The way we collect, use, disclose, secure and dispose of personal information is governed by our compliance with, and obligations as an 'agency' under the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs).
Privacy when using
SharePoint, OneDrive
and Teams
ANU provides staff and students with access to the Microsoft Office 365 suite of products including Teams, SharePoint and OneDrive. This article provides more information on the products and the different ways they can be used.
When you set up a SharePoint or Teams site it is important to assess which individuals you would like to have access. If you wish to share the site with a specific set of individuals, you need to ensure that the access permissions are explicitly recorded. Unless you do this everyone at the University will have access to your site, including all staff and students. This article provides guidance in getting started with the Collaboration Toolset.
OneDrive is intended for personal work documents. You can share a document that is stored on your One Drive by sending a link or attaching the file to an email as a file. In some cases, you may be able to grant other users the ability to edit the document, however you will not be able to collaborate on that document at the same time as another user.
You are encouraged to review your sites and documents to ensure that they have the right restrictions on access. If you need help please contact the Service Desk.
This guide provides details on how to set up an integration that copies documents from SharePoint sites to ERMS folders to reduce duplication and streamline your work.
ANU staff can access a free, self-paced online course on Records Management at ANU through Pulse. This module will provide you with an overview of University Records and Record Management Practices at ANU.
The Attorney-General launched a review of the Privacy Act 1988 in 2019 and initiated some essential legislative changes late last year. The report on the Privacy Act Review is now out. It contains 116 proposals for reforming the Act.
The proposed reforms are aimed at strengthening the protection of personal information and the control individuals have over their information. Stronger privacy protections would support digital innovation and enhance Australia’s reputation as a trusted trading partner.
The review included an issues paper in October 2020, a discussion paper in October 2021 and several rounds of public consultation.
Some of the issues that are relevant to the University are:
In the definition of ‘personal information’, change the word ‘about’ to ‘relates to’. Ensure the definition is appropriately confined to where the connection between the information and the individual is not too tenuous or remote, through drafting of the provision, explanatory materials and OAIC guidance. (Proposal 4.1)
Include a non-exhaustive list of information which may be personal information to assist APP entities to identify the types of information which could fall within the definition. Supplement this list with more specific examples in the explanatory materials and OAIC guidance. (Proposal 4.2)
Introduce an express requirement in APP 5 that requires collection notices to be clear, up-to-date, concise and understandable. Appropriate accessibility measures should also be in place. (Proposal 10.1)
Amend the definition of consent to provide that it must be voluntary, informed, current, specific, and unambiguous. (Proposal 11.1)
Amend the Act to require that the collection, use and disclosure of personal information must be fair and reasonable in the circumstances. It should be made clear that the fair and reasonable test is an objective test to be assessed from the perspective of a reasonable person. (Proposal 12.1)
APP entities must conduct a Privacy Impact Assessment for activities with high privacy risks. (Proposal 13.1)
Broad consent for research: Introduce a legislative provision that permits broad consent for the purposes of research:
(a) Broad consent should be available for all research to which the research exceptions in the Act (and proposed by this chapter) will also apply.
(b) Broad consent would be given for ‘research areas’ where it is not practicable to fully identify the purposes of collection, use or disclosure of personal or sensitive information at the point when consent is being obtained. (Proposal 14.1)
Introduce a right to erasure (Proposal 18.3)
Introduce relevant exceptions to all rights of the individual based on the following categories:
(a) Competing public interests: such as where complying with a request would be contrary to public interests, including freedom of expression and law enforcement activities.
(b) Relationships with a legal character: such as where complying with the request would be inconsistent with another law or a contract with the individual.
(c) Technical exceptions: such as where it would be technically impossible, or unreasonable, and frivolous or vexatious to comply with the request. (Proposal 18.6)
For assistance with any privacy questions please visit the ANU Privacy website or reach out to the ANU Privacy team. They are here to support any privacy needs and can provide a customised information session for your local area.
While ANU has used all reasonable endeavours to ensure the information on this site is as accurate as possible, it gives no warranty or guarantee that the material, information or publication made accessible is accurate, complete, current, or fit for any use whatsoever. No reliance should be made by a user of the material, information or publication accessed via this communication.
