Policy overview
1 Purpose
To ensure that the University complies with its obligations when handling Personal Information under the Information Privacy Act 2009 (Qld) ('the IP Act') and the Right to Information Act 2009 (Qld) ('RTI Act'), as well as any other applicable privacy and data protection laws. It ensures that the University meets its obligation in the IP Act to have a clearly expressed and up to date Privacy Policy which outlines how the University manages Personal Information in various parts of its operations.
2 Scope
This Policy applies to University Members, prospective Students and applicants for jobs at the University, and members of the public who are entitled to request access to information held by the University.
3 Policy Statement
The University is committed to protecting the privacy of all Personal Information that it handles. The University will meet its legal obligations under the IP Act and RTI Act, which impose obligations to:
- comply with the IP Act and the Privacy Principles
- comply with the IP Act when transferring Personal Information outside of Australia
- take reasonable steps to have Contracted Service Providers adhere to the Privacy Principles
- deal with Privacy Complaints made in relation to breaches of privacy in a timely and responsive manner and in accordance with the IP Act, including, when necessary, acting in accordance with the IP Act's mandatory notification provisions for an Eligible Data Breach and the University's Data Breach Response Plan
- take reasonable steps to implement practices, procedures and systems that ensure compliance with the IP Act and the RTI Act.
This policy aligns with the Higher Education Standards Framework (Threshold Standards) 2021: Standard 7.3 Information Management.
4 Principles
- The University adopts the definition of Personal Information used in the IP Act.
- The functions of the University require the University to collect, hold, store and disclose certain types of Personal Information.
- A list of the types of Personal Information the University collects (including relevant categories of Sensitive Personal Information), how Personal Information is collected, held and stored and the purposes for which Personal Information is collected, held and stored will be publicly accessible online and set out in the Privacy Procedure.
- The University is committed to protecting personal privacy when performing its functions, recognising that individuals have a reasonable expectation that the University will:
- protect and manage the Personal Information it collects and holds about them
- act upon complaints made by individuals who believe the University has breached its obligations under the IP Act.
- The University will interpret and apply the IP Act and the RTI Act to ensure fair collection and handling of Personal Information and to grant people the right to access to any of their Personal Information held by the University or under its control.
- The University will take reasonable steps to ensure Personal Information in its possession is accurate, relevant, complete, up to date and not misleading. Individuals have the right to request correction of their Personal Information if they believe the information is inaccurate, out of date, incomplete, irrelevant or misleading.
- The University's preferred method for providing access to an individual's own Personal Information is through its Administrative Access Scheme.
- The first point of contact for all privacy matters, including complaints, applications, requests for amendment and requests for internal review, is the Privacy Officer.
5 References
Nil.
6 Schedules
This policy must be read in conjunction with its subordinate schedules as provided in the table below.
7 Policy Information
| Accountable Officer | Privacy Officer |
| Responsible Officer | Privacy Officer |
| Policy Type | Executive Policy |
| Policy Suite | |
| Subordinate Schedules | |
| Approved Date | 24/6/2025 |
| Effective Date | 24/6/2025 |
| Review Date | 24/6/2030 |
| Relevant Legislation | Freedom of Information Act 1982 (Cth) Information Privacy Regulation 2009 |
| Policy Exceptions | |
| Related Policies | |
| Related Procedures | |
| Related forms, publications and websites | Data Breach Response Plan Schedule Guidelines - Privacy Principles, Office of the Information Commissioner (OIC) |
| Definitions | Terms defined in the Definitions Dictionary |
| Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable from the information or opinion - (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not....morePersonal information means information or an opinion about an identified individual or an individual who is reasonably identifiable from the information or opinion - (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not. A person who is enrolled in a UniSQ Upskill Course or who is admitted to an Award Program or Non-Award Program offered by the University and is: currently enrolled in one or more Courses or study units; or not currently enrolled but is on an approved Leave of Absence or whose admission has not been cancelled....moreA person who is enrolled in a UniSQ Upskill Course or who is admitted to an Award Program or Non-Award Program offered by the University and is: currently enrolled in one or more Courses or study units; or not currently enrolled but is on an approved Leave of Absence or whose admission has not been cancelled. The term 'University' or 'UniSQ' means the University of Southern Queensland....moreThe term 'University' or 'UniSQ' means the University of Southern Queensland. Persons who include: Employees of the University whose conditions of employment are covered by the UniSQ Enterprise Agreement whether full time or fractional, continuing, fixed-term or casual, including senior Employees whose conditions of employment are covered by a written agreement or contract with the University; members of the University Council and University Committees; visiti...morePersons who include: Employees of the University whose conditions of employment are covered by the UniSQ Enterprise Agreement whether full time or fractional, continuing, fixed-term or casual, including senior Employees whose conditions of employment are covered by a written agreement or contract with the University; members of the University Council and University Committees; visiting, honorary and adjunct appointees; volunteers who contribute to University activities or who act on behalf of the University; and individuals who are granted access to University facilities or who are engaged in providing services to the University, such as contractors or consultants, where applicable. | |
| Definitions that relate to this policy only | |
| Contracted Service Provider Has the meaning given to it under the Information Privacy Act 2009 (Qld): “an entity other than the University” that enters a contract or other arrangement with the University to provide services. Eligible Data Breach Has the meaning given to is under the Information Privacy Act 2009 (Qld). For a data breach to be an 'eligible data breach' triggering notification and other obligations under the IP Act, both of the following must apply:
Privacy Complaint Has the meaning given to it under the Information Privacy Act 2009 (Qld): “a complaint by an individual about an act or practice of a relevant entity (the respondent for the complaint) in relation to the individual's Personal Information that is a breach of the relevant entity's obligation under the IP Act to comply with the Privacy Principles; or an approval under section 157 of the IP Act” (being an approval given by the information commissioner that waives or modifies an agency's obligation to comply with the privacy principles). Privacy Officer The Information and Regulatory Lawyer, or other University staff member as designated from time to time. Privacy Principles Has the meaning ascribed by the IP Act, being the Queensland Privacy Principles that are set out in Schedule 3 of the IP Act. Sensitive Personal Information As defined by the IP Act as health information or Personal Information about an individual relating to their racial or ethnic origins, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record. | |
| Keywords | Privacy, Personal Information |
| Record No | 13/404PL |