Privacy at the University

How we manage your personal information
Read about our privacy policy and the laws that inform it, the personal information collected by the University and how to submit a privacy complaint.

The University's primary privacy obligations are set out in the Privacy and Personal Information Protection Act 1998 (NSW) and the Health Records and Information Privacy Act 2002 (NSW)

Our Privacy Policy 2017 (pdf, 365KB) – incorporating the privacy management plan – sets out the privacy responsibilities of the University, and its staff and students. Our Privacy Procedures 2018 (pdf, 291KB) describes how the University discloses personal information and how we will manage a notifiable breach of personal information held by the University.

The University does not have any public registers as defined under "Part 6" of the Privacy and Personal Information Protection Act 1998.

There are exemptions to the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002, which may apply to the University, in particular, those relating to research. In addition, the operation of the NSW privacy laws can be modified by other laws.

The University runs a number of clinics and services, some of which may allow you to transact anonymously with them. You will need to ask the clinic or service provider about their practice regarding anonymity. These clinics and services may also include health information in a health records linkage system. You will need to ask the clinic or service provided about their practice regarding such systems.

Under the Privacy and Personal Information Act 1998 and the Health Records and Information Privacy Act 2002, there are various offences relating to personal and health information, for example:

  • the corrupt disclosure and use of personal or health information by public sector officials
  • intimidation, threats or misrepresentation by public sector officials
  • the supply of personal information that has been disclosed unlawfully
  • making a false statement to the Privacy Commissioner.

For more information, please email

The University of Sydney is participating in the NSW Government International Arrivals Pilot Program (the Arrivals Program).

We are conducting a survey to gauge interest of international students who may be eligible for the Arrivals Program so that we can plan accordingly.

When you complete the survey we will collect personal information about you, including your:

  • Full name
  • Student ID
  • Current country of residence
  • Passport country of issue
  • Current vaccination status
  • Interest in the Program
  • Information needs about travelling to Australia

We collect and use your information to help us plan for the safe and supported return of students to Sydney.

We will not share your personal information with anybody else without your consent, or unless we are authorised or required to do so by law.

We will store your personal information securely and dispose of it as required by the State Records Act 1998 (NSW).

You are not required by law to complete the survey.

For more information about how we will handle your personal information, how you can request to access or correct the personal information we hold about you, and who to contact if you have a privacy enquiry or complaint, please see our privacy information on this page.

We collect and retain personal and health information in the course of undertaking our functions. The object and functions of the University are prescribed in Section 6 of the University of Sydney Act 1989 (NSW).

Examples of the personal and health information that we collect include:

  • teaching – information relating to student admission and academic progression, including learning and assessment, special consideration, misconduct and graduation
  • research – records of human and animal ethics applications and approvals, and grant administration
  • administration and support –  staff records, ICT records such as email systems, images recorded on University CCTV cameras
  • community engagement – alumni and donor records, researchers and borrowers in University libraries, museums and archives, patrons and performers for public events.

More detail about the personal information collected by the University can be found on the privacy collection statements for our websitesour students, our staff (pdf, 265KB), CCTV system (pdf, 194KB),  Clinical recording and observation system (CROS) (pdf 126KB), Forum restaurant online ordering (pdf, 96KB) and our multi-factor authentication (MFA) processes (pdf, 90.6KB).

You have the right to complain if you think the University has breached your privacy in the way it has handled your personal information. Complaints, also known as applications for internal review, should be made in writing within six months from when you first become aware of the breach.

You can use the privacy complaint form (pdf, 109KB) to make your complaint.

Email your complaint to or post to:

Privacy and Right to Information
Archives and Records Management Services
The Quadrangle (A14)
Camperdown Campus
University of Sydney
NSW 2006

We will advise the NSW Privacy Commissioner of your name and the details of your complaint and keep the Commissioner up to date with the progress of the internal review.  

Privacy complaints are considered by the University's Group Secretary. They will advise you of the results of the internal review and any action that we propose to take in respect of the complaint.

The Group Secretary must also report the findings and any proposed actions to the NSW Privacy Commissioner within 60 days of the date of receipt of the privacy complaint.

Review of the University's decision by NCAT  

If you are dissatisfied with the way the University has dealt with your complaint or are disappointed with our findings, you can ask the NSW Civil and Administrative Tribunal (NCAT) to review the conduct.

Complaint to the Privacy Commissioner

Whether or not you apply for an internal review, you can also make a complaint to the Privacy Commissioner about an alleged breach of your privacy.

The University of Sydney is following NSW Government directions in response to the COVID-19 pandemic.  

This notice explains how we will manage the personal information we collect to support our COVID-19 response.  

Collection of information 

We will collect your personal and health information (referred to collectively as ‘personal information’) to: 

  • maintain a safe University environment for all staff, students, and affiliates
  • meet our public health obligations
  • provide you with advice on COVID-19 and any risks associated with attending the University campuses.

If you are confirmed or suspected to be infected with COVID-19, you are encouraged to notify our COVID-19 Taskforce (by phone: 02 9351 2000 or email: 

If you intend to notify the COVID-19 Taskforce on behalf of someone confirmed or suspected to have COVID-19, you should first direct them to this notice or explain its contents and obtain their express consent to notify us. 

When you contact the COVID-19 Taskforce, we will collect:

  • your name and contact details
  • the name of the person confirmed or suspected to have COVID-19 
  • places visited by you and/or the person you are notifying on behalf of

We will use this information in conjunction with building access logs to assist with contact tracing and to identifying campus locations that require sanitisation.

Other personal information we may collect as part of our COVID-19 response includes:  

  • name and contact details
  • Unikey
  • faculty or department
  • enquiries relating to COVID-19
  • recent domestic or international travel
  • campus activities 
  • COVID-19 vaccination information
  • WIFI connection and usage data
  • Building access data
  • VPN connection and usage data

We will collect your personal information directly from you where possible, however if this is not practical, we may collect your information from other sources.  

We may be required by law to collect certain personal information from you. If you do not provide the information we request, your participation in the University community may be limited.  

Use and disclosure 

The personal information we collect as part of our COVID-19 response will only be accessed by authorised University staff who need it to carry out their duties. We will use and disclosure your personal information: 

  • for the purpose for which it was collected
  • for a directly related purpose
  • when we have the appropriate consent to do so
  • to prevent or lessen a serious and imminent threat to your life or health, or the life or health of another person
  • as otherwise required, permitted, or authorised by law.

We may share your personal information with relevant NSW and Commonwealth Government agencies or bodies to meet our public health obligations.  

The Public Health Orders and section 38 of the Workplace Health and Safety Act NSW 2011 (WHS Act) require us to notify SafeWork NSW of any employee who has contracted COVID-19 while on campus or attended campus while infectious. We must provide SafeWork with the employee's name, date of COVID-19 diagnosis, and indicate whether the employee died from COVID-19. The University may be subject to penalties under the WHS Act if it does not comply with this notification requirement.

We may also use de-identified information about you to assist us with internal and strategic planning related to our COVID-19 response. 

Security and retention 

We use reasonable security safeguards to protect your personal information from unauthorised access, use or disclosure.  

We will retain your personal information for as long as required to meet the purpose for which we collected it, and in accordance with the State Records Act 1998 (NSW). We will dispose of your personal information securely. 

Section 38 of the WHS Act requires us to keep records of our notifications to SafeWork NSW for 5 years.

Further information 

For more information about how we will handle your personal information, how you can request to access or correct the personal information we hold about you, and who to contact if you have a privacy enquiry or complaint, please see our privacy webpage. 

You can also access related privacy collection notices on our privacy web page, including:

The University of Sydney has engaged Raygun Media (Raygun) to capture and produce time lapse footage of our Welcome Festival 2022.

Filming will take place in the Front Lawn area using a fixed video camera.  We will place signs at entry points to the filming area indicating where and when filming will take place.  If you enter the filming area during a designated filming time, Raygun will capture video footage of you. No audio will be recorded.

Raygun will use the footage to create a time lapse video of Welcome Festival activity. We will then use the timelapse video for promotional purposes. We will not use or share the footage for any other purpose unless we are authorised or required to do so by law.

Raygun will hold all footage securely. After delivering the time lapse video to us, Raygun will securely dispose of all footage including copies. We will store the timelapse video securely and dispose of it in accordance with our Recordkeeping Policy 2017.

Participation in the filming process is voluntary. If you have any questions or concerns about being filmed, please contact

You can find additional information on this page about how we will handle your personal information, how you can request to access or correct the personal information we hold about you, and who to contact if you have a privacy enquiry or complaint.