Policy Library > Governance and Organisation > Ethical Conduct in the Workplace

Privacy Policy

Intent

To ensure that the University, its controlled entities and its associated bodies protect the privacy of all personal information within their systems. To provide a mechanism for dealing with privacy complaints.

Scope

This policy will apply to the University, its controlled entities and its associated bodies (see Appendix A). The controlled entities and associated bodies may also be subject to privacy laws and policies under the Privacy Amendment (Private Sector) Act 2000.

Key Objectives

To ensure that the University, its controlled entities and its associated bodies comply with IS42 Information Privacy.

Definitions

Personal Information: is defined in IS 42 as "information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.".

Policy and Procedures

Policy Provisions

General Principles

1. The appropriate collection and management of information is crucial in the achievement of James Cook University’s mission to serve tropical Queensland and the nation by providing education and research of international standing. The administrative operations related to the teaching and research activities of the University occasionally require the collection and retention of personal information.

2. The Guiding Principles of James Cook University include setting “exemplary standards of integrity in all aspects of its affairs”. This integrity includes maintaining and protecting the privacy of personal information, and taking all possible measures to ensure the information is accurate. Personal information, for the purposes of these guidelines, is any information or opinions that can identify a living person.

3. The University will comply with relevant legislation in the collection, maintenance, use and disclosure of personal information. All aspects of the University’s dealings with personal information will be underpinned by Queensland Government Information Standard 42 Information Privacy (IS 42) and the accompanying guidelines. IS 42 requires personal information to be managed in accordance with a set of 11 Information Privacy Principles (IPPs) which have been adapted from the Information Privacy Principles in the Commonwealth Privacy Act 1988. The IPPs can be accessed via the Queensland Government’s web page at http://www.iie.qld.gov.au/informationstandards/current.asp. It should be noted that in some instances, the IPPs may be superseded by other legislative requirements, such as the Freedom of Information Act 1992 (Qld), Whistleblowers Protection Act 1994, or section 63 of the Health Services Act 1991.

Guidelines

1. In collecting personal information the University will:

1.1 only collect information for lawful purposes related to its function;

1.2 only collect the information that is necessary and by lawful means;

1.3 where possible only collect personal information that is provided by the individual to whom the information relates, collecting in a way that is not personally intrusive; and

1.4 where information is provided by someone else, ensure that the collection has been authorised by the individual concerned, or by someone who is legally authorised to provide it on their behalf.

2. The University will inform the individuals from whom information is collected:

2.1 that the information is being collected, either at the time the information is being collected or as soon as practicable afterwards;

2.2 the purpose for collecting the personal information;

2.3 if the collection is mandatory, any consequences of not providing it;

2.4 that the information is to be held and to whom the information is normally passed or disclosed;

2.5 the name and address of any agency used to collect information on the University’s behalf; and

2.6 how individuals can obtain access to their information, check it for accuracy and completeness, and make application to correct it.

3. The University will manage personal information responsibly by:

3.1 taking reasonable steps to ensure that personal information held is relevant to the purpose for which it was collected, accurate, up to date, complete and not misleading;

3.2 retaining and disposing of it in accordance with the Public Records Act 2002;

3.3 implementing physical and computer security measures to protect personal information from loss or unauthorised access, use, disclosure, and from unauthorised modification;

3.4 taking reasonable steps to prevent its disclosure by external service providers without authorisation; and

3.5 only disclosing personal information outside the University and its controlled entities or affiliated bodies where:

- its disclosure has been consented to by the individual to whom it relates; or

- its disclosure is required or authorised by or under law; or

- it is reasonably believed to be necessary to prevent or lessen a serious threat to life or health of any person; or

- its disclosure is in the public interest under Section 44.1 of the Freedom of Information Act 1992 (Qld); or

- its disclosure is reasonably necessary for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue.

4. The University has in place mechanisms and normal administrative practices to handle routine requests for access to information such as academic transcripts, or for alterations to information such as changes of address. Individuals wishing to obtain access to, or amend, information about themselves, should contact the relevant officer in the area in which the information is held, the Privacy Contact Officer or the Freedom of Information Coordinator, James Cook University, Townsville QLD 4811.

Procedure: Privacy Complaints Procedure

Procedure	Responsibility	Timeline
If individuals believe that their personal information has not been dealt with in accordance with an IPP, they may make a complaint to the Privacy Contact Officer at the University. The complaint must be made in writing. Complaints should be forwarded to the Privacy Contact Officer, James Cook University, Townsville QLD 4811.	Complainant	Within six months from the date when the breach was suspected to have occurred.
Complaints will be acknowledged in writing.	Privacy Contact Officer	Within 14 days from the date on which the complaint was received.
The University will process the complaint and the complainant will be advised in writing of the University’s decision.	Privacy Contact Officer	Within 60 days from the date on which the complaint was received.
If applicants are not satisfied with the University’s decision they may apply in writing to the Privacy Contact Officer for review of the initial decision.	Complainant	Within 28 days of the complainant receiving the initial complaint decision.
The review will be carried out and the complainant will be advised in writing of the review decision.	The review will be carried out and the complainant will be advised in writing of the review decision.	Within 45 days.

Appendix A: Controlled Entities and Associated Bodies

Controlled Entities

JCU Technologies Pty Ltd

Australian Tropical Sciences Technology Park Pty Ltd

JCU Uninet Pty Ltd

Unicare (NQ) Ltd

Unihealth Pty Ltd

Australian Tropical Rainforest Institute Pty Ltd

Associated Bodies

Toxitech Pty Ltd

Australian Canopy Crane Pty Ltd

Pacific Waste Technologies Pty Ltd

QANTM Australia CMC Pty Ltd

CRC for Sustainable Tourism Pty Ltd (1)

(1) CRC for Sustainable Tourism Pty Ltd has developed a Privacy Policy under the Privacy Amendment (Private Sector) Act 2000

Policy sponsor:	Deputy Vice-Chancellor, University Services & Registrar
Approval authority:	Vice-Chancellor
Version no.:	03-1
Date for next review:	24/06/2008

Version no.	Approval date	Implementation date	Details
03-1	24/06/2003
02-1	13/08/2002	13/08/2002