The Privacy and Personal Information Protection Act 1998
The Act applies to personal information collected on and after 1 July
2000. The Principles regulate the handling of personal information, and
cover its collection, storage, use, disclosure and disposal. Exemptions
from the Principles are allowed in limited circumstances, for example, where
non-compliance is permitted under another act or law.
Personal information is defined in the Act as being information or an opinion
about an individual whose identity is apparent or can reasonably be ascertained
from that information or opinion. Personal information includes, for example,
names, addresses, telephone numbers, dates of birth, medical records, student
identification information, passport numbers and body samples.
There are circumstances in which, under the Act, information about an individual
is not considered to be personal information, including:
-
when it relates to a person who has been dead
for more than 30 years;
-
when it is contained in a publicly available
publication; and
-
when it refers to a person's suitability for
employment as a public sector official.
|
Macquarie University has a commitment to privacy and values individuals'
privacy and actively seeks to preserve the privacy rights of those who share
information with us. Your trust is important to us and we believe you have
the right to know how information to the university is handled. The University’s
approach to privacy and personal information protection is based on the
concepts of –
-
Openness where there is a general
practice of openness about practices and policies with respect
to personal information. Procedures are available for individuals
to establish the existence and nature of personal information
and the main purposes of its use.
-
Purpose specification where
the purpose for collecting personal information is specified at
the time of collection and further are limited to those purposes.
- Collection limitation where
the collection of personal information is obtained by lawful and
fair means and with the knowledge and consent of the subject. Also
only that information necessary for the stated purpose should is
collected, nothing more.
-
Use limitation where personal
information is not disclosed for secondary purposes without the
consent of the subject or by authority of law. Disclosure may
also occur if it is reasonably believed to be necessary to prevent
or lessen a serious and imminent threat to the life or health
of any person.
-
Individual participation where
individuals are allowed to inspect and correct their personal
information. Whenever possible, personal information should be
collected directly from the individual.
-
Quality data where personal
information is accurate, complete and timely, and is relevant
to the purposes for which it is to be used.
-
Security safeguards where reasonable
security safeguards against such risks protect information as
loss, unauthorised access, destruction, use, modification or disclosure
are implemented. Also access to personal information is limited
to only those within the organisation with a specific need to
see it.
- Records retention where personal
information is retained for no longer than is necessary and is then
disposed of it lawfully and securely.
- Accountability. Within the organisation,
the role of Privacy Officer has been assigned to the Registrar and
Vice-Principal and the role of Privacy Contact Officer has been
assigned to the Manager Records and Archives Services. These officers
have direct managerial responsibilities for the University’s
compliance with its privacy policy. Privacy audits to monitor organisational
compliance and employee-training programs are conducted on a regular
basis.
|
