1 Policy Statement

The University of Southern Queensland values and respects an individual’s right to privacy and is committed to meeting its legal obligations under the Queensland Information Privacy Act 2009 (IP Act) regarding handling and managing personal information of all individuals under the control of the University.

Personal information held by the University of Southern Queensland must be responsibly and transparently collected and managed (including any transfer) by University Members in accordance with the Privacy Principles under the Information Privacy Act 2009 (IP Act) and University policy, procedures and guidelines, particularly those relating to keeping information secure and protected.

2 Principles

USQ has adopted a general stance of transparency regarding the information it holds, subject to the provisions of the Right to Information Act 2009 and the Information Privacy Act 2009.

USQ as a Queensland statutory authority is required to comply with the Information Privacy Act 2009 and the Information Privacy Regulation 2009. The IP Act sets out the process for the accessing and amending an individual’s personal information contained in documents of USQ. The IP Act also defines the Privacy Principles as those obligations regarding the

• transfer of personal information outside Australia; and

• steps to be taken to bind contracted service providers who deal with personal information for USQ; and

• compliance with the 11 Information Privacy Principles (IPPs) set out in Schedule 3 to the IP Act which regulates how personal information is collected, stored, handled, accessed and amended, used and disclosed.

USQ uses personal information if it

• manipulates, searches or otherwise deals with information; or

• takes information into account in making a decision; or

• transfers the information from one part of USQ having particular functions to another part of the entity having different functions

but use does not include the act of disclosing. Note the definition of use is not limited to the actions described above.

USQ discloses to a receiving entity if:

1. the receiving entity does not know the personal information and is not in a position to be able to find it out, and

2. USQ gives the receiving entity the personal information or places the receiving entity in a position to be able to find it out, and

3. USQ ceases to have control over the receiving entity in relation to who will know the personal information in the future.

USQ shall not disclose personal information unless required or authorised by law to do so.

It should be noted that in some instances other legislative requirements, such as the Right to Information Act 2009 or section 63 of the Health Services Act 1991 may affect the operation of the Information Privacy Act 2009.

USQ also operates an Administrative Access Scheme which is the preferred method to access personal information.

3 Procedures

3.1 Responsibility

Ultimate responsibility for compliance with the Information Privacy Act 2009 resides with the Vice Chancellor as the Chief Executive Officer of the University, who under the IP Act is authorised to delegate the authority to make decisions on information privacy applications and conduct internal reviews to other officers of the University. Any internal review of a decision made under the Information Privacy Act will be conducted by an officer senior to the decision maker.

Responsibility for the development and planning, assignment of implementation and accountability responsibilities and review and reporting of outcomes from information privacy reforms rests with USQ Council. The Audit & Risk Committee is responsible for the execution of governance issues and mechanisms. Responsibility for the implementation of privacy policy and procedures resides with the Chief Operating Officer, University Services.

However, the Privacy Officer is the first point of contact for all privacy matters at USQ including requests for internal review and will handle all complaints and applications for access to and amendment of documents. The Privacy Officer will assist with the drafting of Privacy Notices (to be used when collecting personal information directly), Consents to use and disclosures, negotiations with service providers and Non-Disclosure and Confidentiality Agreements.

The Privacy Officer is also responsible for maintaining a system of recording, tracking and monitoring applications and reviews and for the collection and reporting of relevant privacy matters and statistics to the Queensland Government as required.

The Privacy Officer will ensure programs and procedures are in place so that new and existing staff may receive appropriate training/awareness on personal information handling and obligations relevant to their duties and functions at induction and ongoing training sessions held each year and that such programs and procedures are effective.

Heads of each organisational unit must regularly review and ensure that their unit’s handling and management of personal information practices comply with the Information Privacy Act 2009.

3.2 Privacy Statement

The Privacy Statement available via the footer on the USQ Home Page, http://www.usq.edu.au provides information about using the USQ website and contains links to the USQ Privacy Policy and USQ Privacy Plan.

3.3 Privacy Plan

The USQ Privacy Plan is an outline of information required to meet USQ’s obligations under IPP 5 of ensuring people are aware of the types of personal information held by USQ, why it is held and how an individual can access their personal information. Information about accessing and amending personal information can be found in the Privacy Plan.

3.4 Complaints Process

If an individual believes that their personal information has not been dealt with by USQ (including by bound contracted services providers when holding documents for the purpose of performing their obligations under a service arrangement) in accordance with the Information Privacy Act 2009, they may make a Privacy Complaint to USQ. The Privacy Complaint must be made in writing and include the applicant’s name and address for notices to be sent and give particulars of the act or practice complained of and be lodged with the USQ Privacy Officer within twelve (12) months from the date when the act or practice was suspected to have occurred.

USQ will respond in writing to the Privacy Complaint within 45 business days from the date on which the complaint was received. If the complainant is not satisfied with that response, they may be able make a Privacy Complaint to the Information Commissioner at the Office of the Information Commissioner.

3.5 Review Process

A person affected by a reviewable decision may apply for an internal review by USQ or external review by the Information Commissioner of that decision. The application for review must be made in writing and include details of the decision to be reviewed, applicant’s name and address for notices to be sent and be lodged with USQ for an internal review or the Office of the Information Commissioner within 20 business days after the date of the written notice of the reviewable decision. Should further time be required to lodge the application, please contact the Contact Officer from the relevant Agency to discuss. There is no charge or fee for an internal or external review.

A person senior to the original decision maker at USQ will consider an application for internal review and if that officer accepts the application, will reconsider the original decision and make a new decision within 20 business days and provide written reasons explaining the decision.

3.6 Guidelines

USQ Privacy Guidelines to be followed are set out at http://www.usq.edu.au/legaloffice/privacy/default.htm.

3.7 Education and Training

Training and induction sessions will be offered by Human Resources throughout each year and details can be located at http://www.usq.edu.au/hr/odt/profdev.

3.8 Privacy Contact

The first point of contact for all privacy matters or issues including complaints, applications and requests for internal review is the:-

USQ Privacy Officer

Legal Office

University of Southern Queensland

TOOWOOMBA QLD 4350

Phone: 07 4631 2066

Fax: 07 4631 1217

Email: privacy@usq.edu.au

4 References

• For Legislation see http://www.legislation.qld.gov.au/OQPChome.htm

• Guidelines from the Office of the Information Commissioner (OIC). See http://www.oic.qld.gov.au

5 Definitions

6 Other Policy Information