Information and Privacy

From Term 1 2017, Victorian government and Catholic schools will use the new Victorian Curriculum F-10. Curriculum related information is currently being reviewed and may be subject to change.

For more information on the curriculum, see:
The Victorian Curriculum F–10 - VCAA

Purpose of this policy

To ensure schools maintain privacy of information.

Policy

Schools must:

  • adopt the Department's Schools' Privacy Policy (this can be achieved by creating a link to the policy on the school's website)
  • abide by legislative privacy requirements in relation to how personal and health information is collected, used, disclosed and stored
  • be reasonable and fair in how this information is treated, not only for the benefit of staff and students, but also to protect the school’s reputation
  • abide by freedom of information requirements - for details, see: Freedom of Information

Note:  The school’s privacy policy must be provided to anyone who requests a copy.

Legislation

Victorian privacy law applies to all staff, service providers (contractors) and agents, (whether paid or unpaid) of the Department, and covers student records, staff files and information held by the Department and all government schools. 

The Privacy and Data Protection Act 2014 applies to all forms of recorded information or opinion about an individual who can be identified, including photographs and emails.  It establishes standards for the collection, handling and disposal of personal information and places special restrictions on ‘sensitive information’ such as:

  • racial or ethnic origin
  • political views
  • religious beliefs
  • sexual preference
  • membership of groups
  • criminal record.

The Health Records Act 2001 establishes standards for the collection, handling and disposal of health information including a person’s

  • physical, mental or psychological health
  • disability.

Health information can also include access to health services and the nature of these services; however this type of information does not have to be recorded to be classified as health information.

Objectives and principles

The objectives of privacy laws are to:

  • balance the public interest in the free flow of information while protecting personal and health information
  • empower individuals to manage, as far as practicable, how personal and health information is used and disclosed
  • promote responsible, open and accountable information handling practices
  • regulate personal information handling by applying a set of information privacy principles.

Information privacy principles create rights and obligations about personal and health information; however these only apply when they do not contravene any other Act of Parliament.  In most cases there will be no contradiction as the relevant action falls within one of the exceptions within the information privacy principles.  

School compliance strategies

Some strategies school can implement to ensure compliance with the privacy legislation include:

  • nominating a person to manage and review the school’s privacy practices
  • conducting a privacy audit to determine what information the school collects, how information is used and with whom information is shared
  • examining data security arrangements
  • ensuring all staff, including volunteers, are aware and compliant with the Schools' Privacy Policy and supporting documents
  • treating all privacy complaints in the strictest confidence and seeking advice from the Privacy team as needed, on (03) 8688 7967 or privacy@edumail.vic.gov.au

Privacy exemptions

Personal and health information can be disclosed for a purpose other than for which it was collected and without the person’s consent when the disclosure is:

  • necessary to lessen or prevent a threat to life, health or safety
  • required, authorised or permitted by law or for law enforcement purposes
  • used for research or compilation of statistics in the public interest, in certain limited circumstances.  Any research in schools must be first approved by the Office for Policy, Research and Innovation.

See: Conducting Research   

Privacy and duty of care

Privacy laws recognise and permit schools collecting, using and disclosing information so that they can comply with their duty of care to students.  A key element of duty of care is that the processes and procedures used are documented and records kept.

SeeDuty of Care   

Privacy and parents/guardians

To assist decision making about a student’s needs, schools inform parents/guardians of the student’s academic progress, behaviour, educational options or special educational requirements.

Privacy laws do not restrict this use of the information, as this is the purpose for which it is collected.

Court orders

Unless a court order is made under the Family Law Act, both parents of a student have the same rights to access information about the student. See: Decision Making Responsibilities for Students 

Enrolment information

Schools must:

  • provide a privacy collection notice with the enrolment form explaining to the parents and student why this information is being collected, what it is used for, where it might be disclosed and how they can access information held about them
  • only use the information collected during enrolment for the purposes that it was collected for.  Disclosure for an unrelated purpose requires parental consent or in the case of a secondary student the content of the parent and student, unless the circumstances fall within one of the above privacy exemptions.

See: Admission

Health information

Health related information can be kept confidential by the principal, or shared with:

  • selected staff to the extent they need to know to care for the student, or

  • all staff when they need to know in case of emergencies.

Note 1: Counselling services are health services and records are confidential health records.  Confidentiality of information disclosed during a counselling session must be maintained unless the student provides consent or the situation falls into a privacy exemption category.

Note 2: Career counselling is not a health service.

See: First Aid Needs

Transfers

Transferring student information between Victorian government schools is allowed when:

  • parents/guardians are informed of the process
  • schools meet the Department’s standards in transferring files.

Access to information

The privacy laws do not change the individual’s right to access their information that is held by a government school. The individual’s right to access remains via a request made under the Freedom of Information Act 1982.

Privacy legislation encourages organisations to be open and transparent about what personal and health information they hold about individuals. When it is appropriate schools can provide individuals with informal access to their own personal or health information.  However, the person seeking access should make a request under the Freedom of Information Act 1982 if records hold information:

  • provided by a third party
  • that identifies a third party or
  • that may cause harm to the individual or others.

See: Freedom of Information

Complaints

When a complaint is made:

  • that a member of staff has breached privacy then the principal should attempt to resolve the matter.  If required regional complaints staff can provide the principal with assistance.  However schools and regions that receive privacy complaints can also contact the Department’s Privacy team on (03) 8688 7967 or privacy@edumail.vic.gov.au when needed for advice.
  • to the Victorian Health Complaints Commissioner about ‘an interference with health privacy’ by a school, this will be sent to the Department's Privacy team who will inform the region and school
  • about a school to the Office of the Victorian Information Commissioner; this will most likely to referred to the Department’s Secretary
  • and the complainant is not satisfied with the Department’s investigation and response, the complaint can then be taken to the Office of the Victorian Information Commissioner. In most circumstances the regional director and school will be informed about the investigation.

Related policies

Related legislation

  • Health Records Act 2001
  • Privacy and Data Protection Act 2014

Department resources

For further details, see: