(1) The Privacy and Data Protection Act 2014 applies to public bodies established for a public purpose under an Act. It provides that an act done or practice engaged in by an organisation is an interference with the privacy of an individual if the act or practice is contrary to, or inconsistent with, an Information Privacy Principle (‘IPP’). The names of this and subsequent sections will vary and will be dependent on the actual processes to be followed. (2) The Privacy Act 1988 does not generally apply to the University. The University is electing to incorporate the standards of the Australian Privacy Principles (APPs) into its Privacy Procedures where appropriate. (3) The University is bound by privacy legislation in accordance with the Information Privacy Principles in the Privacy and Data Protection Act 2014. The University also has obligations under some agreements, grants and other funding arrangements to adhere to the Australian Privacy Principles, contained within the Privacy Act 1988. Collectively, these Principles stipulate how the University should collect, store, disclose and give access to personal information. (4) The University also has obligations under some agreements, grants and other funding arrangements and as a tax file number recipient to adhere to the Australian Privacy Principles, contained within the Privacy Act 1988 (Commonwealth). Collectively, these Principles stipulate how the University should collect, store, disclose and give access to personal information. (5) This Policy and Procedure: (6) This Policy and Procedure applies to all: (7) This Policy and Procedure applies to all organisational areas of the University in relation to the collection, use, storage, disclosure and access to personal information of past and present University staff, students and other individuals associated with the University. (8) This Policy and Procedure does not cover the management of health information. The management of health information is covered by the Health Records Act 2001 and the Health Privacy Principles and by the University’s Privacy - Health Information Policy. (9) Nor does this Policy and Procedure apply to personal information that is: (10) The University is committed to the protection of the privacy of personal information and will manage personal information in accordance with relevant privacy laws. (11) The University aims to be proactive in its approach to privacy protection and will assess the privacy impacts of major initiatives and projects and embed privacy considerations into the design and architecture of information technology systems and business processes. (12) The University will manage personal information in accordance with the Australian Privacy Principles (APPs), unless either: (13) The University is a Tax File Number (TFN) recipient and must comply with the Privacy (Tax File Number) Rule 2015. The TFN Rule only applies to the TFN information of individuals and does not apply to TFN information about other legal persons including corporations, partnerships, superannuation funds and trusts. This Rule defines how the University handles TFN information including the collection, use, disclosure, storage and secure destruction of such information. (14) The University must only request, collect and use TFN information from individuals and other TFN recipients for a purpose authorised by taxation law, personal assistance law or superannuation law. (15) At the time of collection, the University must take reasonable steps to ensure individuals are informed: (16) The University must also take reasonable steps to: (17) The University will: (18) Where the University collects personal information from an individual, it will take reasonable steps in the circumstances to notify the individual of: (19) The University will: (20) The University holds personal information securely and such information may only be accessed by authorised users. (21) The University will take reasonable steps and precautions to safeguard personal information we hold from loss, theft and unauthorised use, disclosure or modification. Personal information held by us is protected by a number of physical and electronic safeguards including: (22) In some circumstances, the University may disclose personal information to a third party which is outside Australia. In such circumstances, the University will take reasonable steps to ensure that the overseas third party does not breach the relevant privacy principle/s. (23) To find out further information, to access personal information held by the University or to seek the correction of personal information held by the University, the individual may contact the Freedom of Information/Privacy Officer via foi@latrobe.edu.au (24) Where applicable, the Freedom of Information/Privacy Officer will respond to any request for access to information or request for the correction of information held by the University within 30 days or as otherwise prescribed under the Freedom of Information Act 1982. (25) Fees may be charged by the University for access to personal information unless the University expressly decides to waive this fee. For current University fees, see the Freedom of Information Webpage. (26) The responsibilities of the University’s Freedom of Information/Privacy Officer will include: (27) To find out further information, to access personal information held by the University or to seek the correction of personal information held by the University, please contact: (28) Any individual in respect of whom personal information is or has been held by the University may complain to the University’s Privacy Officer about an act or practice of the University that the individual believes is an interference with the privacy of that individual. (29) The Privacy Officer will promptly investigate the complaint and advise the Vice-Chancellor or nominee of their findings and recommendations about the complaint within 30 days of receipt. (30) The Vice-Chancellor or nominee will make a decision on the complaint and advise the complainant in writing of the result of the investigation. (31) A privacy breach occurs when an individual’s personal information is subject to loss, unauthorised access, modification, disclosure or other misuse or interference. This may be as a result of a malicious breach of the secure storage, information handling protocols or human error amongst others. For example a cyber-security incident, accidental loss of IT equipment or hard copy documents, negligence, improper disclosure of information, or otherwise. (32) Where a member of the University community discovers or is otherwise alerted to an actual, potential or suspected privacy breach, they must notify the Privacy Officer on 03)9479 1839 or privacy@latrobe.edu.au as soon as reasonably practicable, or in any event within 24 hours of detection . This is also in accordance with the University’s Compliance Breach Management Policy. (33) The Privacy Officer upon receipt of the notification will in consultation with relevant areas, including ICT, Risk Management and Legal Services: (34) The Privacy Officer in conjunction with the responsible business area(s) will manage the breach response process which will include: (35) The University is an entity that is covered by Victorian Privacy Legislation, however there are some instances where the University has obligations under the Privacy Act 1988 (Cth). (36) In addition, if a breach is identified as a an eligible data breach under the Privacy Act 1988 and relates to an agreement, tax file number, grant, contract or other funding arrangement where the University has agreed or is obliged to adhere to the Australian Privacy Principles, the Privacy Officer will also be responsible for: (37) An eligible data breach arises when the following three criteria are satisfied: (38) Refer to the Data Breach Response Quick Reference Guide for guidance on the privacy incident response and reporting plan. (39) For the purpose of this Policy and Procedure:Privacy - Personal Information Policy
Section 1 - Background and Purpose
Preamble
Purpose
Top of PageSection 2 - Scope
Top of PageSection 3 - Policy Statement
Section 4 - Procedures
Part A - Australian Privacy Principles
Tax File Numbers
Part B - Information Collected by the University
Information at Point of Collection
Use and Disclosure
Security of Personal Information
Cross-border Disclosures
Access to Personal Information and Correction of Personal Information
Part C - University’s Privacy Officer
La Trobe University
Bundoora Victoria 3086
T: +61 (03) 9479 1839
F: +61 (03) 9479 1045
E: privacy@latrobe.edu.au
W: Privacy WebpagePart D - Complaints
Part E - Privacy Breach Response Plan
Section 5 - Definitions
about the physical, mental or psychological health or disability of an individual;
about an individual’s expressed wishes regarding the future provision of health services to him or her;
about a health service provided, or to be provided, to an individual;
collected to provide a health service;
about an individual collected in connection with organ or body substance donation; or
that is genetic information in a form which is or could be predictive of the health of the individual or of his or her descendants.
View Document
This is not a current document. To view the current version, click the link in the document's navigation bar.
(Note: This clause will not apply to the extent that compliance with it would pose a serious threat to the life or health of any individual)
Freedom of Information /Privacy Officer