Home » Information Privacy and Records policy

Information Privacy and Records policy

Information Privacy and Records policy

(in accordance with the Privacy and Data Protection Act 2014 and the Health Records Act 2001)

This policy explains how our school collects and manages personal and health information, consistent with Victorian privacy law.

Current version of this policy

This policy will be regularly reviewed and updated to take account of new laws and technology and the changing school environment when required.


Personal information is information or opinion, whether true or not, about a person whose identity is apparent, or can reasonably be ascertained, from the information or opinion – that is recorded in any form. For example, a person’s name, address, phone number and date of birth (age). De-identified information about students can also be personal information.

Health information is information or opinion about a person’s physical, mental or psychological health or disability, that is also personal information – whether in writing or not. This includes information or opinion about a person’s health status and medical history, immunisation status and allergies, as well as counselling records.

Sensitive information is information or opinion about a set of specific characteristics, including a person’s racial or ethnic origin, political opinions or affiliations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices; or criminal record. It also includes health information.

What information do we collect?

Our school collects the following type of information:

  • information about students and their family, provided by students, their family and others
  • information about job applicants, staff, volunteers and visitors; provided by job applicants, staff members, volunteers, visitors and others.

How do we collect this information?

Our school collects information in a number of ways, including:

  • in person and over the phone: from students and their family, staff, volunteers, visitors, job applicants and others
  • from electronic and paper documentation: including job applications, emails, invoices, enrolment forms, letters to our school, consent forms (for example: enrolment, excursion, Student Support Services consent forms), our school’s website or school-controlled social media
  • through online tools: such as apps and other software used by our school
  • through any CCTV cameras located at our school.

Collection notices

When our school collects information about you, our school takes reasonable steps to advise you of certain matters. This includes the purpose of the collection, and how to access, update and correct information held about you. For information about students and their families, a collection notice is provided to parents (or mature minor students) upon enrolment.

Unsolicited information about you

Our school may receive information about you that we have taken no active steps to collect. If permitted or required by law, our school may keep records of this information. If not, we will destroy or de-identify the information when practicable, lawful and reasonable to do so.

Why do we collect this information?

Primary purposes of collecting information about students and their families

Our school collects information about students and their families when necessary to:

  • educate students
  • support students’ social and emotional wellbeing, and health
  • fulfil legal requirements, including to:
    • take reasonable steps to reduce the risk of reasonably foreseeable harm to students, staff and visitors (duty of care)
    • make reasonable adjustments for students with disabilities (anti-discrimination law)
    • provide a safe and secure workplace (occupational health and safety law)
  • enable our school to:
    • communicate with parents about students’ schooling matters and celebrate the efforts and achievements of students
    • maintain the good order and management of our school
  • enable the Department to:
    • ensure the effective management, resourcing and administration of our school
    • fulfil statutory functions and duties
    • plan, fund, monitor, regulate and evaluate the Department’s policies, services and functions
    • comply with reporting requirements
    • investigate incidents in schools and/or respond to any legal claims against the Department, including any of its schools.

When do we use or disclose information?

Our school uses or discloses information consistent with Victorian privacy law, as follows:

  1. for a primary purpose – as defined above
  2. for a related secondary purpose that is reasonably to be expected – for example, to enable the school council to fulfil its objectives, functions and powers
  3. with notice and/or consent – including consent provided on enrolment and other forms
  4. when necessary to lessen or prevent a serious threat to:
    • a person’s life, health, safety or welfare
    • the public’s health, safety or welfare
  5. when required or authorised by law – including as a result of our duty of care, anti-discrimination law, occupational health and safety law, reporting obligations to agencies such as Department of Health and Human Services and complying with tribunal or court orders, subpoenas or Victoria Police warrants
  6. to investigate or report unlawful activity, or when reasonably necessary for a specified law enforcement purpose, including the prevention or investigation of a criminal offence or seriously improper conduct, by or on behalf of a law enforcement agency
  7. for Departmental research or school statistics purposes
  8. to establish or respond to a legal claim.

Responding to complaints

On occasion, our school and the Department’s central and regional offices receive complaints from parents and others. Our school and/or the Department’s central or regional offices will use and disclose information as considered appropriate to respond to these complaints (including responding to complaints made to external organisations or agencies).

Accessing your information

All individuals, or their authorised representative(s), have a right to access, update and correct information that our school holds about them.

Access to student information

Our school only provides school reports and ordinary school communications to parents who have a legal right to that information.

In some circumstances, an authorised representative may not be entitled to information about the student. These circumstances include when granting access would not be in the student’s best interests or would breach our duty of care to the student, would be contrary to a mature minor student’s wishes or would unreasonably impact on the privacy of another person.

Access to staff information

School staff may first seek access to their personnel file by contacting the principal. If direct access is not granted, the staff member may request access through the Department’s Freedom of Information Unit.

Storing and securing information

Our school takes reasonable steps to protect information from misuse and loss, and from unauthorised access, modification and disclosure. Our school stores all paper and electronic records securely, consistent with the Department’s records management policy and information security standards.

When using software and contracted service providers to manage information, our school assesses these according to the appropriate departmental processes. One example of this is that staff passwords for school systems are strong and updated on a regular basis, consistent with the Department’s password policy.

School compliance strategies

Some strategies our school can implement to ensure compliance with the privacy legislation include:

  • nominating a person to manage and review the school’s privacy practices
  • conducting a privacy audit to determine what information the school collects, how information is used and with whom information is shared
  • examining data security arrangements
  • ensuring all staff, including volunteers, are aware and compliant with the Schools’ Privacy Policy and supporting documents
  • treating all privacy complaints in the strictest confidence and seeking advice from the Privacy team as needed, on (03) 8688 7967 or [email protected]

Privacy exemptions

Personal and health information can be disclosed for a purpose other than for which it was collected and without the person’s consent when the disclosure is:

  • necessary to lessen or prevent a threat to life, health or safety
  • required, authorised or permitted by law or for law enforcement purposes
  • used for research or compilation of statistics in the public interest, in certain limited circumstances.

Privacy and duty of care

Privacy laws recognise and permit schools collecting, using and disclosing information so that they can comply with their duty of care to students.  A key element of duty of care is that the processes and procedures used are documented and records kept.

Privacy and parents/guardians

To assist decision making about a student’s needs, schools inform parents/guardians of the student’s academic progress, behaviour, educational options or special educational requirements.

Privacy laws do not restrict this use of the information, as this is the purpose for which it is collected.

Court orders

Unless a court order is made under the Family Law Act, both parents of a student have the same rights to access information about the student.

Enrolment information

Schools must:

  • provide a privacy collection notice with the enrolment form explaining to the parents and student why this information is being collected, what it is used for, where it might be disclosed and how they can access information held about them
  • only use the information collected during enrolment for the purposes that it was collected for.  Disclosure for an unrelated purpose requires parental consent or in the case of a secondary student the content of the parent and student, unless the circumstances fall within one of the above privacy exemptions.

Health information

Health related information can be kept confidential by the principal, or shared with:

  • selected staff to the extent they need to know to care for the student, or
  • all staff when they need to know in case of emergencies.

Note 1: Counselling services are health services and records are confidential health records.  Confidentiality of information disclosed during a counselling session must be maintained unless the student provides consent or the situation falls into a privacy exemption category.

Note 2: Career counselling is not a health service.












  • 由学生及其家人或其他人提供的有关学生及其家庭的信息
  • 由应聘人员、员工、志愿者、来访者和其他人提供的其个人信息



  • 当面收集和通过电话收集:向学生及其家庭、工作人员、志愿者、来访者、应聘人员和其他人收集信息
  • 通过电子和纸质文件:包括工作申请、电子邮件、发票、报名表、发送给我校的信件、同意书(如注册报名表、校外活动报名表、学生辅助服务同意书)、学校网站或学校控制的社交媒体
  • 通过网络工具:如APP和其它我校使用的软件
  • 通过校区内安装的CCTV摄像头








  • 教育学生
  • 为学生的社交、心理和生理健康提供帮助
  • 履行法律义务,包括:
    • 采取恰当的措施减少对学生、教职员工和来访者可能造成的危险
    • 为有残障的学生进行恰当的调整
    • 提供一个安全的工作环境
  • 帮助学校:
    • 联系家长,沟通有关学生在学校的表现,鼓励学生的努力和成绩
    • 维护学校的有序管理
  • 帮助教育部:
    • 确保我校的有效管理和资源合理分配
    • 发挥法定功能和履行法定义务
    • 规划、拨款、监督、管理和评估教育部的政策、服务与功能
    • 符合报告的要求
    • 调查学校的事故及/或应对针对教育部包括其所管辖学校的任何法律诉讼



  1. 用于主要用途 – 请参照前述
  2. 用于相关的次要且合理的用途,例如,帮助校委会履行其宗旨、功能和权力
  3. 在发出通知及/或得到许可的情况 下 – 包括在报名表及其他表格上提供的同意书
  4. 在有必要的情况减少或防止对以下人群的严重威胁:
    • 个人的生命、健康、安全或福祉
    • 公众的健康、安全或福祉
  5. 在有必要或法律授权的情况下 – 包括因为照顾责任、反歧视法、职业健康与安全法、向卫生部等机构提交报告、履行相关法律义务等
  6. 调查或报告非法行为,或由法律强制机构或代表法律强制机构因法律强制目的采取的有必要的合理的行为,包括防止或调查犯罪行为或严重的不法行为
  7. 基于教育部的研究或学校数据收集的目的
  8. 采取或应对法律诉讼















  • 指派一位员工管理和审核学校的隐私保护措施
  • 组织隐私保护审计以确定学校应该收集哪些信息,信息如何使用和分享
  • 确保包括志愿者在内的所有教职员工都了解学校的隐私保护政策及相关文件
  • 对于所有有关隐私保护的投诉绝对保密,并在必要的情况下向专业的隐私保护团队寻求帮助,求助热线(03) 8688 7967,电邮:[email protected]



  • 为减少或防止对他人生命、健康或安全的威胁
  • 法律要求、授权或允许,或出于法律强制目的
  • 在某些特定情况下用于有利于公众利益的研究或数据收集。









  • 在报名注册表上注明个人信息收集提示,向家长和学生说明为什么收集这些信息,作何用途,何种情况下公开以及如何获取学校保留的信息。
  • 仅使用在报名注册时收集到的个人信息,并仅用于收集时声明的使用用途。如果需要将个人信息用于其它用途,必须得到家长的同意,或者如涉及另一位学生,必须得到这位学生及家长的同意,或者使用用途在隐私保护特例范围之内。

Health information

Health related information can be kept confidential by the principal, or shared with:

  • selected staff to the extent they need to know to care for the student, or
  • all staff when they need to know in case of emergencies.

Note 1: Counselling services are health services and records are confidential health records.  Confidentiality of information disclosed during a counselling session must be maintained unless the student provides consent or the situation falls into a privacy exemption category.

Note 2: Career counselling is not a health service.