Guidelines on privacy

The Centre for Mental Health Research (CMHR) respects the privacy of its research participants, friends and benefactors, personnel, and all others associated with CMHR. We are guided by Australian laws, guidelines, policies and procedures in protecting privacy.

Through its work on mental health, CMHR is committed to humanitarian goals. Among these is promoting human dignity. This includes protecting individuals’ dignity in all the research we conduct and in the way CMHR personnel relate to each other. Respecting people’s privacy is part of protecting their dignity.

From a legal perspective, The Australian National University is a Commonwealth agency for the purposes of the Commonwealth Privacy Act 1988, (the Privacy Act). This means that ANU, including CMHR, is subject to, and must comply with, the provisions of the Privacy Act.

Joint National Health and Medical Research Council and Australian Vice-Chancellor’s Committee guidelines on research practice in 1997 recommended that institutions develop clearly formulated policies on all aspects of information privacy. ANU has a privacy policy - Statement on the collection, use and control of personal information - that applies to the activities undertaken by CMHR. These guidelines have been developed to assist staff and students understand how to implement the privacy policy and to understand their obligations with respect to the Privacy Act.

In the course of carrying out research-related activities and managing personnel matters, information about research participants and personnel is disclosed to CMHR. This information is private, must be held confidential and may only be used to the extent prescribed by relevant legislation, policies and guidelines.

In relation to privacy, the fundamental legislation is the Commonwealth Privacy Act. This Act embodies information privacy principles that apply to collectors of personal information. The principles apply to information gathered in research projects, information gathered about CMHR staff and students as well as information gathered in the course of promoting CMHR. They regulate the way government agencies, including ANU, go about the process of collection, storage, use and disclosure of information about individuals.

The term ‘personal information’ is defined in the Privacy Act. It is "information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion".

This means that the Privacy Act is concerned with information that can, or could, identify an individual. Importantly the definition of personal information makes no distinction as to the source of the information or the forms in which it is held. This means that information can be personal information whether it is provided by an individual in a research program, or generated in the course of a research program, or information about staff members held by CMHR. Further, the protection afforded by the Act applies to personal information whether it is in paper or electronic form.

The Privacy Act requires Commonwealth agencies to take certain measures when collecting, using and controlling personal information.

  • CMHR must only collect or generate information that is directly related to the functions and activities of CMHR, and the information must be collected in a lawful and fair manner.
  • CMHR must explain to the people who we collect personal information from what is being collected, how it is to be used and by whom.
  • CMHR must take every reasonable step to ensure the security of personal information. CMHR is obliged to ensure that personal information we hold is ‘protected by such security safeguards as it is reasonable in the circumstances to take against loss, against unauthorized access, use, modification or disclosure, and against other misuse’ (IPP 4).
  • Subject to certain exemptions from disclosure that are set out in the Privacy Act, CMHR must allow individuals to have access to the personal information held about them. This means that, in most cases, employees and students are entitled to view information held at CMHR about themselves. Advice should be sought from the Legal Office before releasing information if you have any doubt about what can and cannot be released.
  • CMHR must only use personal information for the purposes for which it was collected. In relation to research this means that the personal information collected can only be used for the specific, stated purpose of the project. In relation to CMHR personnel this means that information provided by staff and students in the course of their professional association with CMHR can only be used in relation to their employment or study at ANU and not for any other purpose.

CMHR must not release outside ANU the personal information held unless provided for by law or with the consent of the individual to whom the information relates.

Updated:  20 September 2017/Responsible Officer:  Director, CMHR/Page Contact:  Web Admin, CMHR