We are reviewing this policy for its content and how well the school implements it. To share your comments and rate its implementation, click the "Start your review" button. This policy's subtopics are also under review if they have a review button.
We are reviewing this policy for its content and how well the school implements it. To share your comments and rate its implementation, click the "Start your review" button. This policy's subtopics are also under review if they have a review button.
We are reviewing this policy for its content and how well the school implements it. To share your comments and rate its implementation, click the "Start your review" button. This policy's subtopics are also under review if they have a review button.
We are reviewing this policy for its content and how well the school implements it. To share your comments and rate its implementation, click the "Start your review" button. This policy's subtopics are also under review if they have a review button.
We are reviewing this policy for its content and how well the school implements it. To share your comments and rate its implementation, click the "Start your review" button.
We are reviewing this policy for its content and how well the school implements it. To share your comments and rate its implementation, click the "Start your review" button.
We are reviewing this policy for its content and how well the school implements it. To share your comments and rate its implementation, click the "Start your review" button.
We are reviewing this policy for its content and how well the school implements it. To share your comments and rate its implementation, click the "Start your review" button.
We are reviewing this policy for its content and how well the school implements it. To share your comments and rate its implementation, click the "Start your review" button. This policy's subtopics are also under review if they have a review button.
We are reviewing this policy for its content and how well the school implements it. To share your comments and rate its implementation, click the "Start your review" button. This policy's subtopics are also under review if they have a review button.
St Andrew's College complies with the requirements of the Privacy Act 2020. We look after the privacy of everyone associated with our school. In particular, we acknowledge that children and young people are vulnerable and are given particular emphasis in the Act (Principle 4).
We ensure that staff understand our school privacy processes, especially in relation to how we manage personal information, and our process for reporting breaches. Staff are made aware of these processes as needed (e.g. through staff induction and professional development, during staff meetings, and after incidents).
We collect, protect, access, and correct personal information according to the information privacy principles of the Privacy Act. See Personal Information.
We only use information for the purposes it was collected, except in certain circumstances (e.g. for statistical purposes where the person's identity is not disclosed).
We are guided by the following policies when we share information:
We only keep information for as long as it is needed and destroy any documents that contain personal information in accordance with the Public Records Act 2005. See School Records Retention and Disposal.
Privacy officer
Under the Privacy Act, we are required to have a privacy officer. Our privacy officer is the chief information officer (CIO). Their responsibilities include:
responding to general questions about privacy at our school
managing requests for personal information
managing complaints about privacy
liaising with the Privacy Commissioner in investigations, if required
informing our school community of serious privacy breaches or risks to the security of personal information the school holds.
Privacy breaches
We follow the Privacy Commissioner's steps for responding to privacy breaches:
Contain
The school acts to contain the breach. We inform our privacy officer as soon as possible if our school (or an individual at our school) intentionally or accidentally provides unauthorised access to personal information, or discloses, alters, loses, or destroys someone's personal information.
Assess
We consider each incident on a case-by-case basis to assess the impact and seriousness of the breach.
Notify
We decide whether to notify any affected people, and if the breach needs to be reported to the board of governors. If there is no risk of harm, it may not be necessary to notify affected people of a breach.
If the privacy breach has caused or is likely to cause serious harm (e.g. physical, psychological, emotional, or financial), our privacy officer notifies the Office of the Privacy Commissioner within 72 hours of being made aware of the breach. We also notify the person or people involved and the board of governors.
We notify CERT NZ if the breach is due to a cyberattack, or a flaw in a product or online service that our school uses.
We may notify other third parties (e.g. police, insurers) if necessary.
Prevent
We investigate the incident and take steps to prevent it from happening again.
SchoolDocs appreciates the professional advice of Kathryn Dalziel, senior barrister specialising in privacy law and certified seminar leader for the Office of the Privacy Commissioner.
The release history is a record of changes made to a SchoolDocs Core topic as the result of an internal or scheduled review. The date indicates when a change was made. If you have a customised topic, it may not have received the updates described. Release history links are kept for five years, then archived.
(Privacy Commissioner).
