|
|
|
|
|
 |
|
Personal Information Privacy Plan |
|
|
|
In pursuit of its mission, the University values:
The University's commitment to individual rights, ethical standards and social justice includes commitments to the appropriate collection, storage and use of information, and to the protection of the privacy of personal information.
In undertaking our normal business of teaching, learning and research, the University collects, stores and uses personal information. Learning and research in all fields of human endeavour will often necessarily involve the collection of personal information. While we treat this information with the highest standards of confidentiality and privacy, there are occasions when we may disclose this information to third parties where required by law, or where necessary for the conduct of our business.
There are a range of guidelines, processes and policies already in place to protect the privacy of personal information at Griffith University. This Privacy Plan represents the integration of the Queensland Information Standards into the University's existing policy framework, and is the umbrella instrument for all documents relating to confidentiality and privacy within the University.
The overall responsibility for privacy in the University resides with the Vice Chancellor and President. The responsibility for day to day management has been delegated to the Pro Vice Chancellor (Administration). The Pro Vice Chancellor (Administration) as Privacy Contact Officer is the first point of contact for members of the campus community and the public on privacy matters including general information, requests to access and/or amend personal information, and for internal review and resolution of complaints.
The Griffith University Privacy Plan has been developed in accordance with the Queensland Government Information Standard 'Queensland Privacy' (IS42) which provides 11 Information Privacy Principles (see 3.1 in IS42for IPPs). These IPPs represent the community standard for collecting, storing, using and disclosure of personal information by public agencies in Queensland. The Queensland IPPs are similar to the 11 Information Privacy Principles in the Commonwealth Privacy Act 1988.
Queensland Privacy is state government policy, not legislation, and is subject to legislation and existing contractual responsibilities of agencies: eg. legislation which takes precedence includes the Queensland Freedom of Information Act 1992; the confidentiality provisions of the Queensland Child Care Act 2002; section 63 of the Queensland Health Services Act 1991; the Libraries Act 1988; Griffith University Act 1998, and pre-existing contracts might require adherence to the privacy regime of the Commonwealth, of other states, and of other countries for the purposes of that contract.
Under the provisions of IS42, all agencies are required to appoint a Privacy Contact Officer, and develop a Privacy Plan and a Privacy and Information Security Statement. In accordance with those requirements, the University has appointed a Privacy Contact Officer and has developed this Privacy Plan and accompanying Privacy and Information Security Statement. The Privacy Plan is reviewed annually in accordance with IS42.
Personal information is defined within IS42 as any information that would allow an individual to be identified, for example their name, age or physical characteristics. Personal information can be an opinion about an individual, which need not be true, or anything from which the person's identity could be reasonably ascertained.
Personal information can be stored on a variety of media such as paper, electronic database, photographic and video image, digital form and may also extend to body sample and biometric data.
The definition of personal information is very broad. However, IS42 does not apply where there is a statutory basis for the collection, storage, use and disclosure of personal information and where the personal information concerns a deceased person.
The University collects, stores and uses personal information to administer a variety of business related and administrative programs. Appendix 1 provides a comprehensive list of the types of personal information the University collects. Individuals can obtain information regarding access to their personal information documents under the provisions of IS42 by contacting the Privacy Contact Officer. Records may relate to persons with a current, former or prospective relationship with the University.
In general, the University will not use or disclose personal information unless the person about whom the information was collected is aware of, or has consented to that use or disclosure. However, the University may use or disclose personal information where required by law, or where it is necessary for certain types of law enforcement, or where it is necessary to protect against a serious and imminent threat to a person's life or health.
Existing contracts, licenses and outsourcing arrangements were developed prior to the introduction of the requirements of IS42, and therefore may not include clauses that meet the specific requirements of the Information Privacy Principles. However, it has been consistent practice of the University in relation to such arrangements to ensure the confidentiality, relevance, and integrity of personal information collected and used under the provision of such arrangements. In addition, many of our contracts are subject to the privacy regimes of the Commonwealth and of other administrations.
Over time, each of these arrangements will either cease or come up for review. Reviews will be undertaken with the object of including appropriate privacy clauses into the arrangements. In accordance with current practice, the Legal Services Unit will ensure that all new arrangements are compliant with the requirements of IS42 before clearing the documents for signature.
Griffith University is not required to maintain any public registers. Any person who believes that there is a public register maintained either by or within the University that may affect them adversely should contact the Privacy Contact Officer, Office of the Pro Vice Chancellor (Administration), Griffith University, Nathan Qld 4111.
Individuals can obtain information about personal information which the University may hold about them, and can request access to that information by contacting the Privacy Contact Officer, Office of the Pro Vice Chancellor (Administration), Griffith University, Nathan Qld 4111. Individuals can also contact that person to request an amendment to the personal information held by the University about them, or to request an internal review of a decision made in response to a request for access or amendment. For further information, see Procedures for Access to and Amendment of Personal Information/Complaints and Internal Review Procedures.
Requests may be made by letter or by e-mail.
Records generally relate to current and former staff and students and may be stored on a variety of media including paper and electronic media.
If an individual believes that their personal information has not been dealt with in accordance with an IPP they may make a complaint to the Privacy Contact Officer, Office of the Pro-Vice Chancellor (Administration), Griffith University, Nathan Qld 4111. Requests must be made in writing and must be made within six months from the date when the breach was suspected to have occurred. Requests will be accepted via e-mail or by letter.
Requests will be acknowledged in writing within 14 days from the date on which the application was received, and the University will process the request within 60 days from the date on which the application was received. Applicants will be advised in writing of the University's decision.
If an applicant does not agree with the University's decision they may request an internal review by writing to the Vice Chancellor and President. The Vice Chancellor and President will arrange for an internal review to be carried out by a senior officer who has not previously been involved in the matter. This will be done within 45 days. The applicant will receive a response in writing. For further information, see Procedures for Access to and Amendment of Personal Information/Complaints and Internal Review Procedures.
Ian O'Connor
Vice Chancellor & President
September 2007