- Category: Governance and Management
- Review due by: February 28, 2015
- Version: 2
- Approved on: March 23, 2016
- Effective date: March 23, 2016
- Status: Published
This policy applies to all staff and all areas of the University.
1. Privacy respected
1.1 The University respects the privacy of individuals, and will be open about the way it handles all personal and health information given to the University by staff, students and members of the public.
1.2 The University will collect, use, disclose and manage personal and health information in accordance with the Acts, and in particular with the Information Privacy Principles and Health Privacy Principles.
2.1 The University will collect personal and health information only where this is necessary for one or more of its functions or activities.
2.2 The University will collect information fairly, and where possible directly from the individual. Sensitive information will be collected only with the individual’s consent or as required or authorised by law.
2.3 When the University collects information about an individual, it will take reasonable steps to inform the individual of:
- the purposes for which the information is collected
- to whom the University would usually disclose this kind of information (if applicable)
- any law that requires the particular information to be collected
- the main consequences (if any) for the individual if he or she does not provide all or part of the information.
3. Use and disclosure
3.1 The University may only use or disclose an individual’s personal or health information:
- for the purpose for which it was collected (the primary purpose); or
- for a secondary purpose that is related to the primary purpose (if the information is sensitive information or health information, it will only be used or disclosed for a secondary purpose which is directly related to the primary purpose) and the individual would reasonably expect his or her information to be used or disclosed for this secondary purpose; or
- with the individual’s consent; or
- as otherwise allowed under the Acts, or as required or authorised by law.
4.1 The University will take reasonable steps to ensure that personal and health information is:
- kept accurate, complete and up to date
- protected from misuse, loss, unauthorised access, modification or disclosure
- destroyed or permanently de-identified when no longer needed, accordance with the University’s Records Management Policy.
4.2 The University will take reasonable steps to let a person know, generally, what personal information it holds and how it collects, holds, uses and discloses that information. To this end, the University will publish this policy and related information on its public website.
4.3 Individuals may seek to access or make corrections to their personal information held by the University. Staff must contact the Privacy Officer for advice on the appropriate procedure.
Privacy and Data Protection Act 2014 (Vic) and Health Records Act 2001 (Vic).
Information or an opinion (including information or an opinion forming part of a database), whether true or not, that is recorded in a material form, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion, but does not include health information
a. Information or an opinion about: the physical, mental or psychological health (at any time) of an individual; or a disability (at any time) of an individual; or an individual's expressed wishes about the future provision of health services to him or her; or a health service provided, or to be provided, to an individual, that is also personal information; or b. Other personal information collected to provide, or in providing, a health service; or c. Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or d.Other personal information that is genetic information about an individual in a form which is or could be predictive of the health (at any time) of the individual or of any of his or her descendants.
Information or opinion about an individual’s: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual preferences or practices; or criminal record that is also personal information.
Information privacy principles
A set of 10 principles contained in the Privacy and Data Protection Act 2014 (Vic) governing the collection, management, use and disclosure and transfer of personal information by organisations such as the University.
Health privacy principles
A set of 11 principles contained in the Health Records Act 2001 (Vic) governing the collection, management, use, disclosure and transfer of health information by organisations such as the University.
The University Secretary is responsible for the development, compliance monitoring and review of this policy and any associated guidelines.
The Executive Officer, Legislation and Compliance is responsible for the promulgation and implementation of this policy in accordance with the scope outlined above. Enquiries about interpretation of this policy should be directed to the Implementation Officer.
This policy is to be reviewed by 28 February 2015.
08 October 2012
08 October 2012
New version arising from the Policy Simplification Project. Loaded into MPL as Version 1.
|2||University Secretary||23 March 2016||23 March 2016||Update legislation reference to the Privacy and Data Protection Act 2014 (Vic).|