PRIVACY OF INFORMATION
The Board of Trustees of St Andrews Middle School complies with the Privacy Act 1993 in all aspects for employees, and in its role as the body with the overall responsibility for the running of the School.
(i) To promote and protect individual privacy with regard to:
(a) the collection, use and disclosure of information relating to individuals
(b) access by each individual to information relating to that individual held by the School.
(1) Personnel information is collected only for a purpose connected with a function of the school and only where the collection is essential.
(2) Personal information is collected directly from the person concerned, although it is not necessary for the school to comply with this in certain circumstances - i.e. if the information is publicly available information.
(3) Where personal information is collected directly from the person, reasonable steps are taken to ensure the person knows-
(a) that the information is collected
(b) the purpose for which the information is being collected
(c) who will receive the information
(4) Personal information is not collected by unlawful means or by means that are unfair or unreasonably intrusive.
(5) The school makes sure that reasonable safeguards are put in place to protect the personal information against -
(a) loss, and
(b) unauthorised access, use, modification, or disclosure
(6) Individuals about whom the information is held can have access to that information at any time.
(7) Individuals may request correction of personal information held. They may also request that a statement be attached to the information of a correction sought but not made.
(8) Reasonable steps are taken to make sure personal information is accurate, up to date, relevant and not misleading before it is used.
(9) The school does not keep personal information for longer than is required for the purposes for which it may lawfully be used.
(10) Personal information is not used for a purpose other than it was collected for, except under conditions contained in the Act.
(11) The school will only pass on or disclose personal information to outside agencies under conditions contained in the Privacy Act.
(12) The school does not assign a unique identifier (IRD Number, Bank Number, Customer Number) to a person unless it is necessary to enable the school to carry out its functions. Where a unique identifier is used, reasonable steps must be taken to ensure it is only given to a person whose identity is clearly established.
The Board appoints at least one Privacy Officer, whose responsibilities include:
1. Encouraging compliance with the information privacy principles.
2. Dealing with any requests made to the school relating to the Act.
3. Working with the Commissioner in relation to investigations conducted regarding complaints.
Evaluation and Review:
Date of Approval:______________ Chairperson:________________________________
Date of Review:_______________ TWO YEAR REVIEW