(1) The University of Wollongong (“UOW”), in carrying out its functions and activities, has an obligation to ensure that the management of an individual’s Personal information and Health information complies with NSW privacy laws. (2) The purpose of this Policy is to set out: (3) This Policy is implemented by UOW’s Privacy Management Plan which operates as a procedure document under UOW’s policy framework. (4) This Policy applies to the collection, storage, access, use and disclosure of Information (see definition of this term) by UOW and its Staff and Affiliates, in accordance with the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002. (5) All Staff and Affiliates must comply with this Privacy Policy and the Privacy Management Plan. (6) A breach of this Privacy Policy or the Privacy Management Plan may constitute misconduct pursuant to UOW codes, policies and guidelines and may be subject to disciplinary action. (7) This Policy does not apply to UOW’s Related entities. UOW’s Related entities have their own policies and procedures for the management of Information provided to or collected by them. (8) Staff and Affiliates should also be aware that certain activities may be subject to obligations under other privacy laws such as the Privacy Act 1988 and the (EU) General Data Protection Regulation 2016/679, where applicable. Further information can be found in UOW’s Privacy Management Plan or by contacting a UOW Privacy Officer. (9) UOW is committed to complying with the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002, which may include regulations, guidelines, codes of practice and privacy directions made under those Acts. The Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002 contain principles that regulate the handling of an individual’s Information and cover its collection, storage, use, disclosure and rights of access/amendment. (10) UOW’s Privacy Management Plan, prepared in compliance with section 33 of the Privacy and Personal Information Protection Act 1998, sets out: (11) Where research involving the collection or use of Information is to be conducted in or by UOW, it must be approved by UOW’s accredited Human Research Ethics Committee. (12) UOW will collect Information in an open and transparent manner. This includes providing individuals with details relating to: (13) UOW will only collect Information for a lawful purpose which is directly related to one of its functions or activities, and only if the collection is reasonably necessary for that purpose. (14) UOW will ensure that Information collected is accurate, up to date, not excessive (having regard to the purpose of collection), and does not intrude to an unreasonable extent on the personal affairs of the individual. (15) UOW will collect Information directly from the individual concerned unless: (16) UOW’s Privacy Management Plan provides further detail concerning collection of Information. (17) All reasonable steps will be taken by UOW to ensure that information it collects, holds or discloses is accurate, complete, up to date and not misleading (having regard to the purpose). (18) UOW will respond to enquiries from an individual as to whether it holds that individual’s Information including the nature of the Information, the main purpose for UOW’s use of that Information and any rights of access to it. (19) UOW will allow an individual to: (20) UOW’s Privacy Management Plan provides further detail concerning access, accuracy and amendment of Information. (21) UOW will ensure that Information it collects is: (22) Where UOW becomes aware of a data breach, UOW will follow the procedures as outlined in UOW’s Data Breach Response Plan. (23) UOW’s Privacy Management Plan provides further detail concerning retention and security of Information. (24) In general terms, ‘use’ of Information refers to the communication or handling of that Information within UOW. (25) UOW will only use Information for the primary purpose for which it was collected unless: (26) UOW’s Privacy Management Plan provides further detail concerning use of Information and other circumstances where UOW may use Information without an individual’s consent. (27) In general terms, ‘disclosure’ of Information refers to the communication or transfer of Information outside UOW. (28) UOW will not disclose Information it holds unless specifically permitted to do so under the Privacy and Personal Information Protection Act 1998 or Health Records and Information Privacy Act 2002. Some of the circumstances may include: (29) UOW will not disclose Information to any person or body who is in a jurisdiction outside NSW or to a Commonwealth agency unless one of the following additional criteria are met: (30) UOW will only disclose Sensitive information with the consent of the individual unless disclosure is necessary to deal with a serious and imminent threat to any individual’s life or health. (31) UOW’s Privacy Management Plan provides further detail concerning disclosure of Information and other circumstances where UOW may disclose Information without an individual’s consent or appropriate prior notice. (32) In relation to Health information, UOW will: (33) UOW’s Privacy Management Plan provides further detail concerning anonymity and identifiers relating to Health information. (34) In some circumstances, Information handled by UOW may be expressly governed by the Privacy Act 1988. These circumstances may include: (35) The Privacy (Australian Government Agencies – Governance) APP Code 2017, requires all Australian Government agencies (as defined by s 5 of the Privacy (Australian Government Agencies – Governance) APP Code 2017) to have a designated Privacy Officer and a designated Privacy Champion. (36) All privacy enquiries should be directed to a UOW Privacy Officer via email at icu-enquiry@uow.edu.au. Additional contact details can be found on UOW’s Privacy homepage. (37) If an individual has any concerns about the way UOW is managing their Information or believes that UOW may have breached their privacy, that individual may: (38) For more information about lodging a complaint and/or requesting an internal review of UOW’s conduct, please see UOW’s Privacy Management Plan or visit UOW’s privacy homepage. (39) UOW’s designated Privacy Champion is the Deputy Vice-Chancellor (Strategy and Assurance)) who must ensure that the following functions are carried out: (40) UOW’s Privacy Officers are: (41) UOW’s Privacy Officers are responsible for UOW’s overall compliance with its privacy obligations. Further information regarding the role of UOW’s Privacy Officers can be found in UOW’s Privacy Management Plan. (42) All Staff and Affiliates are responsible for: (43) Staff and Affiliates should be aware that:Privacy Policy
Section 1 - Purpose of Policy
Section 2 - Application and Scope
Section 3 - UOW’s Commitment to Privacy
Section 4 - Collection of Information
Section 5 - Access, Accuracy and Amendment of Information
Section 6 - Retention and Security of Information
Section 7 - Use of Information
Section 8 - Disclosure of Information
Section 9 - Anonymity and Identifiers
Section 10 - Application of Commonwealth Privacy Act
Section 11 - Complaints and Enquiries
Section 12 - Roles and Responsibilities
Top of PageSection 13 - Definitions
View Current
This is not a current document. To view the current version, click the link in the document's navigation bar.
Word/Term
Definition
Affiliate
Includes people holding University of Wollongong Honorary Awards as conferred by the University Council, including the awards of Emeritus Professor, Honorary Doctor and University Fellow; people appointed in accordance with the University’s Appointment of Visiting and Honorary Academics Policy; and people engaged by the University as agency staff, contractors, volunteers and work experience students.
Health information
Health information, for the purpose of this Policy, refers to health information defined in the Health Records and Information Privacy Act 2002 (or as amended in the Health Records and Information Privacy Act 2002 from time to time) as:
“(a) personal information that is information or an opinion about:
the physical or mental health or a disability (at any time) of an individual, or
(ii) an individual’s express wishes about the future provision of health services to him or her, or
(iii) a health service provided, or to be provided, to an individual; or
(b) other personal information collected to provide, or in providing, a health service; or
(c) other personal information about an individual collected in connection with the donation, or intended donation, of an individual’s body parts, organs or body substances; or
(d)other personal information that is genetic information about an individual arising from a health service provided to the individual in a form that is or could be predictive of the health (at any time) of the individual or of any sibling, relative or descendant of the individual; or
(e)healthcare identifiers”
Information
Health information and/or Personal information as the context permits.
Law Enforcement Agency
As defined in the Privacy and Personal Information Protection Act 1998 and/or the Health Records and Information Privacy Act 2002 as the context applies..
Personal information
Personal information, for the purpose of this policy, refers to personal information defined in the Privacy and Personal Information Protection Act 1998 (or as amended in the Privacy and Personal Information Protection Act 1998 from time to time) as:
“Information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.”
Under the Privacy and Personal Information Protection Act 1998, personal information does not include:
Related entities
Sensitive information
A subclass of Personal information relating to an individual's ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership or sexual activities.
Staff
All people employed by the University including conjoint appointments, whether on continuing, permanent, fixed term, casual or cadet or traineeship basis