Privacy and Information Sharing

Policy

The purpose of this policy is to ensure schools follow the Schools’ privacy policy when collecting, using, disclosing and managing personal and health information.

Summary

• All schools are required to follow the department’s standardised Schools’ privacy policy and must post a link to it on the school’s website.
• Following the policy will ensure your school is complying with current privacy legislation and departmental policy.
• Guidance on implementing the Schools’ privacy policy is available in the Guidance tab.
• The Guidance tab also provides information on other privacy-related issues and requirements relevant to schools, including:
  • the provision of collection notices to students and their parents/carers
  • consent requirements
  • appropriate sharing of information
  • privacy impact assessments
  • health information
  • management of privacy incidents and complaints.
• Additional policy advice for schools on when information can and must be shared to promote the wellbeing or safety of children, or to assess or manage family violence risk, is now available at: Child and Family Violence Information Sharing Schemes.

Details

All schools are required to:

• adopt and follow the department’s standardised Schools’ privacy policy
• and must post a link to it on the school’s website.

This link replaces any previous local school privacy policy your school may have published. Schools must link to the policy published separately on the department’s website.

Additional policy advice for schools on when information can and must be shared to promote the wellbeing or safety of children, or to assess or manage family violence risk, is now available at Child and Family Violence Information Sharing Schemes.

Definitions

Personal information
Personal information is recorded information or opinion, whether true or not, about a person whose identity is apparent, or can reasonably be ascertained, from the information. The information or opinion can be recorded in any form. A person's name, address, phone number and date of birth (age) are all examples of personal information.

Sensitive information
Sensitive information is a type of personal information with stronger legal protections due to the risk of discrimination. It includes information or opinion about an identifiable person’s racial or ethnic origin, political opinions or affiliations, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices, criminal record or membership of a trade union.

Personal and sensitive information is regulated in Victoria under the Privacy and Data Protection Act 2014 (Vic).

Health information
Health information is information or opinion about an identifiable person’s physical, mental or psychological health or disability. Health information is a type of personal information which, because of its sensitivity, also has different and stronger legal protections.

Health information is regulated in Victoria under the Health Records Act 2001 (Vic).

Note: De-identified information about individuals can become personal information if it is re-identified or if it is at high risk of being re-identified, for example, if it is released to the public or is a small sample size.

Related policies

• CCTV in Schools – Installation and Management
• Child and Family Violence Information Sharing Schemes
• Digital Technologies – Responsible Use
• Generative Artificial Intelligence
• Information Security
• Photographing, Filming and Recording Staff and Other Adults
• Photographing, Filming and Recording Students
• Privacy policy (Corporate)
• Privacy policy (National Law)
• Records Management
• Records Management – Employee Information
• Requests for Information about Students
• Schools' privacy policy
• Volunteers in Schools

Relevant legislation

• Health Records Act 2001 (Vic)
• Privacy and Data Protection Act 2014 (Vic)