Welcome to TRANSPARENT – a quarterly newsletter from the Unique Student Identifier (USI) Office to help registered training organisations (RTOs) meet their privacy obligations.
The newsletter provides information and guidance on the Australian Privacy Principles (APPs) and good privacy practices. It is published in consultation with the Office of the Australian Information Commissioner (OAIC) and builds on the existing monthly USI bulletin.
Inside, you will find instructions and tips for maintaining and handling USIs and associated personal information in keeping with the Student Identifiers Act 2014 (SI Act) and Privacy Act 1988 (Privacy Act). These Acts obligate all RTOs to protect individuals’ privacy. You will also find links to additional privacy resources on the OAIC website. Furthermore, in future editions of the newsletter, you will see observations from a recent privacy survey by the OAIC of selected RTOs, descriptions of the privacy tools and templates available to you, and advice for building privacy into your training products and services.
We hope you find the newsletter helpful and look forward to receiving your feedback on the inaugural edition.
Inside this edition
- Is your organisation subject to the Privacy Act?
- What is privacy?
- What are the Australian Privacy Principles?
- What is personal information?
- Who is the Office of the Australian Information Commissioner?
- What is in the next edition?
Is your organisation subject to the Privacy Act?
Any entity that collects, uses or discloses a USI must protect this information in accordance with the SI Act. Moreover, should an entity breach the personal information handling provisions of the SI Act, it will be considered an APP entity bound by the Privacy Act and the Privacy Commissioner will have the power to investigate the matter.
Please see Chapter B of the APP Guidelines for further information on APP entities.
What is privacy?
Privacy is not about secrecy. It is about being transparent about how you handle personal information.
Transparent information handling practices help students make informed decisions about their own information, and demonstrate that RTOs take data protection seriously. Building trust in data handling requires clear communication of your privacy management with students and the public more broadly – so they understand how their personal information will be safeguarded, used, and shared. Without assurance of privacy and data protection, innovations in data-based products and services struggle to gain user trust.
What are the Australian Privacy Principles?
The APPs outline how organisations governed by the Privacy Act (APP entities) must handle, use, disclose and dispose of personal information. The principles cover:
- an individual having the option of transacting anonymously or using a pseudonym where practicable;
- the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection;
- how personal information can be used and disclosed (including overseas);
- maintaining the quality of personal information;
- keeping personal information secure; and
- the right for individuals to access and correct their personal information.
There are also APPs that deal with the use and disclosure of personal information for direct marketing (APP 7), cross-border disclosure of personal information (APP 8) and the adoption, use and disclosure of government related identifiers (APP 9).
Please see the APP Guidelines for further information on the APPs.
What is personal information?
Personal information is information or an opinion that identifies, or could identify, an individual. It is irrelevant whether the information or opinion is factually true.
Some common examples of personal information include names, dates of birth and contact information. RTOs collect this information when applying for a USI on an individual’s behalf.
However, there are certain types of personal information which are more sensitive in nature (referred to in the Privacy Act as ‘sensitive information’) and which are afforded more stringent protections. Some examples of sensitive information include information about an individual’s health, political opinions, religious or philosophical beliefs or affiliations and sexual orientation or practices. Again, when applying for a USI on an individual’s behalf, RTOs collect sensitive information in the form of the individual’s place of birth. This is sensitive information because it may indicate the individual’s racial or ethnic origin.
Please see Chapter B of the APP Guidelines for additional examples and information.
Who is the Office of the Australian Information Commissioner?
The USI Office works with the OAIC to protect students’ personal information.
The OAIC is an independent Commonwealth statutory agency responsible for regulating Commonwealth privacy and freedom of information laws (the Privacy Act and the Freedom of Information Act 1982). The OAIC is responsible for privacy functions conferred by the Privacy Act as well as other legislation, including the SI Act.
Further information on the functions of the OAIC may be found here.
What is in the next edition?
The next edition will examine how USIs and associated personal information are generally treated under the APPs and some of the things you should consider when creating privacy policies and practices.