Marcus Oldham College complies with the Information Privacy Principles set out in Section 14 of the Privacy Act 1988 in respect of personal information obtained for the purposes of Chapters 3 and 4 of the Higher Education Support Act 2003 and any other impacting legislation, specifically the ten national privacy principles included in the Privacy Amendment Act 2000.
This policy and other related policies and procedures describe how personal, sensitive and health related information is handled to ensure privacy is maintained consistent with legislative requirements.
Marcus Oldham College has developed processes consistent with the Privacy Principles described below and shall review the effective implementation of these principles to ensure the privacy rights of individuals are protected.
Marcus Oldham College has appointed an Information Privacy Officer. This position is currently held by the Student Services Officer.
The Information Privacy Officer’s role is to:
- inform and assist staff with respect to privacy issues
- investigate complaints concerning a breach of the Privacy Principles
- maintain records which are required to be kept under this Policy
- assist in clarifying the meaning of the provisions of the Acts.
The following Privacy Principles are to be used as Policy guidance by staff involved in the management of information.
Principle 1 – Collection of Information:
The College will only collect personal, sensitive and health information that is necessary to perform one or more of its legal functions or activities. At the time of collection the individual will be advised of the reason for the collection of the information, the purpose for which it will be used, to whom the information may be disclosed, any law that requires the particular information to be collected; the consequences (if any) for the individual if all or part of the information is not provided; the individual’s right to access, and if appropriate, correct the information held. The College will not collect information unlawfully or unfairly.
Principle 2 – Information Use and Disclosure:
The College will not use or disclose personal, sensitive or health information about an individual for any purpose other than the primary purpose of collection unless the secondary purpose is related to the primary purpose of collection, and the individual would reasonably expect the College to use the information for the secondary purpose; or as required by law. The College will inform all individuals about whom relevant information has been collected and details of such information.
Principle 3 – Data Quality:
The College will take all reasonable steps to ensure the data it collects is:
- and up to date
Principle 4 – Data Security:
The College will take all reasonable steps to ensure the data collected is protected from misuse and loss, and is safe from unauthorised access, modification or disclosure. Information no longer required will be destroyed or stored securely (if storage is a requirement of other legislation). If the College has to give access to personal information to a person (usually a contractor), in connection with the provision of services to the College, the College will do everything reasonably within its power to prevent unauthorised use or disclosure of information contained in the record.
Principle 5 – Openness:
The College will provide information to all individuals about the manner in which it manages the handling of personal, sensitive and health information. This information regarding management processes will be available to anyone who asks for it. The College will also provide general information to any individual who asks, regarding the sort of personal sensitive and health information it holds and for what purpose, how it collects, holds, uses and discloses that information. The College will maintain a statement of the types of personal information it holds, describing for each type why it is held, the classes of people it relates to, how long it is kept for, who can get access to it, and how people should go about getting access to it.
Principle 6 – Access and Correction:
The College will give the person on request the information that it holds on that person subject to restriction in other Commonwealth laws.
The College will take reasonable steps to amend its records to make sure that the personal information it holds is accurate, relevant, up to date, complete and not misleading (subject to restrictions in other Commonwealth laws).
If the College holds personal information about a person and the person asks for the information to be amended and the College is neither willing nor obliged to amend the information, the College will attach to the record any statement from the person requesting the amendment.
Principle 7 – Unique Identifiers:
Marcus Oldham College will not assign unique identifiers to individuals unless the assignment of unique identifiers is necessary to enable the College to carry out any of its functions efficiently.
The College will not disclose a unique identifier assigned to an individual by another organisation unless it is necessary to enable the College to carry out any of its functions efficiently and it has obtained the consent of the individual to the use of the unique identifier.
The College will not require an individual to provide a unique identifier in order to obtain a service unless the provision of the unique identifier is required or authorised by law or the provision is in connection with the purpose (or a directly related purpose) for which the unique identifier was assigned.
The College will not adopt as its own unique identifier of an individual a unique identifier of the individual that has been assigned by another organisation unless it is necessary to enable the College to carry out any of its functions efficiently and it has obtained the consent of the individual to the use of the unique identifier.
Principle 8 – Anonymity:
Wherever it is lawful and practicable, individuals will have the option of not identifying themselves when entering transactions with the College.
Principle 9 – Transborder Data Flows
The College may transfer personal information about an individual to someone (other than the College or the individual) who is outside Victoria only if:
- (a) the College reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the Information Privacy Principles; or
- (b) the individual consents to the transfer; or
- (c) the transfer is necessary for the performance of a contract between the individual and the College, or for the implementation of pre-contractual measures taken in response to the individual’s request; or
- (d) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the College and a third party; or
- (e) all of the following apply:
- (i) the transfer is for the benefit of the individual;
- (ii) it is impracticable to obtain the consent of the individual to that transfer;
- (iii) if it were practicable to obtain that consent, the individual would be likely to give it; or
- (f) the College has taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the Information Privacy Principles.
Principle 10 – Sensitive Information:
The College will not use personal information for any purpose other than that for which it obtained the information, unless:
- the person the information is about consents; or
- the use is necessary to protect against a serious and imminent threat to a person’s life or health; or
- the use is required or authorised by law; or
- the use is reasonably necessary to enforce the criminal law or a law imposing a pecuniary penalty, or to protect the public revenue; or
- the use is directly related to the purpose for which the College obtained the information.
SPECIFIC IMPLEMENTATION OF POLICY PRINCIPLES
Identification is required to effectively manage all aspects of the enrolment process, results management, recruitment, security, general operational and Government reporting requirements.
Anonymity may apply to general inquiries made by the public regarding course information, recruitment, etc unless the individual requests further information. If further information is sought then a level of identification may be required.
Other information where maximum anonymity will be protected wherever possible includes survey and course evaluation responses.
The College will assign to each student an academic identifier number for the purposes of retaining anonymity for each student where assessment results are publicly displayed.
These unique identifiers will not be shared with any other body or person unless the disclosure is necessary for the College to fulfil its legal obligations to the other organisation. If these identifiers are assigned the individual will be advised of the purpose of the identifier.
The unique identifiers will not be used for any purpose other than that for which they were collected or assigned.
Data Transfer Limitations:
The College will not transfer personal, sensitive or health information to a person or organisation outside the State of Victoria unless the College reasonably believes that the person or organisation is subject to a law or contract that upholds principles for fair handling of the information that are substantially similar to the principles embodied in the Information Privacy laws. In most circumstances the interstate transfer of personal, sensitive or health information about an individual will only be made with the individual’s consent.
Reasons for Information Collection:
Staff are to provide individuals with reasons at the time and point of collection, regarding what information is being collected and held, the purpose for holding the information and how the information is to be used or disclosed.
Access to Personal Information on File:
Any individual may request and be provided with access to information held consistent with Principle 6 (described above).
The individual will be provided with the opportunity to correct the information held if it is established that the information is not accurate. All information must be kept securely and protected from unauthorised access, modification or disclosure.
Information Privacy Officer:
The College has delegated the Student Services Officer to act as its Information Privacy Officer.
Privacy Officer Responsibilities
The Privacy Officer will be responsible for:
- ongoing review of this policy and procedures to ensure they comply with current legislation and best practice
- advising the College management and staff of their responsibilities under this policy, the Information Privacy Act and the Health Records Act
- the receipt and investigation of complaints related to information privacy
Any individual in respect of whom personal information is or has been held by the College may complain to the College’s Information Privacy Officer about an act or practice of the college that the individual believes is an interference with the privacy of that individual.
The Privacy Officer will investigate the complaint in a timely manner and report their findings and make recommendations to the Principal about the complaint.
The Principal or his/her nominee will make a determination about the complaint and advise the complainant in writing.