|
|
Privacy Management Plan – 9. Appendices |
|
|
|
|
|
|
Staff responsible for personal information held by the University should ensure that:
- any personal information collected by them or with their authority is done so for a purpose that is lawful and directly related to the function of the University
- any personal information they are seeking should normally be sought directly from the individual concerned. At the time the information is collected the individual should be advised that it is being collected, whether provision of the information is compulsory and what other parties if any will have access to it
- personal information to which they have access is not used for a purpose other than that for which it was collected
- personal information in their possession or control is protected by such security safeguards as it is reasonable in the circumstances to take, against loss, unauthorised access and/or use, modification or disclosure and against other misuse
- when the information is relied on for University purposes, reasonable steps should be taken to ensure that the information is relevant, accurate, up-to-date and complete
- requests from external persons and/or organisations for access to personal information held by the University should normally be denied. In particular personal addresses and telephone numbers of staff and students should not be provided unless authorised in writing by the particular student or staff member, or unless it is permitted or required by law for example, to police with warrants and to parties as directed by subpoenas.
This Code allows the University to depart from:
- IPPs 2, 3, 6, 7, 8 and 10 if compliance is reasonably likely to hinder the conduct of an investigation
- IPPs 11 and 12 if disclosure is made to another agency that is conducting an investigation and the information is reasonably necessary for the conduct of that investigation.
Privacy Management Plan home | Previous |
|
|
