To promote and protect individual privacy with regard to the collection, use, storage and disclosure of information relating to individuals, and for the right of each individual to access personal information currently being held by the school



1.    To comply with the provisions of the Privacy Act 1993 the Board must appoint at least one Privacy Officer.

2.    The Board will develop procedures to assist the Privacy Officer(s) in the task of ensuring the Principal and Staff adhere to the principles contained in the Act in all aspects of their work.

3.    The procedures will comply with the principles in the Privacy Act 1993 in terms of:

·         The purpose of collecting personal information.

·         Who can be asked for information and what should be explained when

collecting information.

·         The manner of collection.

·         The storage and security of personal information.

·         Access to personal information including the individual’s right to obtain

information held on them and to whom information may be disclosed.

·         The correction of personal information.

·         Accuracy of personal information held and checking for correctness.

·         Ensuring personal information is not kept for longer than necessary.

·         Unique identifiers.

4.    Any complaint regarding a breach of privacy should be dealt with through the Complaints Policy.

If this does not resolve the issue the complainant may lodge a complaint with the Privacy Commissioner.

Procedures to assist the privacy officer

1.    The duties of the Privacy Officer include:

·         Ensuring the Information Privacy Principles (IPPs) are adhered to correctly

·         Handling information requests

·         Assisting the Privacy Commissioner with investigations under the Privacy Act

2.    The Privacy Officer must be familiar with the 12 IPPs.

3.    The Privacy Officer must regularly audit personal information held by the school about employees and pupils to ensure the information is necessary to the school, it is stored in a secure place, it is accurate and it is not held for longer than necessary.

4.    The Privacy Officer must regularly audit forms used for the collection of information to ensure the forms explain the purposes for which information is collected, who has access to the information, where the information will be stored and an individual’s right to correct the information held.

5.    The Privacy Officer must be able to report to the Board at any time; showing the application of the Privacy Act in the steps taken to collect information (e.g. enrolment forms and job application forms), the steps taken to keep the information secure and the steps taken to deal with information requests.

Information requests

1.    Receive a request for personal information.

2.    Establish which IPP applies (i.e. is it an individual making the request under IPP 6 or a third party making the request under IPP 11).

3.    Check the identity of the person making the request. If it is an agent representing the individual then check that the agent is authorised to act.

4.    Identify exactly what information is being requested.

5.    Establish that the information is held by the school.

6.    Provide the information within 20 working days or;

7.    Give a reason for the refusal to disclose the information.

Reviewed 5 August 2014