Overview

• The deputy information commissioner found the university breached two Information Privacy Principles by failing to give adequate notice and by using Wi‑Fi location data for an unauthorised purpose.
• The investigation determined the university combined Wi‑Fi location records with student card photos and CCTV to identify 22 students from the May 2024 Arts West sit‑in.
• The report said approval to use the data was granted in under a day with only superficial privacy consideration, and it criticised the clarity of Wi‑Fi terms, IT policies and privacy statements.
• University officials said the measures were reasonable and proportionate for campus safety, while acknowledging notice shortcomings and pointing to a new surveillance policy and amended data terms.
• Staff email reviews of 10 accounts were found to fall below expected standards, leading to three staff warnings, and misconduct cases for 20 students resulted in 19 reprimands as advocates now mount legal challenges.