Privacy
The main privacy laws that apply to the university are the:
- Privacy and Personal Information Protection Act 1998()
- Health Records and Information Protection Act 2002().
These Acts contain, respectively, the Information Protection Principles (IPPs) and the Health Privacy Principles (HPPs) to ensure personal and health information held by public sector agencies, including the university, is not modified, used or accessed by unauthorised people. The principles regulate the handling of personal and health information, and cover its collection, storage, use, disclosure and disposal. The university's Privacy Policy identifies how the university will comply with the principles.
The Acts also allow a person who feels their privacy has been breached by the university, to make a privacy complaint to the university.
Other privacy laws that impose obligations on the university include the:
- Privacy Act 1988 (Cth), in regard to the university’s handling of tax file numbers (TFNs).
- European Union General Data Protection Regulation (2016/679) (the “GDPR”), in regard to the University’s handling of personal information of EU residents.
The university's Privacy Officer:
- acts as a first point of contact with the NSW Privacy Commissioner for matters related to privacy and personal information
- acts as a reference point at the University for privacy matters
- acts as a point of contact for privacy complaints and requests to access personal information.
- Accessing your information
- Privacy management plan
- Privacy complaints
Accessing your information
All individuals have a right to access the personal information that the university holds about them.
You can gain access to your personal information directly if you are a staff member or student of the university (through the portal) or by contacting the relevant area of the university. You also have options to access your personal information if your initial access request is denied.
Proof of identity
The university will require proof of identity before it discloses any personal information that it holds.
If accessing personal information in person, the university officer will request original valid ID (e.g., driver licence, or passport) before disclosing the information. If accessing by other means you will need to provide a certified copy of a valid ID along with your request.
Current students
Students can access some of their personal information via the portal, including their:
- personal details
- current enrolment details
- fee statement
- class timetable
- exam timetable and results
- academic results.
Students can also update their personal details and maintain their enrolment via myUNSW.
To access your personal information held by the university that is not available via myUNSW, you should contact the relevant unit of the university to request access.
Past students
Past students wishing to access their personal information held by the university should contact the relevant area of the university that holds that information.
Find details for obtaining your .
Staff
Staff members can access some of their personal information via the portal, including their:
- personal details
- pay advices and payment summaries
- leave balances.
Staff members can also update their personal details via myUNSW.
Staff members are also able to access their Personnel File and should be advised of any adverse reports or documents relating to performance placed on that file. To access your Personnel File, staff should contact Human Resources on: (02) 9385 2711 or email: hr@unsw.edu.au.
Other individuals
Other individuals wishing to access their personal information held by the university should contact the relevant area of the university that holds that information.
Authorising third party access to your personal information
If you wish a third party (e.g., family member, friend, employer or legal representative) to access your personal information held by the university, you must provide express consent for the university to disclose your information.
To ensure the university meets its obligations under privacy laws, the consent must be in writing, signed by the individual concerned, and contain the following information:
- full name
- date of birth
- residential address
- UNSW student of staff number (if known)
- details of the specific records for which consent to disclosure is given
- name of the person to whom the information will be disclosed
- proof of identity of the individual giving consent, being a certified copy of one of the following documents - current Australian driver’s licence or proof of age card; current Australian passport; or other proof of signature and current address details.
Current students wishing to authorise a third party should use the form provided by .
Further assistance
The UNSW Privacy Officer can provide assistance to identity the relevant area of the university that holds your personal information.
If you are having trouble accessing your personal information, or access has been denied, the UNSW Privacy Officer may be able to assist by liaising with the relevant area to facilitate access (depending on the nature of the information being requested and its availability).
Formal application for access under the GIPA Act
You may be able to apply for access to your personal information by making a formal access application under the (). This option is not the university's recommended way to access personal information. However, if your request is complex and may contain information that is not your personal information then an application under the GIPA Act may be required.
Find further information on making an application under the GIPA Act.
Contact
Privacy Officer
:privacy@unsw.edu.au
Privacy management plan
The University's Privacy Management Plan identifies how the University will comply with the Privacy and Personal Information Protection Act 1998() and the Health Records and Information Privacy Act 2002().
The Privacy Management Plan is reviewed each year, with the current version found here.
Privacy Statements
To support the Privacy Policy, the University has privacy statements that set out how it collects, uses and discloses personal information:
Privacy complaints
Under section 53 of the Privacy and Personal Information Protection Act 1998(), individuals have the right to seek a review of certain conduct of the university, in circumstances where the individual believes that the university has breached the terms of the Act.
An application for internal review can be submitted by anyone who is "aggrieved" by the conduct of the University. A review can also be sought where the action taken by the university might only affect the personal information of other individuals. The request for internal review can only be made where it is alleged that the university has:
- breached any of the information protection principles
- breached any code made under the Privacy Act applying to the University
- disclosed personal information kept in a public register of the University.
An application for an internal review must:
- be in writing
- be addressed to the university
- specify an address in Australia to which the applicant is to be notified after the completion of the review
- be lodged with the university Privacy Officer within six months from the time the applicant first became aware of the conduct to be the subject of the review.
The request for internal review should be lodged with the University Privacy Officer using the application form for internal review.