Our privacy obligations and responsibilities

The University has legal obligations to protect the personal, sensitive and health information of all students, staff and members of the public it deals with. These obligations are set out in the Privacy and Data Protection Act 2014 (Vic), the Health Records Act 2001 (Vic) and the University’s Privacy Policy (MPF 1104)

Privacy responsibilities in the University

This summary sets out the IPPs and HPPs as they apply to everyday work at the University.

Download summary

What is personal, sensitive and health information?

The University has obligations in relation to personal, sensitive and health information.

Personal information means recorded facts or opinions that identify someone or allow them to be identified.

Sensitive information means information or opinion about an individual’s race/ethnic origin, political opinions, membership in a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences/practices, or criminal record.

Health information means information about a person’s physical/mental health, any disability they may have and any treatment they may have received.

Information Privacy Principles (for the protection of personal and sensitive information)

Schedule 1 of the Privacy and Data Protection Act (Vic) sets out 10 Information Privacy Principles (IPPs). The IPPs are legislative safeguards for the collection, use, disclosure and management of personal and sensitive information.

Download summary

Health Privacy Principles (for the protection of health information)

Schedule 1 of the Health Records Act (Vic) sets out 11 Health Privacy Principles (HPPs). The HPPs are legislative safeguards for the collection, use, disclosure and management of personal and sensitive information.

Download summary