New Australian Privacy Laws (comprising 13 Australian Privacy Principles) came into force in March 2014. The new laws apply to Australian Government agencies, private sector businesses and not-for profit organizations covered by the Privacy Act 1988.

The 13 Australian Privacy Principles (APP) strengthen regulation concerning the gathering and disclosure of personal information.

What is referred to as personal information?

Personal information is that information that enables the school to know more about the student. This information includes date of birth, name and address

What comprises of Sensitive information?

This kind of information is personal in nature but more revealing. Examples of sensitive information include one’s political opinions, sexual preference, medical information, religious beliefs, ethnic or racial origin, being a member of a professional trade and criminal record. Biometric information relating to automated biometric identification or verification is sensitive information.

The major objective of the Privacy Amendment Act is to streamline handling of personal information.


Schools and other entities need to have policies and procedures in place to deal with inquiries and complaints about compliance with APPs or any applicable codes. The Privacy Policy needs to include

  • what personal information is collected, how and when it is collected, how and when it is stored and destroyed.
  • reasons why this information is collected
  • disclosure to overseas recipients – this includes being familiar with relevant cloud storage practices if you use off-site storage of information
  • how an individual can access their own stored information and correct it
  • the process by which an individual may complain about a breach of privacy legislation.

Broadly speaking APP 1 concerns the open and transparent management of personal information.

Collecting Personal information

The schools are required to collect only relevant personal information relating to the school’s activities and functions.

Sensitive information collection

Collection of sensitive information is the real risk facing schools. APP is clear that sensitive information should only be collected with an individual’s consent. The information should be reasonably essential for the school’s functions or activities.

There are occasions when the school may obtain sensitive information without the owner’s consent when:

  • There is authorization by a court of law or tribunal
  • Existence of permitted general information
  • Need to prevent threat to life safety or health
  • Location of a person missing
  • Existence of permitted health situation
  • Suspicion of serious misconduct or unlawful action
  • Establishing, defending or exercising an equitable or legal claim.
  • Necessary consular or diplomatic activity or function

Means of collection

Making a direct collection of information from an individual may be problematic since most students are under the age of 18 years. The parent or guardian of the student supplies information to the school. In APP a person must give consent to the collection of information which is sensitive and concerning them. It therefore means that a school must obtain this kind of information from the owner unless:

  • The law gives the school permission to collect information from another person
  • The situation does allow the school to get the information for instance where the person concerned is an infant who or a minor who cannot give consent
  • A person consents to the collection of his/her information from another person.

For more information visit Office of the Australian Information Commissioner at

About the Author

PhD in European Languages and Cultures (specialising in Literary Translation) Department of International Studies Macquarie University