macquarie university is about discovery, learning and participation in a borderless world. we are a dynamic, flexible and engaged university committed to excellence in research, teaching and global citizenship. in undertaking its learning and teaching, research, and community engagement functions, the university collects, stores, and uses a broad range of personal and health information relating to students (including prospective, current and alumni), staff, patients and others who interact with it.

macquarie university is committed to protecting the privacy of its students, employees and others who interact with it while undertaking its learning and teaching, research, engagement, and associated administrative activities and support services.

the university is required to comply with the nsw privacy and personal information protection act 1998 (ppipa) and health records and information privacy act 2002 (hripa) in respect of personal and health information which it collects and uses. the university aligns its practices and activities with the information protection principles (ipps), and the health privacy principles (hpps) contained in those acts.

the university’s privacy management plan provides more information on how the university implements its obligations under the ppipa and hripa, and how these acts apply to the university’s operations.

controlled entities

controlled entities of the university that are considered “organisations” under the commonwealth privacy act must comply with the following privacy acts:

the university’s controlled entities must have a separate privacy policy that explains the types of personal and/or health information that it collects and holds, how it does so and the purposes for that collection, to whom it discloses that information, how your information can be accessed or corrected, how you can make a privacy complaint and how that will be actioned, whether your information is likely to be sent overseas and to which countries if applicable.

the following controlled entities have their own privacy policy :

what if there are inconsistencies between the commonwealth privacy act and the nsw privacy acts that apply to controlled entities?

the commonwealth privacy act contemplates that an entity may have duties under both commonwealth and state privacy legislation such as a controlled entity of the university. to the extent there are inconsistencies between the commonwealth privacy act and the nsw privacy acts for controlled entities, the commonwealth privacy act will prevail.

protecting information

at a minimum staff should familiarise themselves with the top ten tips for privacy management.

the following should be considered to ensure the university protects personal and health information



further information


  • is the information i am collecting personal   information or health information?
  • do i need to collect this information?
  • who am i collecting from?
  • what is it going to be used for and is it a   lawful use?
  • is this information being used for research?
  • do i need consent to collect this information and   if so what details do i have to provide when i collect it?
  • privacy management plan – definitions of   information
  • privacy management plan – collection
  • research considerations
  • consent form toolbox


  • where is the information going to be stored?
  • how long will the information be stored for?
  • who will have access to it?
  • what measures are in place to prevent it from   getting in the wrong hands?
  • privacy management plan – access and accuracy
  • information access guidance (see below under 'accessing and amending information')
  • information access request form
  • change my personal information request form.

access and accuracy

  • how can an individual access their own   information once it has been collected?
  • how do i ensure any changes in the information   are correctly reflected?
  • have i put in any measures to ensure an   individual can access and correct their information if necessary?
  • privacy management plan – access and accuracy
  • information access guidance (see below under 'accessing and amending information')
  • information access request form
  • change my personal information request form.


  • how do i ensure the information is accurate and   up to date?
  • is the information still relevant and fit for   purpose?
  • am i using this information in a way that was not   for the expected use?
  • privacy management plan - use
  • privacy management plan - use


  • who can i disclose this information to once it is   collected?
  • have i obtained consent to disclose this   information?
  • do i need to make the individual aware that this   information will be disclosed elsewhere?
  • what do i do if the information has been   disclosed inappropriately?
  • privacy management plan – disclosure
  • consent form toolbox
  • complaints guidance (link to below section)
  • data breach response plan

need more assistance? contact the privacy officer

accessing and amending information

under the ppipa and hripa an agency must allow access to personal and health information without excessive delay or expense. please follow the instructions in the following link to access your personal or health information.

to make an informal application, contact the macquarie university faculty or office which holds the information you seek, guidance on which has been provided below:


  • for transcripts, confirmation of studies etc please contact student connect


  • for employment confirmation, access to employee files etc please contact hr


  • the university may release information such as confirmation of studies, confirmation of employment etc, with consent, to authorities such as insurance companies, prospective employers, and government bodies. for standard information releases please complete the following information access request form.
  • for all other information requests, including law enforcement, please contact the privacy officer.


students can update their information collected as part of the admission and enrolment process via estudent, or by contacting ask mq. staff can contact hr to correct or update some of their information in hronline. macquarie university patients can contact the university hospital’s health information services. university clinic patients should contact the relevant clinic directly.

if any other changes are required a request can be made through the change my personal information request form.

making a complaint

the university is committed to protecting the privacy of personal and health information in accordance with privacy legislation.

it is an offence for the university to:

  • intentionally disclose or use personal information, other than in connection with the lawful exercise of relevant functions, for an unauthorised purpose
  • offer to supply personal information that has been disclosed unlawfully
  • hinder the privacy commissioner or a member of staff from doing their job.

where an individual has a complaint as a result of the above, they may make a complaint by:

find out more

plan and policy

back to the top of this page