent!

The reality is that privacy is also an essential part of the human condition. Our need to preserve private spaces and private time in our lives, to reflect and enjoy moments of solitude is as relevant now as it has ever been.[iv]

It seems a contradiction, but while people are out there sharing what they do on the internet, their concerns about privacy have increased. But this is the case. Enquiries to our office on privacy-related matters have increased by more than 300% in the past four years.

Sites such as Facebook, Twitter and LinkedIn have hundreds of millions of users worldwide and have transformed the way many of us communicate and socialise.

With the capacity on certain social media sites, such as Facebook for example, to search for and invite other users to be “friends”, come potential implications for professional relationships between support workers and clients, particularly with regard to privacy.

Being aware of the boundary between your private and professional lives, with its direct impact on privacy, is extremely important for support workers as our everyday communications occur more and more in an online environment.

It is extremely simple for clients to perform searches on support workers, and other professionals in their lives, using social media websites.

Depending on privacy settings, clients and others may be able to view comments and photos and discover information about support professionals’ lives – meaning the boundary between the professional and the personal can be easily blurred, without you being aware.

In the majority of cases, this is prompted by a desire on the part of clients to communicate or interact on a social level with their support professionals.

On one hand, it can be seen as a reflection of the close and positive nature of your relationship with your clients, but on the other hand, it is a strong signal to consider the boundary between the personal and the professional.

As in all forms of communication, it is you as support workers, and not your clients or former clients, who are responsible for setting clear and appropriate professional boundaries.

You should consider this in all online communications, social networking, email, blogging or instant messaging.

From the perspective of privacy, your boundaries should reflect your organisation’s policy on privacy and the approach you would already take in your face-to-face contact and written communication with clients.

Since the phenomenon of social media was born, it has created a raft of concerns that have affected both big industry and smaller players. It will also bring up similar issues for you and your organisations. So if your organisation hasn’t already put a social media policy in place, I strongly urge you to raise it with them. Point out that they consider creating clear guidelines on social media and privacy for employees to follow.

There are many potential privacy risks to consider when using social media.

Personal online postings that clients or others can inadvertently gain access to could influence support workers’ professional relationships.

A client could learn something about their support worker from a social media site that may be at odds with their perception of the support worker in a professional capacity.

Similarly, if a colleague or employer views something they perceive as inappropriate for a support worker’s professional identity or something derogatory relating to a client, colleague or work situation, this can lead to friction in the work place or other consequences.


When engaging with social media, I encourage you to consider the following points:

  • Ensure that all personal social media websites are set up with as many privacy settings as are available so clients and other members of the public cannot gain access to information, photos, comments etc
  • Social media settings cannot guarantee confidentiality whatever privacy settings are in place. For example, tweeting can be seen by anyone who searches for it unless you understand how to hide your tweets from public view. Those of you who use Twitter and other social media sites should be aware of this and regularly review the privacy settings for any social media profiles
  • Read the privacy policy and ensure you understand the limitations to privacy and how privacy can be best protected if engaging in a particular site
  • Do not discuss your clients or refer to them when you are on any online social network
  • Every time you post something on a social networking site, consider whether it is appropriate or if you would be happy for a stranger, or in fact anyone, to see this information
  • It is also a good idea to check whether “friends of friends” can access your online profile, because it could be the case where a “friend of a friend” is a client or a colleague
  • Social media sites can change privacy policies without users being aware this has occurred. Check your privacy settings regularly to ensure no changes have been made that could compromise your privacy or allow unwanted access to your profile
  • Be aware that you have little control over others’ privacy settings when engaging on friends’ social networking sites, and therefore, even if your profile is private, information and photographs may still be accessible through another person’s site, or who may be “friends” with a client or colleague. It’s always a good idea to let your friends know your expectations about how they should treat information about you.


  • Be mindful of who you “friend” on social networking sites. It may be inappropriate or a blurring of professional boundaries to include clients, their families or even work colleagues as “friends” on a social media site
  • If you have a work-related social media website for posting blogs or sharing resources etc with other professionals in your area of work, it is important to clearly differentiate between this and a personal social networking site. For example, a Facebook account can be created as a ‘profile’ for personal use, however a business can only be set up as a ‘page’ which doesn’t allow “friend-ing” (although people can register as “fans” by liking the page), and can clearly state its purpose. With regard to a blog, censor personal information and conduct conversations with colleagues outside the public forum of the blog. If the site or blog is aligned with your organisation then it should be clearly branded as such and state the nature and purpose of the site (if appropriate)
  • Also, consider restricting access to the site by making it invitation only. This can remove the issue of clients requesting to engage in the site
  • Consider establishing an agreement with clients where you both agree not to search for, or engage with, each other via social media sites
  • Also remember that people have the ability to “check in” to actual geographic locations through sites such as Facebook, which may present privacy implications for you and your clients. Checking in somewhere means anyone who views your social network can locate you and know where and what you are doing when you are off duty.


Social media used both privately and professionally, can conjure up a range of privacy issues. While we work through each of the following scenarios I want you to reflect back on any situations you may have experienced with social media.

For now, a few scenarios you might experience in your capacity as carers to clients with disabilities include:

Scenario 1:

A former client has invited you to be friends on Facebook. Is it appropriate for you to accept?

Scenario 2:

A family member of a current client has started following you on Twitter. Should you remove them from your "followers"?

Scenario 3:

A client has requested to join your professional online network. Is it appropriate for you to accept?

Scenario 4:

You have rejected a client as a "friend" on your online social network. How do you deal with any fall-out?


With regard to the above scenarios I have mentioned, as well as the general points that apply to all of these situations, I will also raise additional factors that are relevant to specific scenarios.

The following points to consider are relevant for all of the scenarios I have mentioned.

First and foremost, consulting your supervisor or a senior member of the agency would be the first step I’d advise. You can discuss strategies for dealing with the situation as well as understand your organisation’s policy for dealing with issues of this nature.

If your organisation doesn’t have a social media policy, then it comes down to using your own common sense in conjunction with your supervisor’s guidance, with regard to what you should and should not share and how you interact on social media sites, both in personal and professional environments.

It is best to weigh up the ethical considerations before deciding whether or not to accept a friend request, allowing a client’s family member to follow you on Twitter, or accepting a request to join your professional network.

You might also consider the context of the friend request. There may be some circumstances where connecting with clients via social media is acceptable, especially as communication through social media is becoming increasingly common.

Some examples may be:

  • If you have a ‘work’ profile page which does not disclose any information about your personal life
  • If you work in youth services and have a professional profile for connecting and communicating with younger clients.

But generally, if the social networking site is a personal, non-work related site, you should consider:

  • Think about your own privacy, the boundary between your professional and personal life, and recognise the fact that your relationship with your client (past or present) is of a professional nature
  • Accepting the request may signal a change in the nature of your original relationship
  • If you don’t accept the friend request, the issue of the client or former client experiencing rejection from their support worker could be a concern, but, in accepting a friend request you must consider your organisation’s requirements as well as the implications this could also have for the client.

There could be implications, for example, if some aspect of your personal life or some information contained on your social networking site conflicts with how the client perceives you during your professional relationship.

You should also consider what benefit accepting the request would have for the client. Perhaps ask yourself: why are they requesting it, did they depend on the previous support relationship, and are they looking for a way to continue this relationship?


We have provided you with a handout, Social Media: Maintaining Your Privacy, which gives you some tips and strategies to take away with you today.

For each of the specific scenarios I have suggested today, there are a few general strategies to consider:

  • It’s essential to know your organisation’s privacy and social media policy as this can help you decide how to resolve most issues. Many organisations will now have these in place, however, if your organisation doesn’t, I would advise you to talk through your specific issue with your supervisor or manager
  • Whether it is a personal or professional network your client is requesting access to, ask them why they want to make this type of connection with you. Is it because they want to know you better? Find another way to contact you for service reasons? Be part of your personal life? Or make you part of theirs? Understanding their motive can help you and your organisation assess how you respond
  • Establishing boundaries creates a clear separation of your private and professional life. For example:

– establish an agreement not to search for, follow, or make friend requests using social media networks
– if you do accept the request, restrict their access so they can only see certain parts of the site

  • Turn on the social media network’s privacy settings – these control what people see when they visit your page or profile.


  • To discourage being sought out online, it’s a good idea not to encourage or solicit your clients or their family and friends to “friend” you on sites like Facebook. While professional pages on social networks generally don’t offer this option, they do allow anyone to become a “fan” or bookmark a page. So again, it is a good idea not to encourage this if you and your organisation consider it an inappropriate connection between you and a client
  • Understand the difference between your public profile (wall posts, checking in, status updates) and private communications (private messages), but note that many online networks can’t guarantee complete privacy
  • If the online network is for professional purposes, ensure it is clearly branded and contains a description of who it’s for and what information it provides to avoid any confusion with clients who are seeking you out online. If it has been set up for use by your organisation you might also consider discussing with your supervisor restricting access to professional colleagues and contacts to protect any secure or sensitive information it may contain
  • Finally, discuss the situation with your supervisor to ensure you are following your organisation’s policies with regard to social media and interaction with clients.


Rejecting a client as a ‘friend’: two important strategies to consider

The fourth scenario I raised was about rejecting a client’s request to join your social network. This can be a very difficult issue, so it is important to be sensitive and professional in your response.

Two important strategies you can employ include:

  • Letting your client know your reason for declining – for example, it is your organisation’s policy to refuse online personal connections with clients, or the site or page they are requesting to join is purely for professional purposes
  • Discussing the situation with your supervisor and, as already mentioned in the previous point, being aware of your organisation’s policy on social media interaction, as this can clarify your organisation’s expectations with regard to any interactions, both personal and for business purposes, when using social media.


Finally, I do want to make a brief mention about the current popularity of using social media and online networks for marketing purposes. These days, many organisations are opting to use Facebook, Twitter and LinkedIn as an affordable way to showcase their services. It is easy to set up, provides access to a wide-reaching audience, and can measure who is seeing you.

For those of you who are working at an organisational level and want to engage in social media, it is important to be aware of your specific organisation’s policies and be mindful of how you use it and what you are communicating.

When choosing which social media sites you want to use, take the time to research the social media networks that will best suit your organisation’s policies and issues, and will reach the type of audience you wish to target.

Whether you are using social media for personal or professional reasons, it does open up a range of privacy issues, so it is important to be mindful of your organisation’s policies and the privacy of your client to ensure it’s a positive experience for everyone involved.


I am impressed by how proactively NDS has approached the subject of privacy, both in its own practices and by presenting opportunities for support professionals to consider privacy in your work.

Thank you for your participation today and I urge you to spread the word about the importance of privacy protection to your colleagues and friends.

You may even wish to workshop the issues I’ve raised today with your colleagues. The Annual Privacy Awareness Week may be an ideal time to do this.

And most importantly, as you continue your vital work with people with disability, I encourage you to embed at the foundation of your professional work a recognition of the fundamental right to privacy we all share, and to demonstrate that in your, and your organisation’s, daily interaction with clients.

(Move into question time)

[i] United Nations, Universal Declaration of Human Rights. The Declaration is the basic international pronouncement of the inalienable and inviolable rights of all members of the human family. The Declaration was proclaimed in a resolution of the General Assembly on 10 December 1948 as the "common standard of achievement for all peoples and all nations" in respect for human rights.

[ii] United Nations, Convention of the Rights of Persons with Disabilities.

[iii] Ageing, Disability and Home Care, Department of Family and Community Services Fact Sheet #3, April 2012. “Working Together to Improve Outcomes: Updating Standards in Action – Rights”.

[iv] Ontario Information and Privacy Commissioner, Ann Cavoukian, PhD, Ontario Canada.