Privacy at ӰƵ Sydney University

Privacy matters!

ӰƵ Sydney University is committed to protecting the privacy of staff, students and community members – keeping all personal information safe and ensuring the security of the information and data we hold. This includes our obligations under NSW and federal laws that relate to how the University collects, uses, holds (that is, stores) discloses and destroys personal information.

What is 'personal information'?

Personal information is defined in the Privacy and Personal Information Protection Act 1998 (NSW) (PPIPA) as: “information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.”

Our legal obligations

ӰƵ Sydney University has legal obligations to individuals whose personal information it collects, stores, uses, discloses and destroys and the way in which it does this is detailed in the University’s (opens in a new window) and the (PMP) (opens in a new window).

The University’s privacy obligations primarily fall under the Privacy and Personal Information Protection Act 1998 (NSW) (PPIPA) and the Health Records and Information Privacy Act 2002 (NSW) (HRIPA). However the Privacy Act 1988 (Cth) also applies to the University in some respects, as do some foreign privacy regulations, such as the European Union General Data Protection Regulation 2016/679 (GDPR).

The way in which the University meets these obligations is detailed in the University’s (opens in a new window), the (opens in a new window) and the (opens in a new window).

Privacy Management Plan

Under the PPIPA, the University is required to have a (opens in a new window) and embraces this obligation as an exercise of good governance and transparency in the way in which the University collects and deals with the personal information of its staff, students, and other members of the University community.

The PMP applies to all personal information and health information, of any person, that has been collected or received by the University. All academic and organisational units of the University must collect, store, use and disclose personal or health information in accordance with the procedures set out in the PMP, or in other University policies and procedures (such as the (opens in a new window)). The obligations of the University extend to third parties who handle personal information on its behalf, including volunteers, contractors and other organisations engaged by the University.

The PMP also applies to the University’s controlled entities, which currently include ӰƵ Sydney University Enterprises Pty Ltd, ӰƵ Sydney University Early Learning Ltd, Whitlam Institute within ӰƵ Sydney University Ltd, ӰƵ Growth Development (Parramatta Innovation Hub) Pty Ltd and ӰƵ Growth Development (Westmead) Pty Ltd.

The PMP sets out in detail the way in which the University collects, uses, stores, secures, discloses and destroys personal information and health information. It also provides information about how a person can access their personal information and how to make complaints about privacy matters.

The (opens in a new window), (opens in a new window) and (opens in a new window) can be found in Policy DDS (opens in a new window).

Privacy Officer contact details

The University's privacy contact point is the Privacy Officer (opens in a new window). The Privacy Officer helps to create a privacy compliant culture at the University, and:

  • assists with inquiries about how personal information can and cannot be used by the University;
  • gives advice when requested about whether personal information can be disclosed, including in emergency situations;
  • manages requests about disclosure of information to law enforcement, government or other organisations when the University is compelled to do so;
  • manages complaints about the conduct of the University in relation to privacy matters;
  • manages privacy breaches made by or on behalf of the University;
  • reviews the University’s Privacy Policy and Privacy Management Plan as required.

The University’s Privacy Officer can be contacted as follows:

By phone:      (02) 4570-1428
By email: