Privacy. Purpose. Scope. Policy. Appendix A

Transcription

1 Privacy NZQA Quality Management System Policy Appendix A Purpose To ensure NZQA and personnel meet the legal obligations under the Privacy Act 1993 and in relation to its functions under section 246A of the Education Act. The policy will assist NZQA personnel promote and support the principles of privacy as set out in section 6 of the Privacy Act as detailed below. Particular reference is made to the source, collection, storage and security, access, correction, accuracy, retention, use and disclosure of personal information. Scope All NZQA personnel (includes both employees of NZQA and others, whether individuals or organisations with agreements or arrangements to carry out work or provide services to NZQA - refer to the Definitions section) who are involved with the use of personal information. Compliance with this policy is required under the NZQA Code of Conduct. This policy supports legislative compliance with the Privacy Act 1993 and the Education Act Policy 1 General Introduction The Privacy Act requires NZQA to appoint a Privacy Officer who ensures we comply with the Act. The Act is a comprehensive piece of legislation which sets out rights and obligations relating to the proper source, collection, storage and security, access, correction, accuracy, retention, use and disclosure of personal information. Personal information is information about an identifiable individual (a natural person) and includes information relating to a death maintained by the Registrar of Births, Deaths, Marriages and Relationships. It does not include statistical information that does not identify individuals. If an information request relates to reasons for decisions affecting that individual the request may also be made under the Official Information Act (OIA) (section 23 of the OIA) and must be released unless there is good reason to withhold the information under sections 5-11 of the OIA Act. (See Respond to Official Information Act requests) The office of the Privacy Commissioner is responsible for investigating complaints about interferences with privacy. An interference with privacy involves a breach of privacy law (such as a breach of the privacy principles) and some harm arising from that breach, with harm being: financial loss or other injury adverse effect on a right, benefit, privilege, obligation or interest significant humiliation, significant loss of dignity, or significant injury to the feelings of the individual. NZQA should not wrongfully refuse to give an individual access to their personal information in order to correct that information. A breach can also occur under a code of practice for data matching in accordance with Part 10 of the Act, Information Sharing under Part 9A, or Transfer outside of NZ under Part 11A.

2 2 NZQA shall meet the Principles of the Privacy Act Principles 1-4 regulate the manner in which information is collected by NZQA at all stages of the provision of services. Principle 1: Purpose of collection of personal information Personal information must not be collected by NZQA unless the information is collected for a lawful purpose connected with the functions of NZQA as set out under section 246A of the Education Act 1989 and the collection of the information is necessary for that purpose. Personal information in the context of NZQA s work includes; name, address, date of birth, gender, ethnicity, institution details and exam grades and NSN. As an authorised user in terms of the Act, NZQA personnel may collect the NSN for particular purposes which include: monitoring and ensuring student enrolment and attendance ensuring education providers and students receive appropriate resourcing. statistical purposes. research purposes. ensuring that students educational records are accurately maintained Principle 2:- Source of personal information Personal information should be collected directly from an individual unless NZQA believes it can clearly be shown that the individual concerned has authorised collection of the information from someone else. Permission must be obtained from students for personal information to be disclosed, for a specified purpose between educational institutions and agencies such as NZQA, unless one of the exceptions apply. NZQA practice is to obtain permission from students at enrolment. Information is disclosed for such purposes as facilitating enrolment and transferring and compiling statistics. Exceptions to compliance are:- (a) that the information is publicly available information; or (b) that the individual concerned authorises collection of the information from someone else; or (c) that non-compliance would not prejudice the interests of the individual concerned; or (d) that non-compliance is necessary - i. to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or for the enforcement of a law imposing a pecuniary penalty; or i for the protection of the public revenue; or iv. for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or (e) that compliance would prejudice the purposes of the collection; or (f) that compliance is not reasonably practicable in the circumstances of the particular case; or (g) that the information -

3 i. will not be used in a form in which the individual concerned is identified; or will be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or (h) that the collection of the information is in accordance with an authority granted under section 54. Principle 3:- Collection from the individual When information is being collected, NZQA personnel must take all reasonable steps to ensure that the individual knows and understands: i. why the information is being or is to be collected; and their right to access and correct the information collected. Under section 254A of the Education Act 1989, NZQA may collect personal information from institutions, rather than directly from candidates. However, the information must be gathered for the purposes of performing its functions under the Act. Principal 4:- Manner of collection of personal information Personal information shall not be collected by NZQA by unlawful means, or where in the circumstances of the case, would be unfair and intrude to an unreasonable extent upon the personal affairs of the individual concerned. Principle 5:- Security of personal information NZQA personnel have an obligation to ensure that only appropriate personnel have physical and electronic access and must take all reasonable safeguards to guard against loss, access, use and modification or disclosure except with authorisation by NZQA. For further detail refer to the Code of Conduct, Acceptable Use Guidelines for Computer, Information Security and Information Management policies and the Clear desk for classified information policy. Principle 6:- Right of access to personal information An individual has the right to access their own personal information if it can be readily retrieved. The individual does not need to provide any explanation of why they wish to access their information. An information privacy request, may only be made by an individual or a third party who has been authorised by the individual. NZQA is required to develop procedures that support the process and respond to requests for access within 20 days and also advise the individual of the right to correct their personal information under Principle 7. Where the information requested is not held by NZQA but is believed to be held by another agency, or the information is held by NZQA but believed to be more closely connected to the functions/ activities of another agency NZQA must transfer any request within 10 days. Reasons for refusing requests are set out in sections of the Act and include: disclosure would likely endanger the safety of an individual or would involve the unwarranted disclosure of the affairs of another individual. See processes for responding to requests for personal information. If the request relates to reasons for decisions affecting that individual the request may also be made under section 23 of the Official Information Act (OIA) (see Respond to Official Information Act requests). For NCEA results etc., the information belongs to the individual and parents and guardians do not have automatic access and require the individual s consent to access.

4 Principle 7:- Requests for correction of personal information Individuals have the right to request their information be corrected and if NZQA hold the information, must ensure any factual and demographical information is corrected. Where NZQA is not willing to correct the information, it will take reasonable steps to attach any statement provided by that individual of the correction and inform the individual of the same. Principle 8:- Accuracy of personal information Before using information NZQA personnel must take reasonable steps to ensure that the information is accurate, up to date, complete, relevant and not misleading. This is especially important if the information has been collected from a third party (e.g. unsolicited information) and not directly from the individual. Principle 9:- Retention of personal information NZQA shall not keep that information for longer than is required for the purposes for which the information may lawfully be used. Principle 10:- Limits on use of personal information Information obtained in connection with a purpose(s) may only be used for that purpose in accordance with Principle 3 collection of information, or a directly related purpose. Uses which are directly related to the purpose for which the information was collected will generally include administrative purposes. Other exceptions in relation to use include: (c) that non-compliance is necessary - i. to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or for the enforcement of a law imposing a pecuniary penalty; or i for the protection of the public revenue; or iv. for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or (d) that the use of the information for that other purpose is necessary to prevent or lessen a serious threat (as defined in section 2(1)) to - i. public health or public safety; or the life or health of the individual concerned or another individual; or (f) that the information - i. is used in a form in which the individual concerned is not identified; or is used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or (g) that the use of the information is in accordance with an authority granted under section 54. Further authorisations are available through information sharing agreements, (Part 9A) information matching programmes (Part 10) s and law enforcement (Part 11).

5 Principle 11 Limits on disclosure of personal information NZQA shall only disclose personal information requested to the individual to whom that information relates unless NZQA receives the individual s authority (in accordance with the QMS process) to disclose that information to a Third Party. Exceptions to compliance include: (a) that the disclosure of the information is one of the purposes in connection with which the information was obtained or is directly related to the purposes in connection with which the information was obtained; or (b) that the source of the information is a publicly available publication and that, in the circumstances of the case, it would not be unfair or unreasonable to disclose the information; or (c) that the disclosure is to the individual concerned; or (d) that the disclosure is authorised by the individual concerned; or (e) that non-compliance is necessary - i. to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or for the enforcement of a law imposing a pecuniary penalty; or i for the protection of the public revenue; or iv. for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or (f) that the disclosure of the information is necessary to prevent or lessen a serious threat (as defined in section 2(1)) to - i. public health or public safety; or the life or health of the individual concerned or another individual; or (g) that the disclosure of the information is necessary to facilitate the sale or other disposition of a business as a going concern; or (h) that the information - i. is to be used in a form in which the individual concerned is not identified; or is to be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or (i) that the disclosure of the information is in accordance with an authority granted under section 54. Principle 12 - Assignment of unique identifiers A unique identifier is defined as an identifier that is assigned to an individual by an agency for the purposes of the operations of the agency and that uniquely identifies that individual in relation to that agency. It does not include the individual s name. Unique identifiers are only to be assigned where it is necessary for the agency to carry out one or more of its functions efficiently. Use and disclosure of some unique identifiers, for example the student NSN number, are regulated under other legislation (Part 30 of the Education Act for NSNs), and override the Privacy Principles for use and disclosure. There are also restrictions on two or more agencies using the same identifiers.

6 3 Complaints relating to the Privacy Act Part 8 of the Act provides a detailed description and process for making a complaint for a breach of the Privacy Principles under the Act. Any person wishing to make a complaint to the Privacy Commissioner must show an interference with privacy i.e. breach of privacy law and harm. The office of the Privacy Commissioner advises that harm can include: Financial loss or injury Adverse effect on a person s rights, benefits, privileges, obligations or interests Significant humiliation, significant loss of dignity, or significant injury to feelings. Responsibilities Position Responsible for NZQA Board Maintaining an overview of Privacy at NZQA Strategic Management Team Approving any amendments required to the NZQA Privacy policy. Approving the NZQA processes for managing personal information and requests for personal information. Privacy Officer Supporting NZQA compliance with the provisions of the Privacy Act. Logging all external requests made to NZQA under the Privacy Act and manage the execution of all Privacy responses as required under the process. Contacting legal services for advice where unsure of resolving an issue. Working with the Privacy Commissioner on complaint investigations in relation to NZQA made pursuant to Part 8 of the Act. Advising and training NZQA Personnel on collection, use, storage, access, disclosure and complaints to NZQA. Manager People and Capability Ensuring confidential employment records are securely held and only made accessible in accordance with the Privacy Act and the Collective Employment Agreement or Individual Employment Agreement. Managing any employee requests for access, disclosure or correction to information held by People and Capability in accordance with the Privacy Act and the Collective Employment Agreement. Managing all employee requests made in relation to People and Capability records to NZQA under the Privacy Act. NZQA Managers Ensuring that confidentiality of personal information is maintained at all times. Ensuring that personal information is collected and stored securely, and the information is used only for those proper purposes for which it was obtained. Ensuring that when they are seeking feedback about an individual from other persons (e.g. referee checking applicants for vacancies, performance feedback on staff during the annual performance review) they obtain the permission of the individual concerned before proceeding.

7 Contacting privacy officer or legal services for advice as required. Otherwise complying with the Privacy Principles. NZQA personnel Ensuring that they are aware of NZQA s privacy obligations as they relate to individuals both internal and external to NZQA, and assisting NZQA to comply with its obligations. Unauthorised disclosure may amount to serious misconduct and may result in a disciplinary process, an investigation of NZQA by the Privacy Commissioner and/ or legal proceedings Ensuring that all (internal and external) requests are forwarded to the Privacy Officer to be logged in the privacy request register and comply with the privacy procedures. Contacting their manager or the Privacy Officer if they are unsure what to do. Ensuring that when they are seeking feedback about an individual from other persons they obtain the permission of the individual concerned before proceeding. References NZQA Code of Conduct NZQA Complaints policy Computer and Information Security policy Clear desk for classified information policy Acceptable Use Guidelines Processes for responding to privacy requests Privacy Act 1993 ( Privacy Act ) Official Information Act 1982 ( OIA ) Harmful Digital Communications Act 2015 Sharing Information Agreement for improving Public Services for Vulnerable Children (25 June 2015) Office of the Privacy Commissioner Definitions For the purposes of this policy, unless otherwise stated, the following definitions apply. NZQA Personnel Personal information (a) employees of NZQA, whether permanent or fixed-term; and (b) others, whether individuals or organizations or both, carrying out work for or on behalf of, or providing services to or on behalf of, NZQA, where the agreement or arrangement for the work or services requires compliance with all or some of NZQA's policies, frameworks, processes, or procedures. Information about an identifiable individual and includes information relating to a death, that is maintained by the Registrar General pursuant to the Births and Deaths Marriages, and Relationships Registration Act 1995, or any former Act. It excludes non identifiable statistical information and evidence given or made in correspondence to Commissions of enquiry or the Privacy commissioner.

8 Interference with privacy Official Information Third Party An interference with privacy involves a breach of privacy law (such as a breach of the privacy principles) and some harm arising from that breach, with harm being: financial loss or other injury adverse effect on a right, benefit, privilege, obligation or interest significant humiliation, significant loss of dignity, or significant injury to the feelings of the individual. Involves refusal to make information available where the Privacy Commissioner is of the opinion that there is no proper basis for the refusal. Is any information held by the government, including information held by NZQA and its contractors, and includes reasons for decisions about a person. Official information must be disclosed unless there is good reason for withholding it (see sections 5 to 11 of the OIA and supporting QMS documents). Is defined as being any person or body of persons, whether corporate or unincorporated, and whether in the public sector or the private sector. It does not include data matching or sharing arrangements which allow for the exchange of information between agreed agencies. (Parts 7, 9A and 11 of the Privacy Act). Measurement Criteria No inappropriate release of personal information about employees, students or other individuals that is held by NZQA. No justifiable complaints from staff members regarding, inappropriate use of, or inaccuracies in, their personal information held by NZQA.