“Private schools” (i.e. non-government schools) and “child care” services are deemed to be covered by the Privacy Act where personal health information is held by the organisation or the organisation’s turnover exceeds $3 million.
This Policy outlines ways in which the enterprises auspiced by Best-Practice Education Group Ltd – Blue Gum Community School, Blue Gum Early Learning Centre and Blue Gum Outside School Hours – will endeavour to manage personal information.
The kind of information collected and held may include personal information about potential/enrolled/former Blue Gum students and their families; potential/employed/former Blue Gum staff; and potential/current/former Board members, and may include sensitive information, such as health matters, court orders etc.
Since 22 February 2018, the Privacy Amendment (Notifiable Data Breaches) Act 2017 also requires services to notify data breaches in specified circumstances. These data breaches are likely to occur when personal information is lost or subject to unauthorised access, modification, disclosure, or other misuse or interference.
Generally speaking, Blue Gum enterprises will only collect, hold, disclose and retain personal information for students, staff and Board members that is necessary for the purposes of effective communication; enrolment; the effective provision of student education and care; and the effective and supportive employment of staff; or as required by law or authorised by the person or their guardian.
Generally speaking, the personal information collected will be provided to Blue Gum enterprises by families, students, staff and Board members. Reasonable steps will be taken to ensure that this personal information remains confidential and private, and is stored securely, so that only people requiring this information to carry out their duties have access to it, and misuse/loss/unauthorized access/disclosure are minimized. These steps include restricting physical access to different areas of the school, and restricting electronic access to data. Once personal information is no longer required, reasonable steps are taken to ensure it is destroyed, subject to any legal requirements to retain paperwork e.g. for 7 years.
Generally speaking, personal information held will be collected, held, used and disclosed only to the extent necessary for the purposes of communication; enrolment; student education and care; employment of staff; or as required by law or authorised by the person or their guardian.
If a student/family/staff member/Board member has concerns about Blue Gum’s handling of their personal information or the accuracy of the information held, they can express their concerns in writing to the Executive Director or Board Chair (who will take on the role of a ‘Privacy Officer’) seeking a resolution. Requests to access specific personal information held will be responded to in accordance with the Australian Privacy Principles and/or the Notifiable Data Breaches legislation, within a reasonable period of time e.g. up to 30 days. If dissatisfied with the response, or if the person requesting access believes there has been a notifiable privacy breach, they have the option to contact the Australian Information Commission, GPO Box 5218, Sydney NSW 2001. Likewise, if the privacy breach cannot be remedied satisfactorily and there is a likely risk that it will result in serious harm, the Blue Gum enterprise involved will notify the Australian Information Commission within 30 days in accordance with the legislation.
Privacy Act 1988 (Privacy Act)
Privacy Amendment (Notifiable Data Breaches) Act 2017
Revision of Policy
This policy may be reviewed and revised from time to time to take into account changes in our practices and changes in legislative requirements.