NESA has a privacy management plan so stakeholders and staff to know how personal information is managed. NESA is also required to have a plan under Section 33 of the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act).
This plan explains how NESA manages personal information in line with the PPIP Act and health information under the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act) when stakeholders give it to NESA. This plan also explains who a person can contact when they have questions about personal or health information NESA holds, and what they can do if they think NESA may have breached the PPIP Act or the HRIP Act. This plan is also used to train NESA staff about how to deal with personal and health information. This helps to ensure that NESA complies with the PPIP Act and the HRIP Act.
Section 33(2) of the PPIP Act sets out the requirements of this plan.
This plan must include information about:
NESA will review this plan every 12 months, or earlier if any legislative, administrative or systemic changes affect how NESA needs to manage personal and health information.
NESA collects the following personal or health information related to NESA functions.
Personal information, and in some cases, health information is collected for NESA’s functions in relation to granting Records of School Achievement and Higher School Certificates and in relation to basic skills testing.
Records of School Achievement and Higher School Certificates - Most student records are submitted online by schools, thus negating the need to retain paper records within NESA for those students. Schools submitting information online retain the paper records. Student information is held on NESA’s exam system in electronic form and includes name, home address and telephone numbers, date of birth, school attended, and ethnicity and disability data. HSC students must provide a photograph of themselves, which is used for the identification of students during exams. Assessment data and examination mark data are added to the record. Data in relation to HSC, Year 11, School Certificate and Record of School Achievement (RoSA) candidates is retained indefinitely.
Examination candidate details and results are disclosed to:
VET
Personal and health information of school students undertaking a VET course is collected by Registered Training Organisations (RTOs) as part of the National VET in Schools Collection. Information is collected in accordance with the National VET Data Policy and includes student demographics, plus all training activity, such as course, competencies and completions. This data is reported via NESA to the National Centre for Vocational Education Research (NCVER).
HSC merit lists – NESA publish a list of students’ name, school and course when students achieve an HSC mark in the top band in any course. This information is published on NESA's website and is provided to some media outlets. NESA also give student details to a number of organisations to award prizes or scholarships or to recognise high achievement in other ways. Students can request that NESA keep such details confidential, by contacting the Student Records Unit.
Replacement certificates – candidates are able to apply for a replacement certificate at any time on a fee-for-service basis. Data such as personal details and credit card information in relation to the replacement of credentials is retained until the authorised destruction date.
NAPLAN - NESA is the National Assessment Program – Literacy and Numeracy (NAPLAN) Test Administration Authority (TAA) for all NSW schools and school sectors, under Section 18 of the Education Act 1990. To fulfil NESA's responsibilities as TAA for NSW, NESA collects the names and a range of other background information on all Year 3, 5, 7 and 9 students who are eligible to participate in the program. This information is used for a range of purposes including pre-printing student names on the test booklets and later in the production of parent and school reports for NSW.
NESA provides NSW student results data to the Australian Curriculum, Assessment and Reporting Authority (ACARA) so that it can prepare national reports related to the outcomes of the NAPLAN tests. This is authorised by an information sharing arrangement, under Section 16 of the Education Standards Authority Act 2013.
Disability provisions - personal and health information of students is collected when they make an application for disability provisions. This information is treated in confidence and is only used for purposes related to decision making for disability provisions. The information is disclosed to authorised NESA staff and appropriate members of a specialist’s panel for this purpose. Principals and their nominees have access to the Disability Provisions Section of Schools Online (a secure portal) for students of their schools.
The registration and accreditation details of government and non-government schools and teachers, school providers with overseas students, and home-schooled students are maintained by NESA including:
In accordance with functions under the Education Standards Authority Act 2013 and for the purposes of teacher accreditation, NESA collects each teacher’s name, date of birth, contact details, date, level and status of accreditation, qualifications, details of current employer, employment history, first language (if not English), country of citizenship and country of residency, indigenous status if person consents to inclusion of that information, history of professional development undertaken to maintain accreditation, and if the person is conditionally accredited under Section 31(3) of the Teacher Accreditation Act 2004, details of the proposal by the person to complete a teaching qualification. NESA also collect information from teacher employers in order to maintain a roll of teachers as required by the Act.
AMEB (NSW) collects personal information provided by music teachers, candidates, and examiners which is collected, stored and administered in accordance with the PPIP Act and HRIP Act. Further information is in the AMEB Privacy Policy.
Overt Closed Circuit Television (CCTV) is installed in the public areas at NESA, for security purposes. The cameras are visible and the public is notified of the use of CCTV through prominent signage. The cameras record 24 hours a day seven days a week. A monitor displaying images from the cameras is located at the security control desk on level 4. The cameras were installed in compliance with the code of practice for the Use of Overt Video Surveillance in the Workplace.
At Reception on level 4, NESA collects each visitor’s name, organisation, contact number, purpose of visit and signature for workplace health and safety and security purposes.
Personnel records (office staff) — Name, address, contact and next of kin details, bank account details, tax file number, and Equal Employment Opportunity information (provision of which is voluntary) are collected by Human Resources (HR). Records may include medical information, details of family and care arrangements, education, secondary employment and declarations of private interests information. This information is collected for purposes of human resources management, including leave management, workplace health and safety and to ensure that NESA operate with integrity.
All personal information is collected from employees, or where provided by another organisation such as for entitlement purposes, collection has been authorised by the officer.
Health information collected in the case of workers’ compensation matters is stored securely, and provided only to NESA workers compensation insurer or as required by a Court.
Personnel records (casual staff) – including seasonal clerical staff, examination markers, presiding officers and supervisors and committee members. Name,address and contact details, bank account details and tax file number are collected. The applicants provide all information. Applications for membership on committees or as examiners/markers require the endorsement of the school principal/director. Applicants are aware of this requirement, and that NESA will not accept the application without such endorsement. The original application form is retained, as is an electronic record.
Recruitment - Name, contact details and resumés of people who apply for jobs are collected by HR and provided to the convenor of the panel for the position, in electronic or physical files. The information is not disclosed other than within NESA for business support and to other panel members. Once recruitment is finalised, the information is returned to HR. Successful applicants’ information and eligibility lists are retained for 12 months. Unsuccessful applications are destroyed according to General Retention and Disposal Authorities.
NESA is compliant with the ISO 27001 Information Security Management Systems (ISMS) Standard. Information is managed in electronic form and in some instances, hard copy. Security of information is in accordance with the NESA Information Security Policy Statement and the NESA Acceptable Use Policy. Access to information is limited to particular staff members, according to their role and hard copy files are kept in locked storage. NESA's networks are secure and require individual logins. NESA staff do not give out passwords or let anyone else use their logins.
On commencement, staff sign a confidentiality agreement with respect to information learned in the course of their job.
Request accessible format of this publication.
