Medicus College will follow the ten National Privacy Principles (NPP) in the handling of personal information of students / employees.
NPP 1 – Collection
Collection of personal information must be fair, lawful and not intrusive. A person must be told the organisation’s name, the purpose of collection, any laws requiring the collection, the main consequences if all or part of the information is not provided, and that the person can get access to their personal information.
The organisation must collect personal information directly from the individual if it is reasonable and practicable to do so. An organisation which collects personal information about an individual from someone else must ensure that the individual is or has been made aware of the disclosure required above.
NPP 2 – Use & Disclosure
Medicus College should only use or disclose information for the purpose for which it was collected unless the person has consented, or the secondary purpose is related to the primary purpose and a person would reasonably expect such use or disclosure.
Where personal information (other than sensitive information) is used for the secondary purpose of direct marketing and it is not practicable to obtain consent, each direct marketing communication must provide the individual an opportunity of not receiving further direct marketing communication.
NPP 3 – Information Quality
Medicus College must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to date.
NPP 4 – Data Security
Medicus College must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
NPP 5 – Openness
Medicus College must have a policy document outlining its information handling practices and make this available to anyone who requests it.
NPP 6 – Access and Correction
Generally speaking, Medicus College must give an individual access to personal information it holds about that individual on request.
NPP 7 – Identifiers
Generally speaking, Medicus College must not adopt, use or disclose an identifier that has been assigned by a Commonwealth government ‘agency’. For example, a tax file number or Medicare number.
NPP 8 – Anonymity
Medicus College must give people the option to interact anonymously whenever it is lawful and practicable to do. Generally speaking, a person cannot acquire financial services anonymously. However, a person could make a general enquiry (for example, about the policy coverage available) without giving his or her name.
NPP 9 – Transborder Data Flows
Medicus College can only transfer personal information to a recipient in a foreign country in circumstances where it is necessary to do so to complete an agreement with a person, or where the information will have appropriate protection, or the person has consented to the transfer.
NPP 10 – Sensitive Information
Medicus College must not collect sensitive information (for example, details of a person’s race, religion, sexual preferences or health) unless the individual has consented.