Personal information is defined as, “Information or an opinion about an individual whose identity is apparent or can be reasonably be ascertained from the information or opinion”.
The University is required by the Privacy and Personal Information Protection Act 1998 (PPIP Act) and by the Health Records and Information Privacy Act 2002 (HRIP Act) to ensure that personal information is kept no longer than necessary and disposed of appropriately.
The risks associated with the unnecessary retention of personal information include reputational damage to the University and the possibility of penalties under the Legislation.
Personal information must always be stored securely and destroyed as soon as allowable.
The UNSW Data Classification Standard provides guidance on assessing and handling personal information.