UNSW Division of the Registrar and Deputy Principal
  Policy Management Unit
 
People & Services
FoI
Elections
Policy Management
Go to the Copyright website
Privacy at UNSW
 

 

PRIVACY AND THE UNIVERSITY

The Privacy and Personal Information Protection Act 1989 (NSW) has introduced Information Protection Principles to ensure personal information held by NSW public sector agencies including the University, is not modified, used or accessed by unauthorised people. In addition, the Health Records and Information Protection Act 2002 (NSW) also establishes information protection principles particularly concerning health records. These principles regulate the handling of personal and health information, and cover its collection, storage, use, disclosure and disposal.

In accordance with s33 of the Privacy and Personal Information Protection Act 1989 (NSW) (“the Act”), the University has prepared a Privacy Management Plan. This Privacy Management Plan identifies how the University will comply with the information protection principles in the Privacy Act. In so far as the University holds any health information, it will comply with the Health Privacy Principles set out in the Health Records and Information Protection Act 2000 (NSW). The Privacy Management Plan applies to:

• all employees of the University, including casual employees and:
• affiliates of the University, including:

• conjoint and visiting appointees;
• consultants and contractors;
• agency staff;
• emeriti;
• members of University committees; and
• any other person appointed or engaged by the University to perform duties or functions for the University.

What is personal information?

Personal information is defined in the Act as being information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from that information or opinion. Personal information includes, for example, names, addresses, telephone numbers, dates of birth, medical records, student ID ("SID"), passport numbers and body samples.

There are circumstances in which, under the Act, information about an individual is not considered to be personal information, including:

  • when it relates to a person who has been dead for more than 30 years;
  • when it is contained in a publicly available publication; and
  • when it refers to a person's suitability for employment as a public sector official.

How do I request access to my personal information?

The University has mechanisms for handling routine requests for copies of your academic transcripts, or for corrections to personal details. Requests for access to personal information may also be made under Freedom of Information legislation.

The privacy legislation also allows you to request access to information about yourself, or to request information about yourself to be amended so as to ensure your records are accurate, complete and not misleading.

Advice on applying for access or amendment should be sought from the Privacy Officer before submitting requests.

How do I make a privacy complaint?

Under section 53 of the Act, you have the right to make a complaint, in circumstances where you believe that the University has breached the terms of the Act. Internal review is a process whereby the University will handle complaints about how it has dealt with personal information.

The request for review can only be made where it is alleged that the University has:

  • breached any of the information protection principles that apply to the University
  • breached any code made under the Act applying to the University
  • disclosed personal information kept in a public register.

The request for review should be lodged using the Application Form for Internal Review.

This application for review should be lodged with the University’s Privacy Officer within six months from the time you first become aware of the conduct sought to be reviewed.

The NSW Privacy Commissioner will be notified of the application, the progress and findings of the internal review, and will subsequently be notified of the action proposed to be taken by the University.

A Reviewing Officer will be appointed to conduct the internal review, which will be completed within 60 days from the day on which the application is received. If the review is not completed within 60 days from the day on which the application was received, you are entitled to make an application to the Administrative Decisions Tribunal for a review of the conduct concerned. Generally the review will be conducted by way of written submissions.

The review must recommend any one or more of the following:

  • take no further action on the matter
  • make a formal apology
  • take such remedial action as it thinks appropriate
  • provide undertakings that the conduct will not occur again
  • implement administrative measures to ensure that the conduct will not occur again.

Within 14 days of the completion of the review, you will be notified in writing of:

  • the findings of the review (and the reasons for those findings), and
  • the action proposed to be taken by the University (and the reasons for taking that action), and
  • your right to have those findings and the agency's proposed action reviewed by the Adminstrative Decisions Tribunal.

If you are not satisfied with the findings of the review, or the action taken by the University in relation to the application, you may apply to the Administrative Decisions Tribunal for a review of the conduct that was the subject of the application for internal review.

Who can help me with more information or if I have any problems understanding privacy?

The Privacy Officer
UNSW
Sydney NSW 2052
Phone: (02) 9385 2860
Email: privacy@unsw.edu.au

Other references

Application Form for Internal Review
UNSW Privacy Management Plan
Privacy and Personal Information Protection Act 1989 (NSW)
Health Records and Information Protection Act 2002 (NSW)
Privacy NSW

l
   
 

| PMU Home| | People & Services |
| Copyright| Elections | Privacy | Policy Management| | FoI | 

Last update May 2009