University Secretary's Department Privacy

Privacy Policy

Standard Privacy Statement for Student Related Forms/Publications/Websites

Privacy Statement for Staff Information

Document for Printing (PDF file 15KB)

  1. Policy Statement

The University complies with the Information Privacy Act 2000 (Vic) and the Health Records Act 2001(Vic).

1.1 Policy Objectives and Rationale

The Information Privacy Act 2000 (Vic) (‘Act’) contains ten Information Privacy Principles (‘IPP’) that organisations who are subject to the Act are required to implement in their day-to-day work.  The Privacy Policy contains detail of how the University will give effect to the IPPs. 

1.2 Scope

The Privacy Policy applies to all departments and staff of the University.

1.3 Act, Statute, Regulation and Compliance Provisions under which the policy will operate

The University Privacy Policy is designed to ensure compliance with the Information Privacy Act 2000 (Vic) and the Health Records Act 2001(Vic).

The Privacy Policy relates to the following University policies:
Freedom of Information
Records Management

In addition, several University departments have developed Privacy Statements tailored to their own particular operations:

Guidelines and Procedures for the Management of Personal and Health Information Wellbeing Services Privacy Statement
The Disability Liaison Unit Privacy Statement

1.4 Definitions

Acts means: Information Privacy Act 2000 (Vic) and Health Records Act 2001 (Vic).

Personal information means:

information or an opinion (including information or an opinion forming part of a database), whether true or not, that is recorded in a material form, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion, but does not include health information.

Health information means:

  1. information or an opinion about:
    1. the physical, mental or psychological health (at any time) of an individual; or
    2. a disability (at any time) of an individual; or
    3. an individual's expressed wishes about the future provision of health services to him or her; or
    4. a health service provided, or to be provided, to an individual, that is also personal information; or
  2. other personal information collected to provide, or in providing, a health service; or
  3. other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
  4. other personal information that is genetic information about an individual in a form which is or could be predictive of the health (at any time) of the individual or of any of his or her descendants.

1.5  Policy

The headings below are the titles of the ten Information Privacy Principals (‘IPP’).  The details that follow spell out how the University will give effect to the IPPs in its operations.

  1. Collection

According to the Acts, the University must only collect information about an individual where this is necessary for one or more of our functions or activities.

When we collect information about an individual, we will take reasonable steps to inform the individual of:

  1. the purposes for which the information is collected;
  2. to whom we would  usually disclose this kind of information (if applicable) ;
  3. any law that requires the particular information to be collected; and
  4. the main consequences (if any) for the individual if he or she does not provide all or part of the information .

Some personal information, such as information about an individual’s ethnicity or religious beliefs, may be regarded as 'sensitive information' under the Acts. We will only collect sensitive or health information with the consent of the individual concerned, or as otherwise allowed by the Acts or required or authorised by or under law.

  1. Use & Disclosure

The University will only use or disclose information:

  1. for the purpose for which it was collected (the primary purpose);
  2. for a secondary purpose that:
    1. is related to the primary purpose ( if the information is sensitive information or health information, it will only be used or disclosed for a secondary purpose which is directly related to the primary purpose); and
    2. the individual would reasonably expect his or her information to be used or disclosed for this secondary purpose; or
  3. where there is consent of the individual concerned to the use or disclosure; or
  4. as otherwise allowed under the Acts, or required or authorised by or under law.

When a University department collects information from you, the purposes for which the information is collected will usually be made clear on any forms that are to be completed, or will otherwise be apparent from the circumstances.

If we are required to use or disclose your information for purposes other than the primary purpose or the reasonably expected secondary purpose, we will endeavour to seek your consent prior to such use or disclosure.

If you require more specific information about the way in which your information is used or disclosed, please contact the relevant University department collecting your information or alternatively you may contact the University’s Privacy Officer.

  1. Data Quality

The University will take reasonable steps to ensure that the information we hold is accurate, complete and up to date.

  1. Data Security

The University will take reasonable steps to protect information from misuse, loss, unauthorised access, modification or disclosure.

The University will take reasonable steps to destroy or permanently de-identify any information that is no longer needed for any purpose.

  1. Openness

The University has a policy (this policy) on how it manages personal information.  The policy is available on the University web site and is available on request.

If requested, the University will take reasonable steps to let a person know, generally, what personal information it holds and how it collects, holds, uses and discloses that information.

  1. Access & Correction
    Access to and correction of your information is handled by the University in accordance with the provisions of the Freedom of Information Act 1982 (Vic).

(For more information on Freedom of Information at the University, please refer to http://www.unimelb.edu.au/unisec/foi.html)

  1. Unique Identifiers

The University will not assign a unique identifier to an individual unless it is necessary to carry out the University’s functions efficiently (for example, student and staff ID numbers).  The University will not adopt a unique identifier assigned to an individual by another organisation (for example, Driver’s Licence number) unless it is necessary to carry out the University’s functions efficiently or the University has obtained the individual’s consent.

  1. Anonymity

The University will provide individuals with the option of remaining anonymous in their dealings with the University where this is lawful and practicable.

  1. Transborder Data Flows

The University will not transfer information outside Victoria except in certain circumstances outlined in the Acts. These circumstances include where:

  1. we have obtained the consent of the individual concerned;
  2. the recipient of the information is subject to a law, regulation, binding scheme or contract which imposes substantially similar obligations as the Acts with regard to the fair handling of information;
  3. the information is transferred for the benefit of the individual; or
  4. the transfer is  allowed under the Acts, or required or authorised by or under law.
  1. Sensitive Information

In the Information Privacy Act 2000 (Vic), “sensitive information” means information or opinion about an individual’s-

  1. racial or ethnic origin;
  2. political opinions;
  3. membership of a political association;
  4. religious beliefs or affiliations;
  5. philosophical beliefs;
  6. membership of a professional or trade association;
  7. membership of a trade union;
  8. sexual preferences or practices; or
  9. criminal record

that is also personal information.

The University will not collect sensitive information about an individual unless-

  1. the individual has consented;
  2. the collection is required by law; or
  3. the collection is necessary to prevent or lessen a serious threat to the life or health of any individual.
  1. Procedures

    The following material is available on the University secretary’s Privacy web pages.

    Detailed guidelines to assist with the implementation of the Privacy Policy;
    Pro forma Consent to use Photographs;
    Standard Privacy Statement for student related forms, publications and web sites;
    Privacy Statement for staff information.

top of page