The Privacy Act 1988 (Cth) (Privacy Act) is a Commonwealth Act that regulates the collection, storage, use and disclosure of different types of personal information by:
a) Commonwealth and Australian Capital Territory government agencies; and
b) private sector organisations with turnovers of over $3 million.
Non-government schools and systems (Schools), which includes Catholic Schools, must collect, use, disclose and store personal information and health information according to the Privacy Act.
In order to carry out its function, each Catholic school is required to collect relevant personal information (which may include health information) about students, parents, carers, potential employees, contractors and volunteers.
Australian Privacy Principles
A key component of the legislation is the mandatory requirement for a School to comply with the Australian Privacy Principles.
A summary of the APPs which are most relevant to Schools include:
- APP 3 – Collection of solicited personal information: this limits the personal information a school can collect to personal information necessary for its functions or activities.
- APP 5 – Notification of the collections of personal information: schools must take reasonable steps to notify an individual of the circumstances and purposes of collection of personal information, amongst other things.
- APP 6 – Use or disclosure of personal information: schools should use or disclose personal information only for the purpose it was collected (called the ‘primary purpose’), or for a secondary purpose if an exception applies. Such exceptions include being required or authorised by law to disclose the information, to lessen or prevent a serious threat to life, health or safety, or for an enforcement related activity.
- APP 12 – Access to personal information: schools must provide access to an individual’s personal information, but there are exceptions. For example, where giving access would pose a serious threat to health or safety or have an unreasonable impact on the privacy of others.
- APP 13 – Correction of personal information: schools must correct personal information if informed or aware of an error. A correction could mean making sure the information is complete, up-to-date, accurate, relevant or not misleading.
Notifiable Data Breach Scheme
Catholic schools are also required to report notifiable data breaches (also known as eligible data breaches) to the Office of the Information Commissioner (OAIC) and to affected individuals.
A data breach occurs where personal information is lost, misused, stolen or is accessed without authority.
An eligible data breach is a data breach that is likely to result in serious harm to one or more individuals. When a school becomes aware of an eligible data breach, it will usually have 30 days to notify the OAIC and affected individuals, but must, as soon as possible, take any action necessary to mitigate harm or prevent the likely risk of serious harm.
The National Catholic Education Commission (NCEC) and Independent Schools Council of Australia (ISCA) jointly publish the Schools Privacy Compliance Manual, which contains detailed information about the APPs, notifiable data breaches and other privacy related issues relevant to schools.
The information contained on this website is of a general nature only and does not constitute legal advice. There may be other obligations imposed on schools in relation privacy and confidential information. If your school needs further help with a privacy related issue, you can also contact the CSNSW Legal Hotline on 1800 4CSNSW (1800 427 679).
A Guide to Reporting or Exchanging Personal Information – Revised August 2016
Permission Proforma for the use of Student Photographs – Revised 10th April 2014
Alternative Permission/Consent Statements for use of Student Photographs
Information Sharing Between Principals and Schools
Consent to use form
This form may be used when seeking consent from parents and students for the use of student’s images and/or work on behalf of the School attended by students. In addition, it can be used to seek consent on behalf of NSW Catholic School Authorities and partner media organisations to take and use photographs or video of children and their school activities.
Download consent to use form: Consent to use form
School Photography Guidelines