UTS site search

UTS Governance

Privacy regulations

UTS is covered by legal requirements that govern the collection, storage, use, disclosure, retention and destruction of personal and health information. These are incorporated into and regulated through the Privacy Vice-Chancellor's Directive, the Privacy Management Plan (PDF) and various operational procedures.

UTS staff are obliged under the UTS Code of Conduct to follow the University's policies and comply with relevant legislation governing privacy.

Staff who provide professional services such as legal advice, medical or counselling services are also bound by ethical and moral duties and by the standards imposed on them as members of their relevant professional bodies.

Governance instruments

At UTS management of privacy and personal information is regulated by:

Other UTS policies and guidelines related to privacy:

Legislative requirements

UTS is established under the University of Technology Sydney Act 1989 (NSW) and as such is defined as a NSW state agency and is covered by NSW privacy legislation.

NSW privacy legislation

The Privacy and Personal Information Protection Act 1998 (NSW) defines the Information Protection Principles that UTS must follow to ensure personal information is appropriately collected, used, disclosed, stored, retained, and destroyed.

The Health Records Information Privacy Act 2002 (NSW) defines the Health Privacy Principles that UTS is required to follow to ensure health information is appropriately collected, used, disclosed, stored, retained, and destroyed.

Before September 2004, health information was covered by the NSW Privacy and Personal Information Protection Act.

Federal privacy legislation

UTS is not directly covered by the federal Privacy Act 1988 (Cwlth). However, it may be affected by the requirements of this Act in certain circumstances. For instance, where UTS is operating with federal agencies or private organisations that are covered by the federal Act, or where UTS is covered by federal legislation that requires compliance with the Australian Privacy Principles in the federal Privacy Act.

UTS may adopt certain elements of the federal legislation but for the most part the UTS privacy program is based on the NSW legislative requirements.

Right to information

The Government Information (Public Access) Act 2009 (NSW) requires consideration of privacy principles in the assessment of an application to access another individual's personal information.

For advice about access to information under the GIPA Act, see right to information: applying for access to information.


The Workplace Surveillance Act 2005 (NSW) regulates surveillance of staff via security cameras, GPS devices and monitoring of computer use.

At UTS, the business units that are responsible for activities regulated by the Act manage compliance with its requirements.

Two business units with responsibilities under this Act are the Information Technology Division and the Facilities Management Unit.

For information about activities that are regulated by this Act, see Privacy at UTS: Surveillance.

Public interest disclosures

Personal information contained in or collected as part of an investigation into a public interest disclosure is exempt from the definition of personal information.

Public interest disclosures are managed under the Public Interest Disclosures Act 1994 (NSW).

UTS manages public interest disclosures in accordance with its policy and guidelines on Fraud and Corruption Prevention and Public Interest Disclosures.


Note: In this section on privacy at UTS, the term ‘personal information’ refers to both personal and health information, unless specified otherwise. Both terms are explained in Definitions of personal and health information.