Privacy Policy
The following Privacy Policy is provided by Focus Computing Pty Ltd as the owners of the SOBS website and application.
Information we collect
Each application requires different information from the school and/or from the parent or student. Most applications require as a minimum relevant names and email addresses. In some cases a mobile number can be collected in addition to or in place of the email address. Applications like RB and WHS will require the school to supply information relating to the staff. Applications like SAR and DS require the school to supply information about the student and family in addition to the staff list.
The information we collect and store is used only for the purpose required in the application.
As of 2016 we began collecting staff mobile phone numbers, however this is optional. The purpose of storing these numbers is to enable staff to recover their password using an SMS message. There are also a growing number of instances where we are finding it useful to communicate with staff via SMS, for example our 'Finder' function.
Our applications all collect usage information, recording certain actions undertaken by staff, students and parents. This information is recorded on behalf of the school with the sole purpose of providing an historical audit of activity. On occasion authorised staff from the school will require a report on activity in regard to a staff member, student or parent.
Information sharing
- No information is provided to any other organisation unless the company is legally bound to do so, as may be required by an authorised government agency
- The information we collect is for use within the relevant applications only. We will not send you any unsolicited communication
- All staff and contractors of Focus Computing Pty Ltd agree to operate according to this privacy policy
- All care is taken to ensure information is protected using standard security practices and policies. In addition we employ a multi-faceted security strategy that protects your information at many different levels.
What we hold on you
If you have any question as to the information we hold on yourself, you can request this by phone. You will be required to authenticate yourself, either by password or by answering security questions. Call our office number (refer to the contact page) during normal office hours to initiate your request.
Complaints
If you have any questions or complaints about our privacy policy or how this is administered within our applications, please send us an email outlining the questions or complaints that you have, and send this to the support email address on our contact page.
If you are not satisfied with our response you can address your concerns to the ACSC (https://www.acsc.gov.au/)
Data Breach Response Plan
Introduction
A data breach occurs when there is an unauthorised access to, or disclosure of, personal information held by Focus Computing, or information is obtained via unauthorised access.
The consequences of a data breach can result in serious harm to any of the individuals to whom the information relates, and may leave Focus Computing in breach of its obligations under the Privacy Act.
Focus Computing is responsible for ensuring that all reasonable steps are taken to protect personal information in accordance with the Australian Privacy Protection Principles. This includes protecting personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.
The Notifiable Data Breaches (NDB) scheme in the Privacy Act requires Focus Computing to notify any people impacted by a data breach, where that data breach may result in serious harm. As such Focus Computing will make reasonable efforts to contact those peeople affected with information about the breach, details about the information that may have been compromised, and how they might be impacted.
Our process
Our first priority is to contain the breach, to stop the loss of any additional information.
Our second priority is to assess how much information has been lost and measure the seriousness of that loss. We also need a list of people impacted by the breach.
Thirdly we will then weigh our responsibility to notify individuals and organisations (reporting obligations under state, federal or other obligations) of the breach, along with any notification sent to the Office of the Australian Information Commissioner (OAIC).
Lastly our security team will assess how the breach happened and whether there are additional security measures to be implemented, or updates to our operational procedures required. These will be implemented in a timely manner.