Asset Publisher

Privacy and Responsible Information Sharing Policy

policy

1. Policy statement

The Department of Education (the Department) is committed to protecting the privacy of personal and health information it collects, holds, manages, uses, discloses and shares, in accordance with relevant legislation and policies, in the fulfilment of its functions and activities.

2. Policy rules

All employees must manage personal, including sensitive, and health information in accordance with the Privacy and Responsible Information Sharing (PRIS) Framework.

3. Responsibility for implementation and compliance

All employees are responsible for implementing this policy.

The Information Privacy and Governance team is responsible for compliance monitoring.

4. Scope

This policy applies to all employees.

5. Definitions

Personal Information means information or an opinion, whether true or not, and whether recorded in material form or not, that relates to an individual, whether living or dead, whose identity is apparent or can reasonably be ascertained from the information or opinion, and includes:

  • a name, date of birth or address
  • a unique identifier, online identifier or pseudonym
  • contact information
  • information that relates to an individual’s location
  • technical or behavioural information in relation to an individual’s activities, preferences or identity
  • inferred information that relates to an individual, including predictions in relation to an individual’s behaviour or preferences and profiles generated from aggregated information
  • information that relates to one or more features specific to the physical, physiological, genetic, mental, behavioural, economic, cultural or social identity of an individual

Sensitive Personal Information means personal information that relates to an individual’s:

  • racial or ethnic origin
  • gender identity (when differs from designated sex at birth)
  • sexual orientation or practices
  • political opinions or memberships of a political association
  • religious beliefs or affiliations
  • philosophical beliefs
  • memberships of a professional or trade association or trade union
  • criminal record
  • health information or genetic information
  • biometric information that is to be used for the purpose of automated biometric verification or biometric identification
  • biometric templates.

Health Information means personal information that relates to an individual’s health, illness, disability or injury. This includes an individual’s expressed wishes about the future provision of health services, or a health service provided or to be provided to an individual. Health information also includes other personal information collected, to provide, or in providing, a health service to an individual.

For example, health information may include:

  • notes of symptoms or diagnosis
  • specialist reports and test results
  • prescriptions and other pharmaceutical purchases
  • dental records
  • appointment and billing details
  • information collected in connection with donations or intended donations of organs, body parts or body substances
  • genetic information that is, or could be, predictive of the health of an individual or a genetic relative of an individual.

6. Related documents

7. Contact information

Policy manager:

Director, Business and Customer Services

Policy contact officer:

Principal, Consultant Information Privacy

8. History of changes

Effective date Last update date Policy version no.
12 November 2024 1.0
New policy, endorsed by the Director General at the Corporate Executive meeting held on 11 September 2024. D24/0653005

9. More information

Policy review date

12 November 2027