Document Feedback - Review and Comment
Step 1 of 4: Comment on Document
How to make a comment?
1. Use this to open a comment box for your chosen Section, Part, Heading or clause.
2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.
3. Do not open more than one comment box at the same time.
4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.
Important Information
During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:
-
DO NOT jump between web pages/applications while logging comments.
-
DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.
-
DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.
-
DO NOT exit from the interface until you have completed all three stages of the submission process.
(1) The University of Newcastle (“ (2) This Privacy Management Plan (Plan) should be read and understood by our (3) This Privacy Management Plan applies to personal information and health information collected by us. (4) This Plan details how we manage the personal and health information of (5) Section 33 of the Privacy and Personal Information Protection Act 1998 (PPIP Act) requires agencies like us to have a privacy management plan. More importantly, we want to help you understand our commitment to respecting your privacy rights. (6) We are committed to compliance with the Privacy and Personal Information Protection Act 1998 (PPIP Act), Health Record and Information Privacy Act 2002 (HRIP Act), Privacy Act 1988 (Privacy Act), Privacy (Tax File Number) Rule 2015 (TFN Rule) issued under s 17 of the Privacy Act 1988 and Healthcare Identifiers Act 2010 (HI Act) Act by: (7) We maintain Public Registers as part of our commitment to open government. (8) We publish graduation books which include the name of each graduate and the degree conferred upon them. You may opt out of inclusion in such graduation books by contacting graduation@newcastle.edu.au (9) We maintain and publish a Contracts Register as required by the Government Information (Public Access) Act 2009 (NSW) (GIPA Act). It is unlikely the register will include personal or health information. (10) If you have any concerns about information published as it relates to a person’s personal or health information, please let us know at Complaints. (11) In the context of this document the following definitions apply. (12) “Personal Information” means information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. Personal information can also include things like your fingerprints, retina prints, body samples or genetic characteristics. (13) “Sensitive information” means personal information about your ethnic or racial origin, political opinions, religious or philosophical beliefs, sexual activities, or trade union membership. (14) “Health information” means: (15) “NSW privacy laws” means Privacy and Personal Information Protection Act 1998 (PPIP Act) and Health Record and Information Privacy Act 2002 (HRIP Act). (16) “Commonwealth privacy laws” means the Privacy Act 1988 (Privacy Act), the Privacy (Tax File Number) Rule 2015 (TFN Rule) issued under S17 of the Privacy Act, and the Healthcare Identifiers Act 2010 (HI Act) Act. (17) “Tax File Number information” (TFN Information) means information that connects a TFN with the identity of a particular individual (for example, a database record that links a person’s name and date of birth with the person’s TFN). (18) “Individual Healthcare Identifier” (IHI information) information means a unique number used to identify an individual for health care purposes. It helps ensure health professionals are confident that the right information is associated with the right individual at the point of care. You already have an IHI if any of the following apply: (19) “Government-related Identifier” (GRI information) means an identifier that has been assigned by an agency, a State or Territory authority, an agent of an agency or authority, or a contracted service provider for a Commonwealth or State contract e.g. Centrelink Customer Reference Number (CRN), Medicare number, driver’s license number or passport number. (20) There are 12 Information Protection Principles (IPPs) that apply under the PPIP Act and 15 Health Protection Principles (HPPs) that apply under the HRIP Act. The IPPs are obligations that we must abide by when we collect, store, use or disclose personal information. We are governed by New South Wales privacy legislation but may have obligations under other legislation such as the Privacy Act 1988 (Cth), the General Data Protection Regulation (EU2016/679) and other global privacy regimes. (21) At the start of each point below, we will provide a snapshot of the IPPs and HPPs. Where appropriate, this will be followed by more detailed information about how we apply those principles to the functions of the (22) We may collect your personal or health information for the following purposes: (23) We may collect personal information from you when you interact with us, for example: (24) Whenever possible, we will collect your personal information directly from you. If you wish to authorise another party to act on your behalf, we will require written express consent from you to do so, or unless you have authorised that party by law, for example, under a Power of Attorney document. (25) Where we collect personal or health information from another person, agency or party about you consent may be obtained from you by: (26) Another party may manage the consent and authorisation for the provision of personal or health information prior to the information being provided to us, for example where a (27) We may collect personal or health information indirectly where: (28) We may collect personal or health information where we have been contacted by a health practitioner, law enforcement, or another person who holds grave concerns for the safety and wellbeing of you, or another person. (29) At the time of collecting personal or health information, or as soon as possible afterwards, we must inform you about: (30) For example, if you wish to enrol in a (31) We aim to ensure that your personal information and health information is: (32) We will only ask you for personal information that is necessary for the stated purposes of collection in IPP1 and HPP1. If you feel that a request for your personal is not relevant, or excessive please let us know at either point of collection or by contacting privacy@newcastle.edu.au. If you believe that your personal information is not accurate, complete, or up to date please see IPP7. (33) We protect personal and health information by: (34) We consist of a number of (35) You may obtain details on: (36) This information will generally be available at the time of collection, either from a person collectin it, via our website, or upon request as detailed below. (37) Personal or health information collected by us may be provided to the person to whom the information relates either informally, via an existing process, or on request. In some cases, an administrative fee may apply (for example, student transcripts are available for purchase). (38) (39) In response to a request, we may amend your personal or health information or make an annotation on the document to detail the request. If we consider that the personal or health information held is correct and does not require amendment, you will be provided with the reasons for this decision. (40) Requests for correction or amendment of personal or health information may also be sent to the Privacy and Right to Information Officer for assistance or action as appropriate. In some cases, requests may be referred for action under the Government Information (Public Access) Act application process. Such cases include where the information: (41) We take reasonable steps to verify the accuracy of your personal or health information, especially where the use of the information could lead to negative consequences for you. (42) We must not use information we hold for a purpose other than for which it was collected, unless: (43) Where personal or health information is to be used for a purpose that is directly related to the original purpose, our (44) In considering whether a purpose is directly related to the original purpose, our (45) Disclosure primarily refers to sharing information that is held by us with another agency or individual outside of the (46) We must undertake reasonable actions to ensure that personal or health information is not disclosed, either routinely or on a single occasion, without consent, unless: (47) People would likely be considered to have knowledge of a disclosure if: (48) We must not use or disclose health information for another purpose (secondary purpose) other than the original purpose for which it was collected unless: (49) We must undertake reasonable actions to ensure that any sensitive information (such as information about ethnic or racial origin; political opinions; religious or philosophical beliefs; sexual activities or trade union membership) is not disclosed without an individual's consent. (50) Health information and personal information (where relevant) may be transferred outside New South Wales if: (51) Where we seek to use or disclose health or personal information for (52) While we are predominantly regulated by NSW privacy laws, however, there are areas of our functions where Commonwealth privacy laws govern our actions. (53) Three examples of when the Commonwealth privacy laws apply are, when we collect: (54) We will only disclose personal information or health information to law enforcement agencies in circumstances where it is required or permitted to do so by law. Some examples where we will be required to disclose personal information are where a law enforcement agency issues us a warrant, notice to produce, or subpoena; or, we are seeking to report a serious indictable offence. We may, at our discretion, disclose personal information or health information to law enforcement agencies if we are permitted to do so under law, such as where we have reason to believe that an offence has been committed and the law enforcement agency has requested that we disclose personal information that is reasonably necessary for them to investigate the offence. (55) In accordance with the clause above, the discretion to disclose personal or health information to law enforcement agencies as permitted by law may be exercised by: (56) From 28 November 2023, NSW public sector agencies, like us, are subject to mandatory data breach reporting. (57) All (58) (59) Mandatory data breach reporting requires us to assess any suspected breach to determine if there is a breach and if there is, if there is a serious (60) The reporting scheme means we will work together with the Information Privacy Commissioner, to minimise the impact of any eligible data breach and keep those impacted informed. (61) Not reporting a suspected breach or a data breach could result in (62) For more information about data breach reporting, please see our Data Breach Policy (Personal and Health Information). (63) All (64) The (65) We are committed to protecting your privacy. If you believe that we have not handled your personal or health information well, we ask that you give us the first opportunity to address your concerns. This will often be the more timely, efficient, and informal way of addressing your complaint. (66) You can raise concerns and (67) A request for an internal review can only be made where it is alleged that our conduct has: (68) We can only accept an application for internal review if it meets the thresholds specified in Part 5 of PPIP Act. This includes that the application should: (69) We may exercise our discretion to accept an application which may be received after the end of the 6-month period. (70) The request for an internal review should be mailed to the below address, or made online at Complaints: (71) The internal review, as far as practicable, will be conducted by the Privacy and Right to Information Officer, or an appropriately qualified employee, who does not have a conflict of interest (Reviewing Officer). (72) The Reviewing Officer will assess the request for internal review in accordance with Part 5 of PPIP Act and: (73) As a result of the outcome of an internal review we may do any of the following: (74) If you are still unhappy with how we have addressed your concerns, you may lodge a complaint with the Information and Privacy Commission New South Wales or seek an external review with the NSW Civil and Administrative Tribunal at: (75) Where we become aware of a breach of the IPPs or HPPs or the Privacy Act, we will take appropriate steps to identify and address the breach. Reports of breaches or potential breaches should be sent to the Privacy and Right to Information Officer at privacy@newcastle.edu.au. (76) A breach of the Privacy Management Plan, the Privacy Policy, and any associated policy and procedure by a member of our (77) It is an offence under PPIP Act, HRIP Act or Privacy Act for a (78) An issues register is maintained by the Privacy and Right to Information Officer to support the review process. Issues or feedback may be e-mailed to privacy@newcastle.edu.au (79) The Information Privacy Commissioner has Fact Sheets available “A guide to privacy laws in NSW available in other languages”.Privacy Management Plan
Section 1 - Audience
Section 2 - Scope
Section 3 - Introduction
Top of PageSection 4 - Public Registers maintained by the University
Graduation Book
Contracts Register
Section 5 - Definitions
Section 6 - Information Protection Principles and Health Privacy Principles
Collection of information
IPP 1 and HPP 1 – Lawful
IPP 2 and HPP 3 – Direct Collection
IPP 3 and HPP 4 – Open
IPP 4 and HPP 2– Relevant
Storage of information
IPP 5 and HPP 5– Secure
Access and Accuracy of information
IPP 6 and HPP 6 – Transparent
IPP 7 and HPP 7 – Accessible
IPP 8 and HPP 8 – Correct
Use of information
IPP 9 and HPP 9 – Accurate
IPP 10 and HPP 10 – Limited
Disclosure of information
IPP 11 and HPP 11 – Restricted and Limited Disclosure
IPP 12 – Safeguarded
HPP 12 – Information Identifiers and Anonymity
HPP 13 – Anonymity
HPP 14 – Information Transferrals and Linkages
HPP 15 – Authorised
Section 7 - Privacy Act 1988 (Cth)
Top of PageSection 8 - Law Enforcement Agencies
Top of PageSection 9 - Mandatory Data Breach Reporting
Section 10 - System Design and Review
Section 11 - Training and Awareness
Section 12 - Complaints and Reviews
Privacy and Rights to Information Officer
Legal and Compliance
University of Newcastle
University Drive
Callaghan NSW 2308
Top of Page
NSW Information Privacy Commission
NSW Civil and Administrative Tribunal
Level 15, McKell Building
PO Box K1026
2-24 Rawson Place
Haymarket NSW 1240
Haymarket NSW 2000
Phone: 1300 006 228
Free call: 1800 472 679
Fax (02) 6446 9518
ipcinfo@ipc.nsw.gov.au
Section 13 - Breach of a Principle
Top of PageSection 14 - Administration
Section 15 - Privacy Information available in other languages