Subject: RE: E1473 - Confirming qualifications and graduation announcements Date: Tue, 26 Nov 2002 13:38:24 +1100 From: "Privacy External" To: Dear Mr Woods Thank you for your email. I apologise for the delay in replying. We have been extremely busy with the commencement of new privacy provisions and it has not been possible for us to answer enquiries as promptly as we would like. As you may know, new provisions in the Privacy Act came into force on 21 December 2001. They are based on the National Privacy Principles (NPPs) in the Privacy Act and apply to many organisations in the Australian private sector. There are some exemptions, though. In particular many small businesses are not subject to the NPPs. If you want to work out whether your organisation is subject to the NPPs, here is a link to our information sheet on coverage: http://www.privacy.gov.au/publications/IS12_01.html. We have also issued guidelines on how we see the NPPs working in practice. It includes the text of the NPPs themselves and a glossary of terms. Here is a link: http://www.privacy.gov.au/business/index.html#3.2. It is important for you to note that the Privacy Act does not cover state universities (in NSW these would be covered by state privacy legislation). If you work for a state based educational institution, you may still wish to use the following advice as a guide to good practice. NPP 2 defines the circumstances under which a organisation may use and disclose personal information. Organisations can use and disclose personal information where it is done in accordance with the primary purpose for which the information was collected. If the use or disclosure of non-sensitive information is not done for the primary purpose of collection, then it must be for a related purpose and fall within the individual's reasonable expectations (NPP2.1(a)) Otherwise an organisation can only use or disclose your information under one of the exceptions listed under NPP 2. The safest approach to verifying a students qualifications would be to obtain consent. Having said this, it appears that the disclosure of information regarding a student's qualifications would probably be related to the purpose for which your organisation originally collected the student's information, and would also most likely be within the student's reasonable expectations. If this is the case you would not need consent, however, you would need to ensure that students are aware of this practice. In respect to your question about announcing the names and qualifications of students during graduation ceremonies, it is probably the case that consent could be implied from the circumstances. If the student did not wish anyone to know the details of their graduation, it would be unlikely that they would attend their graduation ceremony. I hope this information is useful. Regards Brian -----Original Message----- From: Ross [mailto:ross.woods@mounties.org.au] Sent: Monday, 18 November 2002 2:02 PM To: Privacy External Subject: E1473 - Confirming qualifications and graduation announcements Dear Privacy Commissioner, In developing a college privacy policy, I would like to: 1. Make qualifications verifiable. That is, if an employer of a graduate wishes to confirm the graduates qualification with me to ensure that a qualification is not forged, I need to be able to do so. Is it adequate to put an appropriate statement in the college's public Privacy Statement, or would the graduate (who has signed to comply with the schools regualtions) need to sign a separate release? 2. Announce the names and qualifications of graduates at graduation ceremonies. Is it adequate to put an appropriate statement in the college's public Privacy statement, or would the graduate (who has signed to comply with the schools regulations) need to sign a separate release? Many thanks for your advice. (Dr. ) Ross Woods Academic Dean, ACAS ************************************************************************ WARNING: The information contained in this email may be confidential. If you are not the intended recipient, any use or copying of any part of this information is unauthorised. If you have received this email in error, we apologise for any inconvenience and request that you notify the sender immediately and delete all copies of this email, together with any attachments. ************************************************************************