Australia's #1 for Law

Join 150,000 Australians every month. Ask a question, respond to a question and better understand the law today!

NSW School's Failure to Secure Details of Students - Breach of Privacy?

Discussion in 'Other/General Law Forum' started by Toqual, 12 August 2014.

Tags:
  1. Toqual

    Toqual Well-Known Member

    Joined:
    10 July 2014
    Messages:
    130
    Likes Received:
    9
    If an educational firm (a private high school) fails to secure the personal details of all students (e.g. address etc) and makes them available to all students, is this an offence?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Sophea

    Sophea Guest

    Hi Toqual,

    Private schools, except in rare cases, must comply with the National Privacy Principles contained in Schedule 3 of the Privacy Act 1988 (Commonwealth).

    The Privacy Act defines personal information as:
    "Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion."

    This definition would therefore likely include addresses and contact information of a student.

    Schools are always permitted to use or disclose information for the primary purpose for which it was collected. However, a school must not use or disclose personal information about an individual for a purpose other than the primary purpose of collection unless one of the exceptions under the NPPs apply.

    With regard to the inadvertent disclosure of information there is also a requirement that schools take reasonable steps to protect personal information they hold from misuse, interference, loss and unauthorised access, modification or disclosure. The level of security employed by schools should be proportionate to the risk involved if the information was to be disclosed.

    If a school was to breach the Privacy Principles - the situation could be investigated by the Privacy Commissioner upon complaint by an affected person. The Privacy Commissioner has the power to seek pecuniary penalties (fines) in circumstances where there has been a serious or repeated breach.

    If you are concerned about something I would contact the Privacy Commission and seek their advice as to how to proceed. However if you have not suffered damage as a result of the incident and it was an inadvertent breach on behalf of the school, I don't see how there is much to be gained by such a course.
     
  3. John R

    John R Well-Known Member

    Joined:
    14 April 2014
    Messages:
    637
    Likes Received:
    166
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Toqual

    Toqual Well-Known Member

    Joined:
    10 July 2014
    Messages:
    130
    Likes Received:
    9
    Cheers all!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

Loading...
gt;