Frequently Asked Questions

I am collecting personal information - is there anything that I need to do?

Can I receive health services anonymously?

Does the University use health records linkage systems?

Is employment related information personal information?

What is the difference between privacy and confidentiality?

Are there any offences under NSW privacy laws?

I am collecting personal information - is there anything that I need to do?

Collection of personal information must be accurate, up-to-date, complete and not excessive. It must be collected directly from the person concerned, unless they have authorised you to collect the information from someone else. Also, make sure you’re only collecting what you need and that the information you collect is current.

When collecting information you should provide the person with a privacy collection statement that contains the following information that clearly sets out the following:

  • that personal information is being collected and who is collecting this information, including their contact details;
  • the purpose/s for which the information is being collected;
  • the basis on which the information is being sought. If it is required by law, explain what the law is. If the supply of information is voluntary, set out any consequences of not supplying it;
  • which area (eg., faculty, school, or unit) within the University will use the information;
  • which other parties, if any, to whom the information will be disclosed; and
  • that the person supplying the information has rights of access to, and correction of, the information and who they contact to do so.

The statement does not need to be that long and should be written in plain English. If you need any assistance in preparing this statement, please contact one of the University's privacy officers.

Can I receive health services anonymously?

The University runs a number of clinics and services, some of which may allow you to transact anonymously with them. You will need to ask the clinic or service provider about their practice regarding anonymity.

Does the University use health records linkage systems?

The University runs a number of clinics and services, some of which may include health information in a health records linkage system. You will need to ask the clinic or service provided about their practice regarding such systems.

Is employment related information personal information?

Some employment related information is considered personal information under NSW privacy laws; other information is specifically excluded under the law.

Information referring to suitability for employment as a University member of staff (such as selection reports and references for appointment or promotions, or disciplinary records) is excluded from the definition of personal information under NSW privacy laws. Such information, however, is still treated by the University with the same care as if it were protected by the NSW privacy laws. The specific section of the law that excludes this information is s4(3)(j) of the Privacy and Personal Information Protection Act 1988.

Other employee related information is considered personal information. For example, records or information about work activities such as a video or photographs of staff in their workplace, are protected and may only be used in compliance with privacy law. Other examples of personal information are staff training records, leave applications and attendance records.

What is the difference between privacy and confidentiality?

Privacy only applies to personal information and applies irrespective of who provided it to the University. Privacy is a broader concept than confidentiality and relates to an individual’s ability to control the extent to which their personal information, enabling identification, is available to others.

Confidentiality is an obligation that restricts the University from using or disclosing some information in a way which is contrary to the interests of the person or organization which provided it in the first place.

Are there any offences under NSW privacy laws?

Yes, under the Privacy and Personal Information Act 1998 and the Health Records and Information Privacy Act 2002 there are various offences relating to personal and health information, for example:

  • the corrupt disclosure and use of personal or health information by public sector officials;
  • intimidation, threats or misrepresentation by public sector officials;
  • the supply of personal information that has been disclosed unlawfully; and
  • dealings with the NSW Privacy Commissioner (such as making a false statement to the Commissioner).