macquarie university is about discovery, learning and participation in a borderless world. we are a dynamic, flexible and engaged university committed to excellence in research, teaching and global citizenship. in undertaking its learning and teaching, research, and community engagement functions, the university collects, stores, and uses a broad range of personal and health information relating to students (including prospective, current and alumni), staff, patients and others who interact with it.
macquarie university is committed to protecting the privacy of its students, employees and others who interact with it while undertaking its learning and teaching, research, engagement, and associated administrative activities and support services.
the university is required to comply with the nsw privacy and personal information protection act 1998 (ppipa) and health records and information privacy act 2002 (hripa) in respect of personal and health information which it collects and uses. the university aligns its practices and activities with the information protection principles (ipps), and the health privacy principles (hpps) contained in those acts.
the university’s privacy management plan provides more information on how the university implements its obligations under the ppipa and hripa, and how these acts apply to the university’s operations.
controlled entities of the university that are considered “organisations” under the commonwealth privacy act must comply with the following privacy acts:
- privacy act 1988 (cth) (privacy act)
- privacy and personal information protection act 1998 (nsw) (ppipa)
- health records and information privacy act 2002 (nsw) (hripa)
- u@mq ltd (campus life/sports and recreation) - //www.bisonshistory.com/about/about-the-university/offices-and-units/campus-life/privacy-policy
- macquarie university hospital - //muh.org.au/privacy-policy
- macquarie university clinical associates ltd – www.mqhealth.org.au
what if there are inconsistencies between the commonwealth privacy act and the nsw privacy acts that apply to controlled entities?
the commonwealth privacy act contemplates that an entity may have duties under both commonwealth and state privacy legislation such as a controlled entity of the university. to the extent there are inconsistencies between the commonwealth privacy act and the nsw privacy acts for controlled entities, the commonwealth privacy act will prevail.
at a minimum staff should familiarise themselves with the top ten tips for privacy management.
the following should be considered to ensure the university protects personal and health information
access and accuracy
need more assistance? contact the privacy officer
accessing and amending information
under the ppipa and hripa an agency must allow access to personal and health information without excessive delay or expense. please follow the instructions in the following link to access your personal or health information.
to make an informal application, contact the macquarie university faculty or office which holds the information you seek, guidance on which has been provided below:
- for transcripts, confirmation of studies etc please contact student connect
- for employment confirmation, access to employee files etc please contact hr
- the university may release information such as confirmation of studies, confirmation of employment etc, with consent, to authorities such as insurance companies, prospective employers, and government bodies. for standard information releases please complete the following information access request form.
- for all other information requests, including law enforcement, please contact the privacy officer.
students can update their information collected as part of the admission and enrolment process via estudent, or by contacting ask mq. staff can contact hr to correct or update some of their information in hronline. macquarie university patients can contact the university hospital’s health information services. university clinic patients should contact the relevant clinic directly.
if any other changes are required a request can be made through the change my personal information request form.
making a complaint
the university is committed to protecting the privacy of personal and health information in accordance with privacy legislation.
it is an offence for the university to:
- intentionally disclose or use personal information, other than in connection with the lawful exercise of relevant functions, for an unauthorised purpose
- offer to supply personal information that has been disclosed unlawfully
- hinder the privacy commissioner or a member of staff from doing their job.
where an individual has a complaint as a result of the above, they may make a complaint by:
find out more
plan and policy
- macquarie university privacy management plan - this document describes the measures which the university takes to comply with the privacy laws that it is bound by.
- training (staff and students)