Home » Information Privacy and Records policy

Information Privacy and Records policy

Information Privacy and Records policy

(in accordance with the Privacy and Data Protection Act 2014 and the Health Records Act 2001)

This policy explains how our school collects and manages personal and health information, consistent with Victorian privacy law.

Current version of this policy

This policy will be regularly reviewed and updated to take account of new laws and technology and the changing school environment when required.

Definitions

Personal information is information or opinion, whether true or not, about a person whose identity is apparent, or can reasonably be ascertained, from the information or opinion – that is recorded in any form. For example, a person’s name, address, phone number and date of birth (age). De-identified information about students can also be personal information.

Health information is information or opinion about a person’s physical, mental or psychological health or disability, that is also personal information – whether in writing or not. This includes information or opinion about a person’s health status and medical history, immunisation status and allergies, as well as counselling records.

Sensitive information is information or opinion about a set of specific characteristics, including a person’s racial or ethnic origin, political opinions or affiliations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices; or criminal record. It also includes health information.

What information do we collect?

Our school collects the following type of information:

  • information about students and their family, provided by students, their family and others
  • information about job applicants, staff, volunteers and visitors; provided by job applicants, staff members, volunteers, visitors and others.

How do we collect this information?

Our school collects information in a number of ways, including:

  • in person and over the phone: from students and their family, staff, volunteers, visitors, job applicants and others
  • from electronic and paper documentation: including job applications, emails, invoices, enrolment forms, letters to our school, consent forms (for example: enrolment, excursion, Student Support Services consent forms), our school’s website or school-controlled social media
  • through online tools: such as apps and other software used by our school
  • through any CCTV cameras located at our school.

Collection notices

When our school collects information about you, our school takes reasonable steps to advise you of certain matters. This includes the purpose of the collection, and how to access, update and correct information held about you. For information about students and their families, a collection notice is provided to parents (or mature minor students) upon enrolment.

Unsolicited information about you

Our school may receive information about you that we have taken no active steps to collect. If permitted or required by law, our school may keep records of this information. If not, we will destroy or de-identify the information when practicable, lawful and reasonable to do so.

Why do we collect this information?

Primary purposes of collecting information about students and their families

Our school collects information about students and their families when necessary to:

  • educate students
  • support students’ social and emotional wellbeing, and health
  • fulfil legal requirements, including to:
    • take reasonable steps to reduce the risk of reasonably foreseeable harm to students, staff and visitors (duty of care)
    • make reasonable adjustments for students with disabilities (anti-discrimination law)
    • provide a safe and secure workplace (occupational health and safety law)
  • enable our school to:
    • communicate with parents about students’ schooling matters and celebrate the efforts and achievements of students
    • maintain the good order and management of our school
  • enable the Department to:
    • ensure the effective management, resourcing and administration of our school
    • fulfil statutory functions and duties
    • plan, fund, monitor, regulate and evaluate the Department’s policies, services and functions
    • comply with reporting requirements
    • investigate incidents in schools and/or respond to any legal claims against the Department, including any of its schools.

When do we use or disclose information?

Our school uses or discloses information consistent with Victorian privacy law, as follows:

  1. for a primary purpose – as defined above
  2. for a related secondary purpose that is reasonably to be expected – for example, to enable the school council to fulfil its objectives, functions and powers
  3. with notice and/or consent – including consent provided on enrolment and other forms
  4. when necessary to lessen or prevent a serious threat to:
    • a person’s life, health, safety or welfare
    • the public’s health, safety or welfare
  5. when required or authorised by law – including as a result of our duty of care, anti-discrimination law, occupational health and safety law, reporting obligations to agencies such as Department of Health and Human Services and complying with tribunal or court orders, subpoenas or Victoria Police warrants
  6. to investigate or report unlawful activity, or when reasonably necessary for a specified law enforcement purpose, including the prevention or investigation of a criminal offence or seriously improper conduct, by or on behalf of a law enforcement agency
  7. for Departmental research or school statistics purposes
  8. to establish or respond to a legal claim.

Responding to complaints

On occasion, our school and the Department’s central and regional offices receive complaints from parents and others. Our school and/or the Department’s central or regional offices will use and disclose information as considered appropriate to respond to these complaints (including responding to complaints made to external organisations or agencies).

Accessing your information

All individuals, or their authorised representative(s), have a right to access, update and correct information that our school holds about them.

Access to student information

Our school only provides school reports and ordinary school communications to parents who have a legal right to that information.

In some circumstances, an authorised representative may not be entitled to information about the student. These circumstances include when granting access would not be in the student’s best interests or would breach our duty of care to the student, would be contrary to a mature minor student’s wishes or would unreasonably impact on the privacy of another person.

Access to staff information

School staff may first seek access to their personnel file by contacting the principal. If direct access is not granted, the staff member may request access through the Department’s Freedom of Information Unit.

Storing and securing information

Our school takes reasonable steps to protect information from misuse and loss, and from unauthorised access, modification and disclosure. Our school stores all paper and electronic records securely, consistent with the Department’s records management policy and information security standards.

When using software and contracted service providers to manage information, our school assesses these according to the appropriate departmental processes. One example of this is that staff passwords for school systems are strong and updated on a regular basis, consistent with the Department’s password policy.

School compliance strategies

Some strategies our school can implement to ensure compliance with the privacy legislation include:

  • nominating a person to manage and review the school’s privacy practices
  • conducting a privacy audit to determine what information the school collects, how information is used and with whom information is shared
  • examining data security arrangements
  • ensuring all staff, including volunteers, are aware and compliant with the Schools’ Privacy Policy and supporting documents
  • treating all privacy complaints in the strictest confidence and seeking advice from the Privacy team as needed, on (03) 8688 7967 or [email protected]

Privacy exemptions

Personal and health information can be disclosed for a purpose other than for which it was collected and without the person’s consent when the disclosure is:

  • necessary to lessen or prevent a threat to life, health or safety
  • required, authorised or permitted by law or for law enforcement purposes
  • used for research or compilation of statistics in the public interest, in certain limited circumstances.

Privacy and duty of care

Privacy laws recognise and permit schools collecting, using and disclosing information so that they can comply with their duty of care to students.  A key element of duty of care is that the processes and procedures used are documented and records kept.

Privacy and parents/guardians

To assist decision making about a student’s needs, schools inform parents/guardians of the student’s academic progress, behaviour, educational options or special educational requirements.

Privacy laws do not restrict this use of the information, as this is the purpose for which it is collected.

Court orders

Unless a court order is made under the Family Law Act, both parents of a student have the same rights to access information about the student.

Enrolment information

Schools must:

  • provide a privacy collection notice with the enrolment form explaining to the parents and student why this information is being collected, what it is used for, where it might be disclosed and how they can access information held about them
  • only use the information collected during enrolment for the purposes that it was collected for.  Disclosure for an unrelated purpose requires parental consent or in the case of a secondary student the content of the parent and student, unless the circumstances fall within one of the above privacy exemptions.

Health information

Health related information can be kept confidential by the principal, or shared with:

  • selected staff to the extent they need to know to care for the student, or
  • all staff when they need to know in case of emergencies.

Note 1: Counselling services are health services and records are confidential health records.  Confidentiality of information disclosed during a counselling session must be maintained unless the student provides consent or the situation falls into a privacy exemption category.

Note 2: Career counselling is not a health service.

个人隐私与记录管理条例

(遵照《2014隐私与数据保护法》和《2001健康纪录法》)

本管理条例旨在说明我校依据维州的隐私法如何收集和管理个人和健康信息。

本管理条例的最新版本

本管理条例将依据新的法律和技术以及学校不断更新的环境进行定期审查和更新。

定义

个人信息是指以任何形式保存的关于一个人的信息或观点(无论真实与否),此人的身份可轻易分辩或可合理地进行分辩。个人信息包括,一个人的姓名、住址、电话号码和出生日期(年龄)。去除掉身份识别的学生信息也可以被称为个人信息。

健康信息是指无论是否以书面形式记录下来的关于一个人的生理、心理健康或残疾的信息或观点,这些也属于个人信息,例如,一个人的健康状况、医疗记录、免疫状况、过敏情况以及就诊记录。

敏感信息是有关一个人的一系列特别属性的信息或观点,包括一个人的种族来源、政治观点或派别、宗教信仰或派别、哲学信仰、性倾向或性行为和犯罪记录等,这也包括一个人的健康信息。

我们收集哪些信息?

我校主要收集以下类别的信息:

  • 由学生及其家人或其他人提供的有关学生及其家庭的信息
  • 由应聘人员、员工、志愿者、来访者和其他人提供的其个人信息

我们如何收集这些信息?

我校通过多种方式收集信息,包括:

  • 当面收集和通过电话收集:向学生及其家庭、工作人员、志愿者、来访者、应聘人员和其他人收集信息
  • 通过电子和纸质文件:包括工作申请、电子邮件、发票、报名表、发送给我校的信件、同意书(如注册报名表、校外活动报名表、学生辅助服务同意书)、学校网站或学校控制的社交媒体
  • 通过网络工具:如APP和其它我校使用的软件
  • 通过校区内安装的CCTV摄像头

信息收集通知

我校会采取恰当的措施告知您我们正在收集有关您的信息,如这些信息的用途、如何接触、更新和修改这些有关您的信息。有关学生及其家庭的信息,我们会在注册报名时向家长(或稍年长的学生)提供一份信息收集通知。

未经请求的信息

我校可能会收到未主动向您请求而得到的有关您的信息。如果法律允许,我校也许会保留这些信息。否则,我们会以合法合理且实际的方式销毁这些信息,或者去除这些信息的身份识别。

我们为什么收集这些信息?

收集学生及其家庭相关信息的主要作用

我校会在有必要的情况下收集学生及其家庭的信息以用于:

  • 教育学生
  • 为学生的社交、心理和生理健康提供帮助
  • 履行法律义务,包括:
    • 采取恰当的措施减少对学生、教职员工和来访者可能造成的危险
    • 为有残障的学生进行恰当的调整
    • 提供一个安全的工作环境
  • 帮助学校:
    • 联系家长,沟通有关学生在学校的表现,鼓励学生的努力和成绩
    • 维护学校的有序管理
  • 帮助教育部:
    • 确保我校的有效管理和资源合理分配
    • 发挥法定功能和履行法定义务
    • 规划、拨款、监督、管理和评估教育部的政策、服务与功能
    • 符合报告的要求
    • 调查学校的事故及/或应对针对教育部包括其所管辖学校的任何法律诉讼

我校何时使用或公开这些信息?

我校依据维州隐私法在以下情况下使用或公开所收集的信息:

  1. 用于主要用途 – 请参照前述
  2. 用于相关的次要且合理的用途,例如,帮助校委会履行其宗旨、功能和权力
  3. 在发出通知及/或得到许可的情况 下 – 包括在报名表及其他表格上提供的同意书
  4. 在有必要的情况减少或防止对以下人群的严重威胁:
    • 个人的生命、健康、安全或福祉
    • 公众的健康、安全或福祉
  5. 在有必要或法律授权的情况下 – 包括因为照顾责任、反歧视法、职业健康与安全法、向卫生部等机构提交报告、履行相关法律义务等
  6. 调查或报告非法行为,或由法律强制机构或代表法律强制机构因法律强制目的采取的有必要的合理的行为,包括防止或调查犯罪行为或严重的不法行为
  7. 基于教育部的研究或学校数据收集的目的
  8. 采取或应对法律诉讼

应对投诉

我校和教育部的中央及地区办公室有时会收到来自家长或其他人的投诉。我校及/或教育部的中央及地区办公室将以适当的方式使用和公开收集到的信息以应对这些投诉(包括针对外部组织或机构的投诉)。

获取您的信息

所有个人或其授权代表都有权读取、更新和修改我校保留的有关他们的信息。

获取学生的信息

我校只会向依法有权获取学生信息的家长提供该学生的成绩报告及日常的学校沟通信息。

在有些情况下,即使授权的代表也有可能无法获得学生的信息,比如获得这些信息可能侵害学生的最大利益或违反对该学生的照顾责任,或者与学生的愿望相抵触,或者可能不合理地影响到他人的隐私。

获取教职员工的信息

学校教职员工如果需要获取自己的档案资料,可直接与学校校长联系。

保存信息与信息安全

我校会采取恰当的措施防止信息被误用或遗失,或者被未授权方读取、修改和公开。我校根据教育部有关档案管理和信息安全的相关规定以安全的方式保存所有的纸质和电子档案。

我校遵守教育部的规定运用恰当的软件和服务运营商对信息进行管理,学校系统的密码定期更新。

学校保护信息隐私的措施

学校采取以下措施以确保符合隐私法的要求:

  • 指派一位员工管理和审核学校的隐私保护措施
  • 组织隐私保护审计以确定学校应该收集哪些信息,信息如何使用和分享
  • 确保包括志愿者在内的所有教职员工都了解学校的隐私保护政策及相关文件
  • 对于所有有关隐私保护的投诉绝对保密,并在必要的情况下向专业的隐私保护团队寻求帮助,求助热线(03) 8688 7967,电邮:[email protected]

隐私保护特例

在以下情况下,个人和健康信息有可能不是出于收集时的目的或不经个人允许而公开,例如:

  • 为减少或防止对他人生命、健康或安全的威胁
  • 法律要求、授权或允许,或出于法律强制目的
  • 在某些特定情况下用于有利于公众利益的研究或数据收集。

隐私和照顾责任

隐私法接受并允许学校收集、使用和公开有关信息以履行对学生的照顾责任,照顾责任的一个重要环节就是所有使用到的工作流程和措施都要记录下来并妥善保存。

隐私与家长/监护人

学校为协助学生做出有关其学习或其他需求的决定,会向家长/监护人通报学生的学习成绩、在校表现、教育选择或特殊教育要求。

法庭指令

除依据家庭法做出的法庭指令外,学生的双方家长有同等权利获得该学生的有关信息。

报名注册信息

学校必须:

  • 在报名注册表上注明个人信息收集提示,向家长和学生说明为什么收集这些信息,作何用途,何种情况下公开以及如何获取学校保留的信息。
  • 仅使用在报名注册时收集到的个人信息,并仅用于收集时声明的使用用途。如果需要将个人信息用于其它用途,必须得到家长的同意,或者如涉及另一位学生,必须得到这位学生及家长的同意,或者使用用途在隐私保护特例范围之内。

Health information

Health related information can be kept confidential by the principal, or shared with:

  • selected staff to the extent they need to know to care for the student, or
  • all staff when they need to know in case of emergencies.

Note 1: Counselling services are health services and records are confidential health records.  Confidentiality of information disclosed during a counselling session must be maintained unless the student provides consent or the situation falls into a privacy exemption category.

Note 2: Career counselling is not a health service.