Privacy Policy
POLICY STATEMENT
IPU New Zealand values the privacy of every individual’s personal information (whether such individual is a student, staff member or member of the public) and is committed to the protection of personal information. The Institute complies with its obligations in respect of personal information under the Privacy Act 1993, the Official Information Act 1982, the Education Act 1989 and the Health Information Privacy Code 1994. The Institute takes all reasonable steps to ensure that personal information it holds is protected against loss, and unauthorised access, release, use or modification.
This policy is not intended to be a stand-alone document. It must be read and applied in conjunction with:
- All relevant law, including the Privacy Act 1993
- The agreements between IPU New Zealand and its staff and students
- Procedure for collection, use and disclosure of personal information.
Definitions:
The term personal information refers to information concerning an identifiable individual.
Purpose:
The purpose of this policy is to establish procedures and guidelines for:
- The collection, use and disclosure of personal information by IPU New Zealand
- Access by individuals to personal information about themselves held by IPU New Zealand.
Procedure:
- This policy applies to all past and present IPU New Zealand staff and students
- The Privacy Officer for IPU New Zealand is the Human Resources Manager and / or the Academic Registry Manager.
- Responses to requests for information made in respect of the Privacy Act 1993 may be sub-delegated.
ROLES AND RESPONSIBILITIES
Privacy Officer
The Director of Services will appoint the Privacy Officer, who will be either the Human Resources Manager or the Academic Registry Manager. The Privacy Officer will:
- Respond to requests for information and receive all complaints
- Be responsible for the provision of information, investigation of privacy breaches and resolution of complaints made under the Privacy Act 1993
- Develop, implement and continually improve privacy management processes
- Identify compliance obligations and risks relating to privacy in conjunction with managers.
- Support training for staff in regard to privacy
Heads of Department (or equivalent) will:
- Model good privacy behaviour by demonstrating sound judgement in privacy matters
- Comply with legislative requirements
- Ensure privacy breaches are reported to the Privacy Officer
- Identify privacy risks
The IT department will:
- Ensure that procedures for controlling access to information are developed, implemented and maintained
- Proactively manage security to all data and information on the Institute network
All Staff will:
- Comply with privacy legislation and policy
- Take reasonable care to protect passwords and other access to private information
Relevant legislation:
Privacy Act 1993
Education Act 1989
Health Information Privacy Code 1994