This policy and other related policies and procedures describe how personal, sensitive and health related information is handled to ensure privacy is maintained consistent with legislative requirements.
1. SCOPE
This policy covers personal, health and sensitive information collected by Gordon in relation to staff, prospective staff, students and prospective students.
2. REFERENCES
The Gordon complies with the Privacy and Data Protect Act and the Victorian Data Protection Security Standards (VPDSS) principles.
Internal Documents
RM PR 03 Records Management Procedure
RM PO 04 Privacy Policy
RM PR 05 Information Privacy and Staff Records
RM PR 06 Release of Student Information
RISK PR 21 Student Excursions and Camps
External Documents
Freedom of Information Act (Vic, 1982)
Health Records Act (Vic, 2001)
Information Privacy Act (Vic, 2000)
Public Records Act (Vic, 1973)
Privacy Act (Commonwealth 1988)
Australian Privacy Principles (January 2014)
Student Identifiers Act 2014
3. GLOSSARY
Health Information
Health Information means information or an opinion about:
- the physical, mental or psychological health of an individual, or
- a disability of an individual, or
- an individual’s expressed wishes about the future provision of health services to be provided, or
- a health service provided or to be provided.
Health Information can be current information or that established at any time.
Personal Information
Information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably by ascertained, from the information or opinion, but does not include information of a kind to which Schedule 2 [of] the Health Records Act 2001 applies.
Sensitive Information
Sensitive Information is information or an opinion about an individual’s:
- racial or ethnic origin, or
- political opinions, or membership of a political association, or
- religious beliefs or affiliations, or philosophical beliefs, or
- membership of a professional or trade association; or trade union, or
- sexual preferences or practices, or
- criminal record.
All of these examples also represent personal information.
Unique Identifiers
Unique identifiers are an identifier (usually a number) assigned by an organisation to an individual to identify that individual in a unique manner for traceability within the organisation.
Consent
Consent means expressed or implied consent.
Individual
An individual could be an employee or prospective employee, a customer or prospective customer (student or otherwise) of The Gordon.
4. POLICIES
GENERAL POLICY
The Gordon is committed to meeting all of the legal obligations expressed in legislation relating to Information Privacy.
The Information Privacy and the Health Records Acts require The Gordon to store, use and disclose personal, sensitive and health information collected about staff and customers in accord with the Australian Privacy Principles and the Health Privacy Principles described in legislation. SPECIFIC IMPLEMENTATION OF POLICY PRINCIPLES
Reasons for Information Collection
The Gordon collects personal information, including sensitive information, about prospective and current students, parents/guardians/care-providers, staff and contractors. The overall purposes of collection this information is to:
- Enable The Gordon to deliver education services;
- Meet the wider functional needs of The Gordon, including financial management, legal accountability and national reporting requirements;
- Meet the requirements of legislation or external government agencies.
Staff are to provide individuals with reasons at the time and point of collection, regarding what information is being collected and held, the purpose for holding the information and how the information is to be used or disclosed.
Types of information collected
The Gordon only collects personal information that is necessary for or directly related to, one or more of The Gordon’s functions or activities. Personal information that The Gordon collects from staff, students, prospective students, past students and external contracts includes (depending on the services provided and accessed):
- Names and other related contact details
- Staff or student identification numbers
- Email address
- Emergency contacts
- Photographic identification;
- Video images through CCTV, webinars and class video capture
- Qualifications, history and progress
- Information relating to entitlements to related educational government payments or support (e.g. VET FEE HELP)
- Complaints or misconduct details or information;
- Working With Children checks or National Police Checks if related to course or employment;
- Information necessary to deliver a health or disability service if necessary to deliver that service
- Other related personal information required for the effective management of The Gordon
INFORMATION PRIVACY PRINCIPLES—GUIDANCE
The Privacy Principles set down in Commonwealth and State legislation are for the most part similar and The Gordon is committed to meeting the requirements of both of these levels of government. With this in mind, it is important, in some circumstances to go to the source for a complete, current description of the information privacy principles appendixes to each of the acts.
In order to provide Gordon staff and students with some appropriate guidance regarding ‘Privacy’ the following paraphrased statements derived from the Commonwealth Australian Privacy Principles have been developed for convenient usage.
APP 1 – Open and transparent management of personal information
The Gordon shall maintain this Information Privacy Policy and ensure that it is publicly available, via publishing on its website or on request by an individual.
The Gordon takes all reasonable steps to ensure that information collected:
- Is necessary for The Gordon’s purposes;
- Is relevant to the purpose of collection;
- Is collected in a fair way, without unreasonable intrusion; and
- Is as up to date and complete as possible.
APP 2 – Anonymity and pseudonymity
Because of the nature of The Gordon’s core business, it will usually be impractical for individual’s transacting with The Gordon to have the option of not identifying themselves. However where it is lawful and practical to do so, The Gordon will give the individual this option.
APP 3 – Collection of solicited personal information
- The Gordon shall only collect personal, sensitive and health information that is necessary to perform one or more of its legal functions or activities.
- Personal, sensitive or health information shall not be collected by unlawful or unfair means.
APP 4 – Dealing with unsolicited personal information
-
Where The Gordon collects unsolicited personal, sensitive and health information in the course of its activities that information will be reviewed within a reasonable time frame to determine whether The Gordon could have gathered that information if solicited and if practicable, reasonable and lawful destroy or de-identify the unsolicited personal information.
APP 5 – Notification of the collection of personal information
At the time of collection of information The Gordon shall advise the individual of:
─ The reason for the collection of the information.
─ The purpose for which it will be used.
─ To whom the information may be disclosed.
─ Any law that requires the particular information to be collected.
APP 6 – Use and disclosure of personal information
Personal information, including sensitive information and health information, may be used for the following purposes:
Students:
- Applications
- Enrolment
- Course administration
- Academic progress
- Scholarship selection
- Provision of services to students
- Careers or academic pathways services
Staff:
- Selection
- Appointment
- Review
- Promotion
- General administration
- Provision of services to staff
- Regulatory compliance
The Gordon may release student’s personal information in the following instances:
- Academic progress information to another institution or related body as required in the course of a student’s transfer to a new institution;
- Personal and enrolment information, including academic results, or students undertaking cross-institutional study to the relevant institution as required to confirm the student’s enrolment or qualification;
- Personal information to relevant organisations engaged by The Gordon to provide debt recovery services
- Personal and enrolment information, including academic results, of students undertaking an apprenticeship or traineeship to their employer
- Personal and enrolment information, including academic results, of staff undertaking a Qualification with The Gordon to Strategic Human Resources and Development for the purposes of personnel administration
- Government departments such as the Australian Taxation Office, the Department of Innovation, the Department of Immigration and Border Protection and the Department of Education and Early Childhood Development.
Secondary purposes
The Gordon may disclose your information for a secondary purpose where it has reason to suspect that unlawful activity has been, is being or may be engaged in, and uses or discloses the information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities and, if The Gordon, would not be breaching confidence by such use or disclosure.
The Gordon may disclose health information for a secondary purpose where it reasonably believes that the use or disclosure is reasonably necessary for a law enforcement function by or on behalf of a law enforcement agency and, the use or disclosure would not be a breach of confidence.
Emergency situations and criminal activity:
The Gordon may disclose your information for a secondary purpose if it reasonably believes that the use or disclosure is necessary to lessen or prevent:
- a serious and imminent threat to an individual's life, health, safety or welfare; or
- a serious threat to public health, public safety or public welfare;
and the information is used or disclosed in accordance with relevant legislative or regulatory guidelines.
APP 7 – Direct marketing
The Gordon may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:
- The Gordon collected the information from the individual; and
- The individual would reasonably expect The Gordon to use or disclose the information for that purpose; and
- The Gordon provides a simple means by which the individual may easily request not to receive direct marketing communication from The Gordon (you may opt out by emailing marketing@gordontafe.edu.au); and
- The individual has not made such a request to The Gordon.
When you visit our website, some of the information that is collected about your visit is not personal and does not reveal your identity. We may use this information to help us improve our services and for marketing purposes. This information will remain anonymous.
Use of Cookies
A cookie is a file used to store information about your website visit. The cookies we use do not identify individual users. We may use cookies for targeted online advertising. Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. For more information check your browser settings or visit Google - Opt-outs for the web.
APP 8 – Cross-border disclosure
The Gordon will only transfer personal or health information about an individual to someone (other than The Gordon or the individual) who is outside Australia if:
a. The Gordon reasonably believes that the recipient of the information is subject to a law, binding scheme or contract with effectively upholds principles for fair handling of the information that are substantially similar the Privacy principles set out in this Policy; or
b. The individual consents to the transfer; or
c. The Gordon has taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the principles set out in this policy.
APP 9 – Adoption, use or disclosure of government related identifiers
The Gordon will not adopt as its own unique identifier of an individual a unique identifier of that individual that has been assigned by another organisation. The Gordon will not disclosure a government related identifier of an individual unless required under law.
The Gordon will not assign unique identifiers to individuals except for a Staff Number to identify a staff member and a Student Number to identify a student. Staff and Student Numbers are considered necessary for The Gordon to carry out its functions efficiently.
The Gordon will not require an individual to provide a unique identifier in order to obtain a service unless the provision of the unique identifier is required or authorised by law or the provision is in connection with the purpose (or a directly related purpose) for which the unique identifier was assigned.
APP 10 – quality of personal information
- The Gordon shall take all reasonable steps to ensure the information it collects is accurate, complete and up to date and is relevant to its role.
- The Gordon shall take all reasonable steps necessary to ensure that records containing personal, sensitive or health related information are accurate, up to date and complete before being used for any relevant, lawful purpose.
- The Gordon shall ensure that it does not intrude, to an unreasonable extent, upon the personal affairs of any individual.
APP 11 – security of personal information
- The Gordon shall take all reasonable steps to ensure the data collected is protected from misuse and loss, and is safe from unauthorised access, modification or disclosure. Information no longer required will be destroyed or stored securely (if storage is a requirement of other legislation, or as required by record maintenance legislation.)
- Where records are disclosed to another entity or person for provision of service to The Gordon all reasonable efforts shall be made to prevent unauthorised disclosure of information contained in the records.
APP 12 – access to personal information
- An individual is entitled to access any record which contains personal, sensitive or health related information about the person except where The Gordon is legally entitled to refuse access under State or Commonwealth legislation.
- The entitlement does not include access to information regarding other individuals in any group record.
APP 13 – correction of personal information
- Where an individual requests a correction to personal, sensitive or health related information maintained by The Gordon a correction shall be made to the information provided that the record amendment does not contravene any legislative requirements.
- Any denial of access or correction shall be recorded on an individual’s records along with reasons for the denial.