1 Purpose

TANZ Ltd provides services through its TANZ eCampus operations. The services include delivery of courses for Institutes of Technology and Polytechnics (ITPs) via a delivery platform with a surrounding community, and may include the provision of other services such as learner support, course design and development and professional development.

People participating in the TANZ eCampus Community (staff, learners and others) may be employed by or enrolled in a range of institutions and are subject to Privacy Legislation and the policies of their institution.

The purpose of this policy is to ensure a learning environment for all users that respects all community participants and their right to Privacy (under the Privacy Act).

2 Scope

  • This policy applies to all users of the TANZ Ltd TANZ eCampus website and participants in the TANZ eCampus community.
  • This policy applies to all personal information collected and/or held by TANZ eCampus about any person, any person using the TANZ eCampus website and, in particular about people registered as learners or employed as staff.

3 Formal Delegations

TANZ eCampus designated Privacy Officer can assist with interpretation or clarification of this policy and is authorised to make or approve exceptions to the policy.

4 Definitions

  • Evaluative Opinion: Material compiled for the purpose of determining the suitability, eligibility, or qualifications of an individual for employment, appointment to office, promotion, continuance in office, removal from employment or office, or the awarding, continuing, modifying, or cancelling of contracts, awards, scholarships, honours, or other benefits.
  • Information Privacy Principles (IPPs): The Privacy Act sets out the twelve Information Privacy Principles (IPPs) which form the basis on which all issues of the privacy of personal information are determined. Everyone who has access to the personal information TANZ collects and/or holds must understand and comply with these basic principles. The twelve IPPs are summarised in Section 5.1 of this policy.
  • Personal Information: Any information about an identifiable individual (an individual is ‘a natural person other than a deceased natural person’). Personal information includes records of attendance and learner marks, assessments, grades, and results.
  • Privacy Act: The Privacy Act 1993 which came into force on 1 July 1993 and its subsequent amendments. S2 of the Act lists definitions and s6 sets down the Information Privacy Principles.
  • Privacy Officer: The person identified by the Institute as the Privacy Officer as required by s23 of the Privacy Act. The responsibilities are set out at section 7 of this Policy.

5 Principles

  • TANZ eCampus complies with the Privacy Act 1993 and its subsequent amendments.
  • TANZ eCampus will maintain confidentiality on a need to know basis at all times.
  • TANZ eCampus provides education-related services to Tertiary Education Organisations (TEOs). Personal information required for service provision provided to either the enrolling TEO or directly to TANZ ecampus will be collected and used for the purpose for which it has been provided.
  • TANZ eCampus will manage any complaints of interference with privacy fairly, swiftly and effectively in accordance with the relevant current legislation and TANZ eCampus policies.
  • The Privacy Act 1993 sets out twelve Information Privacy Principles (IPPs) which form the basis on which all issues of the privacy of personal information are determined. Everyone who has access to the personal information TANZ eCampus collects and/or holds must understand and comply with these basic principles.

5.1 The Information Privacy Principles (IPPS) as they apply to TANZ

Principle One: Purpose of collection of personal information

TANZ  eCampus can only collect personal information which is for a lawful purpose and necessary for us to carry out our functions and activities.

Principle Two: Source of personal information

The personal information must be collected directly from the individual concerned unless that is not reasonably practicable.

Principle Three: Collection of information from subject

The individual must be made aware of the following points:

  • the information is being collected
  • the purpose for which the information is being collected
  • the intended recipients of the information
  • the name and address of the agencies collecting and holding the information
  • the particular law, if any, authorising the collection and whether supplying the information is voluntary or mandatory
  • the consequence of not supplying the information
  • the rights of access to and correction of the information held

Principle Four: Manner of collection of personal information

Information must not be collected by unlawful or unfair or intrusive means.

Principle Five: Storage and security of personal information

TANZ eCampus must ensure that there are security safeguards to protect personal information from loss and unauthorised access, use, modification, or disclosure.

Principle Six: Access to personal information

The individual concerned is entitled to know whether or not TANZ eCampus holds personal information about her/him, and, if it does, to have access to the personal information.

Principle Seven: Correction of personal information

The individual concerned is entitled to request correction of information and, if a correction is not made, to have a note attached to the information stating the correction sought but not made.

Principle Eight: Accuracy etc of personal information to be checked before use

TANZ eCampus must take reasonable steps to ensure that the information it is using is accurate, up to date, complete, relevant, and not misleading.

Principle Nine: Agency not to keep personal information for longer than necessary

Personal information must not be kept longer than is required for its proper purpose.

Principle Ten: Limits on use of personal information

TANZ eCampus can only use information for the original purpose unless the new use is authorised by the individual concerned.

Principle Eleven: Limits on disclosure of personal information

TANZ eCampus must not disclose personal information to a third party except in strictly limited circumstances.  It is not necessary to comply with IPP11 if:

  • disclosure is one of the stated purposes for which the information was collected
  • the individual concerned authorises disclosure
  • the information is already publicly available
  • the information is anonymous or will only be used for statistical purposes
  • the information is needed for certain legal purposes including prevention, detection, investigation, prosecution, and punishment of offences or the conduct of proceedings before any court or tribunal
  • disclosure is necessary to prevent or lessen a serious and imminent threat to public health or safety, or the life or health of an individual
  • disclosure is necessary as part of the sale of a business

Principle Twelve: Unique identifiers

A “unique identifier” which has been assigned by another agency will not be used.*

*Note that unique identifiers such as student ID numbers and NSIs may be used for specific purposes around delivering educational offerings and services to registered learners.

5.2 Confirmation of Enrolment or Employment

The fact that a named individual is employed as a staff member (or not employed or no longer employed) at TANZ eCampus can be disclosed to third parties. No other personal information can be disclosed except as allowed by the IPPs.

5.3 Exceptions

There are sensible, carefully defined exceptions to almost every principle. The IPPs do not apply where the personal information is collected or held by an individual solely in connection with that individual’s personal, family, or household affairs. There is special provision to cover “evaluative material” such as references. If you are uncertain about whether a particular exemption will apply, you should seek further advice.

5.4 Complaints

Any person may make an oral or written complaint to the TANZ eCampus Privacy Officer or their employing ITP. Any person may also make a complaint to the Privacy Commissioner or an Ombudsman if she/he believes there has been a breach (“an interference”) of any of the IPPs. The contact details for the Privacy Commissioner are:

PO Box 10094
The Terrace
Wellington
Telephone: (04) 474 7590

5.5 Rules of Thumb

Know and comply with the particular requirements of your position/function.

Know and comply with the Twelve Information Privacy Principles.

  • Don’t pry
  • Don’t gossip
  • Don’t hide behind the Privacy Act
  • If in doubt, check it out.

6 Associated procedures for the TANZ Ltd TANZ eCampus policy on: Privacy

6.1 Application of and Exceptions to the Information Privacy Principles

The twelve Information Privacy Principles (IPPs) form the basis of all decisions on privacy and the handling of personal information. Everyone who has access to the personal information TANZ eCampus collects and/or holds must understand and comply with these basic principles.

There are sensible (and carefully defined) exceptions to almost every Principle. An exception to the principles on use and disclosure may be applied if, for example, TANZ eCampus has stated clearly that the information will be disclosed, or the individual concerned authorises disclosure, or the information is already publicly available, or the information is only in statistical form, or the collection and/or disclosure of the information is required by a particular law.

Nevertheless, the starting point is to apply the principles in full and then decide on, justify, and record the reasons for applying one of the exceptions.

TANZ eCampus management and administration (and in particular the Privacy Officer) are responsible for ensuring that all the principles are complied with (unless a specific exception under the Privacy Act applies).

If in doubt about an issue involving the privacy of personal information about a learner or staff member, consult the Privacy Officer.

6.2 TANZ eCampus Compliance

All TANZ eCampus information, forms, systems, and processes which seek, record, or hold personal information must comply with the Information Privacy Principles, especially IPP 3.

TANZ eCampus provides education-related services to Tertiary Education Organisations (TEOs). Personal information required for service provision provided to either the enrolling TEO or directly to TANZ eCampus will be collected and used for the purpose for which it has been provided.

6.2.1 Website, online and other communication

Personal information is collected via the TANZ eCampus website or by other means such as:

  • phone enquiries and registrations
  • emails, feedback and comments
  • emailing an enquiry to us
  • adding a comment to a blog
  • registering for courses, events, online listings and programmes
  • subscribing to news feeds
  • subscribing to newsletter
  • promotional offers, contest and competitions
  • commercial transactions including purchases and other services

Such personal information that is provided is used for the purpose for which it is supplied. Personal information provided through the website will be held by the TANZ eCampus.

Email addresses, and sometimes other contact details, will be collected if a complaint is lodged, a comment made, or feedback given, through the TANZ eCampus website. Email addresses may be used to respond.

6.2.2 Use and disclosure

Personal information that is provided is used for the purpose for which it is supplied or, in exceptional situations, for other reasons permitted under the Privacy Act 1993 (see IPP 10).

Personal information may be used for the purposes of administering and improving the website, improving services or communicating with website users. This use will be disclosed to the individual at the time of collecting the information.

Personal information is generally not shared with others unless this is necessary for the purpose for which the information is given (for instance to investigate a complaint).

Occasionally the law may require disclosure (for instance to investigate a criminal offence), or there may be safety reasons for disclosing it (see IPP 11). Advice from the Privacy Officer should be sought prior to providing the information in these circumstances.

Personal information provided may be shared with third-party contractors to the extent necessary for them to administer and improve the website on TANZ eCampus behalf. The individuals concerned will be made aware at the time of collection that IT contractors may have access to their personal information in the course of administering and improving IT systems and the TANZ website.

6.2.3 Website analytics

Non-identifiable web traffic data is analysed to improve services. TANZ eCampus own the data that is generated and it will not be shared with any other party for any other purpose.

TANZ eCampus may collect, hold, and use statistical information about visits to help improve the website, for instance:

  • IP address
  • The search terms used
  • The pages accessed on the website and the links clicked on
  • The date and time the site was visited
  • The referring site (if any) which clicked through to this site
  • Your operating system (eg Windows XP, Mac OS X)
  • The type of web browser you use (eg Internet Explorer, Mozilla Firefox)

The data collected is aggregated and is not personally identifiable. IP addresses are masked so that they cannot be used to identify individuals. TANZ eCampus web analytics will also respect any “do not track” setting that might have set on the browser.

6.2.4 Use of cookies

Cookies are used on the TANZ eCampus website where they are required for particular features to work. Tracking cookies are used to track and analyse non-personally identifiable data about website usage.

Tracking cookies may be opted out of, without affecting the ability to use the website, although it may prevent taking full advantage of the site.

6.2.5 Links to social networking services

TANZ eCampus uses social networking services such as Twitter, Facebook, LinkedIn and YouTube to communicate with the public about work, services, programmes and courses. These social networking services may collect personal information for its own purposes, when they are used to communicate with TANZ eCampus.

These services may track use of the TANZ eCampus website on those pages where their links are displayed. If these services are logged into (including any Google service) while using the TANZ eCampus website, tracking will be associated with the individual’s profile with them.

These services have their own privacy policies which are independent of TANZ eCampus.

6.3 Disclosure of Personal Information re Learners to Third Parties

Some requests for personal information about learners are covered by the statements on application, registration, and related forms. Providing the request comes from one of the specified bodies, is in writing, and is clearly related to the purpose for which the information was collected and is held, the information can be disclosed. If there is doubt about whether the requesting agency or person can receive the information, written permission should be obtained from the individual whose information is sought, or advice obtained from the Privacy Officer.

6.3.1 Requests from Other Agencies

Enquiries from other agencies normally come with either a clear statement that the individual has authorised the request, or a clear reference to the enquirer’s statutory right to the information. The requesting agency should provide proof of authorisation prior to the information being provided.

If an enquiry of this sort is made verbally (in person or by phone), the enquiry should be accepted but NOT answered immediately. The name, designation or rank, and contact phone number of the enquirer should be taken and the details of the request and the reference or reason carefully noted. The information can then be researched and further advice sought from the Privacy Officer or authorisation sought from the individual whose personal information is being requested.

6.3.2 Requests for Addresses or Other Means of Contact

Many requests are from parents, relatives, and friends wanting to get in touch with learners. Addresses and other contact details should NOT be disclosed unless authorised by the individual. Not all such requests are innocent or well-intentioned; some learners have good reason for keeping their contact details private.

General, non-urgent enquiries should be politely declined with a brief explanation that TANZ eCampus policy protects the information requested from casual disclosure.

Specific but non-urgent enquiries from parents, relatives, or friends may be handled by offering to communicate a message asking the learner or staff member to contact the enquirer. This is not compulsory and depends on the circumstances. If the offer is made, the procedure is to carefully note the enquirer’s name, a contact phone number or address, and an indication of when the enquirer can be contacted.

The enquirer should be told that it might not be easy or quick to contact the learner or staff member and that no guarantee of delivery can be given.
The message should then be conveyed to the learner as directly and quickly as possible.

6.3.3 Emergency Messages

Delivery of genuine emergency, ‘life and death’ messages should be arranged as quickly and calmly as possible through a senior member of staff (for example, the Privacy Officer, Director or Manager).

6.3.4 Requests from Parents and Employers for Progress Reports

Parents or employers often seek reports about their child’s or employee’s attendance or progress. Parents and employers have no special right to a child’s or employee’s personal information even if they paid the fees or allowed time off.

In keeping with IPP2 and to reduce administrative work, every effort should be made to persuade parents and children and employers and employees to deal directly with each other. If that is not possible, the learner’s authorisation can be sought either by the parent/employer or by TANZ eCampus. A template is available from the Privacy Officer.

6.3.5 Other Requests from Third Parties

Except for the information referred to in Principle No. 3, above, all other requests should be politely declined or referred to the Privacy Officer.

6.4 Public Display of Student Assessment Results

Learner participation records and marks, assessments, grades, and results are personal information. Care must be taken to communicate them only to the individual concerned unless there is explicit written authority to disclose them to an agent (see below). It is a breach of the Information Privacy Principles if such information is displayed, announced, or published whether on paper or by electronic medium in a format which includes a learner’s name or any other identifier which could reasonably be expected to be ‘readable’ by a third party.

There are circumstances where individual private notification of results would be administratively very demanding and would cause delays which could disadvantage or inconvenience individual learners. In such circumstances, it is permissible to display or announce or publish learners’ marks, assessments, grades, or results publicly providing that:

  • No names or other easily readable/decipherable/identifiable references or codes are used; AND
  • A private learner PIN number or other private code is used (for example, the last six digits of the learner ID number); AND
  • The order of the results is “shuffled” before publication so that they do not appear in what would be alphabetical order.

Such a display, announcement, or publication would meet the requirements of IPP5 and would not breach IPP11. Questions about this limited and controlled exception to our standard procedures should be directed to the Privacy Officer.

6.5 Moderation

In order to meet internal and external academic quality assurance requirements, learner assignments, tests, and examination results may be used for the purposes of:

  • Internal and external moderation
  • Monitoring and audit
  • Programme review
  • Aegrotat decisions
  • Resolution of academic appeals and complaints

Assessment materials used for these purposes will have any information which could reasonably be expected to identify the individual removed before they are copied and used unless the identity of the learner is required for the purpose undertaken.

6.6 Internal and External Audit

From time to time internally and externally appointed auditors select staff appraisal documents, professional development records, learner records or other details for inspection to ensure that TANZ eCampus is meeting the expected standards.

Similarly, Audit New Zealand may need to verify payroll and other financial transactions.

Documents selected will be made available to the Auditors on a confidential basis for the restricted purpose of academic or financial auditing by properly authorised auditors.

6.7 References and Evaluative Opinion

References and similar reports and recommendations (including those related to staff promotion/re-grading) are one form of ‘evaluative opinion’. If the reference or similar report or recommendation has been sought with an explicit or implicit promise that it will be kept confidential, it is protected from disclosure to the individual concerned. This is discretionary, that is, the person who provided the reference can agree to it being disclosed to the individual concerned.

6.8 Police Requests

The Information Privacy Principles apply to requests from the Police and, in some cases, complex issues under the Bill of Rights Act 1990 ss 5, 21, and 22 may be involved.

Most Police requests are answered because one of the exceptions to IPP11 allows non-compliance when an offence is being prevented, detected, investigated, prosecuted, or punished.

TANZ eCampus also cooperates when the Police ask to contact a learner or staff member.

6.9 Agents

A person seeking personal information may appoint an agent to discuss or action a request. The agent must have the written authority of the individual concerned. The authority must be reasonably specific as to the personal information concerned and what rights the agent has been authorised to exercise.

6.10 Compliance

In the event of alleged breaches of this policy please refer to the TANZ eCampus Terms of Service for all users (including Professional responsibilities for staff and student rights and responsibilities). Infringements will be dealt with under this policy.

7 Privacy Officer

7.1 Privacy Officer Details

The Privacy Officer is Jackie Rees, TANZ Academic and Quality Manager

The Privacy Officer should be familiar with the Privacy Act and the contents of this Policy.

The Privacy Officer’s responsibilities include:

  • encouraging compliance with the IPPs
  • dealing with requests made to TANZ under the Privacy Act
  • assisting the Privacy Commissioner in relation to investigations

8 References

8.1 Internal

TANZ eCampus Community Code of Conduct Policy

Authority to Disclose Specified Personal Information – template available from the Privacy Officer

8.2 Exetnal

Privacy Act 1993

 

Last updated : January 2017