1.1 The University recognises its responsibility to collect, manage and disclose student information in accordance with relevant State legislation and guidelines and prevailing community expectations. This statement has been developed with reference to the Government of South Australia’s Information Privacy Principles and the Australian Privacy Principles.
1.2 This Policy establishes a framework for the management and handling of student information and records which protects the privacy of students, balances the application of privacy principles with the interests of the University in performing its functions as a higher education institution, and promotes the responsible handling of student information by staff throughout the University.
1.3 This Policy also establishes procedures through which a student may access his or her personal information, or make a complaint in respect to the loss, misuse or unauthorised disclosure of, or unauthorised access to, information about them.
2. Definitions and interpretation
2.1 For the purpose of this Policy all references to the term “student” are inclusive of a prospective student, an applicant for admission to the University, a current student, or a former or past student of the University.
2.2 The term “student information” means all information held by the University in hard copy and electronic format that identifies, or from which may be inferred the identity of a student. Student information includes personal information, sensitive information, the academic record, correspondence, forms and other records held on the student file, and data held on University Systems.
2.3 “Personal information” about a student includes:
(a) the student’s name and any previous names;
(b) the student’s date of birth and gender;
(c) the student’s address and other contact details;
(d) the student’s enrolment status;
(e) a digital image of the student;
(f) the visa status of a student;
(g) the Student ID number of a student; and
(h) the Flinders Authentication Number (FAN) of a student.
2.4 “Sensitive information” about a student includes:
(a) health or medical information;
(b) information concerning a student’s disability;
(c) records relating to the handling of an investigation into an allegation of misconduct or breach of the requirements of academic integrity on the part of a student;
(d) records arising from student online activity, including records of access to University email and University system audit trails;
(e) financial records, including bank details, Tax File Number, fee account, and information about a scholarship stipend or outstanding debt; and
(f) feedback from students received in responses to surveys administered by the University (e.g. Student Evaluation of Teaching, University Experience Survey).
2.5 A “Student File” is the official University file and is the prime repository for correspondence and documentation relating to the enrolment of a student in the University.
2.6 A “confidential record” is any record which is marked thus by the author and/or is considered to be so by the Deputy Vice-Chancellor (Students) or nominee.
2.7 An “academic record” for a student means the course and topic enrolment details, assessment results and grades, and approved credit for prior study.
3.1 Student information should be collected, stored, used and disclosed only where it is necessary to carry out one or more legitimate functions or activities of the University.
3.2 The University will take all reasonable steps to ensure responsible handling and management of student information. It will take all reasonable steps to protect student information from misuse, loss, or from unauthorised access, modification or disclosure.
3.3 Student information should be treated as confidential, and should not be disclosed to other persons except:
(a) to Flinders University staff who have a demonstrated need for this information to carry out their duties; or
(b) where disclosure is permitted under the provisions within this Policy.
3.4 Certain types of student information may be subject to confidentiality standards beyond this Policy. In certain cases, the confidentiality requirements in this Policy will be overridden by legal or legislative obligations of disclosure.
4. Collection, storage, use and disposal of Student Information
4.1 The University collects and stores a range of information about its students. This includes: personal information, academic records, and sensitive information. Some information is collected from students, while other information is generated by the University in the course of its activities (e.g. assessment results and grades).
4.2 The University will collect personal information directly from a student wherever possible.
4.3 Where information is collected, all reasonable steps will be taken to inform students of:
- the purpose for which the information is collected;
- any law or legal authority that requires or authorises particular information to be collected or disclosed to a third party; and
- any third party to which the University usually discloses the Student Information that is being collected.
4.4 The University will take all reasonable steps to ensure that student information is accurate, relevant, up-to-date, complete, and not misleading.
4.5 The University will take reasonable steps to adequately protect student information that it collects and stores to prevent misuse or unauthorised access or disclosure of the information. Specific security frameworks and responsibilities with respect to the storage and management of University information is defined in the University’s Information Security Policy (yet to be approved).
4.6 University staff responsible for the management of sensitive information about a student must ensure this information is stored and managed securely and confidentially.
4.7 Legitimate purposes for which information may be used, include but are not limited to:
- the administration of admission, enrolment, and class registration;
- the administration of course completions and award conferrals;
- course and topic administration;
- administration of prizes and scholarships;
- student retention and academic progress matters;
- communication with students;
- the University’s internal planning purposes;
- provision of student services and health and well-being programs;
- provision of associated services such as security, parking and information technology;
- arrangement of work-integrated learning placements;
- conduct of student elections;
- administration of student fees and charges;
- providing information to current and former students and applicants about the University’s courses, activities and programs;
- fostering alumni relations;
- verification of student records for employers or external bodies with legitimate reasons for checking the academic credentials of students;
- mandatory reporting to government departments and agencies under Commonwealth and State legislation; and
- research activities in accordance with Clause 7.7.
4.8 Where student information has been obtained for one or more legitimate purposes, it will not be used for any other purpose, unless:
- the individual concerned has consented to its use;
- use of the information is required by law; or
- the University believes it is necessary in order to prevent or lessen a serious and imminent threat to the life or health of the individual concerned, or another person.
4.9 Where student information is no longer required to be retained by the University it will be destroyed in accordance with the relevant disposal schedule, approved in accordance with the University’s Records Management Policy.
5. Staff access
5.1 Staff access to student information will be restricted to those staff members who require the information in order to carry out their duties and responsibilities.
5.2 Staff who are granted access to student information will only use that information for legitimate purposes and activities, in accordance with provisions within this Policy and the scope of their duties and responsibilities.
5.3 Staff requesting access to student information, held electronically, must acknowledge their responsibility to maintain confidentiality of information, and certify that they will abide by the requirements of this Policy and the IT Acceptable Use Policy.
5.4 Applications for access to systems holding student information must be made on the relevant forms and approved by the business owner of the system (or nominee).
6. Student access
6.1 The University will take reasonable steps to allow individual students to view the information the University holds about them.
6.2 A student may directly view, via the web, a limited amount of information about themselves which is held on the University's Student Information System. This includes the student's contact details, as well as enrolment details, financial details and academic results.
6.3 Requests to view additional information or documents held by the University must be directed to the Manager, Enrolment and Student Finance in the first instance.
6.4 Where access is granted, this information may only be viewed in the presence of a member of staff. A student will not be permitted to view any document which is marked confidential or which contains information on another student, but will be provided with a brief description of any such document or with a copy of the document with information regarding other student(s) deleted. Charges may be levied to recoup the costs incurred in the provision of copies of documentation required by the student.
6.5. Where information is held by a School or Faculty, the Director, Student Administration (or nominee) will liaise with the relevant manager to put in place appropriate arrangements for the student to view the information.
7. Disclosure to third parties
7.1 The University will not disclose information about students to persons, bodies or agencies outside the University including parents, spouses or other relatives or friends of the student, or to staff who have no need of the information, unless one of the following provisions apply.
7.2 Disclosure to third parties with the consent of the student concerned
7.2.1 Student information may be disclosed to third parties with the consent of the student concerned. Such consent should be given expressly and in writing. The consent should specify the extent and nature of the information the student agrees may be disclosed.
7.3 Disclosure under statutory or other legal authority
7.3.1 The University is required under State and Commonwealth legislation to provide student information to the following government departments and agencies. It will take reasonable steps to inform students of the types of information that are usually disclosed or reported to government departments and external agencies:
(a) The Australian Government department responsible for tertiary student support funding and programs, for reporting purposes and to enable the administration of Commonwealth student contribution, tuition fee and loans programmes;
(b) Centrelink, as required to enable verification of entitlement to Centrelink payments;
(c) The Australian Taxation Office (ATO) on the liabilities of students who have elected to defer and repay costs incurred during their study under the range of Commonwealth loans and contribution programs;
(d) The relevant Australian Government department responsible for student visa requirements in respect to relevant administrative information on student visas;
(e) Professional registration or accreditation bodies and authorities regarding the registration requirements of students or graduates or with respect to mandatory reporting requirements (e.g. reports and notifications to the Australian Health Practitioner Regulation Agency).
7.3.2 The University must provide information concerning a student if required to do so under a Court order. Such requests must be directed to the Director, Student Administration (or nominee).
7.4 Release of information to State or Federal Police
7.4.1 The University may be required to release information to State or Federal police where a student is reasonably suspected of having committed a criminal offence, or can assist in the prevention or solving of a crime, or in the case of an emergency. Such requests must be directed to the Director, Student Administration (or nominee). In all cases, the bona fides of the person requesting the information will be confirmed before any information is released.
7.5 Staff of an associated or affiliated institution or organisation
7.5.1 The University may grant access to student information to staff of an associated or affiliated institution or organisation of the University, who have a demonstrated need to access student information in order to carry out duties relevant to the administration of admission or enrolment activities, course or topic administration or other relevant activities in connection with Flinders students or prospective Flinders students.
7.5.2 Access to student information to staff of an associated or affiliated institution or organisation will only be granted on the authority of the Deputy Vice-Chancellor (Students), or nominee, and will be limited to only that information which the Deputy Vice-Chancellor (Students) or nominee considers appropriate to meet the need.
7.5.3 Requests for access to student information should be directed to the Director, Student Administration who will review the request and make a recommendation to the Deputy Vice-Chancellor (Students), or nominee.
7.6 Verification of an academic record or testamur
7.6.1 Enquiries concerning a student's academic record from a person or body with a valid reason for seeking the information (e.g. another university or a prospective employer who has been presented with a testamur or transcript of academic record from the student) should be referred to the Director, Student Administration (or nominee).
7.6.2 Such requests must be in writing and include a copy of the testamur or transcript of academic record. On receipt of a request, the Director, Student Administration (or nominee) will check the bona fides of the person or body making the request, and if appropriate, will verify the student’s academic record or testamur.
7.6.3 Where there is evidence that a student may have submitted to another educational institution, employer, or other person or body with a valid reason for requiring a statement of a student’s academic record, a falsified testamur or transcript of academic record, a formal report will be made to the Deputy Vice-Chancellor (Students). The report will include a copy of the falsified document, details of when and where this document had been submitted, and a copy of the student’s actual academic record.
7.6.4 On receipt of the report the Deputy Vice-Chancellor (Students) will undertake an investigation or appoint a staff member to investigate the complaint. In investigating the complaint the Deputy Vice-Chancellor (Students) or nominee will write to the student or former student inviting them to respond to an allegation that they have falsified an official University document and undertake any additional investigation where appropriate.
7.6.5 Where an allegation that a student or former student has falsified an official University document has been proven, the Deputy Vice-Chancellor (Students) may take one of the following actions or penalties, taking into account, any statement or information presented by the student or former student, including any extenuating circumstances:
- issue the student or former student with a formal warning about his or her conduct;
- approve the application of a sanction precluding the student or former student from further enrolment at the University; or
- refer the matter to an external authority.
7.6.6 The Deputy Vice-Chancellor (Students) will notify the student or former student of the outcome of the investigation.
7.7 Requests associated with bona fide research activities
7.7.1 The University is willing, having regard to available resources and taking into account the extent of the work and any possible impact on University surveys, to assist bona fide researchers (staff and research higher degree students of the University or in special circumstances outside organisations and individuals) to undertake projects which will require access to student information.
7.7.2 Staff or students who are considering undertaking research which will require access to student information should take early steps to ascertain:
- the feasibility of obtaining the information and associated costs. Initial enquiries should be directed to the Director, Student Administration; and
- the likelihood of the project being approved by the University's relevant research ethics committee(s). Initial enquiries should be directed to the Secretary of the committee.
7.7.3 All requests to access student information must be lodged in writing with the Director, Student Administration and must include:
- a statement explaining the purpose of the research project;
- a clear description of the information set required;
- details of feasibility of obtaining the information and associated costs;
- a copy of the survey instrument (where applicable); and
- confirmation of ethics approval for the project by the University's Social and Behavioural Research Ethics Committee or from an equivalent research ethics approval process (where applicable).
7.7.4 Any student information released to the researcher must be in a form that does not identify a current or former student or an applicant.
7.7.5 Under no circumstances will student contact details be released to the researcher. Where the research involves contacting students the University will distribute materials to students on behalf of the researcher. However, all costs, including staff time spent on extracting the information, staff time spent on preparing and distributing materials and postage costs must be met by the researcher. The materials must contain a clear statement of purpose, and responses must be entirely voluntary and made directly to the researcher. The University will provide no other follow-up or forwarding services.
7.8 Serious and imminent threat to the life or health of a student or other person
7.8.1 The University may disclose information about a student to the police, emergency services, an external health service provider, or nominated emergency contact person where there is a reasonable belief that disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the student or another person. Disclosure of student information in these circumstances will only be made by the Deputy Vice-Chancellor (Students) or officers of the University authorised by the Deputy Vice-Chancellor (Students). These officers will be listed in an appendix to this Policy.
7.8.2 Where a staff member has a reasonable belief that there is a serious and imminent threat to the health or life of a student or other person they should contact the Head of Security in the first instance.
7.9 Release of student information to contracted third parties
7.9.1 The University may release student information to contracted service providers, which the University uses to perform services on its behalf. The release of student information must be approved by the Executive Director, Student and Academic Services and the contract must include provisions to protect the security and confidentiality of the student information.
8. Freedom of Information
The University complies with the provisions of the South Australian Freedom of Information Act 1991. Any request for information concerning a student or former student made under the terms of the South Australian Freedom of Information Act 1991 must be referred immediately to the University's Freedom of Information Officer.
9. Correction of student information
9.1 The University will take reasonable steps to enable students to correct any inaccurate information held by the University as appropriate.
9.2 Students who wish to correct personal information held by the University may correct certain details such as their address and emergency contact details directly via the Student Information System. Students who believe there is an error in other personal details (e.g. birth date, citizenship or residency status or name) should contact Enrolment Services and, where appropriate, provide official documentation to support their request.
9.3 A student who has a reasonable belief that there is an error or inaccuracy in a document or record held by the University about them or that is associated with them may make a written request for a correction to be made to the document or record in question. Written requests for a correction to a document or record should be directed to the Director, Student Administration. A copy of the written request will be retained on the student’s file.
9.4 A student who has a reasonable belief that there is an error in an academic grade or result should raise his or her concern with the relevant duly authorised person (who will be the Topic Coordinator unless the School has designated another person) in the first instance. (refer to Sections 15 and 17 of the University’s Assessment Policy and Procedures).
10. Complaints regarding student information records
10.1 Students may lodge a complaint about a breach of confidentiality, misuse or inappropriate disclosure of information held by the University about them to:
Integrity Governance and Risk Division
GPO Box 2100
ADELAIDE SA 5001
10.2 The Privacy Officer will acknowledge all complaints, in writing, within 5 working days and refer the complaint promptly to one of the following University officers with responsibility for initial investigation of complaints regarding student information, viz:
- Director, Student Administration with respect to student data held on the University's Student Information System or records retained on the student file;
- Dean of School with respect to student information and records managed by a School;
- Faculty General Manager with respect to student information and records managed by a Faculty office.
10.3 The investigating officer will reply to the complainant in writing within 30 calendar days of the complaint being lodged, informing the complainant of the outcome of the complaint, or stating what progress has been made and when the next report to the complainant will be made.
10.4 Where a complaint is found to have been substantiated, the investigating officer handling the matter will initiate appropriate steps to redress the concerns raised by the complainant and notify the complainant of the actions taken.
10.5 Where an investigation into a complaint establishes that there is a prima facie case that a staff member has deliberately or maliciously disclosed or given unauthorised access to student information or breached student confidentiality or may be guilty of serious misconduct as a result of the misuse of student information, a recommendation may be referred to the Director, Human Resources, to initiate disciplinary procedures under the relevant industrial award.
10.6 Where a student has made a complaint in accordance with Clause 10.1 and is not satisfied with the outcome, the student may make a formal complaint to the Deputy Vice-Chancellor (Students), who may refer it to a nominee. The Deputy Vice-Chancellor (Students), or nominee, will inform the student in writing of the outcome, and the reasons for the decision.
10.7 A student who is still dissatisfied with the outcome may appeal to the Student Appeals Committee. Such an appeal may only be made on one or more of the following grounds:
- that the appropriate policy was not adhered to or correct procedures were not followed in considering the matter; and
- that the decision was made without due regard to facts, evidence or circumstances.
10.8 Such an appeal must be lodged with the Manager, Student Policy and Projects within 20 working days of the date of the dispatch of the notification from the Deputy Vice-Chancellor (Students). The appeal must:
- be accompanied by a copy of the letter the student has received from the Deputy Vice-Chancellor (Students);
- include details of the action which the student has taken thus far and the grounds for the appeal, including the evidence in support of the student's case, together with supporting documentation; and
- specify the outcome being sought.
10.9 At the conclusion of the investigation, and any subsequent review or appeal process, the relevant officer identified under clause 10.2, 10.6 or 10.8, as appropriate, will report the outcome to the Privacy Officer.
11. Related policies and information
In accordance with Clause 7.8.1, the Deputy Vice-Chancellor (Students) has authorised the following officers to disclose student information to the Police, Emergency Services or an external health service in circumstances where there is reasonable belief that disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the student or another person.
|Deputy Vice-Chancellor (Research)
|Dean of Graduate Research
|Executive Dean, Faculty of Education, Humanities and Law
|Executive Dean, Faculty of Medicine, Nursing and Health Sciences
|Deputy Executive Dean, Faculty of Medicine, Nursing and Health Sciences
|Chair, Faculty Student Progress Committee, Faculty of Medicine, Nursing and Health Sciences
|Executive Dean, Faculty of Science and Engineering
|Executive Dean, Faculty of Social and Behavioural Sciences
|Faculty General Manager, Faculty of Education, Humanities and Law
|Faculty General Manager, Faculty of Medicine, Nursing and Health Sciences
|Deputy Faculty General Manager, Faculty of Medicine, Nursing and Health Sciences
|Faculty General Manager, Faculty of Science and Engineering
|Faculty General Manager, Faculty of Social and Behavioural Sciences
|Dean, School of Education
|School Manager, School of Education
|Dean, School of Humanities and Creative Arts
|Associate Dean, School of Humanities and Creative Arts
|Manager, School Administration, School of Humanities and Creative Arts
|Academic Officer, School of Humanities and Creative Arts
|Dean, Flinders Law School
|Director of Studies (Bachelor of Justice and Society)
|Director of Studies (Bachelor of Laws and Legal Practice)
|Director of Studies (Bachelor of Laws and Legal Practice)
|School Manager, Flinders Law School
|Student Services Manager, Flinders Law School
|Dean, School of Health Sciences
|School Manager, School of Health Sciences
|Dean, School of Medicine
|Manager, School of Medicine
|Dean, School of Nursing and Midwifery
|School Manager, School of Nursing and Midwifery
|Dean, School of the Environment
|School Manager, School of the Environment
|Dean, School of Chemical and Physical Sciences
|Manager, School Administration, School of Chemical and Physical Sciences
|Dean, School of Computer Science, Engineering and Mathematics
|School Manager, School of Computer Science, Engineering and Mathematics
|Dean, School of Biological Sciences
|Manager, School Administration, School of Biological Sciences
|Deputy Dean, Flinders Business School
|Strategic Planning and Resources Manager, Flinders Business School
|Dean, School of History and International Relations
|School Manager, School of History and International Relations
|Dean, School of Psychology
|Deputy Dean, School of Psychology
|School Manager, School of Psychology
|Finance and Client Liaison Officer, School of Psychology
|Dean, School of Social and Policy Studies
|School Manager, School of Social and Policy Studies
|Head, Health, Counselling and Disability Services (and approved nominees)
|Director, Student Administration and Systems