Privacy Complaints Procedure

  • Brighton Grammar School’s policies and guidelines are intended to be up to date and be consistent with all relevant laws.
  • Employees and Contractors are expected to comply with all applicable policies and guidelines.
  • Various parts of the policies and guidelines require managers and staff to exercise discretion and the policies and guidelines are not intended to be applied in a legalistic or prescriptive manner.
  • These policies and guidelines may be varied by Brighton Grammar School from time to time, at its absolute discretion.
  • The policies and guidelines do not form part of an employee’s contract of employment.

Purpose and Scope

Brighton Grammar School is subject to the Australian Privacy Legislation which contains Privacy Principles that the School must abide by when it collects, stores, uses and discloses personal information.

This purpose of this document is to provide a consistent and fair approach for handling complaints with respect to privacy of personal information. The procedure will apply if an individual considers that the School has acted in a manner that breached a Privacy Principles in respect of that individual.

Procedure Steps and Actions 

1. A written complaint must be forwarded to the Privacy Officer within 6 months of the time the complainant first became aware of the alleged breach. The complaint must specify the details of the alleged breach.

2. The complaint may be made anonymously or using a pseudonym.

3. The Privacy Officer must make a determination on the complaint within 30 days of receipt of the complaint, and advise the complainant in writing.

4. If the Privacy Officer determines that there has been a breach of the Privacy Principle, he or she will, upon notification of the determination to the complainant, advise the Headmaster and Director of Business as applicable of any action required to remedy the breach.

5. In consultation with the Headmaster and the Director of Business, the Privacy Officer will determine whether the breach has caused serious harm to the complainant and if required advise the Office of the Australian Information Commission (OAIC) and other effected individuals.

6. If the breach is capable of being rectified and is not rectified within 30 days of advice from the Privacy Officer, the Privacy Officer must inform the Headmaster.

7. The Privacy Officer will keep a record of all complaints. This will comprise a register and file records that will be securely stored in accordance with the current legislation.

Consequences if the Privacy Policy is deliberately breached

Disciplinary action, in accordance with the School’s Disciplinary Policy, may be taken against any person who deliberately breaches the School’s Privacy Policy.

Where the privacy breach has occurred due to a systemic failure, a review will be undertaken to ensure that the no further breaches will occur.