Assurance Services is responsible for managing the University's Privacy Management Plan and Agency Information Guide and has a proactive role in identifying risk - as relates to the University's responsibilities under Privacy and Open Access legislation.
Assurance Services responds to enquiries and concerns about privacy and personal information raised by students, staff, or the wider university community. In responding to concerns, our office will also advise individuals of their right to seek an internal review under the Privacy and Personal Information (PPIP) Act.
Assurance Services is currently working to align the University’s privacy framework with the European Union General Data Protection Regulation 2016/679 (GDPR). The GDPR applies to personal data of individuals located in the European Economic Area, regardless of where data processing occurs.
For all inquiries in relation to privacy or the University’s compliance with the GDPR, please contact the University's Privacy Office or the Data Protection Officer at firstname.lastname@example.org.
Assurance Services provides advice to officers of the University on privacy matters associated with new or existing projects/systems/tasks. In doing so Assurance Services may:
- provide information on applicable Privacy and Information Protection Principles or Health Information Protection Principles
- identify points that breach or are at risk of breaching the Privacy Principles
- make suggested changes to documents/projects if those changes would resolve the issues identified
- advise where additional information is required of the client and identify relevant questions
- make a recommendation that a business case or existing process be reviewed, if the privacy risks cannot be resolved by changes to the documents
- make recommendations regarding that review
- where appropriate, report observations and recommendations to a relevant senior officer.
The Senior University Compliance & Privacy Officer can also assist with the preparation of privacy notices and provide tailored training sessions for business units.
The Senior University Compliance & Privacy Officer needs to be made aware of any identified breaches or potential breaches of Privacy and may need to report these to the University Executive or Privacy Commissioner (via the Director Assurance Services). The Privacy and Right to Information Office will provide advice on any action required in such cases.
For more information on Privacy at the University of Newcastle please see: