Privacy Policy

Classification

Policy Number: HR201705-1.0 • Version/Last Updated: 1.0 November 2017 • Audience: Public • Commencement: 13 March 2014 (reviewed October 2017)

Implementation Resources

1.0 Rationale

This Privacy Policy applies to schools conducted by Sydney Catholic Schools (SCS) and sets out how SCS and each systemic Catholic school manages personal information provided to or collected by it, whether in its Central and Regional offices or in any of the schools for which it has governance responsibility.

2.0 Guiding Principles
2.1

SCS is bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). In relation to health records, SCS is also bound by the NSW Health Privacy Principles which are contained in the Health Records and Information Privacy Act 2002 (NSW)

2.2

SCS may, from time to time, review and update this Privacy Policy to take account of new laws and technology, to reflect changes to SCS operations and practices, and to ensure that it remains appropriate to the changing educational environment of the systemic Catholic schools governed by SCS.

3.0 Policy
3.1

This policy must be followed by Sydney Catholic systemic schools.

3.2

A copy of this policy should be available on the school’s website.

4.0 Procedures
4.1

Personal Information

4.1.1

The type of information schools and SCS collect and hold includes (but is not limited to) personal information, including health and other sensitive information, about:

  • pupils and parents and/or guardians (hereafter referred to as parents) before, during and after the course of a pupil’s enrolment at the school, including:
    • name, contact details (including next of kin), date of birth, gender, language background, previous school and religion
    • parents’ education, occupation and language background
    • medical information (e.g. details of disability and/or allergies, absence notes, medical reports and names of doctors)
    • conduct and complaint records, or other behaviour notes, and school reports
    • information about referrals to government welfare agencies
    • counselling reports
    • health fund details and Medicare numbers
    • any court orders
    • volunteering information
    • photos and videos at school events.
  • Job applicants, staff members, volunteers and contractors, including:
    • name, contact details (including next of kin), date of birth, and religion
    • information on job application
    • professional development history
    • salary and payment information, including superannuation details
    • medical information (e.g. details of disability and/or allergies, and medical certificates)
    • complaint records and investigation reports
    • leave details
    • photos and videos at school events
    • workplace surveillance information
    • work emails and private emails (when using work email address) and Internet browsing history.
  • other people who come into contact with the school.
4.1.2

Personal information parents and pupils provide:schools will generally collect personal information held about an individual by way of forms filled out by parents or pupils, face-to-face meetings and interviews, emails and telephone calls. On occasion, people other than parents and pupils provide personal information.

4.1.3

Personal Information provided by other people: in some circumstances schools may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another school.

4.1.4

Exception in relation to employee records: under the Privacy Act 1988 (Cth) and Health Records and Information Privacy Act 2002 (NSW), the Australian Privacy Principles and Health Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to a school’s treatment of an employee record, where the treatment is directly related to a current or former employment relationship.

4.2

Use of Personal Information

4.2.1

A school will use personal information it collects from parents for the primary purpose of collection, and for secondary purposes that are related to the primary purpose and reasonably expected by parents, or to which they have consented.

4.2.2

Pupils and parents: in relation to personal information of pupils and parents, a school’s primary purpose of collection is to enable the school to provide schooling for the pupil. This includes satisfying the needs of the parents, the needs of the pupil and the needs of SCS, and the school throughout the whole period the pupil is enrolled.

4.2.3

Purposes for which SCS and a school use personal information include:

  • to keep parents informed about matters related to their child’s schooling through correspondence, newsletters and magazines
  • day-to-day administration of the school
  • looking after pupils’ educational, social, spiritual and medical wellbeing
  • seeking donations and marketing for the school
  • to satisfy the legal obligations of SCS and the school and to allow the school to discharge its duty of care.
4.2.4

In some cases, where a school requests personal information about a pupil or parent, if the information requested is not provided, the school may not be able to enrol or continue the enrolment of the pupil, or permit the pupil to take part in a particular activity.

4.2.5

Job applicants, staff members and contractors: in relation to personal information of job applicants, staff members and contractors, a school’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, whichever the case may be.

4.2.6

Purposes for which a school uses the personal information of job applicants, staff members and contractors include:

  • administering the individual’s employment or contract
  • insurance
  • seeking donations and marketing for the school
  • satisfying the school’s legal obligations, for example in relation to child protection legislation.
4.2.7

Volunteers: Schools also obtain personal information about volunteers who assist the school in its functions or conduct associated activities, such as alumni associations, to enable the school and the volunteers to work together.

4.2.8

Marketing and fundraising: Schools regard marketing and seeking donations for future development to be an important part of ensuring that the school continues to provide a high quality learning environment in which pupils and staff thrive. Personal information held by a school may be disclosed to organisations that assist in a school’s fundraising, for example, the school’s or system’s foundation or alumni organisation or, on occasions, external fundraising organisations.

Parents, staff, contractors and other members of the wider school community may from time to time receive fundraising information. School publications, such as newsletters and magazines, which include personal information, may be used for marketing purposes.

4.2.9

Exceptions in relation to related schools: The Privacy Act allows each school, to share personal (but not sensitive) information with the other schools conducted by SCS. Other schools may then only use this personal information for the purpose for which it was originally collected by SCS or a school. This allows schools to transfer information between them, for example, when a pupil transfers from one SCS school to another.

4.3

Disclosure of Personal Information

4.3.1

A school may disclose personal information, including sensitive information held about an individual, to:

  • other schools, and teachers of those schools, governed by SCS
  • government departments
  • SCS, the Catholic Education Commission (CEC), the school’s local diocese and the parish, other related church agencies/entities, and schools within other Dioceses
  • medical practitioners
  • people providing services to the school, including specialist visiting teachers, counsellors and sports coaches
  • providers of learning and assessment tools
  • assessment and educational authorities, including the Australian Curriculum, Assessment and Reporting Authority (ACARA) and NAPLAN Test Administration Authorities, who will disclose it to the managers of NAPLAN’s online platform
  • organisations providing administrative and financial services to the school
  • recipients of school publications, such as newsletters and magazines
  • parents
  • anyone parents authorise the school to disclose information to
  • anyone to whom schools or SCS are required to disclose the information by law.
4.3.2

Sending and storing information overseas: A school may disclose personal information about an individual to overseas recipients, for instance, to facilitate a school exchange. However, a school will not send personal information about an individual outside Australia without:

  • obtaining the consent of the individual (in some cases this consent will be implied)
  • complying with the Australian Privacy Principles or other applicable privacy legislation.
4.3.3

The school may use online or ‘cloud’ service providers to store personal information and to provide services to the school that involve the use of personal information, such as email, instant messaging and education and assessment applications. Some limited personal information may also be provided to these service providers to enable them to authenticate users that access their services. This personal information may be stored on a cloud service provider’s servers which may be situated outside Australia.

An example of such a cloud service provider is Google. Google provides the ‘G Suite for Education’ (G Suite) including Gmail, and stores and processes limited personal information for this purpose. School personnel, SCS, the CEC and their service providers may have the ability to access, monitor, use or disclose emails, communications, documents and administrative data for the purposes ensuring the proper use of the G Suite.

4.4

Sensitive Information

4.4.1

In referring to ‘sensitive information’, the school means information about an individual relating to their racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices, criminal record, health information and biometric information.

4.4.2

Sensitive information will be used and disclosed only for the purpose for which it was provided, or a directly related secondary purpose, unless a parent agrees otherwise or the use or disclosure of the sensitive information is allowed by law.

4.5

Management and Security of Personal Information

4.5.1

SCS and school staff are required to respect the confidentiality of pupils’ and parents’ personal information and the privacy of individuals.

4.5.2

Each school has steps in place to protect the personal information the school holds from misuse, interference, loss, unauthorised access, modification or disclosure. These include secure storage of paper records and password protected access to computerised records.

4.5.3

SCS and its schools also store personal information on a centralised digital information management and storage platform called ONCE and a centralised digital storage system called CeD3. Access to personal information may be granted to pupils and parents to allow them to update personal information online. Pupils and parents privacy and information access rights remain the same regardless of where or how the information is stored.

4.6

Access to and Correction of Personal Information

4.6.1

Under the Privacy Act 1988 (Cth) and Health Records and Information Privacy Act 2002 (NSW), an individual has the right to obtain access to any personal information which SCS or a school holds about them and to advise SCS and the school of any perceived inaccuracy. Pupils will generally be able to access and update their personal information through their parents, but older pupils may seek access and correction themselves. There are some exceptions to these rights set out in the applicable legislation.

4.6.2

To make a request to access or update any personal information SCS or a school holds about a parent or a child, a parent may contact the school principal in writing. The school may require the parent to verify their identity and specify what information is required. The school may charge a fee to cover the cost of verifying an application and locating, retrieving, reviewing and copying the material requested. If the information sought is extensive, the school will advise the likely cost in advance. If the school cannot provide access to the requested information, the school will provide the parent with a written notice explaining the reasons for refusal.

4.7

Consent and Right of Access to the Personal Information of Pupils

4.7.1

SCS respects every parent’s right to make decisions concerning their child’s education. Generally, a school will refer any requests for consent and notices in relation to the personal information of a pupil to that pupil’s parents. A school will treat consent given by parents as consent given on behalf of the pupil, and notice to parents will act as notice given to the pupil.

4.7.2

As mentioned above, parents may seek access to personal information held by a school or SCS about them or their child, by contacting the school’s principal. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of a school’s duty of care to the pupil.

4.7.3

A school may, at its discretion, on the request of a pupil, grant that pupil access to information held by the school about them, or allow a pupil to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the pupil and/or the pupil’s personal circumstances so warranted.

4.8

Enquiries and Complaints

4.8.1

For further information about the way SCS or a school manages the personal information it holds, or to complain about an alleged breach of the Australian Privacy Principles by the school, please contact the school’s principal or the SCS Privacy Officer at the SCS Central Office on 02 9569 6111. The school/SCS will investigate any complaint and will notify the parent of the making of a decision in relation to the complaint as soon as is practicable.

5.0 Bases of Discretion

Nil

6.0 Explanatory Notes and Definitions
6.1

School

Refers to Catholic systemic schools governed by SCS.

6.2

SCS

Refers to Sydney Catholic Schools, including its Central Office and three Regional Offices.

6.3

Parent

Refers to a biological parent, adoptive parent, or formal primary caregiver of a student enrolled in a Sydney Catholic school.

7.0 Supporting Documents
7.1

Related policies

7.2

Supporting documents

8.0 Appendices

Appendix A: Alumni Collection Notice

Appendix B: Employee Collection Notice

Appendix C: Standard Collection Notice

Appendix D: Volunteer or Contractor Collection Notice

Appendix E: Privacy Notice for Transition to a New Student Information System

9.0 Classification
9.1

Policy Number: HR201705-1.0

9.2

Version: 1.0

Last modified: November 2017

This policy supersedes all previous policies relating to matters contained therein. In so much as any aspect of this policy appears to be in conflict with another archdiocesan system or school-based policy, then precedence is to be given to this policy.

9.3

Audience: Public

9.4

Review by: December 2020

Review may be triggered by legislative change.

9.5

Originally Approved by Leadership Team: 13 March 2014

Review approved by Leadership Team: 26 October 2017

9.6

Endorsed by SCS Board: N/A

9.7

Approved by Executive Director of Sydney Catholic Schools: 20 November 2017

9.8

Commencement Date: 13 March 2014 (reviewed October 2017)

Related Policies