LawAnswers.com.au - Australia's #1 Legal Community

LawAnswers.com.au is a community of 10,000+ Australians, just like you, helping each other.
Ask a question, respond to a question and better understand the law today!
Join us, it only takes a minute:

NSW School's Failure to Secure Details of Students - Breach of Privacy?

Discussion in 'Other/General Law Forum' started by Toqual, 12 August 2014.

Tags:
  1. Toqual

    Toqual Well-Known Member

    Joined:
    10 July 2014
    Messages:
    130
    Likes Received:
    9
    If an educational firm (a private high school) fails to secure the personal details of all students (e.g. address etc) and makes them available to all students, is this an offence?
     
  2. Sophea

    Sophea Well-Known Member

    Joined:
    16 April 2014
    Messages:
    2,300
    Likes Received:
    335
    Hi Toqual,

    Private schools, except in rare cases, must comply with the National Privacy Principles contained in Schedule 3 of the Privacy Act 1988 (Commonwealth).

    The Privacy Act defines personal information as:
    "Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion."

    This definition would therefore likely include addresses and contact information of a student.

    Schools are always permitted to use or disclose information for the primary purpose for which it was collected. However, a school must not use or disclose personal information about an individual for a purpose other than the primary purpose of collection unless one of the exceptions under the NPPs apply.

    With regard to the inadvertent disclosure of information there is also a requirement that schools take reasonable steps to protect personal information they hold from misuse, interference, loss and unauthorised access, modification or disclosure. The level of security employed by schools should be proportionate to the risk involved if the information was to be disclosed.

    If a school was to breach the Privacy Principles - the situation could be investigated by the Privacy Commissioner upon complaint by an affected person. The Privacy Commissioner has the power to seek pecuniary penalties (fines) in circumstances where there has been a serious or repeated breach.

    If you are concerned about something I would contact the Privacy Commission and seek their advice as to how to proceed. However if you have not suffered damage as a result of the incident and it was an inadvertent breach on behalf of the school, I don't see how there is much to be gained by such a course.
     
  3. John R

    John R Well-Known Member

    Joined:
    14 April 2014
    Messages:
    637
    Likes Received:
    165
  4. Toqual

    Toqual Well-Known Member

    Joined:
    10 July 2014
    Messages:
    130
    Likes Received:
    9
    Cheers all!
     

Share This Page

Loading...