Privacy

What is privacy?

What is personal information?

Checklist for handling personal information

Storing and using personal information - what do you do?

Disclosing personal information - what do you do?

Storing and using personal information - what do you do?

What is meant by consent?

What is privacy?

  • the right to be left alone
  • the right to exercise control over one's personal information
  • a set of conditions necessary to protect our individual dignity and autonomy

What is personal information?

The Queensland Information Privacy Act 2009 defines personal information as "any information or opinion, including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can be reasonably ascertained".

A record could include a document, database, sound recording, film or photograph and personal information would include -  

 

 name  driver's licence number
 address  physical characteristics
 age  political and religious beliefs
 date of birth  disabilities
 email address  sexual preferences

Checklist for collecting personal information for inclusion in a document or generally available publication 

  • Review all procedures.
  • Only collect relevant and necessary information (absolute minimum needed for the purpose) in a lawful and fair manner so as to not unreasonably intrude into the personal affairs of the person.
  • Give a verbal or written collection notice to the person whose personal information you are collecting, preferably before the collection.  For example, a clearly visible notice in a recording studio.  This notice is not the same thing as consent.  The notice should -
    • Explain the purpose of collecting (intended uses including any secondary uses) the personal information.
    • Identify any entity to which the information is usually disclosed to (if any) and who that recipient may regularly disclose to (if any).
    • Identify the law (if any) allowing or requiring the collection and the fact that the collection is authorised or required by that law.
  • Ensure the information is complete and up to date when collected.  Note whether the information is from a primary or secondary source.
  • If necessary, obtain their consent to the intended use.  For example, if the use involves the transfer of the information outside Australia (including publication on the world wide web). 

Storing and using personal information contained in a document- what do you do?

  • Review all procedures, policies and protocols.  Ensure these provide when, why and how information is to be used and by whom (and by what rights they have to deal with the information).
  • Implement security measures including ensuring that the information is protected against loss, unauthorised access, use, modification or disclosure or any other misuse, to the level that can reasonably be expected to be provided. The more sensitive the information, the higher the standard.
  • Having regard to the proposed use, ensure information is accurate, up to date and complete before using.  Check the collection date and source.
  • Check that any Consent obtained is still valid and whether any notice of the intended use (if relevant) was given. If the information was given for a particular purpose and you want to use it for another purpose, please contact the Legal Office as there are limits on other uses.
  • Only use those parts of the information directly relevant for fulfilling the purpose.  Record details of when why and how information used and by whom for auditing purposes.
  • Before any contractor or consultant providing services to USQ can deal with any personal information, they must have signed a Privacy Agreement with USQ.  Please contact the Legal Office for assistance in this regard.

Disclosing personal information - what do you do?

  • ask for identification/request in writing
  • may be disclosed if necessary to prevent serious or imminent threat to the welfare, health or safety of the public or individual (or their life)

What is meant by consent?

For consent to be valid it should be:- 

  • fully informed;
  • specific; and
  • voluntary

It is good practice to get prior written consent from any person whose photograph is to be used in printed or online material, and for the collection, use and disclosure of email addresses.  Such consent should set out all intended uses of the photograph/email address including that this information may be transferred to an entity outside of Australia (by being placed on the World Wide Web).  It should also set out how a person may withdraw their consent and the effects of that withdrawal.

Compliance

The University is required to comply with the Information Privacy Act 2009 (Qld) (IP Act) which regulates the management of personal information.  In addition, University employees, including casual employees and contractors, are required to comply with the University's Privacy Policy.

Privacy Information Sessions for staff are coordinated through the Organisational Development and Training section of Human Resources.

Matters concerned with the IP Act, in particular general enquiries about accessing personal information, contents of forms, record keeping, consents, disclosures, complaints and statutory reporting should be referred to the Privacy Officer.

For further inquiries contact:-

Director (Integrity and Professional Conduct)