Confidential Information Policy

1.         Purpose and Rationale

While Tongan culture is deeply communal, professional ethics and international standards (such as NESA and FWCT Education guidelines) require that a student’s personal, academic, and medical data be protected.

  • Theological Basis: Protecting a student’s information is an act of stewardship and Fatongia (duty), ensuring we do not cause shame or harm to the individual or their family.
  • Objective: To ensure that sensitive information is only accessible to those with a “Need-to-Know” to support the student’s welfare.

2.         Definition of Confidential Information

Confidential information at Tupou College includes, but is not limited to:

  • Student Records: Grades, Assessment marks, and behavioral logs (Incidents).
  • Medical Data: Allergies, medications, and mental health notes held by the College Nurse or Chaplain.
  • Financial Data: Guardian fee status and scholarship details.
  • Boarding Data: “Poaki” (leave) records and House Master observations.

3.         Policy Statements

  • Need-to-Know Access: Information is not “public property.” Only staff directly responsible for a student’s care (e.g. his specific Teacher, House Master, or the Principal) may access his full file.
  • Professional Discretion: Staff must not discuss student “Incidents” or grades in public spaces (e.g. the College Hall or local village gatherings).
  • Digital First: To prevent unauthorized paper-trail access, all sensitive records must be migrated to the TCT-MIS and HRM secure portals.

4.         Operating Procedures

4.1         Storage and Security

  • Digital Records: All academic and behavioral data must be stored in the College server. Passwords must not be shared.  
  • Physical Records: Any paper files (e.g. old medical forms) must be kept in a locked cabinet in the Principal’s or Deputy’s office.
  • The “Clean Desk” Rule: Staff must not leave student mark books or incident reports unattended on desks in the staff room.

4.2         Information Sharing & Consent

  • With Guardians: Information regarding a student’s welfare is shared via the official online platform or timestamped SMS/Email. Staff should not use personal social media to message parents about sensitive school matters.
  • Internal Briefings: During the “Staff Workshop” or weekly briefings, sensitive student issues (e.g. a death in the family or a serious disciplinary matter) should be discussed in closed sessions, not during general assembly.
  • External Requests: Information requested by the Police or the FWCT Education Office must be routed through the Principal’s office.

4.3         Handling Breaches

  • If a staff member or Prefect accidentally or intentionally leaks confidential student information (e.g. posting a student’s grade or a disciplinary photo on Facebook), it must be reported as a Professional Conduct Incident.
  • The Deputy Admin will investigate the breach, and disciplinary action will be taken according to the Staff Code of Conduct.

5.         Implementation & Training (PD)

To address the lack of awareness regarding privacy rights, the following training is mandated for Term 2 2026:

ActivityFocus AreaAudience
Privacy Awareness WorkshopUnderstanding the “Right to Privacy” vs. “Communal Knowledge.”All Staff & Prefects
MIS Security TrainingManaging passwords and role-based access in the TCT-MIS.All Staff
The “Toloa Man” Dignity ProjectTeaching students their rights regarding their own data and photos.Students

6.         Monitoring and Review

This policy will be reviewed annually by the College Admin Division. The effectiveness of the policy will be measured by the reduction of “Unauthorized Information Leaks” and the successful retrieval of secure data during the annual Education Office Audit.

Scroll to Top