Last updated: 05/09/2024

Policy statement

Our culture

Implementation date: 05/09/2024
Reference number: PD-2024-0485-02-V01.0.0
Publicly available: Yes
Policy cluster: People

Change of personal information procedures

Direction and guidance on updating employee personal information while maintaining privacy and confidentiality. These procedures are in accordance with the Privacy Act 1988, Privacy and Personal Information Protection Act 1998 and Government Information (Public Access) Act 2009.

Audience

All department employees and contractors who want to change their personal information.

Changes since previous update

Version	Date	Description of changes	Approved by
V01.0.0	05/09/2024	Under the 2023 Policy and procedure review program, new policy document consolidating existing instructions and improving clarity and readability.	Chief People Officer
		Ongoing union consultation is occurring and amendments may be made from time to time.

About the policy

Under the Our culture policy, the department is committed to creating open, supportive and inclusive workplaces where our people are safe, respected, included, valued and inspired to bring their whole selves to work by ensuring department policies are inclusive of staff of all ages, genders and cultures, veterans, refugees, carers, people of faith, people with disability, LGBTQIA+ people, as well as their families, where relevant.

Definitions

Term	Definition
Gender	Part of a person’s personal, cultural, and social identity. Sometimes also termed ‘gender identity’, gender refers to the individual’s concept of self as male, female, a blend of both or neither. Gender relates to how individuals understand and describe themselves, as well as how they are recognised within the community.
Health information	Personal information about an individual's physical or mental health or disability or the provision of health services to an individual.
Personal information	Information or an opinion about an individual whose identity is apparent or can be ascertained from the information or opinion.

Roles and responsibilities

Employees:

maintain accurate personal information
notify the department of any changes to personal information.

Contractors:

maintain accurate personal information
notify the department of any changes to personal information
contact their agency or recruiter to change their personal information and follow the relevant process outlined in this procedure.

EDConnect:

provide advice and support to employees making online system changes through ESS, SAP ESS
process employee name and gender change requests and update their department User ID and email to reflect their new name
update the employee’s legal name and/or gender across all relevant department systems and databases
retain all documentation relating to the request in accordance with record management processes
maintain the privacy and confidentiality of employees’ personal information.

Business units:

establish procedures for handling change requests for employee information
review informal requests made by employees to change personal and/or health information that is handled and controlled by the unit
determine if it is appropriate to change employee information, ensuring that it is not incorrect, misleading or out of date
notify employees of informal request outcomes if practical
retain documentation relating to the request in accordance with record management processes
maintain the privacy and confidentiality of employees’ personal information that is handled and controlled by the unit.

Legal services:

review formal requests made by employees to change personal and/or health information
determine if it is appropriate to change employee information, ensuring that it is not incorrect, misleading or out of date
notify employees of formal request outcomes if practical
take reasonable steps to make changes or to attach a statement of the change to the information
retain documentation relating to the request in accordance with record management processes
maintain the privacy and confidentiality of employees’ personal information.

The department:

handles employee personal details in accordance with Information Protection Principles and Health Privacy Principles set out in the Privacy and Personal Information Protection Act 1998 (PPIPA), Health Records and Information Privacy Act 2002 (HRIPA), and the department’s Privacy Code of Practice
maintains the privacy and confidentiality of employees’ personal information.

What needs to be done

The department collects personal information in the administration and provision of its education services.

Reasonable steps are taken to ensure that personal and health information collected from employees is not unreasonably intrusive or excessive and is directly related to the department’s functions and activities.

Employee information held by the department

Employee information held by the department may include:

personal details such as address, phone number, emergency contact details, tax file number, superannuation records and bank details
records of race, sex, gender, marital status, and impairment of employees for equal employment opportunity purposes
medical assessments, certificates, reports
attendance, pay and leave records
recruitment, promotion, appeals, transfer records
screening and qualification records such as the outcome of criminal record checks and Working with Children Checks
service and administrative records
stored electronic messages
performance and disciplinary records
NSW Education Standards Authority (NESA) accreditation details
training, apprenticeship, and study records
work health and safety and workers’ compensation records.

1. Update personal details

Updating personal details will change how names and email addresses are displayed in Outlook, Teams, and communications channels.

Employees can change some personal information through the department’s online systems.

Refer to Add, update or delete your personal details – QRG (staff only) for further information.

How to update personal details from the staff portal

From the Staff portal (staff only), either:

log on to employee self-service (ESS)
- select ‘My details’
- under ‘Staff directory details’ select ‘Change Your DDS Entry’
- log in to update: preferred name, title, phone number, street address, and more.
log on to SAP ESS
- under Employee self service select ‘Personal information’
- click on ‘Personal profile’
- depending on Security Info, the employee may receive a text or call containing a code to enter in the screen provided
- select the pen icon to edit the relevant field
- update preferred email address, title, emergency contact, date of birth, and more.

2. Change personal details in online systems for official purposes

Employees must ensure personal details used by the department for official purposes are correct.

2.1 Change personal details

To change the information the department uses for official purposes, employees must provide evidence of a legal change:

1. Contact EDConnect – either call 1300 32 32 32 or log an online query.

2. Provide supporting documents (refer to the list of accepted supporting documents below).

3. On completion, EDConnect contacts the employee to update their department User ID and email to reflect their new name, if desired.

4. The department updates the employee’s legal name and/or gender across all relevant department systems and databases, including external agencies and third-party providers, where appropriate.

Accepted supporting documents

Accepted supporting documents include:

change of name certificate issued by an Australian Registry of Births, Deaths and Marriages such as NSW Registry of Births, Deaths and Marriages
recognised details certificate that states gender, issued by an Australian Registry of Births, Deaths and Marriages
marriage certificate issued by the NSW Registry of Births, Deaths and Marriages. If an employee was married in another state or country, a marriage certificate from a celebrant or church is acceptable. Commemorative certificates are not acceptable
birth certificate issued by an Australian Registry of Births, Deaths and Marriages showing gender or name at birth and new name
Australian passport showing updated gender or name at birth and new name
divorce document showing a change of name
deed poll registered with the NSW Registry of Births, Deaths and Marriages or equivalent relevant authority
driver’s licence showing the updated name
instrument evidencing change of name form that has been registered in the NSW Land Titles Office.

2.2 Support for gender affirmation

The department is committed to supporting trans and gender diverse employees. Employees affirming their gender may wish to use the Gender affirmation procedure to plan their journey.

3. Request an informal change to personal details not accessible online

An employee may submit an informal request to change personal details that the department holds which are not accessible online, such as an employee’s personal and health information.

Employees can make an informal request to change information directly to the business unit holding the personal and/or health information.

An informal request should be made in writing and include:

the name of the person requesting the change
a statement that the request is made under the PPIPA and/or HRIPA to change personal and/or health information
the information to be changed
the document(s) where the information is recorded
evidence to support the change.

When making an informal request, employees may use the department’s Application for amendment (PDF 107 KB) form.

3.1 Managing informal requests

The business unit or school must complete informal requests within 28 days of receiving the request.

The business unit or school must:

have procedures that clearly identify the personal and health information held and how a person can request a change
consider whether it is appropriate and practical to make the change requested
take reasonable steps to make a change or, if not appropriate and practical, attach a statement of the change sought to the information
consider, if practical, whether to notify the employee of the change.

3.2 Making a decision

The head of the business unit or the principal must be satisfied that the personal and/or health information to be changed is accurate, complete and not misleading. The employee is obliged to provide evidence to support the request.

The head of the business unit or the principal must determine:

if the request involves personal and/or health information that is incorrect, misleading or out of date
if the personal and/or health information is being used for the intended purpose
if the evidence provided supports the need to change the personal and/or health information
the need to maintain the integrity of the document detailing the information and department action, reasoning or decision-making
if the information may be required in future external investigations or has been subject to internal or external review
whether changing the information is an attempt to change decision-making processes relating to the employee
if the employee will be adversely impacted if the change is denied.

If an informal request is denied, employees can make a formal request in writing to the department.

3.3 Support information

Refer to the department’s Privacy standards for further information on the collection, access, use and disclosure of personal and health information.

4. Request a formal change to personal details

Employees can formally request to change their personal and health information if an informal request has been denied.

Employees may use the department’s Application for amendment (PDF 107 KB) form.

A formal request must be made in writing to Legal Services at legal.privacy@det.nsw.edu.au and include the information outlined below.

What to include in a formal request

Include the following information in the written request to Legal Services:

the name of the requestor
the name of the person whose information is the subject of the request
proof of identity or authority where the requestor is not the person whose information is the subject of the request
a statement that the request is made under the Privacy and Personal Information Protection Act 1998 and/or Health Records and Information Privacy Act 2002
a description of the information to be changed and the change sought
reference to records containing the information to be changed, if necessary
reason/s for the change
evidence to support the change.

If an employee cannot understand the nature and effect of the privacy legislation, or is unable to communicate their intentions, a request may be made on the employee’s behalf by:

an authorised representative
carer
legal guardian or a person legally authorised to represent the best interests of the employee.

Legal services must review formal requests for changes and ensure that employees are provided with written notification of decisions including:

if the change is accepted, a record of the precise changes made and the identity of other people who have been notified of the changes, or an explanation if it was not feasible to notify those people
if the change is denied, a reason for the decision, and notification of the right to have a statement attached to the information
information on the availability of an internal review process if the employee is dissatisfied with the handling of their request.

5. Deny a request

The department may deny processing an informal or formal request in part, or in whole, if there is an exemption under the Privacy and Personal Information Protection Act 1998 and/or Health Records and Information Privacy Act 2002 that restricts the change.

The department does not need to alter personal information if:

the information is required to preserve the confidentiality of counsellor records – for example, if an individual has been mentioned during another person’s counselling session
it is required to keep confidential the information provided by staff or students about another student when it is considered necessary to promote and maintain a safe and disciplined learning environment
it might adversely affect or prevent the department from handling complaints or investigative functions.

6. Review the internal process

If an employee is dissatisfied with how the department has handled their personal or health information, they can request an internal review of such conduct.

The employee must use the Privacy Internal Review Application Form (DOCX 57 KB) and once completed, email it to Legal Services at legal.privacy@det.nsw.edu.au.

Record-keeping requirements

Record	Classification	Disposal action
Records summarising the employment or service history of personnel. Includes name and date of birth.	GA28 15.4.1 Employment Service History	Required as State archives

Mandatory tools and templates

Employee Self Service (staff only).
SAP ESS (staff only).
Privacy internal review application form (DOXC 57 KB) (staff only).

Supporting tools, resources and related information

Supporting tools and resources

Related information

Policy contact

Contact

Manager, Policy, and Compliance
hrpolicy@det.nsw.edu.au

Monitoring the policy

The Executive Director HR Operations monitors the implementation of this procedure, regularly reviews its contents to ensure relevance and accuracy, and updates it as needed.