The Information Privacy Act 2000 of the State of Victoria sets out Information Privacy Principles which must be observed by organisations such as the University that hold personal information. The section of this the RMIT policy headed privacy principles incorporates those Information Privacy Principles. The University’s rights and obligations with respect to personal information as set out in this policy are based on those principles.
For the purposes of this policy “personal information” means: information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Where personal information is also “health information” then under the Health Records Act 2001 of the State of Victoria, persons to whom this policy applies must also comply with the Health Privacy Principles (“HPPs”) under that act, together with any guidelines issued from time to time by the Health Services Commission. The provisions of this policy will also apply to health information except to the extent that they may be inconsistent with the HPPs.
This policy must be observed by all University staff, consultants, external contractors and students who have access to personal information held by the University.