Privacy compliance
Privacy matters!
Western Sydney University is committed to protecting the privacy of staff, students and community members – keeping all personal information safe and ensuring the security of the information and data we hold. This includes our obligations under NSW and federal laws that relate to how the University collects, uses, holds (that is, stores) discloses and destroys personal information.
What is 'personal information'?
Personal information is defined in the Privacy and Personal Information Protection Act 1998 (NSW) (PPIPA) as: “information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.”
Our legal obligations
Western Sydney University has legal obligations to individuals whose personal information it collects, stores, uses, discloses, and destroys.
The University’s privacy obligations fall under the following legislation:
- Privacy and Personal Information Protection Act 1998 (NSW) (PPIPA)
- Health Records and Information Privacy Act 2002 (NSW) (HRIPA)
- Privacy Act 1988 (Cth)
- Some foreign privacy regulations, such as the European Union General Data Protection Regulation 2016/679 (GDPR).
The way in which the University meets these obligations is detailed in the University’s:
Privacy Policy
The Privacy Policy can be found in Policy DDS (opens in a new window).
Privacy Management Plan
Under the PPIPA, the University is required to have a Privacy Management Plan (opens in a new window) (PMP) which applies to all personal information and health information, of any person, that has been collected or received by the University.
The PMP sets out in detail the way in which the University collects, uses, stores, secures, discloses and destroys personal information and health information. It also provides information about how a person can access their personal information and how to make complaints about privacy matters.
The obligations of the University extend to third parties who handle personal information on its behalf, including volunteers, contractors and other organisations engaged by the University.
The University embraces this obligation as an exercise of good governance and transparency in the way in which the University collects and deals with the personal information of its staff, students, and other members of the University community.
The PMP applies to the University’s controlled entities, which currently include:
- Western Sydney University Enterprises Pty Ltd (trading as "The College")
- Western Sydney University Early Learning Ltd
- Whitlam Institute within Western Sydney University Ltd
- Western Growth Development (Parramatta Innovation Hub) Pty Ltd
- Western Growth Development (Westmead) Pty Ltd
Privacy Data Breach Response Plan
The University must report privacy breaches to the NSW Privacy Commissioner to meet our statutory obligations under the Mandatory Notification of Data Breach (MNDB) Scheme in Part 6A of the Privacy and Personal Information Protection Act 1998 (NSW) (opens in new window).
The Privacy Data Breach Response Plan (opens in new window) sets out the procedures to be followed by University staff in response to suspected or actual eligible breaches of University held data.
The Privacy and GIPA Officer manages,provides guidance on and recommendations for the following privacy compliance procedures:
Mobile options:
