Privacy and Information Policy

Policy:                 Privacy and Information Policy

Writer:                 Principal

Reviewed:           December 2020



The Board of Trustees of Northcote College is required to comply with the Privacy Act 2020 and the Official Information Act 1982 in all aspects for employees, and in its role as the body with the overall responsibility for the running of the school.



The purpose of this policy is to promote individual privacy regarding:

  1. Collection, use and disclosure of information relating to individuals.
  2. Access by each individual to information relating to that individual held by the school.

In complying with the provisions of the Privacy Act 2020, the Board will appoint at least one Privacy Officer.

The Privacy Officer’s duties are to:

  • Encourage compliance with the privacy principles.
  • Deal with access and correction requests.
  • Notify the Privacy Commissioner and the affected individual as soon as practicable after becoming aware of a privacy breach that poses a risk of serious harm.
  • Assist the Privacy Commissioner in relation to investigations of complaints.
  • Ensure compliance with the Act
  • Inform the Principal and Board of Trustees immediately on notification of a privacy breach.



  • Personal information (as defined in both the Official Information Act and the Privacy Act) is any information held about an identifiable individual or person.
  • Personal Information that could be requested:
  • Address
  • Telephone Number
  • Family Status or Marital Status
  • Residence Status
  • Reports
  • Individual academic results (privy only to that student, the designated guardian or educational institution with consent from the student and/or guardian)
  • Personal details such as age, ethnicity, medical condition or medical history, psychological or Special Education reports, behavioural, discipline and attendance records.

Any information held by the College which was collected or developed by the College. This does not include information held by the College on behalf of other government departments or organisations such as Special Education or Ministry of Education etc. In these cases, the request must be referred to the other organisation.


Privacy Guidelines & Procedures

  • Purpose and Collection of Personal Information
    Only information that is necessary for the lawful operation of the secondary school will be collected from employees and students.
  • Employment Applications & References (Employees)
    The Board would expect all applicants to give their permission to the school to contact referees by phone or through a written report or both. Such permission will be sought through the application process. Information received remains confidential and will be destroyed if the applicant is not appointed to a position at Northcote College.
  • Collecting Personal Information
    It must be made clear on application forms and enrolment forms that personal information is being collected, why it is being collected, who will receive it and hold it and the access rights of the caregiver/employee.

The Student Records Administrator will confirm the accuracy of requested changes to personal student information by contacting the legal guardian/caregiver as appropriate.

  • Storage of Personal Information (Employees)

For the duration of employment at the school, employees’ personal information is to be stored in the locked file room in the Main Office. Key information will also be kept on the employee database and EEO Register. On cessation of employment at the school the employee file may be archived for historical reference.

  • Storage of Personal Information (Students)

On enrolment students will be issued with a unique numeric identifier relating to their period of enrolment at Northcote College. This identifier is generated by the SMS (Student Management System). Physical files will be stored in the locked file room in the Main Office and may be archived for historical reference. Digital files will be held for at least 7 years after the student leaves Northcote College.

  • Access to Personal Information (Employees)
    Employees or former employees are entitled to access all personal information held on their files other than evaluative material as defined by the act (Evaluative material would include confidential referees’ reports). Access within the school to existing employees is restricted to: The Principal, the Principal’s Assistant (who are bound by confidentiality), the Privacy Officer and the Records Administrator as well as the employee in question. Employees files will not be removed from the Main Office unless by the Principal or his/her assistant.
  • Access to Personal Information (Students)

Students and caregivers or former students are able to access all personal information held on the student files other than evaluative material which may include Teacher, Dean or Senior Management notes. Access to student files is restricted to Senior Leaders, Deans, Counsellors, HOD Learning Support and Nurse, along with the Principal’s Assistant and Student records personnel (who are all bound by confidentiality).

A student aged 16 years or older may request restricted access to their own file through the Privacy Officer.

Student files will not leave the school office without being signed out by the authorised staff member. Student files will be retained for at least 7 years and may be archived for historical reference.

In the case of students whose information is subject to legal access constraints this will be flagged using an alert system within the school SMS (Student Management System)

  • Health and Wellbeing Information

Confidential notes relating to physical and emotional health and wellbeing will be retained and stored securely by the Nurse/Guidance Team as appropriate. This information will only be shared with appropriate staff, agencies or health professionals for reasons of safety. (Refer Northcote College Enrolment Privacy Information)

  • Personal Images (Students)

On enrolment caregivers may direct that images of their child and their child’s work are not to be shared within school publications online and/or on social media. This restriction will be flagged in the Student Management System (SMS).

  • Retention of Personal Information
    For employees, personal information may be archived for historic reference.

For students, personal information will be held for at least 7 years after the student leaves the school, in electronic form and may be archived for historic reference; including personal details, reports and the testimonial.

  • Privacy Breach
  • In the event of a breach of privacy the school will inform the persons affected including employee(s), student(s) and caregivers as well as the Principal, the Board of Trustees and in cases where serious harm is possible, the Privacy


Child Protection Policy      Treaty of Waitangi      Formal Complaints