Personal information a disability service provider may ask for

Last updated


Our personal information is closely tied to a number of accounts, subscriptions and services. Just about everything requires a name, email address and phone number at the very least.

Key points

  • Disability service providers will require your personal details to set up accounts and deliver appropriate supports
  • If stolen or compromised, your personal information can be used for identity theft or to access bank accounts
  • Security and awareness is crucial to make sure your details and accounts are safe

If you are accessing disability support services it’s highly likely you are required to provide that information and more. But what details should a service provider ask for and when it is overreaching?

With cyber security of such importance, especially with recent mass data leaks from organisations, you want to be in charge of your information.
Keep on reading to learn more about what your disability service provider may need, and what you can do in case that data is compromised.

Why protecting your information is important

Most of us are familiar with scams, whether it’s an email phishing for your bank details or a direct money transfer, or just a text message claiming you have an undelivered parcel for an item you never ordered.

These scams can be so professional and deceptive in nature that people are caught off guard thinking it is legitimate.

And in a day and age where emails and phone numbers are regularly shared for rewards points in store, you might think it is harmless handing out some personal information.

But if the wrong people grab hold of key details, you could be at risk of identity theft or money theft.

That’s why you never want to share bank details over the phone, especially if they have called you. If in doubt, ask for their details and hang up. If the person was from the company they claim to be, you can call back on the official number listed on the website.

Or, call a friend or family member for assistance. It’s better to speak up before anything bad happens. To learn more about online safety and security, read our article, ‘Don’t get caught out – what you need to know about scams‘.

For identity theft, be aware of what organisations have your proof of identity information. This is the information used for a 100-point check, including primary evidence documents like an Australian passport, birth certificate, or driver’s licence/proof of age card.

There is also secondary evidence of identity documents like your Medicare card, credit card or bill statement.

This information may or may not be required by a service provider, but it is beneficial to keep note of who you share your information with and how, as both first and secondary evidence documents can be used in different ways by scammers.

For example, your driver’s licence details can be used to open up a bank account in your name without the need for more identification or for you to be present.

The information a service provider will ask for

It is likely that your service provider will ask for a combination of personal and sensitive information to allow them to deliver the best support possible.

Personal details are used to build your profile and ensure you can be contacted. Each organisation you contact may differ slightly with what they determine to be personal information, but it may include your:

  • Name, address, email address and phone numbers
  • Gender, age/date of birth
  • Financial details, including credit/debit cards or bank accounts
  • Relevant details such as Medicare cards or a Centrelink Customer Reference Number (CRN)
  • Potential identification items such as a passport or driver’s licence

If you have an account that requires a password, it’s unlikely that you will have to provide that over the phone. You are more likely to receive an email with login information on how to set up an account. There may be a verbal verification code or phrase, similar to what some banks require when confirming transactions over the phone.

Sensitive information differs in that it can relate to:

  • Religion
  • Political opinions
  • Memberships
  • Health and genetic details

It may be necessary to some organisations, like disability support providers, to require access to health information of particular importance to yourself

Providing clear information regarding your health and your needs enables providers to deliver the best possible care. You are not required to provide all information requested, if you choose, but it may impact the level of support provided.

Your disability support provider may also contact other service providers or healthcare organisations for additional personal information related to your provision of services.

Terms and conditions and privacy policies

If you are ever concerned about the information a service provider collects and how they will protect your privacy, the terms and conditions and privacy policy is always the best starting place.

It’s easy to rush through the terms and conditions when signing up to something, especially if it is 25 pages long! But it may pay to be diligent.

The privacy policy is especially helpful as it clearly explains details including:

  • An outline of the service provider or organisation
  • What their privacy obligations are
  • The type of personal information they collect and store
  • How personal information is collected
  • Who they share personal information with, including third parties
  • How you are protected
  • Relevant information on tracking online data
  • What you can do if you have a complaint or any concerns

The privacy policy and terms and conditions of an organisation should be available on its website and is often located at the bottom of a webpage alongside links to other relevant legal information.

What to do if your personal data is compromised

Examples of data breaches, such as the recent Optus cyber attack, have highlighted the importance of looking after your data.

Thankfully the Optus data breach is not something that is likely to be replicated by a disability service provider. Your service provider is unlikely to require proof of identification or to keep it on record.

However, if a cyber attack does occur, then you want to be prepared if your information is compromised.

First, check the website of the affected service provider and keep an eye on your email inbox for any contact from them. Follow any instructions they provide. You can also call them for more information.

You can also act quickly by reducing your risk of harm by changing passwords or protecting bank accounts. The Federal Government provides more information on the steps you can take to respond to a data breach while the Australian Cyber Security Centre has several resources available for cyber security.

Complaints can be lodged with service providers and organisations as well, while any unresolved complaints or unsatisfactory outcomes can be taken to the Office of the Australian Information Commissioner (OAIC).

Have you had a negative experience with online privacy? Tell us more in the comments below.

Related content

How to apply for the NDIS
What to bring to your NDIS planning meeting
Accessing disability support without NDIS funding