Australian law requires that we protect the privacy of every individual’s information. The school
gathers and uses all sorts of data and information, including personal information, photos, videos and
health information, to facilitate its operation. Much of this information is required to enable the school
to fulfil its legal obligations. This policy sets out how MECS and Ranges TEC manages personal
information provided to or collected by it; including student and family information, information held
about Staff, members of the MECS Board, Association members, job applicants, contractors and other
parties who come into contact with the school.


Protecting the privacy of personal and health information of our school community members is a serious
moral, professional and legal responsibility that the school recognises and accepts.
Privacy protects individuals in our community from harm that might result from misuse of their

Privacy enables the school to serve its school community members by giving them confidence that full and frank information they provide will not be misused.
The Commonwealth government made extensive amendments to the Privacy Act 1988 (Cth) with effect
from 12 March 2014. Under these changes, the school is required to comply with 13 Australian Privacy
Principles (APPs)

Policy Summary

Mount Evelyn Christian School and Ranges TEC adhere to the requirements of the Australian Privacy
Principles contained in the Commonwealth Privacy Act 1988 and the Privacy Amendment (Enhancing
Privacy Protection) Act 2012.


We subject all information collected at our school and kindergarten (including enrolment, excursion and
medical permission forms, staff details, etc.) to the following principles:

  • We only collect the information the school needs for its operation or as required by law.
  • We inform people why we need information and how we will collect, store, use, disclose and dispose
    of their personal and health information.
  • We collect personal information only by lawful and fair means and not in an unreasonably intrusive
  • We collect sensitive information only with the person’s consent. (Sensitive information includes
    health information and information about religious beliefs, race, gender, memberships, and so on).
  • If we collect personal information from a third party, we will be able to advise the person whom the
    information concerns, and from whom their personal information has been collected.
  • We endeavour to make sure that the information we collect, use or disclose is accurate, complete and
  • We disclose only the information that is necessary for the purpose of operating the school.
  • We advise people that they may access their own information, and we enable that access to their
    own information as required, and give them the right to seek its correction as necessary.
  • We provide effective procedures to secure and protect the privacy of each individual’s personal
    information against unauthorised access, use or disclosure
  • We retain all relevant information and records relating to students, parents/guardians, staff and
    volunteers in secure storage in the office or archives.
  • We maintain, store and transmit all electronic data securely.
  • All requests (including requests by staff) for information stored at school must be made to the
    appropriate office staff.
  • All requests for information (other than brief, easy to retrieve information solely about the person
    making the request, or standard information requests from parents about their children, or
    information requested by staff in the course of their work about students) will be referred to the
  • Under no circumstances will we disclose personal private information to unauthorised people.
  • We ensure that staff personal phone numbers and addresses are not displayed on noticeboards, or
    electronic social network places (e.g. Facebook).
  • We ensure the appropriate use of images of students, including being aware of cultural sensitivities
    and the need for some images to be treated with special care.
  • We have procedures in place if parents/guardians request that their child’s image is not to be taken,
    published (e.g. MECS or Ranges TEC website or social media network places like Facebook) or
    recorded, or when a child requests that their photo not be taken.
  • We will make all staff aware of their individual, and our collective, duty of care regarding Privacy and
  • We ensure all records and documents are maintained and stored in accordance with Regulations 181
    and 183 of the Education and Care Services National Regulations 2011.
  • If a data breach happens such that personal information is accessed or disclosed without our
    authorisation or is lost. We shall notify affected individuals and the Office of the Australian
    Information Commissioner if the data breach involving personal information is likely to result in
    serious harm.
  • A copy of this policy is made available to any members of the MECS community on request and can
    also be accessed via the MECS or Ranges TEC website.
  • We only use personal information which has been collected from a person for direct marketing,
    where that person would reasonably expect it to be used for this purpose, and we have provided an
    opportunity to opt out of such marketing and the opt out has not been taken up.
  • In each direct marketing communication with a person, we will draw to their attention, or
    prominently displays a notice, that tells them they may express a wish not to receive any further
    direct marketing communications.
  • We only send information to foreign organisations when requested by the person to whom the
    information pertains.
    MECS Management Policy
    4.0.1 Privacy and Confidentiality Policy
  • Date Last Modified: 15 October 2020 Page 3 of 10
  • Some of the information we manage may be stored in distributed “cloud” storage part or all of which
    may exist outside of Australia and whose location cannot be known by us. With respect to data stored
    in the “cloud”, we require the providers of that “cloud” storage to maintain effective procedures to
    secure and protect the privacy of information against unauthorised access, use or disclosure.


The Australian Privacy Principles (APPs) are issued under the Commonwealth Privacy Act 1988 and the
Privacy Amendment (Enhancing Privacy Protection) Act 2012.
Relevant legislation and standards include but are not limited to:

  • Education and Care Services National Law Act 2010
  • Education and Care Services National Regulations 2011: Regulations 181, 183
  • Freedom of Information Act 1982
  • Health Records Act 2001 (Vic)
  • My Health Records Act 2012
  • Privacy and Data Protection Act 2014 (Vic)
  • National Quality Standard, Quality Area 7: Leadership and Service Management
    − Standard 7.3: Administrative systems enable the effective management of a quality service/centre
  • Commonwealth Privacy Act 1988 (Cth) including the Australian Privacy Principles (APPS)
  • Privacy Amendment (Enhancing Privacy Protection) Act 2012
  • Public Records Act 1973 (Vic)

Relevant Guidelines & Publications

Australian Privacy Principles Guidelines
Data breach preparation and response: A guide to managing data breaches in accordance with the Privacy
Act 1988 (Cth).

Policy Approved
By: Administration Manager On: October 2020

Policy to be reviewed
By: Executive In: November 2021

Full Privacy Policy is available here.