Information Privacy Policy
The Information Privacy Policy of the Department is presented on this page; it is also available in downloadable form.
Background
The Department of Education and Early Childhood Development (DEECD) coordinates the delivery of education services in Victoria to ensure that all Victorians have the knowledge and skills to participate as responsible, informed and productive citizens in our society.
DEECD and Department-funded service providers are bound by the Victorian privacy laws, the Information Privacy Act 2000 and the Health Records Act 2001, as well as other laws that impose specific obligations in regard to handling personal and health information that directly or indirectly identifies a person. The privacy policy and principles in this document are in accordance with these laws.
DEECD is committed to protecting the privacy of personal and health information. This Privacy Policy embodies this commitment.
The policy supports the Department's need to collect information and the right of the individual to privacy. It ensures that the Department can collect personal and health information necessary for its services and functions, while recognising the right of individuals to have their information handled in ways that they would reasonably expect and in ways that protect the privacy of their personal and health information.
Policy
Personal and health information is collected and used by the Department for the following purposes:
- to provide services or to carry out DEECD's statutory functions
- to assist DEECD, it's schools and it's employees to fulfil its duty of care to students
- to plan, fund, monitor and evaluate DEECD's services and functions
- to comply with DEECD reporting requirements
- to investigate incidents in schools and/or defend any legal claims against DEECD, its schools or its employees
DEECD has adopted the Privacy Principles in the Victorian privacy laws as minimum standards in relation to handling personal and health information. In broad terms, this means that DEECD and DEECD-funded services:
- collect only information which is required for a specified primary purpose
- ensure that the person supplying the information knows why the information is collected and how it will be handled
- use and disclose it only for the primary or a directly related purpose, or for another purpose with the person's consent (unless otherwise required, permitted or authorised by law)
- store it securely, protecting it from unauthorised access retain it for the period authorised by the Public Records Act 1973, and take reasonable steps to permanently de-identify personal or health information when it is no longer needed
- provide people with access to their own personal information and permit people to seek corrections if necessary. This will usually be handled under the Freedom of Information Act 1982. For DEECD services not covered by this Act, access will be available as prescribed by the Victorian privacy laws.
DEECD and DEECD-funded services that collect personal and health information will:
- address the privacy issues relevant to their functions and only collect and use this information in accordance with the privacy principles
- manage this information according to privacy policies created for the area of service DEECD provides in accordance with the privacy principles.
DEECD and DEECD-funded services that use personal and health information but do not directly collect personal and health information will apply the privacy principles when handling personal and health information.
Law enforcement function: When DEECD investigates possible offences by an employee it will collect and use information about individuals to the extent of its law enforcement functions.
Research: DEECD will usually only use or disclose an individual's personal or health information for research or the compilation of statistics with the individual's consent. When research or the compilation of statistics which is in the public interest cannot be undertaken with de-identified information, and where it is impractical to seek the individual's consent, the research or compilation of statistics will be carried out in accordance with the National Statement on Ethical Conduct in Research Involving Humans issued by the National Health and Medical Research Council (1999) and in accordance with the Health Services Comissioner guidelines.
Complaints
A complaint about information privacy is an expression of dissatisfaction with the Department's procedures, staff, agents or quality of service associated with the collection or handling of personal or health information. DEECD will be efficient and fair when investigating and responding to information privacy complaints. The process for investigation and response to these complaints is set out in DEECD's Information Privacy Complaints Handling Policy.
Principles
The key Information Privacy Principles (IPPs) and Health Privacy Principles (HPPs) Principles are listed here. Only the key principles have been selected and are provided in summary. The full exceptions qualifying many of the principles are not included.
Collection: DEECD and DEECD-funded services must collect only personal and health information that is necessary for performance or functions. Individuals should be told why this information is required, what it will be used for and that they can gain access to their personal and health information.
Use and disclosure: DEECD and DEECD-funded services must only use or disclose personal and health information:
- for the primary purpose for which it was collected
- for a related secondary purpose (which must be a directly related purpose in the case of health or sensitive information) that the person would reasonably expect
- with the consent of the person
- unless otherwise required, permitted or authorised by law principles
Data quality: DEECD and DEECD-funded services must make sure personal and health information is accurate, complete and up-to-date.
Data security: DEECD and DEECD-funded services must take reasonable steps to protect personal and health information from misuse, loss, unauthorised access, modification and disclosure.
Openness: DEECD and DEECD-funded services must document clearly expressed policies on management of personal and health information and make these policies available to anyone who asks for them.
Access and correction: Individuals have a right to seek access to their personal and health information and make corrections. Access to and correction of information collected and used by DEECD and DEECD-funded services will be handled mostly under the Victorian Freedom of Information Act 1982.
Unique identifiers: A unique identifier is usually a number assigned to an individual in order to identify the person for the purposes of an organisation’s operations. Tax File Numbers and Medicare numbers are examples. Unique identifiers can facilitate data matching. Data matching can diminish privacy. Privacy laws limit the adoption and sharing of unique numbers. DEECD and DEECD-funded services will limit the use of unique identifiers as required by the Victorian privacy laws.
Anonymity: When lawful and practicable, individuals should be able to remain anonymous in transactions with DEECD and DEECD-funded services.
Transborder data flows: Transfer of personal and health information outside Victoria is restricted by privacy laws. Personal and health information may be transferred only if the recipient protects privacy under standards similar to Victoria’s IPPs/HPPs.
Sensitive information: The Information Privacy Act 2000 restricts collection of sensitive information about an individual’s racial or ethnic origin, political views, religious beliefs, sexual preferences, membership of groups or criminal record. DEECD and DEECD-funded services will apply IPP10 when collecting and handling sensitive information.
More information
Department of Education and Early Childhood Development's Information Privacy Policy (PDF - 91Kb)
(this document is being updated to reflect changes to the Department)
Contact DEECD’s Privacy Unit by email: privacy.enquiries@edumail.vic.gov.au
Information on the Victorian privacy laws: