UTS is covered by legal requirements that govern the collection, storage, use, disclosure, retention and destruction of personal and health information. These are incorporated into and regulated through the Privacy Vice-Chancellor's Directive, the Privacy Management Plan (PDF) and various operational procedures.
UTS staff are obliged under the UTS Code of Conduct to follow the University's policies and comply with relevant legislation governing privacy.
Staff who provide professional services such as legal advice, medical or counselling services are also bound by ethical and moral duties and by the standards imposed on them as members of their relevant professional bodies.
At UTS management of privacy and personal information is regulated by:
Other UTS policies and guidelines related to privacy:
- Acceptable Use of Information Technology Facilities
- Fraud and Corruption Prevention and Public Interest Disclosures Policy
- Handling Staff Grievances Vice-Chancellor's Directive
- Handling Student Complaints Policy
- Information Technology Security Vice-Chancellor's Directive
- IT Security Standards
- Records Management Vice-Chancellor's Directive
UTS is established under the University of Technology Sydney Act 1989 (NSW) and as such is defined as a NSW state agency and is covered by NSW privacy legislation.
NSW privacy legislation
The Privacy and Personal Information Protection Act 1998 (NSW) defines the Information Protection Principles that UTS must follow to ensure personal information is appropriately collected, used, disclosed, stored, retained, and destroyed.
The Health Records Information Privacy Act 2002 (NSW) defines the Health Privacy Principles that UTS is required to follow to ensure health information is appropriately collected, used, disclosed, stored, retained, and destroyed.
Before September 2004, health information was covered by the NSW Privacy and Personal Information Protection Act.
Federal privacy legislation
UTS is not directly covered by the federal Privacy Act 1988 (Cwlth). However, it may be affected by the requirements of this Act in certain circumstances. For instance, where UTS is operating with federal agencies or private organisations that are covered by the federal Act, or where UTS is covered by federal legislation that requires compliance with the Australian Privacy Principles in the federal Privacy Act.
UTS may adopt certain elements of the federal legislation but for the most part the UTS privacy program is based on the NSW legislative requirements.
Right to information
The Government Information (Public Access) Act 2009 (NSW) requires consideration of privacy principles in the assessment of an application to access another individual's personal information.
For advice about access to information under the GIPA Act, see right to information: applying for access to information.
The Workplace Surveillance Act 2005 (NSW) regulates surveillance of staff via security cameras, GPS devices and monitoring of computer use.
At UTS, the business units that are responsible for activities regulated by the Act manage compliance with its requirements.
Two business units with responsibilities under this Act are the Information Technology Division and the Facilities Management Unit.
For information about activities that are regulated by this Act, see Privacy at UTS: Surveillance.
Public interest disclosures
Personal information contained in or collected as part of an investigation into a public interest disclosure is exempt from the definition of personal information.
Public interest disclosures are managed under the Public Interest Disclosures Act 1994 (NSW).
UTS manages public interest disclosures in accordance with its policy and guidelines on Fraud and Corruption Prevention and Public Interest Disclosures.
Note: In this section on privacy at UTS, the term ‘personal information’ refers to both personal and health information, unless specified otherwise. Both terms are explained in Definitions of personal and health information.