PRIVACY POLICY
RATIONALE
All staff members, Board members, students and parents have a right to, under law, respect for their privacy.
AIM
To provide guidance and direction to all staff regarding the privacy of students, their families and the staff.
IMPLEMENTATION
All staff are to abide by the principles set forth in the Act and the National Privacy Principles with regard to:
§ General Privacy
§ Electronic Media Privacy
All staff are to familiarize themselves with the Act.
REFERENCES
Appendix 1: Detailed Privacy Policy
Appendix 2: Use of Electronic Facilities
The NPPs and the Privacy Act is contained on the Privacy Commissioner's website:
APPENDIX 1: DETAILED PRIVACY POLICY
Your privacy is important
This statement outlines the Colleges' policy on how the College uses and manages personal information provided to or collected by it.
The College is bound by the National Privacy Principles contained in the Commonwealth Privacy Act. The College may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to Colleges' operations and practices and to make sure it remains appropriate to the changing College environment.
What kind of personal information does the College collect and how does the College collect it?
The type of information the College collects and holds includes (but is not limited to) personal information, including sensitive information, about:
§ pupils and parents and/or guardians (Parents) before, during and after the course of a pupil's enrolment at the College;
§ job applicants, staff members, volunteers and contractors; and
§ other people who come into contact with the College.
Personal Information you provide
The College will generally collect personal information held about an individual by way of forms filled out by Parents or pupils, face-to-face meetings and interviews, and telephone calls. On occasions people other than Parents and pupils provide personal information.
Personal Information provided by other people
In some circumstances the College may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another College.
Exception in relation to employee records
Under the Privacy Act, the National Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to the College's treatment of an employee record, where the treatment is directly related to a current or former employment relationship between the College and employee.
How will the College use the personal information you provide?
The College will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented.
Pupils and Parents
In relation to personal information of pupils and Parents, the College's primary purpose of collection is to enable the College to provide training for the pupil. This includes satisfying both the needs of Parents and the needs of the pupil throughout the whole period the pupil is enrolled at the College.
The purposes for which the College uses personal information of pupils and Parents include:
§ to keep Parents informed about matters related to their child's training, through correspondence, newsletters and magazines;
§ day-to-day administration;
§ looking after pupils' educational, social and medical well-being;
§ seeking donations and marketing for the College;
§ to satisfy the College's legal obligations and allow the College to discharge its duty of care.
In some cases where the College requests personal information about a pupil or Parent, if the information requested is not obtained, the College may not be able to enroll or continue the enrolment of the pupil.
Job applicants, staff members and contractors
In relation to personal information of job applicants, staff members and contractors, the College's primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be. The purposes for which the College uses personal information of job applicants, staff members and contractors include:
§ in administering the individual's employment or contract, as the case may be;
§ for insurance purposes;
§ seeking funds and marketing for the College;
§ to satisfy the College's legal obligations, for example, in relation to child protection legislation.
Volunteers
The College also obtains personal information about volunteers who assist the College in its functions or conduct associated activities, such as [alumni associations], to enable the College and the volunteers to work together.
Marketing and fundraising
The College treats marketing and seeking donations for the future growth and development of the College as an important part of ensuring that the College continues to be a quality learning environment in which both pupils and staff thrive. Personal information held by the College may be disclosed to an organization that assists in the College's fundraising, for example, the College's Foundation or alumni organization. Parents, staff, contractors and other members of the wider College community may from time to time receive fundraising information. College publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.
Who might the College disclose personal information to?
The College may disclose personal information, including sensitive information, held about an individual to:
§ another college;
§ government departments;
§ medical practitioners;
§ people providing services to the College, including specialist visiting teachers and sports coaches;
§ recipients of College publications, like newsletters and magazines;
§ Parents; and
§ anyone you authorize the College to disclose information to.
Sending information overseas
§ The College will not send personal information about an individual outside Australia without obtaining the consent of the individual (in some cases this consent will be implied); or
§ otherwise complying with the National Privacy Principles.
How does the College treat sensitive information?
In referring to 'sensitive information', the College means: information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record, that is also personal information; and health information about an individual.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Management and security of personal information
The College's staff is required to respect the confidentiality of pupils' and Parents' personal information and the privacy of individuals. The College has in place steps to protect the personal information the College holds from misuse, loss, unauthorized access, modification or disclosure by use of various methods including locked storage of paper records and pass worded access rights to computerized records.
Updating personal information
The College endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by the College by contacting the Office Manager of the College at any time. The National Privacy Principles require the College not to store personal information longer than necessary.
You have the right to check what personal information the College holds about you
Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which the College holds about them and to advise the College of any perceived inaccuracy. There are some exceptions to this right set out in the Act. Pupils will generally have access to their personal information through their Parents, but older pupils may seek access themselves. To make a request to access any information the College holds about you or your child, please contact the College Principal in writing. The College may require you to verify your identity and specify what information you require. The College may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, the College will advise the likely cost in advance.
Consent and rights of access to the personal information of pupils
The College respects every Parent's right to make decisions concerning their child's education. Generally, the College will refer any requests for consent and notices in relation to the personal information of a pupil to the pupil's Parents. The College will treat consent given by Parents as consent given on behalf of the pupil, and notice to Parents will act as notice given to the pupil. Parents may seek access to personal information held by the College about them or their child by contacting the College Principal. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the College's duty of care to the pupil. The College may, at its discretion, on the request of a pupil grant that pupil access to information held by the College about them, or allow a pupil to give or withhold consent to the use of their personal information, independently of their Parents. This would normally be done only when the maturity of the pupil and/or the pupil's personal circumstances so warranted.
Enquiries
If you would like further information about the way the College manages the personal information it
holds, please contact the College Principal.
APPENDIX 2: USE OF ELECTRONIC FACILITIES
Use of Electronic Facilities with regard to transfer of electronic data via email, internet and website.
EMAIL AND INTERNET POLICY
Personal information may be collected, used, disclosed, stored and transferred overseas through the use of email and Internet facilities. The following Email, Internet and Website Policy takes into account the requirements of the Privacy Act.
A guide is located on the Privacy Commissioner's website at: http://www.privacy.gov.au/publications/pg2pubs.html#16.1 .
This document sets out the security, administration and internal rules which you should observe when communicating electronically or using the IT facilities provided by the College You should familiarize yourself with the terms of this Policy in order to minimize potential damage to you, your colleagues, students and the College, which may arise as a result of misuse of email or Internet facilities. This Policy applies to all teachers, employees and contractors of the College.
1. College Property
The College is the owner of copyright in all email messages created by its employees and contractors in performing their duties.
2. Monitoring
2.1 From time to time, the contents and usage of email may be examined by the College or by a third party on the College's behalf. This will include electronic communications that are sent to you or by you, both internally and externally.
2.2 You should structure your email in recognition of the fact that the College may from time to time have the need to examine its contents.
2.3 The College's computer network is a business and educational tool to be used primarily for business or educational purposes. You therefore have a responsibility to use these resources in an appropriate, professional and lawful manner.
2.4 All messages on the College's system will be treated as education or business related messages, which may be monitored. Accordingly, you should not expect that any information or document transmitted or stored on the College's computer network will be private.
2.5 You should also be aware that the College is able to monitor your use of the Internet at the College, both during College or working hours and outside of those hours. This includes the sites and content that you visit and the length of time you spend using the Internet.
2.6 Emails will be archived by the College as it considers appropriate.
3. Personal Use
3.1 You are permitted to use the Internet and email facilities to send and receive personal messages, provided that such use is kept to a minimum and does not interfere with the performance of your work duties.
3.2 However, you should bear in mind that any use of the Internet or email for personal purposes is still subject to the same terms and conditions as otherwise described in this Policy.
3.3 In the case of shared IT facilities, you are expected to respect the needs of your colleagues and use the Internet and email in a timely and efficient manner.
3.4 Excessive or inappropriate use of email or Internet facilities for personal reasons during working hours may lead to disciplinary action.
4. Content
4.1 Email correspondence should be treated in the same way as any other correspondence, such as a letter or a fax. That is, as a permanent written record that may be read by persons other than the addressee and which could result in personal or the College's liability.
4.2 You and/or the College may be liable for what you say in an email message. Email is neither private nor secret. It may be easily copied, forwarded, saved, intercepted, archived and may be subject to discovery in litigation. The audience of an inappropriate comment in an email may be unexpected and extremely widespread.
4.3 You should never use the Internet or email for the following purposes:
(a) to abuse, vilify, defame, harass or discriminate (by virtue of sex, race, religion, national origin or other);
(b) to send or receive obscene or pornographic material;
(c) to injure the reputation of the College or in a manner that may cause embarrassment to your employer;
(d) to spam or mass mail or to send or receive chain mail;
(e) to infringe the copyright or other intellectual property rights of another person; or
(f) to perform any other unlawful or inappropriate act.
4.4 Email content that may seem harmless to you may in fact be highly offensive to someone else. You should be aware, therefore, that in determining whether an email falls within any of the categories listed above, or is generally inappropriate, the College will consider the response and sensitivities of the recipient of an email rather than the intention of the sender.
4.5 If you receive inappropriate material by email, you should delete it immediately and not forward it to anyone else. It would be appropriate for you to discourage the sender from sending further materials of that nature.
4.6 Comments that are not appropriate in the workplace or College environment will also be inappropriate when sent by email. Email messages can easily be misconstrued. Accordingly, words and attached documents should be carefully chosen and expressed in a clear, professional manner.
4.7 You should be aware that use of the College's computer network in a manner inconsistent with this policy or in any other inappropriate manner, including but not limited to use for the purposes referred to in paragraph 4.3 of this policy, will give rise to disciplinary action, including termination of an employee's employment or contractor's engagement.
5. Privacy
5.1 In the course of carrying out your duties on behalf of the College, you may have access to, or handle personal information relating to others, including students, colleagues, contractors, parents and suppliers. Email should not be used to disclose personal information of another except in accordance with the College's Privacy Policy or with proper authorization.
5.2 The Privacy Act requires both you and the College to take reasonable steps to protect the
personal information that is held from misuse and unauthorized access. We stress therefore, that you take responsibility for the security of your personal computer and not allow it to be used by an unauthorized party, which specifically includes anyone who is not an employee of the College.
5.3 You will be assigned a log-in code and you will also select a password to use the College's electronic communications facilities. You should ensure that these details are not disclosed to anyone else. We suggest that you take steps to keep these details secure. For example, you should change your password regularly and ensure that your log-in code and password are not kept in writing close to your working area.
5.4 You are encouraged to either lock your screen or log-out when you leave your desk. This will avoid others gaining unauthorized access to your personal information, the personal information of others and confidential information within the College.
5.5 In order to comply with the College's obligations under the Privacy Act, you are encouraged to use the blind copy option when sending emails to multiple recipients where disclosure of those persons' email addresses will impinge upon their privacy.
5.6 In addition to the above, you should familiarize yourself with the National Privacy Principles ('NPPs') and ensure that your use of email does not breach the Privacy Act or the NPPs. If you require more information on the Privacy Act and how to comply, please contact the Principal.
6. Distribution and Copyright
6.1 When distributing information over the College's computer network or to third parties outside the College, you must ensure that you and the College have the right to do so, and that you are not violating the intellectual property rights of any third party.
6.2 If you are unsure of whether you have sufficient authorization to distribute the information, it is recommended that you contact the Principal.
6.3 In particular, copyright law may apply to the information you intend to distribute and must always be observed. The copyright material of third parties (for example, software, database files, documentation, cartoons, articles, graphic files and downloaded information) must not be distributed through email without specific authorization to do so.
7. Encryption and Confidentiality
7.1 When email is sent from the College to the network server and then on to the Internet, the email message may become public information. Encryption will reduce the risk of third parties being able to read email and should be used in cases where you feel additional security is required. If you require more information in relation to encrypting messages, you should contact the IT Manager or the Principal.
7.2 As mentioned above, the Internet and email are insecure means of transmitting information. Therefore, items of a highly confidential or sensitive nature should not be sent via email. You should note that there is always a trail and a copy saved somewhere, not necessarily only on the College's network server.
7.3 This confidentiality requirement applies even when encryption is used.
7.4 Email sent over the Internet may be truncated, scrambled, or sent to the wrong address. There is a possibility that outgoing email sent over the Internet may arrive scrambled or truncated, may be delayed, may not arrive at all, or may be sent to the wrong address. Where outgoing email is important or urgent, you should verify that the recipient has received the email in its entirety.
7.5 Do ensure that all emails that are sent from your email address contain the College's standard disclaimer message, which will read as follows: The contents of this email are confidential. Any unauthorized use of the contents is expressly prohibited. If you have received this email in error, please advise by telephone immediately and then delete/destroy the email and any printed copies. Thank you.
7.6 There is a risk of false attribution of email. Software is widely available by which email messages may be edited or to reflect an erroneous message or sender name. The recipient may therefore be unaware that he or she is communicating with an impostor. Accordingly, you should maintain a reasonable degree of caution regarding the identity of the sender of incoming email. You should verify the identity of the sender by other means if you have concerns.
7.7 Please delete old or unnecessary email messages and archive only those email messages you need to keep. Retention of messages fills up large amounts of storage space on the network server and can slow down performance. You should maintain as few messages as possible in your in-boxes and out-boxes. If there are items in your email that you require at later date, please ensure that these are saved in your network directory so that appropriate backups are made College wide.
8. Viruses
8.1 All external files and attachments must be virus checked using scanning software before they are accessed. The Internet is a potential host for computer viruses. The downloading of infected information from the Internet is potentially fatal to the College computer network.
8.2 A document attached to an incoming email may have an embedded virus.
8.3 Virus checking is done automatically through the virus protection software installed on the network server and the Office reception computer. If you are concerned about an email attachment, or believe that it has not been automatically scanned for viruses, you should contact the Office, the IT Manager or the Principal.
9. Absence
9.1 In cases where you are likely to be absent from work for any period of time, you should make arrangements for your emails to be accessible by the College or ensure that an 'out of office reply' is automatically set. This automatic reply will alert those trying to contact you that you are away from work and that important queries should be directed to a nominated colleague. If you require assistance in installing this feature, please contact Administration or the Principal.
10. Policy Updates
10.1 This policy may be updated or revised from time to time. The College will not notify you each time the Policy is changed. If you are unsure whether you are reading the most current version, you should contact the IT Manager, Administration or the Principal.
11. General
11.1 The terms and recommended conduct described in this Policy are not intended to be exhaustive, nor do they anticipate every possible use of the College's email and Internet facilities. You are encouraged to act with caution and take into account the underlying principles intended by this Policy. If you feel unsure of the appropriate action relating to use of email or the Internet, you should contact the Principal.
References
The NPPs and the Privacy Act is contained on the Privacy Commissioner's website: