(1) The University of Newcastle (“ (2) This Privacy Management Plan (Plan) should be read and understood by our (3) This Privacy Management Plan (Plan) applies to personal information and health information collected by us. (4) This Plan details how we manage the personal and health information of (5) Section 33 of the Privacy and Personal Information Protection Act 1998 (PPIP Act) requires agencies like us to have a privacy management plan. More importantly, we want to help you understand our commitment to respecting your privacy rights. (6) We are committed to compliance with the Privacy and Personal Information Protection Act 1998 (PPIP Act), Health Record and Information Privacy Act 2002 (HRIP Act), Privacy Act 1988 (Privacy Act), Privacy (Tax File Number) Rule 2015 (TFN Rule) issued under s 17 of the Privacy Act 1988 and Healthcare Identifiers Act 2010 (HI Act) Act by: (7) We maintain Public Registers as part of our commitment to open government. (8) We publish graduation books which include the name of each graduate and the degree conferred upon them. You may opt out of inclusion in such graduation books by contacting graduation@newcastle.edu.au (9) We maintain and publish a Contracts Register as required by the Government Information (Public Access) Act 2009 (NSW) (GIPA Act). It is unlikely the register will include personal or health information. (10) If you have any concerns about information published as it relates to a person’s personal or health information, please let us know at Complaints. (11) In the context of this document the following definitions apply. (12) “Personal Information” means information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. Personal information can also include things like your fingerprints, retina prints, body samples or genetic characteristics. (13) “Sensitive information” means personal information about your ethnic or racial origin, political opinions, religious or philosophical beliefs, sexual activities, or trade union membership. (14) “Health information” means: (15) “NSW privacy laws” means Privacy and Personal Information Protection Act 1998 (PPIP Act) and Health Record and Information Privacy Act 2002 (HRIP Act). (16) “Commonwealth privacy laws” means the Privacy Act 1988 (Privacy Act), the Privacy (Tax File Number) Rule 2015 (TFN Rule) issued under S17 of the Privacy Act, and the Healthcare Identifiers Act 2010 (HI Act) Act. (17) “Tax File Number information” (TFN Information) means information that connects a TFN with the identity of a particular individual (for example, a database record that links a person’s name and date of birth with the person’s TFN). (18) “Individual Healthcare Identifier” (IHI information) information means a unique number used to identify an individual for health care purposes. It helps ensure health professionals are confident that the right information is associated with the right individual at the point of care. You already have an IHI if any of the following apply: (19) “Government-related Identifier” (GRI information) means an identifier that has been assigned by an agency, a State or Territory authority, an agent of an agency or authority, or a contracted service provider for a Commonwealth or State contract e.g. Centrelink Customer Reference Number (CRN), Medicare number, driver’s license number or passport number. (20) There are 12 Information Protection Principles (IPPs) that apply under the PPIP Act and 15 Health Protection Principles (HPPs) that apply under the HRIP Act. The IPPs are obligations that we must abide by when we collect, store, use or disclose personal information. We are governed by New South Wales privacy legislation but may have obligations under other legislation such as the Privacy Act 1988 (Cth), the General Data Protection Regulation (EU2016/679) and other global privacy regimes. (21) At the start of each point below, we will provide a snapshot of the IPPs and HPPs. Where appropriate, this will be followed by more detailed information about how we apply those principles to the functions of the (22) We may collect your personal or health information for the following purposes: (23) Where we collect personal or health information from another person, agency or party about you consent may be obtained from you by: (24) Another party may manage the consent and authorisation for the provision of personal or health information prior to the information being provided to us, for example where a (25) We may collect personal or health information indirectly where: (26) At the time of collecting personal or health information, or as soon as possible afterwards, we must inform you about: (27) This advice may be provided to you by way of: (28) We aim to ensure that your personal information and health information is: (29) We protect personal and health information by: (30) We consist of a number of (31) You may obtain details on: (32) This information will generally be available at the time of collection, via our website, or upon request as appropriate. (33) Personal or health information collected by us may be provided to the person to whom the information relates either informally, via an existing process, or on request. In some cases, an administrative fee may apply (for example, student transcripts are available for purchase). (34) (35) In response to a request, we may amend your personal or health information or make an annotation on the document to detail the request. If we consider that the personal or health information held is correct and does not require amendment, you will be provided with the reasons for this decision. (36) Requests for correction or amendment of personal or health information may also be sent to the Privacy and Right to Information Officer for advice or action as appropriate. In some cases, requests may be referred for action under the Government Information (Public Access) Act application process. Such cases include where the information: (37) We take reasonable steps to verify the accuracy of your personal or health information, especially where the use of the information could lead to negative consequences for you. (38) We must not use information we hold for a purpose other than for which it was collected, unless: (39) Where personal or health information is to be used for a purpose that is directly related to the original purpose, our (40) In considering whether a purpose is directly related to the original purpose, our (41) Disclosure primarily refers to sharing information that is held by us with another agency or individual outside of the (42) We must undertake reasonable actions to ensure that personal or health information is not disclosed, either routinely or on a single occasion, without consent, unless: (43) People would likely be considered to have knowledge of a disclosure if: (44) We must not use or disclose health information for another purpose (secondary purpose) other than the original purpose for which it was collected unless: (45) We must undertake reasonable actions to ensure that any sensitive information (such as information about ethnic or racial origin; political opinions; religious or philosophical beliefs; sexual activities or trade union membership) is not disclosed without an individual's consent. (46) Health information and personal information (where relevant) may be transferred outside New South Wales if: (47) Where we seek to use or disclose health or personal information for (48) While we are predominantly regulated by NSW privacy laws, however, there are areas of our functions where Commonwealth privacy laws govern our actions. (49) Three examples of when the Commonwealth privacy laws apply are, when we collect: (50) We will only disclose personal information or health information to law enforcement agencies in circumstances where it is required or permitted to do so by law. Some examples where we will be required to disclose personal information are where a law enforcement agency issues us a warrant, notice to produce, or subpoena; or, we are seeking to report a serious indictable offence. We may, at our discretion, disclose personal information or health information to law enforcement agencies if we are permitted to do so under law, such as where we have reason to believe that an offence has been committed and the law enforcement agency has requested that we disclose personal information that is reasonably necessary for them to investigate the offence. (51) In accordance with the clause above, the discretion to disclose personal or health information to law enforcement agencies as permitted by law may be exercised by: (52) All (53) The (54) We are committed to protecting your privacy. If you believe that we have not handled your personal or health information well, we ask that you give us the first opportunity to address your concerns. This will often be the more timely, efficient, and informal way of addressing your complaint. (55) You can raise concerns and (56) A request for an internal review can only be made where it is alleged that our conduct has: (57) We can only accept an application for internal review if it meets the thresholds specified in Part 5 of PPIP Act. This includes that the application should: (58) We may exercise our discretion to accept an application which may be received after the end of the 6-month period. (59) The request for an internal review should be mailed to the below address, or made online at Complaints: (60) The internal review, as far as practicable, will be conducted by the Privacy and Right to Information Officer, or an appropriately qualified employee, who does not have a conflict of interest (Reviewing Officer). (61) The Reviewing Officer will assess the request for internal review in accordance with Part 5 of PPIP Act and: (62) As a result of the outcome of an internal review we may do any of the following: (63) If you are still unhappy with how we have addressed your concerns, you may lodge a complaint with the Information and Privacy Commission New South Wales or seek an external review with the NSW Civil and Administrative Tribunal at: (64) Where we become aware of a breach of the IPPs or HPPs or the Privacy Act, we will take appropriate steps to identify and address the breach. Reports of breaches or potential breaches should be sent to the Privacy and Right to Information Officer at privacy@newcastle.edu.au. (65) A breach of the Privacy Management Plan, the Privacy Policy, and any associated policy and procedure by a member of our (66) It is an offence under PPIP Act, HRIP Act or Privacy Act for a (67) (68) If a complaint or internal review is received by us about the conduct of a (69) An issues register is maintained by the Privacy and Right to Information Officer to support the review process. Issues or feedback may be e-mailed to privacy@newcastle.edu.au (70) The Information Privacy Commissioner has Fact Sheets available “A guide to privacy laws in NSW available in other languages”.Privacy Management Plan
Section 1 - Audience
Section 2 - Scope
Section 3 - Introduction
Top of PageSection 4 - Public Registers maintained by the University
Graduation Book
Contracts Register
Section 5 - Definitions
Section 6 - Information Protection Principles and Health Privacy Principles
Collection of information
IPP 1 and HPP 1 – Lawful
IPP 2 and HPP 3 – Direct Collection
IPP 3 and HPP 4 – Open
IPP 4 and HPP 2– Relevant
Storage of information
IPP 5 and HPP 5– Secure
Access and Accuracy of information
IPP 6 and HPP 6 – Transparent
IPP 7 and HPP 7 – Accessible
IPP 8 and HPP 8 – Correct
Use of information
IPP 9 and HPP 9 – Accurate
IPP 10 and HPP 10 – Limited
Disclosure of information
IPP 11 and HPP 11 – Restricted and Limited Disclosure
IPP 12 – Safeguarded
HPP 12 – Information Identifiers and Anonymity
HPP 13 – Anonymity
HPP 14 – Information Transferrals and Linkages
HPP 15 – Authorised
Section 7 - Privacy Act 1988 (Cth)
Top of PageSection 8 - Law Enforcement Agencies
Top of PageSection 9 - System Design and Review
Section 10 - Training and Awareness
Section 11 - Complaints and Reviews
Privacy and Rights to Information Officer
University of Newcastle
University Drive
Callaghan NSW 2308
Top of Page
NSW Information Privacy Commission
NSW Civil and Administrative Tribunal
Level 15, McKell Building
PO Box K1026
2-24 Rawson Place
Haymarket NSW 1240
Haymarket NSW 2000
Phone: 1300 006 228
Free call: 1800 472 679
Fax (02) 6446 9518
ipcinfo@ipc.nsw.gov.au
Section 12 - Breach of a Principle
Top of PageSection 13 - Controlled Entities
Section 14 - Administration
Section 15 - Privacy Information available in other languages
View Current
This is not a current document. To view the current version, click the link in the document's navigation bar.
SNAPSHOT: We must only collect your personal information or health information for a lawful purpose, which is directly related to our functions or activities and necessary for that purpose.
SNAPSHOT: We must only collect your personal information or health information directly from you, unless you have authorised collection from someone else, or you are under 16 and the information has been provided by your parent or guardian or for health information, or it is unreasonable or impracticable to do so.
SNAPSHOT: We must inform you, or the person you have authorised, why we are collecting your personal or health information, what we will do with it, and who else might see it. We will also tell you, or the person you have authorised, how they can view and correct the personal or health information, if the information is required by law or voluntary, and any consequences that may apply if you or they decide not to provide the information.
SNAPSHOT: We will ensure that the personal information and health information that we collect is relevant, accurate, complete, up-to-date, and not excessive and that the collection does not unreasonably intrude into your personal affairs.
SNAPSHOT: We will store your personal information and health information securely, keep it no longer than necessary and dispose of it appropriately. It will be protected from unauthorised access, use, modification, or disclosure.
SNAPSHOT: We will explain to you what personal information and/or health information about you is being stored, why it is being used and any rights you have to access it.
SNAPSHOT: We will allow you to access your personal or health information without excessive delay or expense.
SNAPSHOT: We will allow you to update, correct or amend your personal or health information where necessary.
SNAPSHOT: We will make sure that your personal information and health information is relevant, accurate, up to date and complete before using it.
SNAPSHOT: We will only use your personal information or health information for the purpose it was collected unless you have given us your consent, or the purpose of its use is directly related to the purpose for which it was collected, or to prevent or lessen a serious imminent threat to any person’s health or safety.
SNAPSHOT: We will only disclose your personal information or health information with your consent, or consent from an authorised person; or, if you were told at the time that it would be disclosed. We will also disclose your personal information or health information if the disclosure is directly related to the purpose for which the information was collected, and there is no reason to believe you would object; or if you have been made aware that information of that kind is usually disclosed. We will also disclose your personal information or health information if it is necessary to prevent a serious and imminent threat to any person’s health or safety.
SNAPSHOT: We cannot disclose your sensitive information without your consent, for example, information about your ethnic or racial origin, political opinions, religious or philosophical beliefs, sexual activities, or trade union membership. We can only disclose your sensitive information without consent to deal with a serious and imminent threat to any person’s health or safety.
SNAPSHOT: You may be identified by using unique identifiers if it is reasonably necessary to carry out our functions efficiently.
SNAPSHOT: Services may be provided anonymously, where it is lawful and practicable. We will generally require information about you to deliver a service to you, however, anonymity may be allowed wherever possible.
SNAPSHOT: We will only transfer health information outside of New South Wales in accordance with HPP 14.
SNAPSHOT: We will only use health records linkage systems if you have provided or expressed your consent. For example, My Health Record.
Top of Page