Education, as we all know, changes constantly – and with these changes comes a shift in emphasis about what is important. Over the years, various legal issues in education have emerged at different times as the “Number one issue”. Today’s candidate for that title, judging by the contents of professional journals and popular magazines, is cyber-bullying.

Copyright, family law, privacy – all enjoyed their moment of glory, depending on the current state of parliamentary legislation. All remain important today, but their priority seems to have slipped. In this brief article, I want to revive an emphasis on privacy because I am afraid that for many teachers, the issue has never really appeared on their radar.

Today, as we argue about whether we should be publishing what was previously viewed as confidential information about student performance, we need to rethink our attitudes towards privacy on a wide scale.

Some examples might clarify my concerns. They are all issues that might reasonably arise in a school environment, and they all require a level of sensitivity in answering them. You might like to discuss them with your colleagues.

1    As the principal of the school, I learn from a member of the community that David, one of my students, has stolen some money from his mother. Am I at liberty to tell David’s teachers in case he takes money from school as well?

2    Mary Clark tells you, as her teacher, that she is pregnant but her parents don’t know; are you allowed to pass on this information to her parents?

3    Brian Smith has recently taken over a small rural school and in looking through the cupboards he discovers boxes of old academic records related to former students. As he examines them, he realises that many of them relate to parents of current students – and most of them show results that are very mediocre. Suddenly he can understand why certain students seem to have difficulty coping with their work! What use can he make of this information?

4    The local newspaper wants to take photos of the award winners after the sports carnival. Are there any limits about giving permission?

5    A teacher is concerned that some of the information stored in his personnel file at the school might be inaccurate, reflecting a negative relationship with a former principal. Can the teacher ask to see the material and, if his suspicions are valid, ask that the information be amended?

As we look at the history of privacy legislation, consider these cases and decide what you think.

Privacy as a legal issue
The Commonwealth Government published its Privacy Act in 1988, but it was fairly limited in its impact because it was restricted to Commonwealth agencies, credit providers, credit reporting agencies and organisations that stored tax file number information on behalf of its employees. However, this all changed with the enactment of the Privacy Amendment (Private Sector) Act 2000. This was applied to most non-government schools late the following year.

As a result, appropriate teachers and school administrators were carefully briefed on the implications of this legislation, and we learned that we had to abandon many previous bad habits and recognise the importance of privacy as a basic right.

The Commonwealth legislation does not apply directly to public schools except those in the ACT, but they are generally covered by comparable legislation, enacted by state or territory parliaments. Examples are the Privacy and Personal Information Protection Act 1998 in NSW and the Information Privacy Act 2006 in Victoria.

Updates to the privacy legislation continue to be produced by our different parliaments, covering such matters as health information, telecommunications, credit reporting and direct marketing. However, our concern here is with the application of the legislation to schools.

The 2000 Amendment acknowledged our international agreements, and made us realise just how important it is to treat information carefully and in a consistent manner. Too often, major organisations seemed to operate on the assumption that if they were able to collect information, they could use it as they pleased. The privacy legislation changed this. It determined how we collect, use, store and disclose information about individuals.

The essence of the Amendment Act
Underlying the legislation are 10 principles called the National Privacy Principles. Schools must comply with the NPPs unless they are exempt. The 10 principles seriously affect the way we gather, make use of, and ultimately dispose of information about individuals. The principles can be summarised like this:

NPP1: Collection
An organisation may collect only that personal information which is necessary for its functions or activities; collection must fair and lawful, and usually it may be obtained only with the individual’s informed consent.

NPP2: Use and disclosure
Generally, an organisation must not use personal information for a purpose other than that for which it was collected, unless it has the individual’s consent.

NNP3: Data quality
An organisation must strive to ensure the information it collects, uses or discloses is accurate, complete and current.

NNP4: Data security
An organisation must protect personal information from unauthorised access and use and must destroy personal information when it is no longer legitimately required.

NPP5: Openness
An organisation must develop a policy on its management of personal information and must make this policy available on request.

NPP6: Access and correction
Generally, with some exceptions, an organisation must give access to personal information to an individual in relation to whom it holds such information, and must not charge an unreasonable fee for so doing.

NPP7: Identifiers
An organisation must not use government identifiers (e.g. Medicare numbers, tax file numbers) in identifying the information it holds on individuals.

NPP8: Anonymity
Wherever possible within the law, individuals must have the option of not identifying themselves when engaging in transactions with an organisation.

NPP9: Transborder data flows
Organisations must not normally transfer personal information outside Australia unless it will retain an appropriate level of protection.

NPP10: Sensitive information
Generally, unless it is required by law or obtained with an individual’s consent, an organisation must not collect sensitive information – defined as information about an individual’s race or ethnic origin, political opinions and membership, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, or information about personal health.

Administrative implications
While some of these might seem somewhat unrelated to our work in schools, in fact they all have some relevance. For that reason, all schools should prepare a privacy policy that acknowledges these principles.

In most cases, it is likely that schools will use their system-level policy, with some amendments to show how the policy operates at the school level. This policy must be freely available to parents and students, and should form part of the material offered to families considering enrolment.

The policy should clearly distinguish between personal information and sensitive information (including health information). Personal information is defined in the Act as information or opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion. In a school setting, this information includes names, addresses, phone numbers, details about age, school reports, discipline reports and notes to parents.

Sensitive information has already been defined, and is obviously of a more confidential nature and this suggests that even greater care is needed in handling or disclosing such information.

When the Act came into effect, there was a great deal of confusion in some schools. Some people behaved as though there was no longer any freedom at all to share information, either between or within schools. This over-reaction was just as unhealthy as the attitude of those who said that they were going to continue to act as they had in the past. The truth is that the new law did impose some restrictions, but as is often the case, the restrictions were generally grounded in common sense. Insisting that every school produces and publishes its privacy policy is one way to encourage all schools to treat privacy seriously and to reassert the common sense value of the legislation.

A call to change attitudes
It would be unfair to suggest that in the past no-one was able to keep a secret or that it was common to find that information collected by a school was inappropriately used. Certainly there were lapses and certainly some secrets were revealed that upset people, but I suspect that discretion may have been better practised in the past than it is today – moral values seemed to have had more impact then.

Today, given that much more information seems to be collected about each of us and that this information is often very readily accessible to others, it seems reasonable to legislate to protect people against the improper use of that knowledge. That is what the Privacy Act and its various amendments are all about. They seek to provide a realistic framework within which people can operate in collecting, storing, using and destroying information.

Getting more advice
As is usually the case today, it is easy to find further information about topics such as privacy – the Government is anxious that citizens are as fully informed as possible. Therefore, it makes available on high quality websites a vast amount of information. To learn more about privacy, go to the Federal Office of the Privacy Commissioner.