STATEMENT OF POLICY
We consider all personal, sensitive and health information of parents or caregivers, students and prospective employees (considered “consumers” under the Act) to be private and will only use information collected and recorded to fulfil the educational mission of the Catholic Education Office of the Diocese of Townsville.
This Policy applies to schools administered by the Catholic Education Office of the Diocese of Townsville as well as to the Catholic Education Office. In accordance with the Privacy Amendment (Enhancing Privacy Protection) Act 2012, Townsville Catholic Education Office has adopted and is bound by the thirteen (13) Australian Privacy Principles established by the Federal Privacy Commission and set out in the Act.
The Privacy Act allows the organisation to share personal (but not sensitive) information with other schools, colleges and services conducted by the Townsville Catholic Education Office. Other schools, colleges and services may then only use this personal information for the purpose for which it was originally collected. This allows schools, colleges and services to transfer information between them, for example, when a student transfers from a school.
In relation to health records, the organisation is also bound by Queensland legislation, for instance the Health Privacy Principles contained in the Health Records and Information Privacy Act 2002 (Health Records Act).
Purpose of collection of Personal Information
The type of information the organisation collects and holds includes (but is not limited to) personal information, including health and other sensitive information.
The types of information collected and held about students and parents/guardians/carers before, during and after the course of a student’s enrolment includes, but is not limited to:
- name, contact details (including next of kin), date of birth, previous school and religion
- medical information (e.g. details of disability and/or allergies, absence notes, medical reports and names of doctors)
- conduct and complaint records, or other behaviour notes and school reports
- information about referrals to government welfare agencies
- counselling reports
- health fund details and Medicare number;
- any court orders
- volunteering information. and
- photos and videos at school events.
The types of information collected and held about job applicants, staff members, volunteers and contractors includes, but is not limited to:
- name, contact details (including next of kin), date of birth and religion
- information on job application
- professional development history
- salary and payment information, including superannuation details
- medical information (e.g. details of disability and/or allergies, and medical certificates)
- complaint records and investigation reports
- leave details
- photos and videos at school events
- workplace surveillance information, and
- work emails and private emails (when using work email address) and Internet browsing history.
Information will also be collected and held about other people who come into contact with the organisation, including name and contact details and any other information necessary for the particular contact with the organisation.
Personal information will generally be collected and held about an individual by way of forms filled out by parents, students, employees or other parties associated with the organisation, face-to-face meetings and interviews, emails and telephone calls. In some circumstances the organisation may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.
Students and parents:
In relation to personal information regarding students and parents, the organisation’s primary purpose for collection is to provide schooling for the student. This includes satisfying the needs of parents, the needs of the student and the needs of the organisation throughout the period that the student is enrolled. The purposes for which the organisation uses personal information of students and parents include:
- to keep parents informed about matters related to their child's schooling, through correspondence, newsletters and magazines
- day-to-day administration
- looking after students' educational, social, spiritual and medical wellbeing
- seeking donations and marketing for the school, and
- to satisfy the organisation’s legal obligations and allow the organisation to discharge its duty of care.
In some cases where the organisation requests personal information about a student or parent, if the information requested is not obtained, the organisation may not be able to enrol or continue the enrolment of the student or permit the student to take part in a particular activity.
Job applicants, staff members and contractors:
In relation to personal information of job applicants, staff members and contractors, the organisation’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor. The purposes for which the organisation uses personal information of job applicants, staff members and contractors include:
- in administering the individual's employment or contract
- for insurance purposes
- seeking funds and marketing, and
- to satisfy the organisation’s legal obligations, for example, in relation to child protection legislation.
The organisation also obtains personal information about volunteers who assist the organisation in its functions, or conduct associated activities, such as past students’ associations, to enable the organisation and the volunteers to work together.
Marketing and fundraising:
The organisation treats marketing and seeking donations for the future growth and development of its facilities and communities as an important part of ensuring continued quality learning environments in which students and staff thrive. Personal information held by the organisation may be disclosed to an organisation that assists in fundraising, for example, a school's Foundation or past students’ organisation (or, on occasions, external fundraising organisations).
Parents, staff, contractors and other members of the wider school community may from time to time receive fundraising information. School publications, such as newsletters and magazines, which include personal information, may be used for marketing purposes.
Additional Privacy information
- Who might the organisation disclose personal information to and store information with?
The organisation may disclose personal information, including sensitive information, held about an individual to:
- other schools and teachers at those schools
- government department
- the Townsville Catholic Education Office, the Queensland and National Catholic Education Commission, the Townsville Diocese and the local parish, other related church agencies/entities, and schools within other Dioceses/other Dioceses
- medical practitioners
- people providing educational, support and health services, including specialist visiting teachers, coaches, volunteers, counsellors and providers of learning and assessment tools
- assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority
- people providing administrative and financial services to the organisation
- recipients of publications, such as newsletters and magazines
- pupils' parents or guardians;
- anyone you authorise the organisation to disclose information to, and
- anyone to whom we are required or authorised to disclose the information by law, including child protection laws.
2. Sending and storing information overseas:
The organisation may disclose personal information about an individual to overseas recipients, for instance, to facilitate a school exchange. However, the organisation will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied), or
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
The organisation uses online or 'cloud' service providers to store personal information and to provide services that involve the use of personal information. This personal information may be stored in the 'cloud' which means that it may reside on a cloud service provider's servers which may be situated outside Australia.
3. How does the organisation treat sensitive information?
In referring to 'sensitive information', the organisation means information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or the use or disclosure of the sensitive information is allowed by law.
4. Management and security of personal information
The organisations' staff are required to respect the confidentiality of students' and parents' personal information and the privacy of individuals. Each entity within the organisation will have in place steps to protect the personal information the organisation holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.
5. Access and correction of personal information
Under the Commonwealth Privacy Act and Health Records Act, an individual has the right to obtain access to any personal information which the organisation holds about them, and to advise the organisation of any perceived inaccuracy. There are some exceptions to this right set out in the Act. Students will generally be able to access and update their personal information through their parents, but older students may seek access and correction themselves. To make a request to access or update any personal information the organisation holds about an individual or their child/guardian, please contact the organisation in writing. The organisation may require an individual to verify his/her identity and specify what information an individual requires. If the organisation cannot provide an individual with access to that information, it will provide written notice explaining the reasons for refusal.
6. Consent and rights of access to the personal information of students
The organisation respects every parent's right to make decisions concerning their child's education. Generally, the organisation will refer any requests for consent and notices in relation to the personal information of a student to the student's parents/carer. The organisation will treat consent given by parents as consent given on behalf of the student, and notice to parents will act as notice given to the student. As mentioned above, parents may seek access to personal information held by the organisation about them or their child by contacting the organisation. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of the organisation's duty of care to the student. The organisation may, at its discretion, on the request of a student grant that student access to information held by the organisation about them, or allow a student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the student and/or the student's personal circumstances so warranted.
7. Enquiries and complaints
If an individual would like further information about the way the organisation manages the personal information it holds, or wishes to complain that the organisation has breached the Australian Privacy Principles, please contact Townsville Catholic Education Office, who will investigate any complaint and will notify the individual of a decision as soon as is practicable after it has been made.
REFERENCES AND DEFINITIONS
“The organisation” referred to in this document means the organisations administered by the Catholic Education Office of the Diocese of Townsville as well as the Townsville Catholic Education Office.
The Privacy Act regulates personal information contained in a 'record'. A 'record' includes a 'document' or an 'electronic or other device'.
Privacy Amendment (Enhancing Privacy Protection) Act 2012
Health Records and Information Privacy Act 2002 (Health Records Act)
Child Protection Act 1999 (Qld).
Working with Children (Risk Management and Screening) Act 2000.
National Catholic Education Commission
Privacy Compliance Manual (August 2016)
Queensland Catholic Education Commission
|Policy No.||DEC 07_15||Date last updated||10 December, 2015|
|Approved by||Diocesan Education Committee||Date updated||06 December, 2016|