This policy will provide guidelines:

  • for the collection, storage, use, disclosure and disposal of personal information, including photos, videos and health information at Melbourne Montessori School
  • to ensure compliance with privacy legislation.



Melbourne Montessori School is committed to:

  • responsible and secure collection and handling of personal information
  • protecting the privacy of each individual’s personal information
  • ensuring individuals are fully informed regarding the collection, storage, use, disclosure and disposal of their personal information, and their access to that information.











Early childhood Schools are obligated by law, School agreements and licensing requirements to comply with the privacy and health records legislation when collecting personal and health information about individuals.

The Health Records Act 2001 (Part 1, 7.1) and the Information Privacy Act 2000 (Part 1, 6.1) include a clause that overrides the requirements of these Acts if they conflict with other Acts or Regulations already in place. For example, if there is a requirement under the Education and Care Schools National Law Act 2010 or the Education and Care Schools National Regulations 2011 that is inconsistent with the requirements of the privacy legislation, Schools are required to abide by the Education and Care Schools National Law Act 2010 and the Education and Care Schools National Regulations 2011.

Legislation and standards

Relevant legislation and standards include but are not limited to:

  • Australian Privacy Principles (APPs), March 2014
  • Education and Care Schools National Law Act 2010
  • Education and Care Schools National Regulations 2011: Regulations 181, 183
  • Freedom of Information Act 1982
  • Health Records Act 2001 (Vic)
  • Information Privacy Act 2000 (Vic)
  • National Quality Standard, Quality Area 7: Leadership and School Management

– Standard 7.3: Administrative systems enable the effective management of a quality School

  • Privacy Amendment (Enhancing Privacy Protection) Act 2012(Cth)
  • Privacy Act 1988 (Cth)
  • Public Records Act 1973 (Vic)



The terms defined in this section relate specifically to this policy.

Freedom of Information Act 1982: Legislation regarding access and correction of information requests.

Health information: Any information or an opinion about the physical, mental or psychological health or ability (at any time) of an individual.

Health Records Act 2001: State legislation that regulates the management and privacy of health information handled by public and private sector bodies in Victoria.

Information Privacy Act 2000: State legislation that protects personal information held by Victorian Government agencies, statutory bodies, local councils and some organisations, such as early childhood Schools contracted to provide Schools for government.

Personal information: Recorded information (including images) or opinion, whether true or not, about a living individual whose identity can reasonably be ascertained.

Privacy Act 1988: Commonwealth legislation that operates alongside state or territory Acts and makes provision for the collection, holding, use, correction, disclosure or transfer of personal information.

Privacy breach: An act or practice that interferes with the privacy of an individual by being contrary to, or inconsistent with, one or more of the information Privacy Principles (refer to Attachment 2: Privacy principles in action) or any relevant code of practice.

Public Records Act 1973 (Vic): Legislation regarding the management of public sector documents.

Sensitive information: Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political party, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preference or practices, or criminal record. This is also considered to be personal information.

Unique identifier: A symbol or code (usually a number) assigned by an organisation to an individual to distinctively identify that individual while reducing privacy concerns by avoiding use of the person’s name.



A. The Principal is nominated as the Privacy Officer of Melbourne Montessori School

B. The Principal and Business Manager are responsible for:

  • ensuring all records and documents are maintained and stored in accordance with Regulations 181 and 183 of the Education and Care Schools National Regulations 2011
  • ensuring the School complies with the requirements of the Australian Privacy Principles (APPs), March 2014, the Privacy Amendment (Enhancing Privacy Protection) Act 2012(Cth), Privacy Principles as outlined in the Health Records Act 2001, the Information Privacy Act 2000 and, where applicable, the Privacy Act 1988 by developing, reviewing and implementing processes and practices that identify:

− what information is private, including photos, videos and health information

− what information the School collects about individuals, and the source of the information

− why and how the School collects, uses and discloses the information

− who will have access to the information

− how parents/guardians can know what information is stored about them

− how it will be stored after the child is no longer in the School

− how it will be de-identified when disclosed to third parties

− how complaints can be made

− how the School will make any changes to this policy known to the community

− risks in relation to the collection, storage, use, disclosure or disposal of and access to personal and health information collected by the School

  • ensuring parents/guardians know why the information is being collected and how it will be managed
  • providing adequate and appropriate secure storage for personal information collected by the School
  • developing procedures that will protect personal information from unauthorised access
  • ensuring the appropriate use of images of children, including being aware of cultural sensitivities and the need for some images to be treated with special are
  • developing procedures to monitor compliance with the requirements of this policy
  • ensuring all employees and volunteers are provided with a copy of this policy, including the Privacy Statement of the School (refer to Attachment 4)
  • ensuring all parents/guardians are provided with the School’s Privacy Statement (refer to Attachment 4) and all relevant forms
  • informing parents/guardians that a copy of the complete policy is available on request
  • ensuring a copy of this policy, including the Privacy Statement, is prominently displayed at each campus and available on request
  • establishing procedures to be implemented if parents/guardians request that their child’s image is not be taken, published or recorded, or when a child requests that their photo not be taken.

C. The Nominated Supervisors are responsible for:

  • assisting the Principal and Business Manager to implement this policy
  • reading and acknowledging they have read the Privacy and Confidentiality Policy (refer to Attachment 3)
  • providing notice to children and parents/guardians when photos/video recordings are going to be taken at the School
  • ensuring educators and all staff are provided a copy of this policy and that they complete the Letter of acknowledgement and understanding (Attachment 3)
  • obtaining informed and voluntary consent of the parents/guardians of children who will be
  • photographed or videoed.

D. All Other Staff are responsible for:

  • reading and acknowledging they have read the Privacy and Confidentiality Policy (refer toAttachment 3)
  • recording information on children and parents/guardians, which must be kept secure and may be requested and viewed by the child’s parents/guardians and representatives of DEECD during an inspection visit
  • ensuring they are aware of their responsibilities in relation to the collection, storage, use, disclosure and disposal of personal and health information
  • implementing the requirements for the handling of personal and health information, as set out in this policy
  • respecting parents’ choices about their child being photographed or videoed, and children’s choices about being photographed or videoed.

E. Parents/guardians are responsible for:

  • providing accurate information when requested
  • maintaining the privacy of any personal or health information provided to them about other individuals, such as contact details
  • completing all permission forms and returning them to the School in a timely manner
  • being sensitive and respectful to other parents/guardians who do not want their child to be photographed or videoed
  • being sensitive and respectful of the privacy of other children and families in photographs/videos when using and disposing of these photographs/videos.

Volunteers and students, while at the School, are responsible for following this policy and its procedures.

ATTACHMENTS (View All Attachments and Policy)

  • Attachment 1: Additional background information
  • Attachment 2: Australian Privacy Principles in action
  • Attachment 3: Letter of acknowledgment and understanding
  • Attachment 4: Privacy Statement
  • Attachment 5: Permission form for photographs and videos
  • Attachment 6: Special permission notice for publications/media



  • Delivery and Collection of Children Policy
  • Enrolment Policy
  • Excursion and Camp Policy
  • Family media agreement
  • Grievance Policy
  • Mandatory Reporting Policy
  • Responsible online Behaviour Policy
  • Responsible use of IT Policy
  • Student Assessment and Reporting Policy