View Document

Privacy Policy

This is not a current document. To view the current version, click the 'Current Version' tab above.

Section 1 - Purpose / Objectives

(1) The policy refers to the collection and handling of personal and health information by the University in a way that establishes a reasonable balance between an individual's right to control the use of their personal information, with the University's need to ensure that it can collect and use information with confidence in order to perform its functions.

(2) The University must comply with privacy laws, principally the:

  1. Privacy and Data Protection Act 2014,
  2. Health Records Act (Vic) (2001),
but also other laws that relate to privacy including the Charter of Human Rights and Responsibilities Act (Vic) (2006), and the Surveillance Devices Act (Vic) (1999), common law right to privacy and representations in privacy statements and contracts which attract the application of the Commonwealth Privacy Act (1988).
Victoria University has adopted the Information Privacy Principles and the Health Privacy Principles as minimum standards in relation to handling personal and health information which form part of the Privacy and Data Protection Act 2014 and the Health Records Act (Vic) (2001).
Top of Page

Section 2 - Scope / Application

The Policy is binding on all University staff, consultants, external contractors and students who have access to personal information held at the University.
Top of Page

Section 3 - Definitions

Complaints

A complaint about information privacy is an expression of dissatisfaction with the University's procedures, staff, agents, contractors or quality of service associated with the collection or handling of personal or health information. Victoria University will investigate and respond to information privacy complaints in accord with our values for:
  1. the pursuit of excellence in everything that we do;
  2. equality of opportunity for staff and students; and
  3. integrity, respect and transparency in personal and collaborative action.

Consent

This means free, informed, specific and current consent. An individual must also have the capacity to give consent, that is, that he or she is able to understand the nature and effect of giving consent by reason of age, injury, disease, senility, illness, disability, physical impairment or mental disorder.

Disclosures Register

This documents the disclosures of personal information made by the Privacy Officer and acts to safeguard privacy.

Health Information

Health information is defined in section 3 (1) of the Health Records Act (2001) as personal information about:
  1. the physical, mental or psychological health (at any time) of an individual;
  2. a disability (at any time) of an individual;
  3. an individual's expressed wishes about the future provision of health services to him or her;
  4. a health service provided, or to be provided, to an individual, that is also personal information;
  5. other personal information collected to provide, or in providing, a health service;
  6. other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances;
  7. other personal information that is genetic information about an individual in a form which is or could be predictive of the health (at any time) of the individual or of any of his or her descendants.

Legal Services (Their role in Privacy)

Legal Services provide advice and training to the University about Privacy and support the Privacy Officer in the discharge of his responsibilities. Legal Services can be contacted at:
Legal Services
Victoria University
Footscray Park Campus
Ballarat Road, Footscray
PO Box 14428 MELBOURNE
Victoria 8001
Telephone: 9919-5216

Personal Information

This is recorded information or opinion, whether true or not, about an identifiable individual. Personal information may include the following (either in combination or alone) where an individual's identity is apparent, or could reasonably be ascertained, from that information:
  1. name;
  2. home address and telephone number;
  3. photograph;
  4. DNA;
  5. CCTV footage;
  6. voice recording;
  7. financial details
  8. sex;
  9. salaries and wages;
  10. academic results;
  11. bank account details;
  12. marital status;
  13. education;
  14. records of a student's library borrowings;
  15. records of complaints/grievances or discipline matters;
  16. information concerning persons who apply to the University for appointment or admission;
  17. FEE-Help status; and
  18. information collected from or concerning human research subjects.

Sensitive Information

Some personal information that the University holds is sensitive and is therefore subject to greater restrictions under the Privacy and Data Protection Act 2014. Examples of personal information or opinion that is sensitive may include:
  1. racial or ethnic origin;
  2. political opinions;
  3. membership of a political association;
  4. religious beliefs or affiliations;
  5. philosophical beliefs;
  6. membership of a professional or trade association;
  7. membership of a trade union;
  8. sexual preferences or practices; and
  9. criminal record.

Primary Purpose

This is the purpose for which the information was collected.

Unique Identifier

A unique identifier is a code consisting of alphabet characters and/or numerals (not a person's name) which is applied to an individual and distinguishes them from other individuals, for example a drivers licence number.
Top of Page

Section 4 - Policy Statement

VU operates in both a local and global setting and increasingly functions beyond the confines of its physical campuses. Progressively it is establishing far reaching networks and relationships, and more and more information (much of it electronic) is coming into its domain. Victoria University recognises its responsibility for finding an appropriate balance to the competing values of a free flow of information and operational efficiency with that of respecting the privacy of people's personal and health information in our possession. This policy expresses our commitment to protecting people's information privacy and of establishing this principle as an important aspect of the way Victoria University creates, organises and performs our work, both physically and on line.

What Victoria University does

Victoria University creates, disseminates and applies knowledge with the objective to transform the lives of people through the power of education. We undertake this work through co-operation and partnerships that connect us to our region and to the world.
Our specific activities include:
  1. Teaching and Learning;
  2. Training and Research; and
  3. Community Engagement.
The delivery of these services is supported by administrative areas.

Privacy Officer

The University has a Privacy Officer to oversee the operation of the Privacy Policy at Victoria University and to make decisions regarding privacy related complaints and queries. Specifically, the Privacy Officer will have the following responsibilities, with support from Legal Services:
  1. conduct an on-going review of the University's practices and processes to ensure that these comply with the policy, relevant legislation and best practice;
  2. educate University management and staff on their responsibilities under this policy and to assist staff with respect to privacy issues;
  3. monitor compliance with the policy and to hear and to determine complaints arising under the policy or the related legislation; and
  4. keep records that are required to be kept under the policy, including a Register of Disclosure and Record of Complaints.
The University's Privacy Officer contact details are as follows:
The Privacy Officer
Ms Natalina Velardi
Victoria University
Portfolio of the Vice-Chancellor
Footscray Park Campus
Ballarat Road, Footscray
PO Box 14428
Melbourne
Victoria 8001
Telephone: 9919-9550
Email: Natalina.Velardi@vu.edu.au

Collection of Information

Being a public institution engaged in teaching, training and research, and community service and engagement, VU holds a wide range of information that relates to students, staff, and members of the external community with whom it has established relationships in support of its core functions.
When collecting information about people, the University takes reasonable steps to make an individual aware of:
  1. the University's contact details;
  2. the fact that the individual can access their information;
  3. the purpose for collecting the information and to whom VU would normally disclose this to;
  4. whether the disclosure is required by law; and
  5. the main consequences of not providing that information, particularly as it might impact upon our capacity to deliver good service.
Consistent with this commitment, the University requires the use of Collection Statements as attached to this policy or otherwise approved for use by Legal Services when information is being collected about people.

Personal Information

Victoria University only collects personal information about an individual if that information is necessary for one or more of our functions or activities.
The University will only collect personal information about an individual by lawful, secure and fair means and not in an unreasonably intrusive way.
Victoria University will collect personal information about someone directly from that individual wherever it is reasonable and practicable to do so. There are however several instances where the University will collect information from other sources, for instance:
  1. a person authorised by the individual to act on their behalf. In this case, the University will take reasonable steps to ensure that the individual is made aware of the points 'a' to 'd' as given under clause (18).2; or
  2. an agency authorised to act on the individual's behalf including information from VTAC, a contractor or a temporary employment agency.

Health Information

An individual's health information is subject to higher thresholds of protection than personal information, so that there are some additional requirements for protecting health information over and above those applying to personal information. The senior officer (Manager or above) directly overseeing the area involved in the collection of health information authorises its collection if satisfied that the information is necessary for one or more of the functions or activities of the University and in addition to this there is consent or one of the other prescribed conditions under Principle 1.1 of the Health Privacy Principles as listed below-
  1. where the collection is necessary for the establishment, exercise or defence of a legal claim; or
  2. where the information is collected from an organisation who is disclosing the information to the University for a purpose that the individual would reasonably expect; or
  3. where the information is collected from an organisation who is disclosing the information to the University for the purpose of:
    1. funding, management, planning, monitoring, improvement or evaluation of health services; or
    2. training provided by a health service provider to employees or persons working with the University;
  4. where the collection is made on suspicion that unlawful activity has been engaged in;
  5. where the collection is on behalf of a law enforcement agency and the University reasonably believes that the collection is necessary for a law enforcement function;
  6. where the information is necessary to provide a health service to the individual and the individual is incapable of giving consent and:
    1. it is not practical to obtain the consent of an authorised representative of the individual; or
    2. the individual does not have such an authorised representative;
  7. where the collection is necessary to prevent or lessen a serious and imminent threat to life, health, safety or welfare;
  8. where the collection is necessary for research, or the compilation or analysis of statistics, in the public interest:
    1. that purpose cannot be served by the collection of information that does not identify the individual or from which the individual's identity cannot reasonably be ascertained; and
    2. it is impractical for the University to seek the individual's consent to the collection.
A report is made annually to the Privacy Officer by each area that collects Health Information detailing the purpose and nature of the information that is collected.

Use and Disclosure

Wherever possible, personal and health information collected and held by VU will only be accessed and handled as required by staff authorized to do so for the purpose of carrying out their duties.
On the whole, Victoria University only uses or discloses information according to the purposes for which it was collected, for example maintaining required records, responding to a query or providing a service. Occasionally VU may need to use or disclose personal or health information for another purpose but will only do so in ways that consistent with the Information Privacy Principles and Health Privacy Principles.

Data Quality

The University will take reasonable steps to ensure that the personal and health information it collects, uses or discloses is accurate, complete and up to date. To assist the University in this task and to ensure the quality and accuracy of the information that the University holds, staff and students are encouraged to update their information from time to time.

Data Security

VU is committed to holding your personal and health information securely and accordingly it will take reasonable steps to protect this information from misuse, loss, unauthorised access, modification and disclosure.

Personal Information

The University will ensure that personal information is kept for no longer than is necessary for the purposes for which it may lawfully be used and thereupon securely destroyed.

Health Information

Health Information is retained and destroyed in accordance with the Health Privacy Principles.

Openness

Victoria University's Privacy Policy can be found on its web site.
Any questions regarding this policy may be directed to the Privacy Officer.

Access and Correction

You have a right to access and correct information about you held by VU.

Personal Information

In the first instance you should contact the relevant area to arrange access and where necessary to correct the information if it is found to be inaccurate, incomplete or not current. However in some circumstances you will be required to pursue access through the Freedom of Information process. While the Victorian Freedom of Information Act (1982) establishes a legally enforceable right for every person to obtain access to documents from an agency, access to some documents is exempted.

Health Information

Requests for access to (and correction of) health information can be made in writing via the Privacy Officer. In relevant cases, requests can be made to the Manager, Counselling Services or the Clinic Coordinator — Osteopathy (in relation to osteopathy health information) who acts on behalf of the Privacy Officer and who, if necessary can refer the matter to the Privacy Officer for determination. The University will provide you with access to your health documents on request except when there are valid reasons not do so as detailed under principle 6 of the Health Privacy Principles. This includes where granting access would pose a serious threat to the loss of life or health of any person, or if it has an unreasonable impact upon the privacy of another person.

Unique Identifiers

VU does not use unique identifiers unless it is necessary to enable us to carry out our functions efficiently. Staff Numbers and Student Numbers are considered necessary for this reason.
The University will not adopt a unique identifier of an individual that has been assigned by another organisation.

Anonymity

Victoria University will provide an individual with the option of not identifying who they are when it is lawful and practicable to do so. However such is the nature of the work of the University, that generally, it will not be possible for the university to provide services to anonymous clients.

Transfer of Information outside Victoria

Victoria University may transfer personal information about an individual to someone outside Victoria if the University reasonably believes that the information will be handled in accordance with this policy and the Information Privacy Principles; or
The University will transfer information to another health service provider if requested to do so by the individual concerned.

Sensitive Information

The University will only collect sensitive information with the individual's consent or in accordance with the Information Privacy Principles.

Complaints

Having regard to timeliness and fairness, VU will investigate and respond to information privacy complaints in accord with our values for:
  1. the pursuit of excellence in everything that we do;
  2. equality of opportunity for staff and students; and
  3. integrity, respect and transparency in personal and collaborative action.
Top of Page

Section 5 - Procedures

See Information Privacy procedures.
Top of Page

Section 6 - Guidelines

Nil