Privacy and Information Sharing

Policy

This policy provides privacy and information sharing guidance to ensure schools follow the Schools' privacy policy when collecting, using, sharing and managing personal and health information.

Summary

• All schools must adopt and follow the Schools' privacy policy and include a link to it on their school’s website.
• Following the policy will ensure schools comply with current privacy legislation and departmental policies.
• Information on how to implement the policy is available in the Guidance tab.
• Advice for when information can and must be shared for the wellbeing or safety of children, or to assess or manage family violence risk can be found on Child and Family Violence Information Sharing Schemes.

Details

The Schools' privacy policy is a departmental policy which applies to all schools.

All schools must:

• adopt and follow the Schools’ privacy policy
• include a link to the policy on their school’s website
• remove any previous, individualised privacy policies from their website.

In some cases, school staff can and must share personal information to promote the wellbeing or safety of children, or to assess or manage family violence risk.

Advice on sharing information of this nature is available at Child and Family Violence Information Sharing Schemes.

Definitions

Personal information
Personal information is recorded information or an opinion about a person who is identified or could be reasonably identified.

It will be considered personal information regardless of whether it is true or not.

Examples of personal information include a person’s:

• name
• address
• phone number
• date of birth and/or age.

De-identified information about individuals can become personal information if it is re-identified or re-identifiable. For example, if a sample size is very small or enough separate facts about a person are provided then their identity could be guessed.

Sensitive information
Sensitive information is a type of personal information. It has stronger legal protections due to the risk of discrimination.

Sensitive information includes information or opinion that relates to a person’s:

• racial or ethnic origin
• political opinions or affiliations
• religious beliefs or affiliations
• philosophical beliefs
• sexual orientation or practices
• criminal record
• membership of a trade union.

Personal and sensitive information is regulated in Victoria under the Privacy and Data Protection Act 2014 (Vic).

Health information
Health information is a type of personal information. The sensitive nature of this information means that it has different and stronger legal protections.

Health information is information or opinion about an identifiable person’s:

• physical health
• mental or psychological health
• disability.

Health information is regulated in Victoria under the Health Records Act 2001 (Vic).

Related policies

• CCTV in Schools – Installation and Management
• Child and Family Violence Information Sharing Schemes
• Digital Technologies – Responsible Use
• Generative Artificial Intelligence
• Information Security
• Photographing, Filming and Recording Staff and Other Adults
• Photographing, Filming and Recording Students
• Privacy policy (Corporate)
• Privacy policy (National Law)
• Records Management
• Records Management – Employee Information
• Requests for Information about Students
• Schools' privacy policy
• Software and Administration Systems
• Volunteers in Schools

Relevant legislation

• Health Records Act 2001 (Vic)
• Privacy and Data Protection Act 2014 (Vic)
• Public Records Act 1973 (Vic)