Skip Ribbon Commands
Skip to main content

Information Privacy Policy

The Department of Education and Training (the Department) is committed to protecting the personal and health information that we collect, use and disclose. This policy supports the Department's need to collect information and the right of the individual to privacy. It ensures that the Department can collect personal and health information necessary for its services and functions, while recognising the right of individuals to have their information handled in ways that they would reasonably expect and in ways that protect their personal and health information.

Policy

Personal and health information is collected and used by the Department for the following purposes:

  • to plan, fund, implement, monitor, regulate and evaluate the Department's services and functions
  • to fulfil statutory and other legal functions and duties
  • to comply with reporting requirements
  • to investigate incidents in schools and/or defend any legal claims against the Department, its schools or its employees.

The Department has adopted the Information and Health Privacy Principles in the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic) as minimum standards when dealing with personal and health information. This means that, subject to some exceptions (see below), the Department must not do an act, or engage in a practice, that contravenes an Information and/or Health Privacy Principle in respect of personal and/or health information collected, held, managed, used, disclosed or transferred by it.

Collection of Personal Information

The Department will only collect personal information if the information is necessary for one of its functions or activities.

Where the personal information of an individual is collected, reasonable steps should be taken to ensure that the individual is aware of:

  • the identity of the Department and how to contact it,
  • the fact that the individual is able to gain access to the information,
  • who the Department usually discloses information of that kind to,
  • any law that requires the particular information to be collected, and
  • the main consequence (if any) for the individual if all or part of the information is not provided to the Department.

Collection of Health Information

The Department will only collect health information if the information is necessary for one of its functions or activities and:

  • the Department has gained consent from the individual, or
  • collection is necessary to prevent or lessen a serious or imminent threat to the life, health, safety or welfare of any individual, or
  • collection is necessary to prevent or lessen a serious threat to public health, safety or welfare, or
  • collection is necessary for the establishment, exercise or defence of a legal or equitable claim.

Where the health information of an individual is collected, reasonable steps should be taken to ensure that the individual is aware of:

  • the identity of the Department and how to contact it,
  • the fact that the individual is able to gain access to the information,
  • the purposes for which the information is being collected,
  • who the Department usually discloses information of that kind to,
  • any law that requires the particular information to be collected, and
  • the main consequence (if any) for the individual if all or part of the information is not provided to the Department.

Use and Disclosure

The Department must only use or disclose personal and health information for the primary purpose for which it was collected, unless:

  • use or disclosure is for a related secondary purpose and the individual would reasonably expect the Department to use or disclose the information for that secondary purpose, or
  • the individual has provided consent, or
  • use or disclosure is necessary for research, or the compilation of statistics, in the public interest, or
  • use or disclosure is reasonably necessary to carry out a law enforcement function, or
  • use or disclosure is otherwise required, permitted or authorised by law. For example, the Department may be required to share information to fulfil its duty of care to students, staff and visitors or the Department may be required to share information to provide a safe workplace in accordance with occupational health and safety law.

In cases where the use or disclosure is necessary for research or the compilation of statistics, in the public interest, the Department will usually only do so with the individual's consent. Where it is impracticable to seek the individual's consent, and when the research or the compilation of statistics cannot be undertaken with de-identified information, research or compilation of statistics will be carried out in accordance with the National Statement on Ethical Conduct in Research Involving Humans or, for health information, in accordance with the Statutory Guidelines on Research.

Data Quality

The Department values information as an important resource. Accordingly, the Department must take reasonable steps to ensure that the personal and/or health information it collects, uses or discloses is accurate, complete, up to date and relevant to the Department’s functions or activities.

Data Security

The Department is guided by the principle that all information is well governed and managed. Accordingly, the Department must take reasonable steps to protect the personal and/or health information it holds from misuse and loss and from unauthorised access, modification or disclosure. This includes destroying or permanently de-identifying personal and/or health information if it is no longer needed.

Openness

To enable greater access to government decisions, the Department’s information should be easy to find, access and use. This means that the Department must have, and make available, clearly expressed policies on its management of personal and health information.

On request by a person, the Department must take reasonable steps to let the person know, generally:

  • what sort of personal information it holds,
  • for what purposes such information has been collected, and
  • how it collects, holds, uses and discloses that information.

Access and Correction

Individuals have a right to access, and to correct, their personal and health information held by the Department. Most requests to access and/or correct information held by the Department are processed in accordance with the Freedom of Information Act 1982.

Unique Identifiers

The Department limits its adoption and sharing of unique identifiers. Specifically, the preferred unique identifier for the Department is the Victorian Student Number (VSN).

The Department will:

  • not assign unique identifiers to individuals unless the assignment is necessary to enable it to carry out its functions efficiently, and
  • only adopt (as its own unique identifier of an individual), use or disclose a unique identifier assigned by another organisation in limited circumstances.

Anonymity

Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering into transactions with the Department.

Transborder Data Flows

The Department will only transfer personal and/or health information about an individual to someone who is outside Victoria in limited circumstances. Specifically, the Department should only transfer personal and/or health information outside Victoria if:

  • the individual consents to the transfer, or
  • the Department reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which is very similar to the Victorian privacy law, or
  • the Department has taken reasonable steps to ensure that the transferred information will not be held, used or disclosed inconsistently with the Victorian privacy law.

Sensitive Information

The Department will only collect sensitive information in limited circumstances. For example, the Department can collect sensitive information if the individual has consented or if the collection is required by law.

Exceptions

The Department is guided by the principle that information is open for sharing and reuse. Accordingly, the information privacy requirements contained within this policy should be balanced with the Department’s intention to share information to the maximum extent possible.

Victorian privacy law also stipulates certain situations where the Department does not need to comply with the Information and Health Privacy Principles.  Should they arise, exceptions to the application of the Information and Health Privacy Principles should be approved by the Manager, Information Strategy, Policy and Governance.

Complaints

The Department will be efficient and fair when investigating and responding to information privacy complaints. The Department will investigate and respond to complaints in accordance with the Department's Information Privacy Complaints Handling Process.

More information

For more information about this policy, contact the Department’s privacy officer on privacy@edumail.vic.gov.au or (03) 9637 3141.

Information Privacy Policy (docx - 8.06mb)

School Privacy Policy

Privacy and Data Protection Act 2014 (Vic)

Health Records Act 2001 (Vic)

Office of the Commissioner for Privacy and Data Protection

Office of the Health Services Commissioner

Office of the Australian Information Commissioner

​​