University Secretary's Department Privacy

Our Privacy Responsibilities

Background

There are two Victorian acts that impose privacy responsibilities on us:

Information Privacy Act 2000
Health Records Act 2001

The first covers personal information and the second covers health information.

Personal information means facts or opinions that are recorded and that identify someone or allow them to be identified.

Health information is information about a person’s physical or mental health, any disability they may have and any treatment they may have received.

These definitions are summaries: the detailed definitions can be found in the Privacy Policy

The key piece of legislation for the day-to-day work of most of us is the Information Privacy Act 2000 (‘Act’).

The Act has 10 Information Privacy Principles that we are all required to implement when relevant in our day-to-day work.  These are summarised at the end of this document.

Essentially, our responsibilities fall under three headings:

Collection of Personal Information
Use and Disclosure of Personal Information
Management of Personal Information

Collection

Whenever we collect personal information we should do so directly, if possible, and we should tell the person:

The University requires a collection notice covering all this to be included in any on-line or hard copy form.  There is also a longer detailed statement about the collection of either staff and student information on the Privacy web site.

Use and Disclosure

Personal Information collected can be used and disclosed only:

Management

Whenever we have collected personal information, we must have procedures and policies in place to make sure that the personal information:

Sensitive Information
The Act has a category of personal information called sensitive information.  This means information or opinion about an individual’s:

We may not collect sensitive information about an individual unless:

Health Information

The Health Records Act treats health information like sensitive information described above and it may not be collected unless the same criteria apply.

Consent

Getting a person’s consent is one of the easiest ways to make sure that we are complying with the Act.  But the consent must be:


top of page