SlideShare a Scribd company logo

Privacy - Useful resources for department staff

Download as PPTX, PDF
N
NSWCESE

This document provides an overview of privacy obligations for staff at the Department of Education. It discusses laws and guidelines around privacy including the Privacy and Personal Information Protection Act 1998, Government Information (Public Access) Act 2009, and Health Records and Information Privacy Act 2002. It defines personal and sensitive information and outlines rules for collecting, using, storing and disclosing personal data. Specific roles that commonly deal with personal information like data analysts, HR staff and administrators are discussed. Aggregate versus unit-level data and releasing information is also covered.

Business
1 of 21
About Privacy A resource for Departmental Staff
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Understanding privacy obligations is important for all staff The Department of Education collects and manages a vast amount of information, much of it personal information about its staff, students and parents. As an employee, it is vital that you understand how to work with this information. 2
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Which laws, regulations and guidelines set out Information Access and Privacy protocols? 3 Privacy and Personal Information Protection Act 1998 (PPIP) Government Information (Public Access) Act 2009 (GIPA) Health Records and Information Privacy Act 2002 (HRIP) GIPA Act Regulations Agency Privacy Management Plans (PMP) Privacy codes of practice Commissioner’s guidelines
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU What is personal information? 4 Personal information is information or an opinion about an individual. The individual’s identity needs to be apparent or reasonably ascertainable.
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Sensitive and Health Information are types of personal information that require extra protection 5 Sensitive Information “Ethnic or racial origin, political opinions, religious or philosophical beliefs, ATSI status, country of birth, LBOTE and chosen/preferred SRE class” (s.19(1) PPIP Act) PPIPA Privacy and Personal Information Protection Act 1998 Health Information Information about an individual’s health, disability or health services (s.6 HRIP Act) HRIPA Health Records and Information Protection Act 2002 Note: The extra protection categories do not mean that these types of personal information can never be collected, used or disclosed. They just have tougher rules, so extra care is needed with these categories.
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Collecting personal information is regulated by rules known as Privacy Principles 6 The information must: 1) Fulfil a lawful purpose 2) Be relevant 3) Be accurate It must not: 1) Be excessive 2) Be intrusive to an unreasonable extent on the personal affairs of the subject EXAMPLE Enrolment data, such as names, addresses, medical information, etc. is clearly authorised by the Department’s governing and other legislation for the purpose of operating schools effectively and safely.
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Personal information should only be used for the primary purpose for which it was collected, unless: 7 The person has consented Where authorised or required by another law It is for a directly related secondary purpose within their reasonable expectations To deal with a serious and imminent threat to any person
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Questions we must ask when collecting and using personal information include: 8 Is it reasonably necessary to include this particular data? If the Department received a complaint about breaching privacy, could we reasonably argue that the use or disclosure was necessary for us to do our core business? Is this data ‘directly related’ to my work?
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Any information collected by the Department can only be used for limited purposes 9 Operational (School-level) • Allocation of classes • Determining demand for special religious education classes • Arranging for interpreters when needed for parent teacher interviews • Managing students with safety risks e.g. allergies Strategic (Departmental-level) • The calculation of the family occupation and education index (FOEI) for each school. • The allocation of resources for each school. For example: Enrolment data is collected for a primary purpose, which is to enrol a student. However, there are a range of directly related secondary purposes for which that data can be used, such as:
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU When collecting data, it is important that we tell people how we will use their information 10 • General student administration relating to the education and welfare of the student. • Communication with students and parents or carers. • To ensure health, safety and welfare of students, staff and visitors to the school. • State and National Reporting purposes.
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU 11 It allows staff to be aware of what data we have. The Business Unit knows who to go to for help or access to certain information. The privacy status for the dataset is made explicit. It identifies whether general release to the public is allowed (at an aggregated level, for instance). The Department’s Information Asset Register tells us what data we have and how we are protecting it
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Some roles are more likely to deal with personal information on a daily basis 12 Data Analysts People and Services Staff Hiring Managers
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Another role who may come across personal information is an Administration Support Officer 13 When dealing with data I must follow the appropriate steps: • Only use data relevant to my task (e.g. email addresses rather than survey responses). • Ensure I only use data for the purpose for which it was collected. • Make sure the data isn’t saved somewhere where it can be accessed by anyone outside the team responsible for it.
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Recruitment also requires us to work carefully with personal information 14 A reminder: Do not put confidential or personal documents in the recycle box. It must be shredded first. . After receiving applicants’ resumes and identification documents we: • Must secure personal information – lock these away. • Should dispose of them by shredding them once the recruitment process is finished. • Must not disclose any personal information about the candidates to other people who are not part of the recruitment process.
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU The GIPA Act establishes a proactive, more open approach to gaining access to government information in NSW. This is to ensure Government is open, accountable, fair and effective. As part of The Government Information (Public Access) Act 2009 there is a presumption that data can be made readily available if needed 15 http://www.ipc.nsw.gov.au/gipa-act Data released under GIPA is still subject to a privacy test. The GIPA Act • Authorises and encourages the proactive release of information by NSW public sectors. • Gives members of the public a legally enforceable right to access government information. • Ensures that access to government information is restricted only when there is an overriding public interest against release.
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Bradley Cooper’s taxi ride: a lesson in privacy risk. 16 http://www.salingerprivacy.com.au/2015/04/19/bradley-coopers-taxi-ride-a-lesson-in-privacy-risk/ • Salinger Privacy produced an article on privacy risks and ‘open data’. • Bradley Cooper’s taxi ride is a useful reminder of the risks of re-identification of data.
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU 17 We can disclose personal information outside the Department if: It is authorised or required by another law. It is under another exemption, such as law enforcement, research, etc. The information is not “sensitive information” (ethnicity, religion, etc), and disclosure is for the primary purpose for which it was collected. We have the consent of the individual.
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU We can disclose personal information outside the Department 18 When it is: Sensitive info Health info Other personal info with their consent for the purpose for which it was collected for a directly related secondary purpose (within expectations) for the purpose you notified them about authorised or required by another law, or another exemption
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU AGGREGATE DATA • Aggregate data: summary information, for example, data on schools in remote areas, broken down by school year, gender and Indigenous status. • Even with aggregate data, there is a risk that individual students or teachers could be identified from the data. Safeguards must be applied in such cases, with strategies to ‘anonymise’ the data. 19 UNIT RECORD DATA • Unit Record data: about a unique individual contains details that allows an individual to be identified, such as names, or a Student Registration Number. Types of data we deal with:
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU How the data we deal with can be released: 20 AGGREGATE DATA • Aggregate data is released on the basis that: 1. No information that permits the identification of individuals is released 2. Data released is valid and reliable 3. It is of high quality UNIT RECORD DATA • Unit record data may only be released on the basis that it: 1. Complies with privacy principles that says we can disclose personal information.
CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU More information or assistance Personal Information and Privacy Protection Act 1998 (PIPPA) http://www.legislation.nsw.gov.au/inforcepdf/1998-133.pdf?id=1db809e7-46ab-44c1-bce5-d12f0058a002 Health Records and Information Privacy Act 2002 (HRIPA) http://www.austlii.edu.au/au/legis/nsw/consol_act/hraipa2002370/ Department of Education Privacy Management Plan https://www.det.nsw.edu.au/media/downloads/reports_stats/privacy/privacy-management-plan-march-2014.pdf Department of Education Privacy Code of Practice http://www.dec.nsw.gov.au/documents/15060385/15385042/Privacy_code.pdf Department of Education Privacy & Information Access Resources Information Access - https://detwww.det.nsw.edu.au/lists/directoratesaz/legalservices/foi/index.htm (see also link to website) Privacy - https://detwww.det.nsw.edu.au/lists/directoratesaz/legalservices/ls/privacy/index.htm http://www.dec.nsw.gov.au/about-us/plans-reports-and-statistics/privacy Privacy Bulletin - https://detwww.det.nsw.edu.au/media/downloads/directoratesaz/legalservices/ls/privacy/bulletins/bulletin3.pdf Government Information (Public Access) Act 2009 (GIPAA) http://www.legislation.nsw.gov.au/maintop/view/inforce/act+52+2009+cd+0+N 21

Recommended

Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
Gerardo Medina
 
Information governance
Information governanceInformation governance
Information governance
Gerardo Medina
 
DEC Business Intelligence for NSW Public Schools
DEC Business Intelligence for NSW Public SchoolsDEC Business Intelligence for NSW Public Schools
DEC Business Intelligence for NSW Public SchoolsNSWCESE
 
Stephen Lamb Presentation at CESE
Stephen Lamb Presentation at CESEStephen Lamb Presentation at CESE
Stephen Lamb Presentation at CESE
NSWCESE
 
How'd you sell that book? A NSW Writers' Centre case study
How'd you sell that book? A NSW Writers' Centre case studyHow'd you sell that book? A NSW Writers' Centre case study
How'd you sell that book? A NSW Writers' Centre case study
Sarah Allen Consulting
 
What works best: Evidence-based practices to help improve NSW student perform...
What works best: Evidence-based practices to help improve NSW student perform...What works best: Evidence-based practices to help improve NSW student perform...
What works best: Evidence-based practices to help improve NSW student perform...
NSWCESE
 
4514611.ppt
4514611.ppt4514611.ppt
4514611.ppt
ssusera4419c
 
GDPRpresentationFeb-Apr2018.pptx
GDPRpresentationFeb-Apr2018.pptxGDPRpresentationFeb-Apr2018.pptx
GDPRpresentationFeb-Apr2018.pptx
pixvilx
 

Recommended

Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
Gerardo Medina
 
Information governance
Information governanceInformation governance
Information governance
Gerardo Medina
 
DEC Business Intelligence for NSW Public Schools
DEC Business Intelligence for NSW Public SchoolsDEC Business Intelligence for NSW Public Schools
DEC Business Intelligence for NSW Public SchoolsNSWCESE
 
Stephen Lamb Presentation at CESE
Stephen Lamb Presentation at CESEStephen Lamb Presentation at CESE
Stephen Lamb Presentation at CESE
NSWCESE
 
How'd you sell that book? A NSW Writers' Centre case study
How'd you sell that book? A NSW Writers' Centre case studyHow'd you sell that book? A NSW Writers' Centre case study
How'd you sell that book? A NSW Writers' Centre case study
Sarah Allen Consulting
 
What works best: Evidence-based practices to help improve NSW student perform...
What works best: Evidence-based practices to help improve NSW student perform...What works best: Evidence-based practices to help improve NSW student perform...
What works best: Evidence-based practices to help improve NSW student perform...
NSWCESE
 
4514611.ppt
4514611.ppt4514611.ppt
4514611.ppt
ssusera4419c
 
GDPRpresentationFeb-Apr2018.pptx
GDPRpresentationFeb-Apr2018.pptxGDPRpresentationFeb-Apr2018.pptx
GDPRpresentationFeb-Apr2018.pptx
pixvilx
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
Jean Luc Creppy
 
Principles and guidelines and approach for the documents
Principles and guidelines and approach for the documentsPrinciples and guidelines and approach for the documents
Principles and guidelines and approach for the documents
vaanila2023
 
Implementation of Data Privacy and Security in an Online Student Health Recor...
Implementation of Data Privacy and Security in an Online Student Health Recor...Implementation of Data Privacy and Security in an Online Student Health Recor...
Implementation of Data Privacy and Security in an Online Student Health Recor...
Kato Mivule
 
Confidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareConfidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health Care
Vaileth Mdete
 
Clasify information in education field
Clasify information in education fieldClasify information in education field
Clasify information in education field
Nebojsa Stefanovic
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
Patrick Doyle
 
Data Breach Response Checklist
Data Breach Response ChecklistData Breach Response Checklist
Data Breach Response Checklist
- Mark - Fullbright
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
Christo W. Meyer
 
Data Breach Response Checklist
Data Breach Response ChecklistData Breach Response Checklist
Data Breach Response Checklist
- Mark - Fullbright
 
The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)
LawPlus Ltd.
 
Student data privacy manifesto
Student data privacy manifestoStudent data privacy manifesto
Student data privacy manifesto
Caitlin Sharp
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible Data
Tom Walker
 
2021FSAConfSession22.pptx
2021FSAConfSession22.pptx2021FSAConfSession22.pptx
2021FSAConfSession22.pptx
ssuser4102fa
 
Interim ferpa-ppt-for-registrar-site-6-24-14-1
Interim ferpa-ppt-for-registrar-site-6-24-14-1Interim ferpa-ppt-for-registrar-site-6-24-14-1
Interim ferpa-ppt-for-registrar-site-6-24-14-1UConnPub
 
Discussion2
Discussion2 Discussion2
Discussion2
amberlinn
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
 
Cscu module 12 information security and legal compliance
Cscu module 12 information security and legal complianceCscu module 12 information security and legal compliance
Cscu module 12 information security and legal compliance
Alireza Ghahrood
 
Data protection
Data protectionData protection
Data protection
jayne45
 
What’s Up eDoc?: A Health IT Privacy Primer
What’s Up eDoc?: A Health IT Privacy PrimerWhat’s Up eDoc?: A Health IT Privacy Primer
What’s Up eDoc?: A Health IT Privacy Primer
MaRS Discovery District
 
Vanessa Baic
Vanessa BaicVanessa Baic
Vanessa BaicInforma Australia
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 

More Related Content

Similar to Privacy - Useful resources for department staff

Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
Jean Luc Creppy
 
Principles and guidelines and approach for the documents
Principles and guidelines and approach for the documentsPrinciples and guidelines and approach for the documents
Principles and guidelines and approach for the documents
vaanila2023
 
Implementation of Data Privacy and Security in an Online Student Health Recor...
Implementation of Data Privacy and Security in an Online Student Health Recor...Implementation of Data Privacy and Security in an Online Student Health Recor...
Implementation of Data Privacy and Security in an Online Student Health Recor...
Kato Mivule
 
Confidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareConfidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health Care
Vaileth Mdete
 
Clasify information in education field
Clasify information in education fieldClasify information in education field
Clasify information in education field
Nebojsa Stefanovic
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
Patrick Doyle
 
Data Breach Response Checklist
Data Breach Response ChecklistData Breach Response Checklist
Data Breach Response Checklist
- Mark - Fullbright
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
Christo W. Meyer
 
Data Breach Response Checklist
Data Breach Response ChecklistData Breach Response Checklist
Data Breach Response Checklist
- Mark - Fullbright
 
The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)
LawPlus Ltd.
 
Student data privacy manifesto
Student data privacy manifestoStudent data privacy manifesto
Student data privacy manifesto
Caitlin Sharp
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible Data
Tom Walker
 
2021FSAConfSession22.pptx
2021FSAConfSession22.pptx2021FSAConfSession22.pptx
2021FSAConfSession22.pptx
ssuser4102fa
 
Interim ferpa-ppt-for-registrar-site-6-24-14-1
Interim ferpa-ppt-for-registrar-site-6-24-14-1Interim ferpa-ppt-for-registrar-site-6-24-14-1
Interim ferpa-ppt-for-registrar-site-6-24-14-1UConnPub
 
Discussion2
Discussion2 Discussion2
Discussion2
amberlinn
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
 
Cscu module 12 information security and legal compliance
Cscu module 12 information security and legal complianceCscu module 12 information security and legal compliance
Cscu module 12 information security and legal compliance
Alireza Ghahrood
 
Data protection
Data protectionData protection
Data protection
jayne45
 
What’s Up eDoc?: A Health IT Privacy Primer
What’s Up eDoc?: A Health IT Privacy PrimerWhat’s Up eDoc?: A Health IT Privacy Primer
What’s Up eDoc?: A Health IT Privacy Primer
MaRS Discovery District
 

Similar to Privacy - Useful resources for department staff (20)

Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
 
Principles and guidelines and approach for the documents
Principles and guidelines and approach for the documentsPrinciples and guidelines and approach for the documents
Principles and guidelines and approach for the documents
 
Implementation of Data Privacy and Security in an Online Student Health Recor...
Implementation of Data Privacy and Security in an Online Student Health Recor...Implementation of Data Privacy and Security in an Online Student Health Recor...
Implementation of Data Privacy and Security in an Online Student Health Recor...
 
Confidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health CareConfidentiality and Data Protection in Health Care
Confidentiality and Data Protection in Health Care
 
Clasify information in education field
Clasify information in education fieldClasify information in education field
Clasify information in education field
 
Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015Training innovations information governance slideshare 2015
Training innovations information governance slideshare 2015
 
Data Breach Response Checklist
Data Breach Response ChecklistData Breach Response Checklist
Data Breach Response Checklist
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 
Data Breach Response Checklist
Data Breach Response ChecklistData Breach Response Checklist
Data Breach Response Checklist
 
The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)The 22nd Legal Forum Seminar (Nov 2021)
The 22nd Legal Forum Seminar (Nov 2021)
 
Student data privacy manifesto
Student data privacy manifestoStudent data privacy manifesto
Student data privacy manifesto
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible Data
 
2021FSAConfSession22.pptx
2021FSAConfSession22.pptx2021FSAConfSession22.pptx
2021FSAConfSession22.pptx
 
Interim ferpa-ppt-for-registrar-site-6-24-14-1
Interim ferpa-ppt-for-registrar-site-6-24-14-1Interim ferpa-ppt-for-registrar-site-6-24-14-1
Interim ferpa-ppt-for-registrar-site-6-24-14-1
 
Discussion2
Discussion2 Discussion2
Discussion2
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Cscu module 12 information security and legal compliance
Cscu module 12 information security and legal complianceCscu module 12 information security and legal compliance
Cscu module 12 information security and legal compliance
 
Data protection
Data protectionData protection
Data protection
 
What’s Up eDoc?: A Health IT Privacy Primer
What’s Up eDoc?: A Health IT Privacy PrimerWhat’s Up eDoc?: A Health IT Privacy Primer
What’s Up eDoc?: A Health IT Privacy Primer
 
Vanessa Baic
Vanessa BaicVanessa Baic
Vanessa Baic
 

Recently uploaded

April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
tjcomstrang
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
seoforlegalpillers
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
Sam H
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
taqyed
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
sarahvanessa51503
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
fisherameliaisabella
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
balatucanapplelovely
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 

Recently uploaded (20)

April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 

Privacy - Useful resources for department staff

  • 1. About Privacy A resource for Departmental Staff
  • 2. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Understanding privacy obligations is important for all staff The Department of Education collects and manages a vast amount of information, much of it personal information about its staff, students and parents. As an employee, it is vital that you understand how to work with this information. 2
  • 3. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Which laws, regulations and guidelines set out Information Access and Privacy protocols? 3 Privacy and Personal Information Protection Act 1998 (PPIP) Government Information (Public Access) Act 2009 (GIPA) Health Records and Information Privacy Act 2002 (HRIP) GIPA Act Regulations Agency Privacy Management Plans (PMP) Privacy codes of practice Commissioner’s guidelines
  • 4. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU What is personal information? 4 Personal information is information or an opinion about an individual. The individual’s identity needs to be apparent or reasonably ascertainable.
  • 5. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Sensitive and Health Information are types of personal information that require extra protection 5 Sensitive Information “Ethnic or racial origin, political opinions, religious or philosophical beliefs, ATSI status, country of birth, LBOTE and chosen/preferred SRE class” (s.19(1) PPIP Act) PPIPA Privacy and Personal Information Protection Act 1998 Health Information Information about an individual’s health, disability or health services (s.6 HRIP Act) HRIPA Health Records and Information Protection Act 2002 Note: The extra protection categories do not mean that these types of personal information can never be collected, used or disclosed. They just have tougher rules, so extra care is needed with these categories.
  • 6. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Collecting personal information is regulated by rules known as Privacy Principles 6 The information must: 1) Fulfil a lawful purpose 2) Be relevant 3) Be accurate It must not: 1) Be excessive 2) Be intrusive to an unreasonable extent on the personal affairs of the subject EXAMPLE Enrolment data, such as names, addresses, medical information, etc. is clearly authorised by the Department’s governing and other legislation for the purpose of operating schools effectively and safely.
  • 7. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Personal information should only be used for the primary purpose for which it was collected, unless: 7 The person has consented Where authorised or required by another law It is for a directly related secondary purpose within their reasonable expectations To deal with a serious and imminent threat to any person
  • 8. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Questions we must ask when collecting and using personal information include: 8 Is it reasonably necessary to include this particular data? If the Department received a complaint about breaching privacy, could we reasonably argue that the use or disclosure was necessary for us to do our core business? Is this data ‘directly related’ to my work?
  • 9. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Any information collected by the Department can only be used for limited purposes 9 Operational (School-level) • Allocation of classes • Determining demand for special religious education classes • Arranging for interpreters when needed for parent teacher interviews • Managing students with safety risks e.g. allergies Strategic (Departmental-level) • The calculation of the family occupation and education index (FOEI) for each school. • The allocation of resources for each school. For example: Enrolment data is collected for a primary purpose, which is to enrol a student. However, there are a range of directly related secondary purposes for which that data can be used, such as:
  • 10. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU When collecting data, it is important that we tell people how we will use their information 10 • General student administration relating to the education and welfare of the student. • Communication with students and parents or carers. • To ensure health, safety and welfare of students, staff and visitors to the school. • State and National Reporting purposes.
  • 11. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU 11 It allows staff to be aware of what data we have. The Business Unit knows who to go to for help or access to certain information. The privacy status for the dataset is made explicit. It identifies whether general release to the public is allowed (at an aggregated level, for instance). The Department’s Information Asset Register tells us what data we have and how we are protecting it
  • 12. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Some roles are more likely to deal with personal information on a daily basis 12 Data Analysts People and Services Staff Hiring Managers
  • 13. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Another role who may come across personal information is an Administration Support Officer 13 When dealing with data I must follow the appropriate steps: • Only use data relevant to my task (e.g. email addresses rather than survey responses). • Ensure I only use data for the purpose for which it was collected. • Make sure the data isn’t saved somewhere where it can be accessed by anyone outside the team responsible for it.
  • 14. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Recruitment also requires us to work carefully with personal information 14 A reminder: Do not put confidential or personal documents in the recycle box. It must be shredded first. . After receiving applicants’ resumes and identification documents we: • Must secure personal information – lock these away. • Should dispose of them by shredding them once the recruitment process is finished. • Must not disclose any personal information about the candidates to other people who are not part of the recruitment process.
  • 15. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU The GIPA Act establishes a proactive, more open approach to gaining access to government information in NSW. This is to ensure Government is open, accountable, fair and effective. As part of The Government Information (Public Access) Act 2009 there is a presumption that data can be made readily available if needed 15 http://www.ipc.nsw.gov.au/gipa-act Data released under GIPA is still subject to a privacy test. The GIPA Act • Authorises and encourages the proactive release of information by NSW public sectors. • Gives members of the public a legally enforceable right to access government information. • Ensures that access to government information is restricted only when there is an overriding public interest against release.
  • 16. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU Bradley Cooper’s taxi ride: a lesson in privacy risk. 16 http://www.salingerprivacy.com.au/2015/04/19/bradley-coopers-taxi-ride-a-lesson-in-privacy-risk/ • Salinger Privacy produced an article on privacy risks and ‘open data’. • Bradley Cooper’s taxi ride is a useful reminder of the risks of re-identification of data.
  • 17. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU 17 We can disclose personal information outside the Department if: It is authorised or required by another law. It is under another exemption, such as law enforcement, research, etc. The information is not “sensitive information” (ethnicity, religion, etc), and disclosure is for the primary purpose for which it was collected. We have the consent of the individual.
  • 18. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU We can disclose personal information outside the Department 18 When it is: Sensitive info Health info Other personal info with their consent for the purpose for which it was collected for a directly related secondary purpose (within expectations) for the purpose you notified them about authorised or required by another law, or another exemption
  • 19. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU AGGREGATE DATA • Aggregate data: summary information, for example, data on schools in remote areas, broken down by school year, gender and Indigenous status. • Even with aggregate data, there is a risk that individual students or teachers could be identified from the data. Safeguards must be applied in such cases, with strategies to ‘anonymise’ the data. 19 UNIT RECORD DATA • Unit Record data: about a unique individual contains details that allows an individual to be identified, such as names, or a Student Registration Number. Types of data we deal with:
  • 20. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU How the data we deal with can be released: 20 AGGREGATE DATA • Aggregate data is released on the basis that: 1. No information that permits the identification of individuals is released 2. Data released is valid and reliable 3. It is of high quality UNIT RECORD DATA • Unit record data may only be released on the basis that it: 1. Complies with privacy principles that says we can disclose personal information.
  • 21. CENTRE FOR EDUCATION STATISTICS AND EVALUATION WWW.CESE.NSW.GOV.AU More information or assistance Personal Information and Privacy Protection Act 1998 (PIPPA) http://www.legislation.nsw.gov.au/inforcepdf/1998-133.pdf?id=1db809e7-46ab-44c1-bce5-d12f0058a002 Health Records and Information Privacy Act 2002 (HRIPA) http://www.austlii.edu.au/au/legis/nsw/consol_act/hraipa2002370/ Department of Education Privacy Management Plan https://www.det.nsw.edu.au/media/downloads/reports_stats/privacy/privacy-management-plan-march-2014.pdf Department of Education Privacy Code of Practice http://www.dec.nsw.gov.au/documents/15060385/15385042/Privacy_code.pdf Department of Education Privacy & Information Access Resources Information Access - https://detwww.det.nsw.edu.au/lists/directoratesaz/legalservices/foi/index.htm (see also link to website) Privacy - https://detwww.det.nsw.edu.au/lists/directoratesaz/legalservices/ls/privacy/index.htm http://www.dec.nsw.gov.au/about-us/plans-reports-and-statistics/privacy Privacy Bulletin - https://detwww.det.nsw.edu.au/media/downloads/directoratesaz/legalservices/ls/privacy/bulletins/bulletin3.pdf Government Information (Public Access) Act 2009 (GIPAA) http://www.legislation.nsw.gov.au/maintop/view/inforce/act+52+2009+cd+0+N 21