Nepean Christian School operates in accordance with the Privacy Act (1988) and the Privacy Regulations (2013) including the 13 Australian Privacy Principles (APP).
- Ensure that where practicable individuals will have the right to anonymity when dealing with the school unless the school is required or authorised under Australian law to identify the individual, or where it is impractical to deal with individuals who have not identified themselves.
- Only collect personal information that is reasonably necessary for, and directly related to, the function of the school. Where sensitive information is required, it will be collected with the informed consent of the individual.
- All staff will be trained and reminded of their obligation to disclose to members of the school community before private information is collected, including the nature of the collection, its intended purpose and the nature of information retention.
- Ensure that unsolicited information received by the school is destroyed where that information is not reasonably necessary for, and directly related to, the function of the school.
- Inform any individual (student, teacher, caregiver or member of the public) where information is being collected, the purpose of collecting that information and the intended nature of retention of that information.
- Only disclose personal information for the intended purpose for which it was collected. Where information is requested by third parties, consent of the individual will be obtained, except in those circumstances where information is required by law, or for permitted health situations, or where it would be reasonable to expect the individual to consent to the disclosure of such information. Circumstances where it would be reasonable to communicate private information would include but are not limited to:
- Other schools to which a child or teacher has applied
- Banking and superannuation funds
- Government departments
- Health and social work professionals
- Parents and caregivers of the student concerned
- Not disclose personal information for the purposes of direct marketing without the consent of the individual. Where it is necessary to supply private details to a third-party, such as CEN, staff will be offered an opt-out options from receiving any direct marketing.
- Make all reasonable efforts to ensure that organisations that hold school information in cross-border contexts (cloud-based service providers), supply information about privacy practices, and that those practices are substantially similar to Australian legislation. The school will therefore only engage the services of reputable companies who are able to supply copies of their privacy policies. The school will retain copies of such policies.
- Not use government-related identifiers as its own school-based student identification numbers.
- Ensure that all personal information that it collects is up-to-date, complete and relevant. Families will be invited annually to check the accuracy of personal details and at such times as the school becomes aware of changes such as through email bounce-back or returned mail.
- Protect all personal information from misuse, interference, loss or unauthorised access. All digital files will be protected by passwords and structured around levels of authority and permissions. Physical files are divided into two groups: those that contain normal information collected by schools and confidential information. Both will be stored in lockable cabinets. Only the principal will have the key to the latter cabinet. Only essential information on non- current staff and student, which may be required for administrative or legal purposes is archived.
- Enable an individual, where a formal request is made, to view personal information that has been collected by the school, except where access to that information may compromise the privacy of another member of the community. While students may have access to view personal information, that would normally be done through a parental request. Reasonable efforts will be made to de-identify information pertaining to other individuals
- Ensure that where information is determined to be inaccurate, irrelevant, out-of-date, or misleading, the school will take all relevant steps to correct that information. Where that information has been communicated to third parties (as in point 6), the school will take all reasonable steps to notify the third party of any corrections.