As of the 12/03/2014 Complex Institute of Education will be adhering to the Australian Privacy Principals (APPs) as outlined in the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amends the Privacy Act 1988. This means that Complex Institute of Education has studied the APPs and will ensure that all staff are aware of their responsibilities under them. The APPs cover the collection, use, disclosure and storage of personal information. They allow individuals to access their personal information and have it corrected if it is incorrect. There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7), cross-border disclosure of personal information (APP 8) and the adoption, use and disclosure of government related identifiers (APP 9).
The APPs are as follows and cover private sector organisations, Australian Government and Norfolk Island agencies covered by the Privacy Act 1988.
APP 1 &mdash Open and transparent management of personal information
APP 2 &mdash Anonymity and pseudonymity Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.
APP 3 &mdash Collection of solicited personal information Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.
APP 4 &mdash Dealing with unsolicited personal information Outlines how APP entities must deal with unsolicited personal information.
APP 5 &mdash Notification of the collection of personal information Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.
APP 6 &mdash Use or disclosure of personal information Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.
APP 7 &mdash Direct marketing An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.
APP 8 &mdash Cross-border disclosure of personal information Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.
APP 9 &mdash Adoption, use or disclosure of government related identifiers Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.
APP 10 &mdash Quality of personal information An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
APP 11 &mdash Security of personal information An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.
APP 12 &mdash Access to personal information Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.
APP 13 &mdash Correction of personal information Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.
All information that is gathered by Complex Institute of Education is freely given by the individual concerned and can only be accessed by nominated/authorised staff members. This information cannot be made available to any other organisation or individual except in cases where:
(a) the individual would reasonably expect the APP entity to use or disclose the information for the secondary purpose and the secondary purpose is:
(i) if the information is sensitive information&mdashdirectly related to the primary purpose; or
(ii) if the information is not sensitive information&mdashrelated to the primary purpose; or
(b) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
(c) a permitted general situation exists in relation to the use or disclosure of the information by the APP entity; or
(d) the APP entity is an organisation and a permitted health situation exists in relation to the use or disclosure of the information by the entity; or
(e) the APP entity reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
The types of organisations that Complex Institute of Education may release information to are:
- Government departments eg. Higher Education and Skills Group (HESG), DIICCSRTE, DIAC, , the Australian Taxation Office, Centrelink, and the Department of Education and Early Childhood Development;
- External organisations contracted for the purposes of undertaking Institute commissioned research for the benefit of the Institute and the student body;
- To an employer or organisation sponsoring a student’s study;
- To the parent or authorised representative of a student who is a minor (under 18);
- Other tertiary educational institutions for results, course completion or certificate verification to facilitate your subsequent application to that institution.
At all times Complex Institute of Education will be transparent in the matter of how information is collected and used. Complex Institute of Education will freely allow all stakeholders access to their own information and will freely explain to any interested stakeholder how information is collected, stored and used.
Information Security: (Principle 4) Complex Institute of Education will take all reasonable steps to ensure the information collected is protected from misuse and loss, and is safe from unauthorised access, modification or disclosure. Information no longer required will be destroyed or stored securely (if storage is a requirement of other legislation, or as required by the Public Records Office). Information held in student files that are being used or are being held outside of the secure storage area will at all times be under the control of an authorised member of the staff of Complex Institute of Education.
Openness: (Principle 5) Complex Institute of Education will provide information to all individuals about the manner in which it manages the handling of personal, sensitive and health information. This information will be available to anyone who asks for it. Complex Institute of Education will also provide general information to any individual who asks, regarding the sort of personal sensitive and health information it holds and for what purpose, how it collects, holds, uses and discloses that information.
Access and Correction: (Principle 6) Complex Institute of Education will, unless prohibited by the requirements of IPP6 and HPP6, provide the individual with access to the information, or the opportunity to correct information held. Under some circumstances Complex Institute of Education will be unable to allow correction of information that it holds, in these cases the reasons for the denial will be made clear and the individual requesting the change of information will have access to Complex Institute of Educations normal complaints handling procedure.
Anonymity: (Principle 8) Complex Institute of Education will allow individuals the option of not identifying themselves in their dealings with Complex Institute of Education unless identification is required by law or is practicable. It must be remembered that no educational services can be offered unless the student freely identifies themselves. In the case of students anonymity is not an option.
Complex Institute of Education will not allow the transfer of any personal information unless the transfer is brought about by a function of the law. This includes transfer to any bodies or individuals who live outside of Victoria. The only exception will be the transfer of information to the parents or appointed guardian of students under the age of 18.