Macquarie is committed to protecting your privacy

Macquarie University is about discovery, learning and participation in a borderless world. We are a dynamic, flexible and engaged university committed to excellence in research, teaching and global citizenship.

In undertaking its learning and teaching, research, and community engagement functions, the University collects, stores, and uses a broad range of personal and health information relating to students (including prospective, current and alumni), staff, patients and others who interact with it.

The University is required to comply with the Privacy and Personal Information Protection Act 1998 (NSW) (PPIPA) and Health Records and Information Privacy Act 2002 (NSW) (HRIPA) in respect of personal and health information which it collects and uses. The University aligns its practices and activities with the Information Protection Principles (IPPs), and the Health Privacy Principles (HPPs) contained in those Acts.

The University’s Privacy Management Plan provides more information on how the University implements its obligations under the PPIPA and HRIPA, and how these Acts apply to the University’s operations.

Controlled entities of the University that are considered “organisations” under the Commonwealth Privacy Act must comply with the following privacy acts:

The University’s controlled entities must have a separate privacy policy that explains the types of personal and/or health information that it collects and holds, how it does so and the purposes for that collection, to whom it discloses that information, how your information can be accessed or corrected, how you can make a privacy complaint and how that will be actioned, whether your information is likely to be sent overseas and to which countries if applicable.

The following controlled entities have their own privacy policy:

The Commonwealth Privacy Act contemplates that an entity may have duties under both Commonwealth and State privacy legislation such as a controlled entity of the University. To the extent there are inconsistencies between the Commonwealth Privacy Act and the NSW privacy acts for controlled entities, the Commonwealth Privacy Act will prevail.

At a minimum staff should familiarise themselves with the top ten tips for privacy management.

The following should be considered to ensure the University protects personal and health information.



Further information


  • Is the information I am collecting personal information or health information?
  • Do I need to collect this information?
  • Who am I collecting from?
  • What is it going to be used for and is it a lawful use?
  • Is this information being used for research?
  • Do I need consent to collect this information and if so what details do I have to provide when I collect it?
  • Privacy Management Plan — Definitions of information.
  • Privacy Management Plan — Collection.
  • Research considerations.
  • Consent form toolbox.


  • Where is the information going to be stored?
  • How long will the information be stored for?
  • Who will have access to it?
  • What measures are in place to prevent it from getting in the wrong hands?


  • How can an individual access their own information once it has been collected?
  • How do I ensure any changes in the information are correctly reflected?
  • Have I put in any measures to ensure an individual can access and correct their information if necessary?


  • How do I ensure the information is accurate and up to date?
  • Is the information still relevant and fit for purpose?
  • Am I using this information in a way that was not for the expected use?
  • Privacy Management Plan — Use


  • Who can I disclose this information to once it is collected?
  • Have I obtained consent to disclose this information?
  • Do I need to make the individual aware that this information will be disclosed elsewhere?
  • What do I do if the information has been disclosed inappropriately?
  • Privacy Management Plan — Disclosure
  • Consent form toolbox
  • Complaints guidance (link to below section)
  • Data Breach Response Plan

Need more assistance? Contact the Privacy Officer at

Under the PPIPA and HRIPA an agency must allow access to personal and health information without excessive delay or expense. Follow the instructions in the following link to access your personal or health information.

To make an informal application, contact the Macquarie University Faculty or Office which holds the information you seek, guidance on which has been provided below.

  • For transcripts, confirmation of studies etc please contact Service Connect.
  • For employment confirmation, access to employee files etc please contact HR.
  • The University may release information such as confirmation of studies, confirmation of employment etc, with consent, to authorities such as insurance companies, prospective employers, and government bodies. For standard information releases please complete the following Information Access Request Form.
  • For all other information requests, including law enforcement, please contact the Privacy Officer at

Update your information

Students can update their information collected as part of the admission and enrolment process via eStudent, or by contacting AskMQ.

Staff can contact HR to correct or update some of their information in Workday.

Macquarie University patients can contact the University Hospital’s Health Information Services. University Clinic patients should contact the relevant clinic directly.

If any other changes are required a request can be made through the Change My Personal Information Request form.

The University is committed to protecting the privacy of personal and health information in accordance with privacy legislation.

Where an individual has a privacy complaint or concern, they may:

Contact us

Privacy Officer

Macquarie University
Sydney NSW 2109
T: +61 (2) 9850 7218

The Right to Information Officer

Macquarie University
Sydney NSW 2109
T: +61 (2) 9850 7362
More about the right to information

Page owner

E: Privacy