Scope and Application:
The University of Southern Queensland values and respects an individual’s right to privacy and is committed to meeting its legal obligations under the Queensland Information Privacy Act 2009 (IP Act) regarding handling and managing personal information of all individuals under the control of the University.
Personal information held by the University of Southern Queensland must be responsibly and transparently collected and managed (including any transfer) by University Members in accordance with the Privacy Principles under the Information Privacy Act 2009 (IP Act) and University policy, procedures and guidelines, particularly those relating to keeping information secure and protected.
USQ has adopted a general stance of transparency regarding the information it holds, subject to the provisions of the Right to Information Act 2009 and the Information Privacy Act 2009.
USQ as a Queensland statutory authority is required to comply with the Information Privacy Act 2009 and the Information Privacy Regulation 2009. The IP Act sets out the process for the accessing and amending an individual’s personal information contained in documents of USQ. The IP Act also defines the Privacy Principles as those obligations regarding the
transfer of personal information outside Australia; and
steps to be taken to bind contracted service providers who deal with personal information for USQ; and
compliance with the 11 Information Privacy Principles (IPPs) set out in Schedule 3 to the IP Act which regulates how personal information is collected, stored, handled, accessed and amended, used and disclosed.
USQ uses personal information if it
manipulates, searches or otherwise deals with information; or
takes information into account in making a decision; or
transfers the information from one part of USQ having particular functions to another part of the entity having different functions
but use does not include the act of disclosing. Note the definition of use is not limited to the actions described above.
USQ discloses to a receiving entity if:
the receiving entity does not know the personal information and is not in a position to be able to find it out, and
USQ gives the receiving entity the personal information or places the receiving entity in a position to be able to find it out, and
USQ ceases to have control over the receiving entity in relation to who will know the personal information in the future.
USQ shall not disclose personal information unless required or authorised by law to do so.
It should be noted that in some instances other legislative requirements, such as the Right to Information Act 2009 or section 63 of the Health Services Act 1991 may affect the operation of the Information Privacy Act 2009.
USQ also operates an Administrative Access Scheme which is the preferred method to access personal information.
Ultimate responsibility for compliance with the Information Privacy Act 2009 resides with the Vice Chancellor as the Chief Executive Officer of the University, who under the IP Act is authorised to delegate the authority to make decisions on information privacy applications and conduct internal reviews to other officers of the University. Any internal review of a decision made under the Information Privacy Act will be conducted by an officer senior to the decision maker.
However, the Privacy Officer is the first point of contact for all privacy matters at USQ including requests for internal review and will handle all complaints and applications for access to and amendment of documents. The Privacy Officer will assist with the drafting of Privacy Notices (to be used when collecting personal information directly), Consents to use and disclosures, negotiations with service providers and Non-Disclosure and Confidentiality Agreements.
The Privacy Officer is also responsible for maintaining a system of recording, tracking and monitoring applications and reviews and for the collection and reporting of relevant privacy matters and statistics to the Queensland Government as required.
The Privacy Officer will ensure programs and procedures are in place so that new and existing staff may receive appropriate training/awareness on personal information handling and obligations relevant to their duties and functions at induction and ongoing training sessions held each year and that such programs and procedures are effective.
Heads of each organisational unit must regularly review and ensure that their unit’s handling and management of personal information practices comply with the Information Privacy Act 2009.
The USQ Privacy Plan is an outline of information required to meet USQ’s obligations under IPP 5 of ensuring people are aware of the types of personal information held by USQ, why it is held and how an individual can access their personal information. Information about accessing and amending personal information can be found in the Privacy Plan.
If an individual believes that their personal information has not been dealt with by USQ (including by bound contracted services providers when holding documents for the purpose of performing their obligations under a service arrangement) in accordance with the Information Privacy Act 2009, they may make a Privacy Complaint to USQ. The Privacy Complaint must be made in writing and include the applicant’s name and address for notices to be sent and give particulars of the act or practice complained of and be lodged with the USQ Privacy Officer within twelve (12) months from the date when the act or practice was suspected to have occurred.
USQ will respond in writing to the Privacy Complaint within 45 business days from the date on which the complaint was received. If the complainant is not satisfied with that response, they may be able make a Privacy Complaint to the Information Commissioner at the Office of the Information Commissioner.
A person affected by a reviewable decision may apply for an internal review by USQ or external review by the Information Commissioner of that decision. The application for review must be made in writing and include details of the decision to be reviewed, applicant’s name and address for notices to be sent and be lodged with USQ for an internal review or the Office of the Information Commissioner within 20 business days after the date of the written notice of the reviewable decision. Should further time be required to lodge the application, please contact the Contact Officer from the relevant Agency to discuss. There is no charge or fee for an internal or external review.
A person senior to the original decision maker at USQ will consider an application for internal review and if that officer accepts the application, will reconsider the original decision and make a new decision within 20 business days and provide written reasons explaining the decision.
The first point of contact for all privacy matters or issues including complaints, applications and requests for internal review is the:-
USQ Privacy Officer
University of Southern Queensland
TOOWOOMBA QLD 4350
Phone: 07 4631 2066
Fax: 07 4631 1217
Definition (with examples if required)
Bound Contracted Service Provider
Defined in the Schedule 5, Dictionary of the Information Privacy Act 2009
Defined in section 23, Information Privacy Act 2009
Defined in section 12, Information Privacy Act 2009 as information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. Personal information is not limited to confidential or sensitive information. However the nature and type of information will impact on what will satisfy the obligations under the IP Act.
Defined in section 164, Information Privacy Act 2009
As per Chapter 2, Information Privacy Act 2009
Defined in the Schedule 5, Dictionary of the Information Privacy Act 2009
Service arrangement/ Contracted Service Provider
As per section 34, Information Privacy Act 2009
Peak Approval Authority:
Related Legislation / guidelines:
Strategic Plan/Goal & Objectives:
Supporting documents, forms:
Associated USQ policies:
Next Review Date*:
Expiry Date of Policy:
ICT for management and security of electronic data containing personal information.
Corporate Records for consultation regarding applications for access and management and handling of documents containing personal information.
HR for induction and training of all staff.
All divisions of the University regarding compliance with privacy notices at point of collection and management and handling of personal information.
Corporate Records, SBMI and Legal Office