Home » Staff » Policy and Procedure » Health and Safety

Privacy

POLICY
To ensure that personal and private information gathered in the course of the operation of the College is current, is relevant to education and is dealt with in a way that respects the privacy, dignity and confidentiality of the individuals who provide the information or to whom the information refers.

To ensure that information passed between the College and an approved Church partner or any other third party is appropriate, done with the permission of the family or person involved and in accordance to national privacy guidelines.

Consent from Students - TO BE DETERMINED

SCOPE

  • Definition of personal information
  • The National Privacy Principles
  • Personal information held by the College
  • Information generated by the College
  • Disposing and archiving of Information
  • Access to data
  • Organisational Contact
  • Exclusions

GENERAL

Personal Information and the National Privacy Principles

The Federal Government’s Privacy Act 2000 applies to all funded services. As a funded service, Central Queensland Christian College is obliged to comply with the Act.

The heart of the legislation is the 10 National Privacy Principles (NPPs). These are the minimum standards required for handling personal information.

Personal information is defined as “information and/or opinion – whether true or not, and whether recorded in a material form or not – about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion”.

The 10 National Privacy Principles are:

  1. Principle 1 - Collection
  2. Principle 2 - Use and Disclosure
  3. Principle 3 - Data quality
  4. Principle 4 - Data Security
  5. Principle 5 - Openness
  6. Principle 6 - Access and correction
  7. Principle 7 - Identifiers
  8. Principle 8 - Anonymity
  9. Principle 9 - Transborder dasta flows
  10. Principle 10 - Sensitive Information
  11. Collection
    Only collect information necessary for one or more of your functions or activities.

  12. Use and Disclosure
    Personal information is only to be used or disclosed for the primary purpose of the collection. Exceptions include where information is required by law or constitutes a health or life-threatening situation.

  13. Data quality
    An Organisation must take reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up to date.

  14. Data security
    Organisations have to take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure. Destroy personal information when no longer of use.

  15. Openness
    Organisations must have a policy on handling of personal information. Reasonable steps must be made to let people know how the Organisation handles personal information eg. policy on web page, hard copy always available.

  16. Access and correction
    An Organisation must give an individual access to personal information it holds about that individual on request. Exceptions are a health or life threatening situation, or when information is required by law, or frivolous requests, or when information reveals personal information about other people.

  17. Identifiers
    An organisation must not adopt as its own identifiers of an individual, an identifier that has been assigned by a Commonwealth Government “agency” (eg TFN, Medicare, and Drivers Licence).

  18. Anonymity
    Organisations must give people the option to interact anonymously whenever it is lawful and practical to do so.

  19. Transborder data flows
    An Organisation cannot send personal information out of the country unless the recipient is subject to the same privacy laws (or scheme) as our own, there is the consent of the individual, there is a contract between the individual and the Organisation and the recipient deals with the information in line with the National Privacy Principles.

  20. Sensitive Information
    Organisations cannot collect sensitive information unless special circumstances apply. However, sensitive information can be collected if the individual has given consent or it is required by law or there is a threat to health or life. Financial information is excluded.

    Examples of sensitive information include:

    • Racial or ethnic
    • Political opinion
    • Membership of political association
    • Religious belief
    • Philosophical belief
    • Membership of a Trade Union
    • Sexual preferences
    • Criminal Record

PROCEDURE

  1. Personal Information Held by the College
    Central Queensland Christian College is solely concerned with providing education to students of the college on behalf of their families. We will only collect personal information that is necessary for these activities.

  2. Parent and Student Information

    General Principles:

    • Personal information released to, or gathered from, an external source or photographic material or publication of photos is with the prior written consent of the parent/s and/or guardian(s).
    • Families’ personal information is verbal and written information provided by the College staff or provided to College staff about the family.
    • Families are entitled to access their Files by prior arrangement. The College reserves the right to charge families a fee for access to Files.
    • Families may request a copy of their files. Receipt of file copies shall be recorded on an appropriate letter, which shall be signed by the family. The provision of this service may be subject to a charge.
    • The College only collects personal information necessary to our activities with clients.
    • Personal information is always stored in a secure location.
    • Only relevant information about the family is stored in that families File or data file.

    The Organisation collects personal information about clients for the purpose of:

    • Enrolment
    • Contact and communication
    • Student and parent/teacher interaction
    • Assessing the impact of a student’s disability
    • Assessing student skills, aptitudes, interests and readiness for learning
    • Monitoring student and program activities and outcomes
    • Monitoring student progress to their desired outcome
    • Reporting demographics and outcomes to the Board and the funding body
    • Promoting student or College success

    Information collected about families is held in hard copy form or in data files. Each staff person is responsible to ensure that the information is securely held in locked files or password protected data files. All information is collected on approved forms associated with our Business System.

    Families’ personal information is always collected with their permission.

    On occasions, external Agencies ask us for a client’s personal information. On all occasions that a request is made for written or verbal information, we seek the families’ signed authority to release that information.

    Sensitive information gathered is held securely, on a family’s file.

  3. Family Files
    Family files are kept to store relevant personal information about the student’s progress toward achieving an academic outcome.

    Each student has a separate file.

    In all cases, files that have any identifying information about someone should be stored in a locked filing cabinet.

  4. Employee Personnel Records
    Employee Records are stored centrally, in a locked filing cabinet in Administration and on the payroll database. Employee records include:

    • Personal contact details
    • Driving licence details
    • The Commission for Children Employee Suitability Number
    • Staff Information Form
    • Payroll and personnel records required by law
    • Recruitment records including an Application Form
    • Performance Appraisals and reviews
    • Performance Counselling
    • Accident and injury records
    • Compensation and rehabilitation records
    • Complaints and grievances
    • Letters of warning
    • Other records eg. training and development activities undertaken during employment with the College.

    Current and former employee records are maintained to provide a history of employment, payroll and administrative information relating to all permanent, contract, temporary and casual employees of the College.

    Employee records may be available to employees by application to the Principal. It should not be assumed that all records are available to an employee. Access will depend on the sensitivity of the record requested.

    Access to employee records is available to the Principal, Board of Governance, the School Administration Officer and the Union representative where that employee is a member of the Union.

    A staff member’s personal information, after hours contact details or personnel records are not for release to the public under any circumstances other than legal or health or life threatening situations.

  5. Board Members and School Members
    Personal Information held on Members of the Association, Board and advisory groups is collected on the Membership Form and stored securely in the membership book in a locked filing cabinet in Administration.

    The Personal Information is used for contact purposes only. The information gathered is:

    • Name
    • Address
    • Telephone/Fax numbers
    • Email address
    • Working With Children Blue Card number and expiry date
  6. Mailing Lists
    The College maintains a mailing list of current families, suppliers, Board members and staff for contact purposes only. Name, address, telephone/fax numbers and/or email address are electronically stored on the mailing list.

    Information circulated to the mailing list may include:

    • Newsletters
    • Surveys
    • Marketing information
    • Advices about upcoming meetings
    • Invoice payments
    • Accounts

    Mailing lists are not for public release under any circumstances. Hard copies of any mailing list should be securely stored.

  7. General Correspondence
    General correspondence received by the College may contain personal information including:

    • Name
    • Address
    • Date of Birth
    • Gender
    • Marital status
    • Disability
    • Relationship details
    • Some may contain complaints of a personal nature.

    All General Correspondence that contains personal information is stored in a secured filing cabinet at the office at which it is received and archived in archive boxes held in a secure room after twelve months. Basic details of the nature of the correspondence, the date received and action taken are recorded in a correspondence book.

    General Correspondence can be destroyed by shredding after being actioned (in most cases), or 12 months after the completion of each financial year.

  8. Contractual and Supplier Agreements with External Bodies
    Contracts and supplier agreements are maintained with some Government Departments and businesses with which we have an obligation to supply a service or from whom we receive a good or service.

    All contracts and agreements are securely stored in Administration.

  9. Records of Grievances and Complaints
    On occasions the College receives a complaint or grievance. These complaints may contain personal and/or sensitive information.

    Each complaint is processed through the College complaints mechanism and stored securely in Administration. Complaints are to be responded to by Principal.

    Under no circumstance is personal information contained in a complaint to be discussed, copied, circulated or reported in a way that identifies the person making the complaint.

    Complaints contribute to the continuous improvement of the College and, as such, are reported at Board meetings. Care should be taken when reporting complaints to the Board that no personal information or identifiers are included in the report.

  10. Information Generated by the College
    From time-to-time, the College generates correspondence, newsletters, surveys, reports, facsimiles and emails to clients, staff, the Board and the wider community for the purposes of informing or being informed.

    Any correspondence which contains sensitive information should be marked “Private and Confidential” on the covering letter and the envelope in which it is sent.

    Newsletters usually, should be distributed to clients during regular meetings with office staff. Any newsletters should contain the following sentence displayed prominently on the first page:
    “Should you wish to be withdrawn from our mailing list, please advise the office.”

    Surveys provide feedback to the College about the quality of our service. We can gain valuable feedback through an annual survey of families. Families may choose not to fill out a survey or submit the survey anonymously.

    Facsimiles should be sent with a Fax Cover Sheet that clearly indicates the following sentence:
    “If this fax is received in error please advise the sender and destroy the information.”

    Emails should have a similar sentence clearly and prominently displayed in the cover text under the heading “Disclaimer”.

  11. Disposing of and Archiving Data we collect
    • Family Information and Files – archive at the completion of a program and store indefinitely.
    • Student Records – to be held indefinitely. Whilst current, a student record should be held in a locked file cabinet. Student records should be archived when their time at the College completes.
    • Employee Records – to be held indefinitely. Whilst current, an employee record should be held in a locked file cabinet. Employee records should be archived when their employment completes.
    • Board of Governance and Membership – timeless. Current membership, BOG and AGM records should be held in a locked filing cabinet. All inactive records should be archived.
    • Mailing Lists – Mail lists should be updated on a regular basis to ensure currency.
    • General Correspondence – destroyed after actioned (in most cases) or 12 months after the completion of each financial year.
    • Contracts and Supplier Agreements – Should be archived once completed. Supplier Agreements may be destroyed after seven years.
    • Complaints Records – Any time after the complaint has been finalised, the record may be archived.
  12. Gaining Access to and Changing Personal Information
    Family and Student Information – clients are entitled to access their file/s at any time. With the client’s written permission, a copy of their file may be transferred to another School. Information held on any Family and Student files may be changed in the following ways:

    • Written request
    • Write a new file note in sequence, reference to the file note number in which the detail is changing. Reference the new file note beside the old file note.
    • Under no circumstances destroy the previous information.

    Employee Records – employees are obliged to provide up-to-date personal information. Changed details are recorded on a newly completed Staff Information Form and held in the employees’ personnel file. Employees may look at the information contained on their file by application to the Principal.

    Board of Governance, Membership Records – all BOG, membership records are held as current memberships. A Personal Profile Form should be completed with any change to the personal information.

    Mailing Lists – are maintained for the sole purpose of contact for the College. Mailing lists should not be held in hard copy form, generally, and may not be sold, given or the information may not be released or transmitted to any other Agency for any other purpose. If another Agency would like access to the people on our mailing list, we can advertise the information in our regular newsletter or, for cost, undertake a special mail out on their behalf.

    Complaints Records – may be freely accessed by the complainant (on request), the Principal and the Administration Officer (for reporting purposes).

  13. Organisation Contact for Privacy

    The Principal
    PO Box 5313
    Central Queensland Mail Centre QLD 4702

    Phone (07) 4921 0580

  14. Exclusions
    All information provided to the College for any purpose related to the operations of our business will be subject to some exclusions from normal privacy policy provisions. The exclusions are:

    • For meeting lawful, contractual obligations to the Department of Family and Community Services including Quality Assurance inspections
    • In matters of health or life threatening situations
    • In matters where the information is required by law

    Employee Records, which must pertain to the employment relationship and contain employment related documents and information are also exempt from this policy.

  15. Charges for requests for access to information covered under this policy
    The organisation can charge for providing information to meet requests.

REFERENCES

RELATED DOCUMENTS

REVIEW

  • This policy is to be reviewed every 12 months or as required
  • This is Issue #34
    • remove note "Consent from Students – TO BE DETERMINED" from POLICY section
    • Change "Personal information is always stored in a locked filing cabinet." to "Personal information is always stored in a secure location."
    • Under heading "Gaining Access to and Changing Personal Information" resolve redundancy under the two headings "Family and Student Information" and "Family and Student Files"
    • Change "Member Form" to "Personal Profile Form"
    • Remove "Child Protection Act" as a reference, as it is not referred to in the document
    • Update address information under "Organisation Contact for Privacy" heading
  • Issue # 1 2006 attached below
    AttachmentSize
    Privacy v2006.doc70.5 KB