Privacy at The University of Western Australia
The University of Western Australia strongly respects the privacy of students, staff and other members of the University community. UWA is committed to the responsible and legal management of personal information collected on behalf of the University.
The University has obligations regarding the collection, use and management of personal and health information under various pieces of legislation.
The University must comply with the Australian Privacy Principles, contained within the Privacy Act 1988 (Commonwealth), in relation to students’ personal information obtained for the purposes of chapter 3 and 4 of the Higher Education Support Act 2003 (Commonwealth). The University has further obligations in relation to the personal data it collects and manages under the Health Services Act 2016 (WA) and the Freedom of Information Act 1992 (WA).
The University is also considered in limited circumstances to be a data controller for the purposes of the European Union General Data Protection Regulation 2016/679 (GDPR) in relation to the collection of personal information from individuals located in the European Union (EU).
Apart from as above the University is not subject to the Privacy Act 1988 (Commonwealth) and unlike other Australian States and Territories there is no current Western Australian Information/Data Privacy Act.
The University has in the absence of such legislation enacted its Information Privacy policy, which affirms the University’s commitment to the Australian Privacy Principles for all personal information it collects and manages. This policy applies to all areas of the University.
Any person who deals with the University is entitled to expect that their personal information will be treated in accordance with this policy.
The University’s Information Privacy policy can be accessed through the Information Privacy Policy [DOC 217 kb], and is accompanied by the Information Privacy Guideline [DOC 388 kb], along with links to other supporting material.
In addition to the policy UWA Staff and Students should also read the information specific to them, as found in the University Privacy Collection Notices.
The University has distilled and summarised its commitment to information privacy through the UWA Information Privacy Tenets.
| 1. NOTICE | Inform individuals what personal information you are collecting and why |
| 2. PURPOSE | Collect only what personal information is legitimately needed for the purpose |
| 3. SECURITY | Protect personal information by using adequate security |
| 4. SHARING | Do not disclose personal information unless you are confident it is directly connected with its purpose |
| 5. RELEVANCY | Ensure personal information remains relevant, by allowing individuals to review and correct their data |
| 6. ACCOUNTABILITY | Handling personal information is your responsibility |
| 7. TRANSPARENCY | Be open and vigilant, and report concerns or potential improvements |
The University’s Privacy Office, which is operated out of the Governance Directorate, is responsible for the University’s information Privacy policy, guidance and advice on privacy obligations and responsibilities and managing enquiries and concerns about the University’s collection and management of personal information.
You may contact the UWA Privacy Office at [email protected] with full details in any of the below situations, or initially you may call ext. 1706 (+61 8 6488 1706) from 9am to 3pm Monday to Friday for an informal discussion;
- You wish to request access to, or correction of personal information held by UWA about you and if you have been unable to do this as a student through Student Central.
- You wish to request access to, or correction of personal information held by UWA about you, and if you been unable to do this as a Staff member through your HR Business Partner.
- You wish to invoke a right conferred by the General Data Protection Regulation (GDPR)
- You believe that there has been a breach of the Information Privacy policy by the University, or a member of its staff in the collection, handling or disclosure of your or another person or persons’ Personal Information
- You believe there has been a data breach involving Personal Information.
The University’s Privacy Office, is operated out of the Governance Directorate by the University’s Information Governance team. The Office is modelled on best practice and advice from the Office of the Australian Information Commissioner.
The Privacy Office is responsible for -
- University’s information Privacy policy and policy guideline
- Guidance and advice on privacy obligations and responsibilities
- Training and awareness for University staff of the management of personal information
- Facilitating Privacy Impact Assessments with UWA stakeholders and experts, and the wider community
- managing enquiries, concerns or complaints about the University’s collection and management of personal information
- managing requests for access to, or correction of personal information, and rights afforded under the GDPR; and
- investigating suspected data breaches (in collaboration with UWA’s Cyber security team)
The Privacy Office is made up of the following staff
- Privacy Champion – the Senior Deputy Vice Chancellor
- Privacy Officer – Manager, Information Governance
- Privacy Coordinator – Information Governance Specialist
- Privacy Advisors – Information Governance Advisors
These staff are supported by expert advice and services from UWA Legal Services, Risk Assurance team and Uni-IT’s Cyber Security Team.
If you have any questions please refer to our Frequently Asked Questions page, or for further enquiries contact [email protected].