FAQs - General
Personal information is any information that identifies an individual. Under the Privacy and Personal Information Protection Act 1998, personal information means 'information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion'.
Some information on its own may not readily identify a person, but where there is a connection between the information and the individual, this is when it is deemed as personal information.
Examples of personal information include name, signature, phone number, address, date of birth, photographs, academic records, employment history.
Health Information is personal and can include medical records, medical history, health services used and to be accessed.
Sensitive information is a restricted type of personal information that includes a person's racial or ethnic origin, religious beliefs, political opinions and associations, criminal records, some health information, and sexual orientation or practices.
Sensitive information has a higher level of privacy protection and must be handled in strict confidence and with explicit consent.
In NSW personal information is protected under two legislations, the Privacy and Personal Information Protections Act 1998 (PPIPA) and the Health Records Information Privacy Act 2002 (HRIPA).
These are legal obligations which the University, and NSW government agencies, statutory bodies and local councils, must observe when collecting, storing, using or disclosing personal information. The University of Newcastle is committed to the protection of its stakeholders' privacy as outlined in the University's Privacy Management Plan.
Most states and territories have their own privacy laws. The Privacy and Personal Information Protection Act 1998 (NSW) and its Protection Principles regulate NSW public sector agencies, such as the University of Newcastle, in how personal information is collected and handled (this excludes health information which is regulated under the Health Records and Information Privacy Act 2002 and its Protection Principles in how health information is collected and handled by NSW public sector agencies).
The Privacy Act 1988 (Privacy Act) is a Federal legislation which does not cover local, state or territory government agencies, except the Norfolk Island administration. The Privacy Act has been established to protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million manage personal information.
Yes. There are exemptions to the privacy laws under certain circumstances. Some examples are the use or disclosure of personal information to prevent a serious and imminent threat, for law enforcement purposes, or when another law authorises the exemption. Exemptions are detailed in PPIPA.
A privacy statement, or collection notice, is the means by which an organisation advises individuals the reason their personal information is being collected and what it will be used for. Collection notices should be provided at or before the time (or as soon as practicable after) personal information is collected from individuals. A collection notice can be verbal or written.
When an individual's personal information has been appropriately de-identified and there is no reasonable likelihood of re-identification of the individual occurring, it is then no longer classified as personal information.
An example of de-identification is the removal of ‘Identifiers’, such as name, address, telephone number or Tax File Number), and replaced with coding or pseudonymising.
A photo or image of a person is considered as personal information if that person can be reasonably identified. Therefore, where possible, the responsible person should endeavour to obtain explicit consent from the individual before capturing the photo or image. The individual must be informed how the photo/image will be used and where it will be published, e.g. University website for specific promotional activities.
Where it is not possible or it is impracticable to obtain individual consent, such as large events or gatherings, sufficient notification must be provided to persons advising that photography will be taking place and how and where the imagery will be used. This can be provided through adequate signage, printed material or announcements. People may then make an informed choice of whether they wish to be in an area where photography is taking place.
An individual has the right to approach the photographer at University events and ask not be photographed.
Minors are not to be photographed where they can be readily identified in the image or photo.
FAQs - Staff
When collecting information from an individual it is crucial they are advised at the point of collection, or within a reasonable timeframe thereafter, why you are collecting their personal information, what you will do with it and who will have access to it.
Tell the person they have the right to view and correct their personal information, and any consequences that may apply if they decide not to provide their information, such as not being able to access a particular service.
No. Do not assume that because you have authorised access to personal information held by the University in the capacity of your role, that you can access it without a reason related to University business.
You must only access personal information for the purposes of your role. Also do not assume that other University members automatically have a right to the same information, and therefore you can readily provide the information to colleagues.
The access and use of an individual's personal information is both protected and limited under the law. Exceptions to access, use and disclose personal information may be in the case where the disclosure of the information will prevent or lessen a serious or imminent threat to a person's health or safety. Refer to IPP 1, 10, 11 & 12, and HPP 1, 10, & 11. If you are in doubt, please contact the Privacy Team for clarification.
No. If you are contacted by the police or any law enforcement agency, please refer the agency to the Privacy Team at firstname.lastname@example.org. Laws pertaining to the release of personal information to law enforcement agencies are specific and pursuant to the type of request or demand and the circumstances.
You cannot provide personal information about a student to their family members or guardian without the student's explicit consent. This also applies to a student's partner, friends, relatives, or any third parties without the student's consent.
Consent is not bound by a particular age. Under privacy laws, there is no set age for an individual to be able to provide consent. A student under 18 years of age can provide consent if it is considered they have the maturity and intellectual capacity to understand the purpose of the consent and any associated consequences.
The University of Newcastle acknowledges the traditional custodians of the lands within our footprint areas: Awabakal, Darkinjung, Biripai, Worimi, Wonnarua, and Eora Nations. We also pay respect to the wisdom of our Elders past and present.