The University recognises its responsibility to collect, manage, use and disclose personal information and to comply with legislative requirements and the UniSA Code of Ethical Conduct. The University respects the individual’s right to privacy and undertakes to keep personal and sensitive information (refer to definitions below) in confidence.
According to the University’s Code of Ethical Conduct, University staff must protect the confidentiality of information acquired in the course of their work. A staff member should not use or disclose any personal or sensitive information to a third party without specific authority unless use or disclosure is in the normal course of business within the University or there is a legal or professional duty to disclose the information.
These Confidentiality Guidelines apply to all staff members with human resource (HR) responsibilities. These include HR Officers/Coordinators in the devolved environment, all staff in the central HR Unit and HR/CAS Administrators.
The Privacy Act 1988 contains a set of principles called the National Privacy Principles (NPPs). These principles provide definitions of personal and sensitive information as follows:
For the purposes of these Guidelines, sensitive information also includes information associated with the employment relationship, e.g. type of employment, remuneration, leave, etc. In addition, this may be information relating to people management strategies, remuneration benchmarking information for SMG, etc. and may be in either hard copy or electronic form.
The HR Unit collects personal and sensitive information only where it is necessary for the HR function or any related activity. This information should normally be solicited directly from the individual concerned. At the time the information is collected, the staff member should be advised that it is being collected, whether provision of the information is compulsory and what other parties will have access to the information.
The HR Unit endeavours to ensure that personal and sensitive information collected is accurate, relevant, up-to-date, complete and not misleading and will take all reasonable steps to protect these records from misuse, loss, unauthorised access, modification or disclosure. Staff, recognising mutual obligation, have the right of access to their personal information and to correct the information where relevant.
STORAGE OF PERSONAL INFORMATION
Any information that identifies a staff member is available only to HR staff with appropriate authorisation on a restricted access basis. In the Central HR Unit, access to records of personal information will be authorised by the Director: HR. Only staff members who require the information in order to carry out their duties and responsibilities will have permission to access personnel files. In the devolved HR areas, HR Coordinators have responsibility for all personnel files.
According to Records Management Guidelines, one single personnel file must be generated and maintained for the expected life of the person. The personnel file should be entered on the University’s Filemaster database and a barcode allocated. The staff member’s name, position and year of birth are recorded. The files should be maintained for 75 years after the date of birth or seven years after separation from the University, whichever is longer. Following a staff member’s separation from the University, personnel files should be forwarded to the Records Management Officer for archiving.
Confidential case management files are generated in the HR Unit only, and strictly confidential.
Personnel files for members of senior management are kept in the HR Unit with restricted access. Electronic personnel files relating to senior management and associated sensitive information are located on the HR Server, also with restricted access.
Work in progress of a sensitive, highly confidential nature may be stored electronically on either the HR server shared drive or in some cases in staff members’ individual folders.
USE AND DISCLOSURE OF PERSONAL INFORMATION
Staff members must not disclose personal or sensitive information unnecessarily. Protection of confidentiality includes ensuring files and work areas are organised so that information is not inadvertently disclosed.
Staff must only access information that they require for legitimate work purposes. Staff who inappropriately read, access or discuss confidential information (including information accessed from UniSAInfo) may not only be breaching the privacy, and personal integrity of their colleagues but also their obligations under the University’s Code of Ethical Conduct.
HR PRACTITIONERS – GUIDELINES FOR GOOD PRACTICE IN PROTECTING THE PRIVACY OF UNIVERSITY STAFF
The following are practical, everyday work practices that HR practitioners should apply in ensuring confidentiality in the workplace.
Updated 28 September 2005