Governance

Policies and procedures

Policy No.
UP14/10
Function
Information Management
Authoring Organisational Unit
Information Governance Services
Date Approved
24/07/2014
Next Review Date
23/07/2016
Approving Body
Senior Deputy Vice-Chancellor And Registrar

The University of Western Australia

Save this template to the preferred folder on your network drive. 

Note: You must save the template each time you want to write a policy to ensure that you are using the most recent version of the template.

You can use the show/hide button on your toolbar (this looks like a paragraph mark) to hide or show instructions in the template.  If clicking on this button does not work, please go to Tools - Options - View - and un-tick “hidden text” before trying again.

Note: Please do not type or paste over instructions.

(A comprehensive set of instructions is also provided on the Template and Instructions page of the University Policies website.)

To include text in the template, except in the Definitions section, place your cursor at the end of the relevant section heading provided or at the end of the relevant instructions and press “Enter” before beginning to type or pasting in text.  To include text in the definitions section place your cursor immediately under the heading before beginning to type.

Note: If you are pasting in text you must save it as plain text first so that you do not import any additional styles into the policy document.

Formatting styles are embedded in this template and can be found in a drop-down menu on your toolbar.  Note: Please do not add to or alter the styles.  It is recommended that styles be applied once text is finalised.  Apply a style by highlighting the text and clicking on the appropriate style from the drop-down list.

If you require a numbered heading style within the policy text, please use Heading 4 from the drop-down styles list.  This will automatically apply a number to the heading and each time you use the Heading 4 style the next sequential number will be applied automatically. 

Styles 1.1 (Style 1), 1.1.1 (Style 2), and 1.1.1.1 (Style 3) are available for the body of the text.  To reduce complexity, it is recommended that numbering below the level of 1.1.1.1 be avoided.  Bullet points can be used for lists if required.  The list bullet style is available from the styles drop-down list.

Note: If you press “Enter” after a heading provided in the template or after a set of instructions the Normal, Policy style will automatically be applied.

Note: Please do not use tabs in your document.  

University Policy on: Privacy

Overtype “Policy Name” with the name of the policy.  This must convey specifically, accurately and succinctly what the policy addresses eg Award of Honours, Study Leave.

Purpose of the policy and summary of issues it addresses:

The University respects the privacy of individuals whose personal information is collected, used and managed in the course of University business.  While not subject to the federal Privacy Act, 1988, the University is committed to abiding by the Australian Privacy Principles as described in Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act, 2012. This policy describes what personal information the University collects, how and why it is collected, and how an individual may seek to access or correct this information. It also outlines how individuals may complain about a breach of this policy.

This must be in Normal, Policy style.

Provide a brief summary of the reasons for the policy and issues it addresses.  This section is designed to stand alone.  The aim is to provide the reader with enough information to make a decision about whether or not this is the policy they are looking for.  It must not be longer than 200 words. 

Example 1

This policy defines the nature and purpose of study leave provisions for academic staff and sets out eligibility criteria and other conditions that apply.

Example 2

This policy seeks to rationalise the award of honours across the University by addressing such issues as: entry standards, course content and structure, supervision, assessment, examination, grades, classifications, benchmarking and the maintenance and provision of documentation relating to these matters.  It is based on resolutions of the Academic Board flowing from the 1999 report of the Honours Working Party.

Definitions:

Cookie

A small text file generated by a website and saved by a web browser.

Personal information is defined in the Privacy Act 1988 as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.’ The types of personal information that the University collects and holds will depend on the circumstance and relationship between the individual and the University. Personal information that is commonly collected by the University includes:

i. name

ii. address (residential, postal and email)

iii. phone number

iv. date of birth

v. gender

vi. ethnic origin

vii. passport number

viii.banking and credit card details

ix. tax file number

x. health or impairment information

xi. emergency contact details

xii. photographs or video recordings (including CCTV footage)

xiii.criminal history

xiv.academic record

xv. IT access logs

xvi.records of donations and transactions

xvii. employment details

Privacy Act means the Privacy Act 1988 (Commonwealth).

Sensitive information is defined in the Privacy Act 1988 (Cth) as:

a. information or an opinion about an individual’s:

i. racial or ethnic origin; or

ii. political opinions; or

iii. membership of a political association; or

iv. religious beliefs or affiliations; or

v. philosophical beliefs; or

vi. membership of a professional or trade association; or

vii. membership of a trade union; or

viii. sexual orientation or practices; or

ix. criminal record

that is also personal information; or

b. health or impairment information about an individual; or

c. genetic information about an individual that is not otherwise health or impairment information; or

d. biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or

e. biometric templates.

Place your cursor immediately under the definitions heading to get the definitions style.

Policy statement:

1 Scope

1.1 The following individuals and organisational units are subject to this policy:

· The University of Western Australia employees;

· The University of Western Australia contractors;

· Convocation, the UWA Graduates Association;

· Organisations performing outsourced services on behalf of the University of Western Australia;

· Regional and offshore campuses and offices of the University of Western Australia; and

· Volunteers and honorary appointees performing duties or services on behalf of the University of Western Australia.

2 Collection and Use of Personal Information

2.1 The University collects and uses personal information that is reasonably necessary for the performance of one or more of the University’s functions and activities.  The University will collect and use personal information by lawful and fair means and, where possible, directly from the individual. 

2.2 Personal Information may be collected from and about:

· Current and prospective students;

· Current and prospective staff;

· Alumni;

· Current and prospective donors;

· Research participants;

· Clients of health or counselling services;

· Users or attendees of University facilities, services, events or activities;

· Volunteers.

2.3 The University collects personal information in a number of ways including:

· Forms that are submitted by individuals (including via on-line portals);

· As part of any enrolment, registration or subscription process;

· In the course of undertaking research;

· Direct contact in the course of providing services or administration of University activities;

· From third parties with which the University collaborates;

· From the University’s monitoring of its IT facilities and services, including the web (subject to the University Policy on Privacy of Electronic Material UP07/45);

· From CCTV cameras on University premises

· From public health databases where the relevant consent processes described in the national research and ethics codes are reviewed and approved.

· From cookies set from web browsers visiting UWA websites

· From Google applications including AdWords

  

2.4 The University will not collect sensitive information unless:

· With the individual’s consent; or

· If required or authorised by Australian law or court/tribunal order; or

· An exemption exists under the Privacy Act.

2.5 The University may only use an individual’s personal or sensitive information:

· for the purpose for which it was collected (the primary purpose); or

· for a secondary purpose that is related to the primary purpose (if the information is sensitive information, it will only be used or disclosed for a secondary purpose which is directly related to the primary purpose) and that the individual would reasonably expect his or her information to be used or disclosed for this secondary purpose; or

· with the individual’s consent; or

· as otherwise allowed under the Privacy Act, or as required or authorised by Law.

3 Disclosure

3.1 The University may disclose personal information to the following types of third parties:

· Government Departments and agencies to satisfy reporting requirements;

· External service providers, to the extent that the information is required to provide services to the University (eg. Software-as-a-service);

· Collaborating parties, to the extent that such personal information is required for the collaborative activity to be undertaken (eg collaborative research; jointly delivered courses or programs).

3.2 Some third parties to whom the University may disclose personal information may store this information in countries other than Australia (eg cloud services).  If this is the case the University will ensure that it has a contract that requires that the third party complies with the Australian Privacy Principles and with the State Records Commission Standard 6: Outsourced Functions as articulated in University’s Record Keeping Plan. 

3.3 The University will take reasonable measures to ensure that the systems, tools and methods of capturing, transmitting and storing information are protected from inappropriate access and use, or loss. However, the University cannot be held responsible for the theft of data by a third party, or the loss of data through technical or technological malfunction, tampering by a third party, or any event that is beyond the reasonable control of the University or as identified in the University Policy on Privacy of Electronic Material.

4 Access and Correction

4.1 The University will, upon request by an individual, provide access to personal information about that individual unless the University has a legitimate reason for refusal, such as the release would conflict with existing legislative requirements or policy. The University will take all reasonable measures to amend or remove personal information if it can be proved to be incorrect.

5 Complaints

5.1 University employees will collect, access, use and disseminate information appropriately, that is in the performance of their duties on behalf of the University.  University employees who inappropriately collect, access, use and/or disseminate personal information may be subject to disciplinary action.

5.2 Individuals have the right to complain if they believe that the University has breached its Privacy Policy.  Complaints will be managed in accordance with the University Policy on Public Complaints UP09/2 or the University Policy on Student Complaint Resolution UP07/98. 

Policy or Procedure?

Policies are statements of the principles1 which govern decision-making.

Procedures are the functional steps used to implement policies.

1 Principles in this context are to be understood as being both broad and detailed.

The policy statement makes clear the intent of the policy.  It must be written in clear, precise and direct language.  Short sentences are preferable.  Any specialist words or acronyms must be defined at the beginning of the statement.  (A guide to writing styles will be available soon.)

If the policy includes procedural elements you will need to identify these as Procedures by including this word above the relevant text.  The procedures style from the styles drop-down list must be applied to the whole of the procedures text, including the word Procedures.  Note: Administrative procedures can be approved by the relevant Director.

Related forms: (Link)

Provide links to any forms associated with the policy (eg Approved Leave form) and/or to information on on-line submission.

Note: Forms are a means through which policy is processed, not made.  Forms must reflect policy and must not be used to create policy.

Policy No:

UP14/10

This is the TRIM record number.  Note: This is not the TRIM file number.  If this is a new policy, apply for the policy number (contact rorett@admin.uwa.edu.au) after the policy has been approved by the relevant position or body and before it is submitted for storing in TRIM.

Approving body or position:

Executive Director, Corporate Services

Include the name of the body or position with responsibility for approving the policy.  This must be one of the following:

Senate

Academic Board/Council

Vice-Chancellor

Senior Deputy Vice-Chancellor

Deputy Vice-Chancellor (Education)

Deputy Vice-Chancellor (Research and Innovation)

Registrar and Executive Director (Academic Services) Executive Director (Finance and Resources)

Date original policy approved:

24 July 2014

Insert date of approval of original policy.  If this information cannot readily be ascertained insert “as per file”.

Date this version of policy approved:

24 July 2014

When the policy document has been approved by the relevant body or position insert date of approval.

Date policy to be reviewed:

23 July 2016

If the proposing body has not determined a date for review of the policy, a default date of ten years from the date of the latest revision approval will apply.  Enter the appropriate date.

Date this version of procedures approved:

If the document contains procedures, include the date that these were last updated.  Procedures are approved by the relevant Director.

TRIM File No:F57176

Insert the appropriate TRIM file number.  All policies must have a TRIM file for storing information relating to policy development and other related information.  Note this is not the policy number.  Apply for a TRIM file number at http:/intranet.uwa.edu.au/page/38742

Contact position:

Director, Information Governance Services

State the name of the position that is to be contacted for any queries regarding the policy, eg University Secretary.  Note: As this will link through to the University’s Contact Directory, the position name must be given exactly as it appears in that directory.

Related Policies or legislation:

Privacy Act, 1988

University Policy on Privacy of Electronic Material  UP07/45

University Policy on Access to University Records (under review)

University Policy on Public Complaints UP09/2

University Policy on Student Complaint Resolution UP07/98

The University of Western Australia Record Keeping Plan

http://www.legalservices.uwa.edu.au/foi/personal-info

https://support.google.com/adwordspolicy/answer/143465?hl=en-AU

Provide details of, and, if appropriate, web links to, other policies, legislation or committee resolutions that relate to the subject of the policy, if known, eg Statute(s), University General Rule(s).  If unsure what these might be, try one or more of the following:

Conduct a search on TRIM.

Make an enquiry to Archives and Records.

Seek help from staff in the relevant section. 

If related policies are stored in University Policy format on the University Policies site, please provide the relevant policy number(s). 

Switch off the instructions by clicking the hide/show button on your toolbar.

Check the content of the document for clarity and accuracy.

Submit the document to the relevant position or body for approval.

When the document is approved -

if the policy does not already have a University Policy number, apply for one by completing the form at http://intranet.uwa.edu.au/archives/new_university_policy_number (Control and click to follow the link.)

include the University Policy number in the relevant table box in the template; and

complete the relevant approval date and any other table boxes at the end of the template that have not yet been completed.

Save the document in Filtered HTML format to a convenient location on your network drive (Go to File – Save As and select Web Page, Filtered from the drop-down list under the filename box.)

Apply the style-checker as follows:

Go to the following URL http://www.admin.uwa.edu.au/policytidy (Control and click to follow the link.)

Browse to find the policy document you have saved in Filtered HTML.

Hit “Submit” to bring up the preview of the converted document.

Check for errata and mis-processed characters.

Once the document is correct, click on “Download Document” to download the document to the preferred folder on your network drive.

Appropriate Director emails (rorett@admin.uwa.edu.au) the policy to University Records for storing in TRIM and publishing on the University Policies website.