(1) This procedure: (2) This procedure applies to students and staff of the University and external parties seeking to access University records and information. (3) This procedure supports the Records Management Policy and the Privacy Management Plan. (4) Student and staff records are confidential. Subject to the legal obligations of the University, student or staff records, or parts thereof, will be released only to that student or staff member and to authorised University staff in the course of the University's regular business. (5) The disclosure of personal and health information will be limited by the University and restricted to the purpose for which it was collected or as stated in the Privacy Management Plan, unless an exemption applies under a relevant privacy legislation or code of practice. (6) If instructed in writing by a student or staff member, or where directed by a validly issued legal order, the University will release their records to another person or to an organisation. (7) Where information from student records is disclosed other than in accordance with clauses (4)–(6), that information must be published in such a way that the student cannot be identified from that information. (8) There are stricter obligations for the disclosure of personal sensitive information relating to an individual's ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, health and sexual activities. The University will only disclose this information with the consent of the person, or when required to do so by law, or if the disclosure is necessary to prevent or minimise a serious or imminent threat to the person’s health or safety. (9) Current or former students may request access to their own records held by the University through the following process: (10) Current or former staff members may request access to their own records held by the University through the following process: (11) Each Band 7 head of an organisational unit has operational responsibility for approving access to information and systems held by their unit and/or sharing records and information between systems and organisational units. This authority is subject to any restrictions or higher authorisation requirements under delegations, the Privacy Management Plan, the Legal Policy and its procedures and/or other University policies and procedures (e.g. Surveillance Procedure). (12) Personal and health information collected by the University will only be used for the purpose it was collected, as set out in the Privacy Management Plan and/or in accordance with NSW and Commonwealth privacy legislation. (13) The use of personal information for statistics and quality assurance purposes is considered to be related to the purpose for which the information was collected (for example, to improve the quality of services provided by the University). The Office of Planning and Analytics may receive personal information that it will provide to other organisational units in an aggregated or de-identified format. Where an organisational unit requests identified information, executive approval must confirm that the information is required to meet a genuine business need and/or that an exemption applies under the relevant legislation. (14) The University is committed to the principles of openness and accountability that underpin the Government Information (Public Access) Act 2009 (GIPA Act). (15) The University will assess and respond to all applications for access to information made under the GIPA Act in accordance with the GIPA Act and after payment of the prescribed fees. The fees may vary and will be as determined by the NSW Government. (16) The University will provide access to information it holds, restricted only when there is an overriding public interest against releasing that information. (17) Responsibilities for requests under the GIPA Act are as follows: (18) If an internal review of a GIPA Act decision is requested, it will be done by a person who did not make the original decision and that person will be at least as senior as the person who made the original decision. (19) The University’s open access information is available to the public free of charge. This includes: (20) Documents held by the University or by an officer of the University in their official capacity are subject to the GIPA Act. (21) The University Ombudsman maintains a webpage that includes links to the open access information of the University. (22) Requests for other University information can be made and will be managed as follows: (23) The University Ombudsman will report, via the University annual report, details as required by the GIPA Act and regulations regarding the management of GIPA responsibilities and compliance. (24) The University Ombudsman will take initiatives to broaden awareness and understanding amongst University staff of the GIPA Act and this procedure. (25) Nil. (26) For the purpose of this policy, the following terms are used:Records Management Procedure - Access to University Records
Section 1 - Purpose
Scope
Section 2 - Policy
Section 3 - Procedure
Part A - Student and staff personal records
Confidentiality
Student access to their own University records
Staff access to their own University records
Part B - Internal access to University records
Part C - External access to University records - Government Information (Public Access) (GIPA) requests
Principles and responsibilities
University documents
GIPA requests
Accountability and performance management
Section 4 - Guidelines
Section 5 - Glossary
View Current
This is the current version of this document. To view historic versions, click the link in the document's navigation bar.