Privacy Plan
Overview
The mission of the University of the Sunshine Coast is to be the major catalyst for the innovative and sustainable economic, cultural and educational advancement of the region, through the pursuit of international standards in teaching and research.
In order to achieve its mission, the University of the Sunshine Coast collects and manages personal information.
The University supports openness in its operation and towards the information it maintains, subject to the Freedom of Information Act 1992 (Queensland). In doing so, the University recognises the privacy rights of individuals regarding their personal affairs.
This plan explains to members of the public and to the University community what personal information the University collects and its use and management. The Plan also describes our complaint mechanism.
Information privacy
The University of the Sunshine Coast Privacy Plan has been developed to comply with the Queensland Government Information Standard 42 - Information Privacy (IS42), known as Queensland Privacy, which is based on the eleven Information Privacy Principles (IPPs) in the Commonwealth Privacy Act 1988. Information standards are issued under the authority of ss. 22(2) and 56(1) of the Financial Management Standard 1997 and apply to the University of the Sunshine Coast as a public authority defined under the Financial Administration and Audit Act 1977. Information Standard 42 (PDF) is available online from the Queensland Government website. It includes a definition of personal information and the IPPs. In some instances IS42 may be superseded by other legislation such as the Freedom of Information Act 1992 (Queensland).
The aim of Queensland Privacy is to establish a framework for the responsible collection, storage, use and disclosure of personal information. Queensland Privacy addresses community concerns about any unauthorised use of personal information. It includes strict guidelines about the storage of personal information, including electronic records and databases, to protect it from being lost, misused, modified or disclosed.
In addition to the University's Privacy Plan that is subject to an annual review, the University will also develop a Privacy Policy subject to mandatory review every five years.
Responsibility
Responsibility for the implementation of the University of the Sunshine Coast Privacy Plan resides with the Office of the Deputy Vice-Chancellor. However the Privacy Coordinator is the first point of contact for privacy matters at the University, and will handle complaints, requests for amendment of records and reporting of relevant privacy matters to the Queensland Department of Justice and Attorney General.
Types of personal information held by the University of the Sunshine Coast
Personal information collected, stored and used by the University falls within the broad categories listed below. Unless otherwise stated, information is retained in accordance with the Queensland State Archives General Disposal and Retention Schedule for Administrative Records.
Student records
Student personal details required for the enrolment and education of students and for providing academic and support services are collected. Student information may be collected for the following purposes:
- enrolment
- academic performance
- personal welfare (such as counselling and medical matters);
- electoral rolls for the election of student members to relevant University committees
- equity group information and
- other records
Generally student information is stored electronically on the University's student information system (SOLAR). Information may be taken from the system to populate other University databases including the University's library and IT network systems. Records may also be kept in various offices throughout the University and in a combination of paper based and electronic formats. Security arrangements will apply, depending on the storage type and sensitivity of the information. Details of specific record handling practices may be obtained from the supervisors of the particular areas.
University staff who require access to undertake their duties may access student personal information. Personal counselling information is only available to counselling staff in Student Services, the Manager, Student Services.
Information held on student records may be disclosed outside the University as appropriate to the following organisations:
- Australian Taxation Office
- Centrelink
- Queensland Tertiary Admissions Centre
- Department of Education, Science and Training
- The University of the Sunshine Coast Student Guild (information is only disclosed in accordance with the Constitution of the Student Guild)
- Federal and State Police
- external organisations in which students undertake industrial or clinical placements or professional experience
- other educational institutions (for cross enrolments, exchanges, joint awards)
- Australian Vice-Chancellors' Committee (AVCC)
Students are made aware of what information is collected and how it may be used and disclosed through SOLAR and the Guidelines on Confidentiality of Student Records available from the Student Handbook. Academic information is retained permanently. Counselling information is retained for five years after the student leaves the University.
Personal details for exchange students are collected as for other students. However, this information is only available to Study Abroad Officers and to Student Administration staff as required to undertake their duties.
Exchange student information is retained for five years after completion of the exchange.
Staff records
Personal information about staff is collected for the purposes of employment and to allow for human resource management functions such as payroll, leave management, and superannuation. Personal information is also used to create staff electoral rolls for the election of members to various University committees and to respond to requests by Government agencies such as the Australian Bureau of Statistics and the Department of Education, Science and Training.
Staff information is stored manually on personnel files and electronically on the University's Human Resource Information System (HRIS). Information may be taken from the HRIS system to populate other University databases including the University's library and IT network systems. University executive, management, supervisory, and Human Resources staff who require access to undertake their duties may access staff personal information.
Records for current and former staff of the University may also be kept in various offices throughout the University and in a combination of paper and electronic formats. Security arrangements will apply, depending on the storage type and sensitivity of the information. Details of specific record handling practices may be obtained from the supervisors of the particular business areas.
Additional information regarding job applicants and work references may be collected during selection processes. While this information is generally restricted to only those people involved in the particular selection process the information may be sought under the Freedom of Information Act 1992 (Queensland).
Information held on staff records may be disclosed outside the University as appropriate to the following organisations including:
- Australian Taxation Office
- Unisuper
- WorkCover Queensland
- Centrelink
- Queensland Audit Office
- Federal and State Police
- Department of Education, Science and Training
- third parties such as financial institutions by permission of the staff member.
The Code of Conduct for officers and staff provides details regarding the acceptable use of information.
Financial and business records
Personal accounting information such as name, address for payment, bank account details to allow for electronic ordering or payment of accounts is collected about vendors, suppliers and contractors to allow normal business processes to take place. Generally financial vendor information is stored electronically on the University's finance system. Executive, management, Finance staff and University staff ordering goods or services in the course of their duties may access this information.
Periodic examination by external auditors may occur.
Records may be kept in various offices throughout the University and in a combination of paper and electronic formats. Security arrangements will apply, depending on the storage type and sensitivity of the information. Details of specific record handling practices may be obtained from the supervisors of the particular business areas.
Information technology (IT) records
The University's IT network systems environment maintains much of the business and personal information required to support the core business of the University. Most of the personal information recorded in the network environment is information described elsewhere in this plan.
In addition, information tracking electronic transactions and personal information required to establish and to maintain network accounts and services including telephone, email, Internet and intranet activities are collected. Security arrangements will apply depending on the storage type and sensitivity of the information.
Central information technology administrators hold personal information specific to IT system administration such as security identifiers and usage records for staff and students. This information is disclosed to authorised personnel, including staff supervisors, system administrators and the individual concerned. Users are made aware of system usage rules and procedures through orientation programs and service guides including the IT Services Student Guide, the IT Services Staff Guide, and through University policies including Acceptable Use of Information Technology Resources Policy, Electronic Mail Policy, Information Technology Security Policy, the Code of Conduct which are available on the University's intranets. The University's internet and intranet sites also include a privacy statement.
Human research participants records
Research involving humans is conducted by staff, students or agents of the University. Personal information collected is dependent on the subject of the research project and may include research in behavioural or social sciences, sciences, health, biomedical and other fields. Personal information may include medical or health information about research participants.
The University's Human Research Ethics Committee is responsible for reviewing, for ethics approval, research proposals involving human participants and proposals for teaching/learning activities which include research involving human participants prior to commencement of the research or teaching/learning activity. A researcher must specify the collection, storage use and disclosure of personal information for the activity. Except as provided in Sections 95 and 95A of the Privacy Act 1988, researchers must obtain the informed consent of participants prior to the collection, storage, use or disclosure of their personal information.
The University's Code of Conduct for Research specifies that the faculties and organisational units are responsible for data storage. All research data and records must be retained for at least five years from the date of any publication based upon them. Various procedures and guidelines including the Statement for Researchers on Information Privacy and the Protection of Research Data Containing Personal Information provide details regarding the acceptable use of information.
Miscellaneous records
Additional personal information is maintained for:
- Alumni and Foundation contacts
Personal information is maintained for community contacts and benefactors who have made donations to the Foundation; and for alumni. Information is retained for five years after the last contact with the University.
Foundation, executive and management staff access this information.
- Committee member contacts
Personal information is maintained for members of University committees. Information is maintained for the purpose of the effective management of the committee and is available to committee members, executive and management staff and committee officers. Some committee information may be subject to the Freedom of Information Act 1992 (Queensland).
- Library records
Personal information is maintained for the University's library clients including: USC staff and students, alumni, community members, reciprocal borrowers; and for clients using interlibrary loan and reference services. Information, including the person's borrowing record, is available only to library staff in the course of carrying out their duties. Personal information is kept while the person is a borrower, student or staff member. Interlibrary loan records are kept for five years.
- Security systems
The University's main campus and other sites may be under video surveillance. Security video recordings are maintained in digital format by Facilities.
- Other miscellaneous
Personal information is maintained for community contacts, and for home stay families. Information is maintained to support the University's community service role, eg mailing lists for community newsletters and for the purpose of the effective management of University programs and services, eg housing for the English Language Centre and study tours. Access to information is provided to staff in the course of carrying out their duties.
Records may be kept in various offices throughout the University and in a combination of paper based and electronic formats. Security arrangements will apply, depending on the storage type and sensitivity of the information. Details of specific record handling practices may be obtained from the supervisors of the particular areas.
List of existing contracts, licenses and outsourcing arrangements identified
Contracts with the University of the Sunshine Coast consist of, and are handled, as follows:
- Employee contracts are as per University staff
- Supplier contracts are as per University financial information
- Licenses handled as commercial in confidence
- Memoranda of Understanding as per University financial information
Requirements of IS42 will be incorporated in all new contracts, licences and other arrangements.
List of public registers managed within the University of the Sunshine Coast
The University of the Sunshine Coast Act 1998 does not require the University to maintain any public registers.
Implementation timetable
The University has met the minimum requirements for compliance with IS42 as of October 2003.
For more detailed information contact the Freedom of Information (FOI) Coordinator, University of the Sunshine Coast, Maroochydore DC 4558, telephone +61 7 5430 2895, or email FOI@usc.edu.au
Procedure to gain access to personal information
Members of the University staff may inspect their personnel records by arrangement with the Manager, Human Resources. Students may inspect their student records online through SOLAR or by arrangement with the Manager, Student Administration.
Federal and State police may make a formal request and produce a court order or warrant to inspect personal affairs information contained in University records and documents. Information privacy does not prevent the disclosure if it is authorised by or under law.
Members of the public including staff and students may make a request under the Freedom of Information Act 1992 to amend their records if they believe them to be inaccurate, incomplete, out of date or misleading.
An FOI application to amend personal affairs information contained in University documents that the application believes is inaccurate, incomplete, out of date, or misleading must:
- be made in writing
- include an address to which the decision on the application may be advised to the applicant
- identify the information which the applicant believes to be inaccurate, incomplete, out of date or misleading
- specify the amendments the applicant wishes to make.
The University's FOI Officer will:
- acknowledge the application within 14 days of its receipt
- determine the application within 45 days of its receipt, or 60 days of receipt if consultations with third parties are required. A further 15 days is allowed if the documents being sought are of a non-personal nature and are more than 5 years old
- if refusing access to a document or to part of a document, give the applicant an explanation for the decision
- advice the applicant of the appeal rights provided under the Act and the procedures to be followed in exercising those rights if access to a document or to part of a document is refused
The decision will be notified to the applicant within 30 days of receipt of the application. If the decision is to refuse to amend the information in the way requested, specific reasons for the decision will be given, together with advice on the applicant's rights of review under the Act.
FOI applications should be directed to:
The FOI Coordinator
University of the Sunshine Coast
Maroochydore DC Qld 4558
Australia
The FOI Coordinator may be contacted at:
Records, Registry and Reprographics Office
ICT Building
University of the Sunshine Coast
90 Sippy Downs Drive
Sippy Downs
Queensland
Australia
Tel: +61 7 5430 2895: Fax: +61 07 5430 1111
Email: FOI@usc.edu.au
Review procedure
If an applicant does not agree with the University's decision they may request an internal review through the University's Freedom of Information Officer. The Deputy Vice-Chancellor will oversee the review and respond within 14 days. The applicant will also be advised of their right to seek external review.
Requests for internal review should be forwarded to the FOI Coordinator.