Privacy and Information Sharing

Policy

The purpose of this policy is to ensure schools follow the Schools’ Privacy Policy when collecting, using, disclosing and managing personal and health information.

Summary

• All schools are required to follow the Department’s standardised Schools’ Privacy Policy and must post a link to it on the school’s website.
• Following the policy will ensure your school is complying with current privacy legislation and departmental policy.
• Guidance on implementing the Schools’ Privacy Policy is available in the Guidance tab.
• The Guidance tab also provides information on other privacy-related issues and requirements relevant to schools, including: 
  • the provision of Collection Statements to students and their parents/carers
  • consent requirements
  • appropriate sharing of information
  • privacy impact assessments
  • health information 
  • management of privacy incidents and complaints.
• Additional policy advice for schools on when information can and must be shared to promote the wellbeing or safety of children, or to assess or manage family violence risk, is now available at: Child and Family Violence Information Sharing Schemes.

Details

All schools are required to: 

• adopt and follow the Department’s standardised Schools’ Privacy Policy
• and must post a link to it on the school’s website.

This link replaces any previous local school privacy policy your school may have published. A copy of the policy text is provided below for reference only. Schools must link to the policy published separately on the Department’s website.

Additional policy advice for schools on when information can and must be shared to promote the wellbeing or safety of children, or to assess or manage family violence risk, is now available at: Child and Family Violence Information Sharing Schemes.

Schools’ Privacy Policy

The Department of Education and Training (which includes all Victorian government schools, central and regional offices) values the privacy of every person and is committed to protecting information that schools collect.

All staff must comply with Victorian privacy law and this policy, including:

• contractors
• service providers and volunteers of the Department
• and Victorian government schools (our school).

In Victorian government schools the management of 'personal information' and 'health information' is governed by the Privacy and Data Protection Act 2014 (Vic) and Health Records Act 2001 (Vic) (collectively, Victorian privacy law).

This policy explains how our school collects and manages personal and health information, consistent with Victorian privacy law.

What information do we collect?

Our school collects the following type of information:

• information about students and their families, provided by students, their families and others
• information about job applicants, staff, volunteers and visitors; provided by job applicants, staff members, volunteers, visitors and others.

How do we collect this information?

Our school collects information in a number of ways, including:

• in person and over the phone: from students and their families, staff, volunteers, visitors, job applicants and others
• from electronic and paper documentation: including job applications, emails, invoices, enrolment forms, letters to our school, consent forms (for example: enrolment, excursion, Student Support Services consent forms), our school’s website or school-controlled social media
• through online tools — such as apps and other software used by our school
• through any CCTV cameras located at our school.

Collection notices

When our school collects information about you, our school takes reasonable steps to advise you how the information will be handled. This includes the purpose of the collection and how to access, update and correct information held about you. For information about students and their families, a collection notice is provided to parents (or students who are mature minors) upon enrolment.

Unsolicited information about you

Our school may receive information about you that we have taken no active steps to collect. If permitted or required by law, our schools may keep records of this information. If not, we will destroy or de-identify the information when practicable, lawful and reasonable to do so.

Why do we collect this information?

Primary purposes of collecting information about students and their families

Our school collects information about students and their families when necessary to:

• educate students
• support students’ social and emotional wellbeing, and health
• fulfil legal requirements, including to:
  • take reasonable steps to reduce the risk of reasonably foreseeable harm to students, staff and visitors (duty of care)
  • make reasonable adjustments for students with disabilities (anti‑discrimination law)
  • provide a safe and secure workplace (occupational health and safety law)
• enable our school to:
  • communicate with parents about students’ schooling matters and celebrate the efforts and achievements of students
  • maintain the good order and management of our school
• enable the Department to:
  • ensure the effective management, resourcing and administration of our school
  • fulfil statutory functions and duties
  • plan, fund, monitor, regulate and evaluate the Department’s policies, services and functions
  • comply with reporting requirements
  • investigate incidents in schools and/or respond to any legal claims against the Department, including any of its schools.

Primary purposes of collecting information about others

Our school collects information about staff, volunteers and job applicants:

• to assess applicants’ suitability for employment or volunteering
• to administer employment or volunteer placement
• for insurance purposes, including public liability and WorkCover
• to fulfil various legal obligations, including employment and contractual obligations, occupational health and safety law and to investigate incidents
• to respond to legal claims against our school/the Department.

When do we use or disclose information?

Our school uses or discloses information consistent with Victorian privacy law, as follows:

1. for a primary purpose — as defined above
2. for a related secondary purpose that is reasonably to be expected — for example, to enable the school council to fulfil its objectives, functions and powers
3. with notice and/or consent — including consent provided on enrolment and other forms (the information collected will not be disclosed beyond the Department of Education and Training without consent, unless such disclosure is lawful)
4. when necessary to lessen or prevent a serious threat to:
   • a person’s life, health, safety or welfare
   • the public’s health, safety or welfare
5. when required or authorised by law including — as a result of our duty of care, anti-discrimination law, occupational health and safety law, child wellbeing and safety law, reporting obligations to agencies such as Department of Health and Department of Families, Fairness and Housing, and complying with tribunal or court orders, subpoenas, summonses or search warrants
6. to investigate or report unlawful activity, or when reasonably necessary for a specified law enforcement purpose, including the prevention or investigation of a criminal offence or seriously improper conduct, by or on behalf of a law enforcement agency
7. for Departmental research or school statistics purposes
8. to establish or respond to a legal claim.

A unique identifier (a CASES21 code) is assigned to each student to enable the school to carry out its functions effectively.

Student transfers between Victorian government schools

When a student has been accepted at, and is transferring to, another Victorian government school, our school transfers information about the student to that school. This may include copies of the student’s school records, including any health information.

This enables the next school to continue to provide for the education of the student, to support the student’s social and emotional wellbeing and health, and to fulfil legal requirements.

NAPLAN results

NAPLAN is the national assessment for students in Years 3, 5, 7 and 9, in reading, writing, language and numeracy.

When a student transfers to another Victorian government school, their NAPLAN results are able to be transferred to that next school.

Additionally, a student’s NAPLAN results are able to be provided to the student’s previous Victorian government school to enable that school to evaluate their education program.

Responding to complaints

On occasion our school, and the Department’s central and regional offices, receive complaints from parents and others. Our school and/or the Department’s central or regional offices will use and disclose information as considered appropriate to respond to these complaints (including responding to complaints made to external organisations or agencies).

Accessing your information

All individuals, or their authorised representative(s), have a right to access, update and correct information that our school holds about them.

Access to student information

Our school only provides school reports and ordinary school communications to parents who have a legal right to that information. Requests for access to other student information must be made by making a Freedom of Information (FOI) application through the Department’s Freedom of Information Unit (see below).

In some circumstances, an authorised representative may not be entitled to information about the student. These circumstances include when granting access would not be in the student’s best interests or would breach our duty of care to the student, would be contrary to a mature minor student’s wishes or would unreasonably impact on the privacy of another person.

Access to staff information

School staff may first seek access to their personnel file by contacting the principal. If direct access is not granted, the staff member may request access through the Department's Freedom of Information Unit.

Storing and securing information

Our school takes reasonable steps to protect information from misuse and loss, and from unauthorised access, modification and disclosure. Our school stores all paper and electronic records securely, consistent with the Department’s records management policy and information security standards. All school records are disposed of, or transferred to the State Archives (Public Record Office Victoria), as required by the relevant Public Record Office Standard.

When using software and contracted service providers to manage information, our school assesses these according to the appropriate departmental processes. One example of this is that staff passwords for school systems are strong and updated on a regular basis, consistent with the Department’s policy on passwords — refer to EduPass — Identity and Access Management in Schools.

Updating your information

We endeavour to ensure that information about students, their families and staff is accurate, complete and up to date. To update your information, please contact our school’s general office.

FOI and Privacy

To make a FOI application contact:

Freedom of Information Unit
Department of Education and Training
2 Treasury Place, East Melbourne VIC 3002
Phone: 03 7022 0856
Email: foi@education.vic.gov.au

If you have a query or complaint about privacy, please contact:

Knowledge, Privacy and Records Branch
Department of Education and Training
2 Treasury Place, East Melbourne VIC 3002
Phone: 03 8688 7967
Email: privacy@education.vic.gov.au

Definitions

Personal information
Information or opinion, whether true or not, about a person whose identity is apparent, or can reasonably be ascertained, from the information or opinion – that is recorded in any form. For example, a person's name, address, phone number and date of birth (age). De-identified information about students can also be personal information.

Health information
Information or opinion about a person’s physical, mental or psychological health or disability, that is also personal information – whether in writing or not. This includes information or opinion about a person’s health status and medical history, immunisation status and allergies, as well as counselling records.

Sensitive information
Information or opinion about a set of specific characteristics, including a person’s racial or ethnic origin, political opinions or affiliations, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices; or criminal record. It also includes health information.

Related policies

• Child and Family Violence Information Sharing Schemes
• Cybersafety and Responsible Use of Digital Technologies
• Information Security — InfoSafe
• Photographing, Filming and Recording Staff and Other Adults
• Photographing, Filming and Recording Students
• Privacy Policy (Corporate)
• Requests for Information about Students
• Schools Privacy Policy
• Social Media Use to Support Student Learning

Relevant legislation

• Health Records Act 2001 (Vic)
• Privacy and Data Protection Act 2014 (Vic)