The University recognises its responsibility to collect, manage, use and disclose personal information and to comply with legislative requirements and the UniSA Staff Code of Conduct. The University respects the individual's right to privacy and undertakes to keep personal and sensitive information (refer to definitions below) in confidence.
According to the University's Staff Code of Conduct, university staff must protect the confidentiality of information acquired in the course of their work. A staff member should not use or disclose any personal or sensitive information to a third party without specific authority unless use or disclosure is in the normal course of business within the University or there is a legal or professional duty to disclose the information.
These Confidentiality Guidelines apply to all staff members with human resource (HR) responsibilities. These include People, Talent and Culture (PTC) staff, all Casual Administration System (CAS) Administrators and staff with business access to the human resource information system.
The Privacy Act 1988 contains a set of principles called the National Privacy Principles (NPPs). These principles provide definitions of personal and sensitive information as follows:
For the purposes of these Guidelines, sensitive information also includes information associated with the employment relationship, e.g. type of employment, remuneration, leave, etc. In addition, this may be information relating to people management strategies, remuneration benchmarking information for Enterprise Leadership Team (ELT) members, etc. and may be in either hard copy or electronic form.
The PTC Unit collects personal and sensitive information only where it is necessary for the human resource function or any related activity. This information should normally be solicited directly from the individual concerned. On joining the University your data is collected and continues to be managed in accordance with the Privacy Policy of the University. You will be advised at the time of collection whether provision of the information is compulsory and what other parties will have access to the information. If you have any concerns please contact your local PTC staff member.
The PTC Unit endeavours to ensure that personal and sensitive information collected is accurate, relevant, up-to-date, complete and not misleading and will take all reasonable steps to protect these records from misuse, loss, unauthorised access, modification or disclosure. In accordance with mutual obligation, staff members have the right of access to their personal information and to correct the information where relevant.
Any information that identifies a staff member is available only to PTC staff with appropriate authorisation on a restricted access basis. Access to records of personal information will be authorised by the Executive Director: PTC. Only staff members who require the information in order to carry out their duties and responsibilities will have permission to access personnel files.
According to Records Management Policy, one single personnel file must be generated and maintained for the expected life of the person. Paper-based personnel files are entered on the University's Filemaster database and a barcode is allocated. The staff member's name, position and year of birth are recorded. The files should be maintained for 75 years after the date of birth or seven years after separation from the University, whichever is longer. Following a staff member's separation from the University, personnel files should be forwarded to the Records Management Officer for archiving. The University may also retain an electronic personnel file which will also be held in accordance with the requirements of the State Records Act.
Personnel files for members of senior management are kept in the PTC Unit with restricted access.
The following are practical, everyday work practices that human resource practitioners should apply in ensuring confidentiality in the workplace.