© 2017 Sebastian De Brennan. Barrister at Law

Please reload

CONFIDENTIALITY AND PRIVACY IN EDUCATION

November 27, 2017

CONFIDENTIALITY AND PRIVACY IN EDUCATION

 

Disclaimer: This article is intended to provide a summary and general overview only. It is not intended to be, nor does it constitute, legal advice. You should seek legal advice from a barrister or solicitor working in the area of confidentiality and privacy in educational settings before acting or relying on any of its content.

 

Issues of confidentiality and privacy can arise in various circumstances within a school setting. These include:

  • Access to incident reports for claims of damages;

  • The privacy of personal and health information; and

  • The duty of confidentiality between school counsellors and their clients.

These will each be discussed with reference to case examples and the legislative framework.

 

Confidentiality of Incident Reports

 

State of New South Wales v Jackson [2007] NSWCA 279

 

This case concerned the question of whether the Department of Education and Communities (DEC), now the Department of Education, could claim client legal privilege over subpoenaed witness statements that were obtained following a trampoline accident during a high school PDHPE class. The court had to consider whether these statements were ‘confidential documents’ within the meaning of section 117 of the Evidence Act 1995 (NSW).

 

Client legal privilege arises under either sections 118 or 119 of the Act, depending on whether the communications or documents were for the ‘dominant purpose’ of legal advice or litigation. The documents could only be “confidential” if there was an express or implied obligation not to disclose their contents.

 

The court found that the statements were not subject to privilege as there was no obligation not to disclose their contents. This was based on the following:

  • The statements were made on plain paper and they did not include any reference to confidentiality. Further, whilst restrictions on giving copies of statements to third parties in the Department’s policy document indicated an intention to confine disclosure, this was found to be an ‘uncommunicated internal resolve’ and not an obligation owed to the makers of the statements.[1]

  • Nor did an implied unspoken ethical, moral or social obligation[2] not to disclose the documents arise.

Privacy of Personal Information

 

XW v Department of Education and Training [2010] NSW ADT 73

 

This matter concerned the security safeguards in place at a school operated by the Department of Education and Training (the Department), now the Department of Education, against loss or unauthorised access to personal information of a student. It was alleged that the Department had contravened s 12(c) of the Privacy and Personal Information Protection Act 1998 (NSW) and a Retention and Security Health Privacy Principle[3] under Schedule 1 of the Health Records and Information Privacy Act 2002 (NSW) due to a number of missing school files. These included copies of medical reports supplied by the applicant’s doctor and speech pathologist, school counsellor notes, and correspondence with the Board of Studies relating to examination provisions. An initial report by the Department of Education regarding the missing documents concluded that this was likely the ‘result of a number of unauthorised access incidents’.[4]

 

The applicant submitted that staff and student access to keys and security access codes were identified as an issue at the School, and that no reasonable steps were taken to prevent continued unauthorised access. The respondent countered that following each incident, security arrangements were tightened and reviewed, including locked filing cabinets for student files and restriction of key access.

 

Section 12(c) provides obligations for public sector agencies holding personal information to ensure that the information is protected, by taking security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against other misuse.

 

Pearson JM noted that this requires an objective evaluation of:

  • The reasonableness of security safeguards;

  • A consideration of the nature of the information’s sensitivity; and

  • Consequences of loss, unauthorised access, use, or disclosure.[5]

The Court measured the reasonableness of security safeguards against the resources needed to maintain and upgrade security arrangements. It was acknowledged that school resources are not unlimited. Ultimately, however, it was concluded that the steps taken by the School were inadequate and not timely in response to repeated incidents of unauthorised access to computer systems and the office of the School Counsellor. Further, additional steps to ensure security of the Counsellor‘s office beyond changing door locks was needed given the sensitivity of the documents it stored. 

 

Duty of Confidentiality – the School Counsellor

 

There is a duty of confidentiality at common law due to the nature of the relationship between counsellor and student. Where there is a breach, an action for breach of confidence may be brought against the counsellor. However, conflicting instances such as a suspicion of child abuse may override this duty and provide for mandatory reporting without any breach occurring.

 

Child Abuse

 

The Children and Young Persons (Care and Protection) Act 1998 (NSW) requires mandatory reporting of child abuse to Community Services for those who, in the course of their employment, deliver welfare, health care, children’s or residential services, or education to children.[6] This is enlivened where a person suspects, based on reasonable grounds that a child is at risk of significant harm, which were made apparent during the course of that person’s work.

 

Privacy

 

There is also a related privacy framework. The Privacy Act 1998 (Cth) applies to private sector organisations and individuals that provide counselling services and prescribes against any practices which go against the Australian Privacy Principles (Schedule 1). These regulate the collection, storage, use and disclosure of information. Further, the NSW Department of Education and Communities has a Privacy Code of Practice that Counsellor’s must follow.

By Sebastian De Brennan, Barrister, s.debrennan@humanrightslaw.com.au

 

[1] State of NSW v Jackson [2007] NSWCA 279, [50].

[2] See, eg, Carnell v Mann (1998) 89 FCR 247, 258.

[3] Section 5 (1)(c).

[4] XW v Department of Education and Training [2009] NSW ADT 73, [7].

[5] XW v Department of Education and Training [2009] NSW ADT 73, [67].

[6] Section 27.

 

Share on Facebook
Share on Twitter
Please reload

Please reload

Please reload