Privacy regulations

UTS is covered by legal requirements that govern the collection, storage, use, disclosure, retention and destruction of personal and health information. These are incorporated into and regulated through the Privacy Policy, the Privacy Management Plan (PDF) and various operational procedures.

UTS staff are obliged under the Code of Conduct to follow the university's policies and comply with relevant legislation governing privacy.

Staff who provide professional services such as legal advice, medical or counselling services are also bound by ethical and moral duties and by the standards imposed on them as members of their relevant professional bodies.

Governance instruments

At UTS management of privacy and personal information is regulated by:

Other UTS policies related to privacy:

Legislative requirements

UTS is established under the University of Technology Sydney Act 1989 (NSW) and as such is defined as a NSW state agency and is covered by NSW privacy legislation.

NSW privacy legislation

The Privacy and Personal Information Protection Act 1998 (NSW) defines the Information Protection Principles that UTS must follow to ensure personal information is appropriately collected, used, disclosed, stored, retained, and destroyed.

The Health Records Information Privacy Act 2002 (NSW) defines the Health Privacy Principles that UTS is required to follow to ensure health information is appropriately collected, used, disclosed, stored, retained, and destroyed.

Before September 2004, health information was covered by the NSW Privacy and Personal Information Protection Act.

Federal privacy legislation

UTS is not directly covered by the Privacy Act 1988 (Cwlth). However, it may be affected by the requirements of this Act in certain circumstances. For instance, where UTS is operating with federal agencies or private organisations that are covered by the federal Act, or where UTS is covered by federal legislation that requires compliance with the Australian Privacy Principles in the federal Act.

UTS may adopt certain elements of the federal Act but, for the most part, the UTS privacy program is based on the NSW legislative requirements.

Right to information

The Government Information (Public Access) Act 2009 (NSW) requires consideration of privacy principles in the assessment of an application to access another individual's personal information.

For advice about access to information under the GIPA Act, see Right to information: applying for access to information.

Surveillance

The Workplace Surveillance Act 2005 (NSW) regulates surveillance of staff via security cameras, GPS devices and monitoring of computer use.

At UTS, the business units that are responsible for activities regulated by the Act manage compliance with its requirements.

For information about activities that are regulated by this Act, see Privacy at UTS: Surveillance and the Surveillance Policy.

Public interest disclosures

Personal information contained in or collected as part of an investigation into a public interest disclosure is exempt from the definition of personal information.

Public interest disclosures are managed under the Public Interest Disclosures Act 2022 (NSW).

UTS manages public interest disclosures in accordance with the Whistleblowing and Public Interest Disclosures Policy.

 

Note: In this section on privacy at UTS, the term ‘personal information’ refers to both personal and health information, unless specified otherwise. Both terms are explained in Privacy definitions.

Acknowledgement of Country

UTS acknowledges the Gadigal people of the Eora Nation, the Boorooberongal people of the Dharug Nation, the Bidiagal people and the Gamaygal people, upon whose ancestral lands our university stands. We would also like to pay respect to the Elders both past and present, acknowledging them as the traditional custodians of knowledge for these lands.