Policy Statement
This policy covers personal, health and sensitive information collected by Bendigo TAFE in relation to staff, prospective staff, clients and prospective clients. To ensure the privacy rights of all individuals in accordance with the requirements of the Information Privacy Act 2000 (IPA), the Health Records Act 2001 (HRA). How Bendigo TAFE protects your information. Bendigo TAFE complies with privacy legislation requirements by:-
Collecting from you only the information we need;
Informing you why we need the information and how we will use it;
Disclosing the information only as necessary and with your consent;
Securing the information against unauthorised use or disclosure.
The Information Privacy Act can be sourced at www.legislation.vic.gov.au/
In accordance with the principles of the IPA and the HRA, Bendigo TAFE will observe the following:
Collection of information: (Principle 1)
Bendigo TAFE will only collect personal, sensitive and health information that is necessary to perform one or more of its legal functions or activities. At the time of collection the individual will be advised of the reason for the collection of the information, the purpose for which it will be used, to whom the information may be disclosed, any law that requires the particular information to be collected; the consequences (if any) for the individual if all or part of the information is not provided; the individual’s right to access, and if appropriate, correct the information held.
Use and disclosure: (Principle 2)
Bendigo TAFE will not use or disclose personal, sensitive or health information about an individual for a purpose other than the primary purpose of collection unless the secondary purpose is related to the primary purpose of collection, and the individual would reasonably expect the organisation to use the information for the secondary purpose; or as required by law as specified in IPP2.
Data Quality: (Principle 3)
Bendigo TAFE will take all reasonable steps to ensure the data it collects is accurate, complete and up to date.
Data Security: (Principle 4)
Bendigo TAFE will take all reasonable steps to ensure the data collected is protected from misuse and loss, and is safe from unauthorised access, modification or disclosure. Information no longer required will be destroyed or stored securely (if storage is a requirement of other legislation, or as required by the Public Records Office).
Openness: (Principle 5)
Bendigo TAFE will provide information to all individuals about the manner in which it manages the handling of personal, sensitive and health information. This information will be available to anyone who asks for it. Bendigo TAFE will also provide general information to any individual who asks, regarding the sort of personal sensitive and health information it holds and for what purpose, how it collects, holds, uses and discloses that information.
Access and Correction: (Principle 6)
Bendigo TAFE will, unless prohibited by the requirements of IPP6 and HPP6, provide the individual with access to the information, or the opportunity to correct information held, although in some circumstances a request for access will need to be made under the Freedom of Information Act 1982. In the event of a denial of access by Bendigo TAFE the individual will be provided reasons for the denial in accordance with IPP6 and HPP6.
Unique Identifiers: (Principle 7).
Bendigo TAFE will not collect or assign unique identifiers to individuals unless the collection or assignment of those identifiers is reasonably necessary to enable Bendigo TAFE to carry out any of its legal functions efficiently. These unique identifiers will not be shared with any other body or person unless the disclosure is necessary for Bendigo TAFE to fulfil its legal obligations to the other organisation. If these identifiers are collected or assigned the individual will be advised of the purpose for collection. The unique identifiers will not be used for any purpose other than that for which they were collected or assigned.
Anonymity: (Principle 8)
Bendigo TAFE will allow individuals the option of not identifying themselves in their dealings with Bendigo TAFE unless identification is required by law or is practicable.
Transborder Data Flows: (Principle 9)
Bendigo TAFE will not transfer personal, sensitive or health information to a person or organisation outside the State of Victoria unless Bendigo TAFE reasonably believes that the person or organisation is subject to a law or contract that upholds principles for fair handling of the information that are substantially similar to the IPP and HPP. In most circumstances the transborder transfer of personal, sensitive or health information about an individual will only be made with the individual’s consent.
Definitions
For the purposes of this policy, and in accordance with the IPA and HRA:
Consent: |
means express consent or implied consent. |
Health Information: |
means information or an opinion about the physical, mental or psychological health (at any time) of an individual; or a disability (at any time) of an individual; or an individual’s expressed wishes about the future provision of health services to him or her; or a health service provided, or to be provided, to an individual – that is also personal information. |
Individual: |
means an employee, a prospective employee, a client or a prospective client of Bendigo TAFE. |
Personal Information: |
means information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include information of a kind to which Schedule 2 [of] the Health Records Act 2001 applies. |
Primary Purpose: |
for Bendigo TAFE means provision of vocational education and training programs and services. Information includes enrolment information, tracking and reporting data, assessment information, recognition/award data, statutory statistical information, ethically approved research, internal marketing, employment and remuneration data, and statutory employment information. |
Sensitive Information |
means information or an opinion about an individual’s racial or ethnic origin; or political opinions; or membership of a political association; or religious beliefs or affiliations; or philosophical beliefs; or membership of a professional or trade association; or membership of a trade union; or sexual preferences or practices; or criminal record – that is also personal information. |
Unique Identifiers |
means an identifier (usually a number) assigned by an organisation to an individual uniquely to identify that individual for the purposes of the operation of the organisation. |
Roles/Responsibility
Manager - Human Resources
Manager - Student Administration
References
The following are available on http://www.legislation.vic.gov.au/
Health Records Act 2001
Information Privacy Act 2000
Freedom of Information Act 1982
Associated Documents
Proc723 Information Privacy Procedure
FPR_01 Bendigo TAFE Talent Release Form
GHR002 Information Privacy – Human Resources
GSA004 Student Services Privacy Guidelines
Warning – Uncontrolled when printed. The current version of this document is kept on the BMS.
Authorised by: Executive Management Committee Original Issue: 24/06/2002
Maintained by: Manager Human Resources & Manager Student Administration Current Version: 21/07/2010
Review Date: 07/2013 Policy No. Pol106