The University's primary privacy obligations are set out in the Privacy and Personal Information Protection Act 1998 (NSW) and the Health Records and Information Privacy Act 2002 (NSW)
The University does not have any public registers as defined under "Part 6" of the Privacy and Personal Information Protection Act 1998.
There are exemptions to the Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002, which may apply to the University, in particular, those relating to research. In addition, the operation of the NSW privacy laws can be modified by other laws.
The University runs a number of clinics and services, some of which may allow you to transact anonymously with them. You will need to ask the clinic or service provider about their practice regarding anonymity. These clinics and services may also include health information in a health records linkage system. You will need to ask the clinic or service provided about their practice regarding such systems.
Under the Privacy and Personal Information Act 1998 and the Health Records and Information Privacy Act 2002, there are various offences relating to personal and health information, for example:
For more information, please email email@example.com.
We collect and retain personal and health information in the course of undertaking our functions. The object and functions of the University are prescribed in Section 6 of the University of Sydney Act 1989 (NSW).
Examples of the personal and health information that we collect include:
More detail about the personal information collected by the University can be found on the privacy collection statements for our websites, our students, our staff (pdf, 265kb), CCTV system (pdf, 194KB), Clinical recording and observation system (CROS) (pdf 126KB) and our multi-factor authentication (MFA) processes (pdf, 90.6KB).
You have the right to complain if you think the University has breached your privacy in the way it has handled your personal information. Complaints, also known as applications for internal review, should be made in writing within six months from when you first become aware of the breach.
You can use the privacy complaint form (pdf, 109KB) to make your complaint.
Email your complaint to firstname.lastname@example.org or post to:
Privacy and Right to Information
Archives and Records Management Services
The Quadrangle (A14)
University of Sydney
We will advise the NSW Privacy Commissioner of your name and the details of your complaint and keep the Commissioner up to date with the progress of the internal review.
Privacy complaints are considered by the University's Group Secretary. They will advise you of the results of the internal review and any action that we propose to take in respect of the complaint.
The Group Secretary must also report the findings and any proposed actions to the NSW Privacy Commissioner within 60 days of the date of receipt of the privacy complaint.
If you are dissatisfied with the way the University has dealt with your complaint or are disappointed with our findings, you can ask the NSW Civil and Administrative Tribunal (NCAT) to review the conduct.
Whether or not you apply for an internal review, you can also make a complaint to the Privacy Commissioner about an alleged breach of your privacy.