To ensure that ETC meets its legislative requirements regarding the receipt, storage, and sharing of information about its clients/students and staff (individuals).
SCOPE OF POLICY
This policy applies to all ETC staff, managers, Board Directors and contractors acting on behalf of ETC.The Privacy Act does not apply to the handling of information that does not relate to individuals e.g. businesses,
The Privacy Act does not apply to the handling of information that does not relate to individuals e.g. businesses, corporations, and companies.
The Privacy Act defines ‘personal information’ as:
‘Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a. whether the information or opinion is true or not; and
b. whether the information or opinion is recorded in a material form or not.’
Information or an opinion about an individual’s racial or ethnic origin, political opinion, membership of a political association, religious beliefs, memberships of professional or trade associations, sexual preferences or practices, criminal record, medical/health information.
1) ETC is committed to respecting the right to privacy and protecting personal information. ETC is bound by the Australian Privacy Principles that underpin the Privacy Act of 1988 (Commonwealth).
2) ETC must also adhere to other applicable legislation, guidelines, and contractual obligations as required and listed in Related Documents and References of this Policy.
3) This policy applies to the management of personal information, how it is captured, stored, used and disclosed and describes the purposes for which it is obtained.
4) This policy is to be used in conjunction with the Australian Privacy Principles and the Australian Privacy Act 1988 (Commonwealth).
Collecting personal information
ETC collects personal information so that we can perform our primary business functions in line with contractual obligations and legislative requirements.
The purposes for collecting information may include activities associated with course enquiries, course enrolment and assessment, confirming identity for funded and unfunded training and assessment, workshop registration, recruitment, payroll information, personnel information for HR purposes, confirming identify to provide secure access to databases and IT systems required to conduct ETC business, jobseeker assistance, supplier payments, client/student success stories, processing client/student feedback and wage payments.
As much as reasonably practical, an individual will be notified at or before the collection of any of personal or sensitive information, the purpose for which the information will be used and with whom it will be shared.
How ETC collects personal information
ETC will collect this information through forms completed and information provided to us by our clients/students and staff such as enrolment forms, business cards, job applications, payroll related forms, assessment evidence, workshop registration details, and forms associated with the delivery and service of any of our current contracts. Information is also collected via on-line applications including Job seeker information via ETC’s “joblab” (hosted by C3); program/event registrations via Register Now and Eventbrite; and opt-in e-mail campaigns via Mail Chimp.
Job seeker data collected via “joblab” is used individually for job seeker support and in collated data format to inform ETC services. ETC ensures that external sites have appropriate privacy protections in place. ETC does not collect cookies from its website or gather other personal information from any social media medium.
Sensitive information may also be collected from individuals as part of the delivery of our services.
Collection of information from third parties
ETC may collect information about individuals from other parties such as (not limited to) the Department of Employment (DoE), NSW Department of Industry, Department of Human Services, Department of Social Services, NSW Department of Ageing, Disability and Home Care, Queensland Department of Education and Training (DET), Australian Apprenticeship Centres (AAC’s), Employers, other jobactive Providers, Disability Employment Service (DES), criminal history checks, and Working with Children checks.
Collection of this information will only occur as is reasonably necessary for one or more of ETC’s functions or activities.
Who ETC discloses personal information to
ETC will only use personal or sensitive information for the purpose/s for which it was gathered. If it is deemed necessary to use this information for any other purpose, the client/student must consent to its use for this purpose. In some instances the individual would reasonably expect that the information would be used for the secondary purpose. This includes but is not limited to information provided by ETC’s Registered Training Organisation (RTO) to the Department of Industry and authorised third parties for the purpose of research, statistical analysis, program evaluation and internal management purposes. Consent will be sought to discuss individual progress and development with an Employer, Supervisor, Workplace Trainer, Employment Service provider and in some cases, other ETC Trainer/Assessors if and when necessary.
Personal information may be disclosed and passed on to the Department of Employment and Department of Social Services and to other persons in relation to providing Services under the jobactive, TtW and Disability Employment Services Deeds. Personal information may be disclosed and passed on to other government departments and to other persons in relation to providing Services under other ETC contracts. In some instances ETC may be required by law to disclose information to a Third Party.
ETC does not send or store any information offshore either directly or via Cloud storage.
Police request for personal information
Information held about jobseekers may be governed by both the Privacy Act 1988 (Cwlth) and Social Security Law. Social Security Law governs the use and disclosure of protected information.
Where a Provider receives a police request for a jobseeker’s information and that jobseeker receives a social security benefit or payment, the information will likely be protected information and subject to Social Security Law. If the information is protected information, providers should notify the Department of Employment and provide a copy of the request as this information can usually only be disclosed to the police under a Public Interest Certificate (PIC), issued by the Secretary of Employment, or their delegate under section 208 of the Admin Act.
The PIC must be issued in accordance with the Social Security (Administration) (Public Interest Certificate Guidelines) (DEEWR) Determination 2013 (https://www.legislation.gov.au/Details/F2013L01553/Html/Text).
The Department of Employment advises that if a provider or their employees release the information to the police without a PIC, the individual who does so may be in breach of section 204 of the Social Security (Administration) Act 1999. This is a strict liability offence and punishable by imprisonment for up to 2 years.
Confidentiality for Clients/students
Information relating to specific clients/students cannot be divulged to relatives or friends of the client unless they are listed as a “DHS Nominee” in the Department’s IT system (ESS Web) AND/OR ETC has the signed consent of the client to release information to a specific person or organisation. This includes where a third person either phones or requests information in person or in writing, relating to the client’s whereabouts, personal records, attendance at an activity, course or appointment, address, phone number etc.
For example: a person phones an ETC office advising they are a client’s parent or partner and asking if the client is at a training course at ETC today, as they need to speak with them. Unless the caller is listed as the DHS Nominee in ESS Web AND/OR we can confirm we hold a signed consent form in the client files, we must advise the caller that no information can be provided regarding that client due to Privacy & Confidentiality laws. We are unable to confirm or deny that person’s whereabouts.
In addition, a third party cannot provide information to ETC relating to a client’s inability to attend a required activity, training course, ETC appointment etc., unless they are listed as a DHS Nominee in the Department’s IT system AND we have either verbal consent from the jobseeker and ensure we obtain written consent at their next appointment. Otherwise, the client must call ETC themselves, and explain their circumstances.
Important: Confirmation of identity must be requested from the caller if there is any uncertainty about their validity.
Confidentiality for Employers
The Privacy of our Employers and Work Placement Hosts must also be protected. Where prospective applicants are being contacted regarding a job vacancy, the Employer details are not to be divulged unless the applicant has successfully gained an interview.
Employers utilise ETC as a jobactive provider to reduce the number of applicants they have to interact with and in many cases to provide the full recruitment process. In providing this service we must protect the privacy of the employer and maintain confidentiality.
ETC staff are not permitted to access any Employer portals (such as Jobserach.gov.au) even if expressly requested to by Employers. ETC staff should not have access to or retain any Employer portals login details or passwords.
Requirements for confirming identity and retaining anonymity
Individuals have an option of using a pseudonym or not identifying themselves when making enquiries about our product or services. In most instances it is impractical for ETC to provide a full service to clients/students who have not identified themselves; it may also be a requirement of law or a Commonwealth or state contract to confirm an individual’s identity before providing a full service to them.
Use of Government Identifiers
ETC is required to use government related identifiers such as state drivers licence, passport, Job Seeker Identification Number, Training Contract Identification Number, Centrelink Client/student Reference Number, Unique Student Identifier, Tax File Number, Australian Business Number etc. to confirm an individual’s identity for the purposes of providing services to the individual and where it is a requirement of a State, Territory or Commonwealth authority.
Protection, Storage, and Disposal of client/student information
Information Security Management (ISM)
Effective security requires protecting both computer hardware as well as the data that the computer hardware holds from unauthorized use, access, theft or damage. All ETC staff are to consider ISM measures and the protection of personal information. ETC will take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorized access, modification or disclosure.
ETC will take reasonable steps to ensure that any information that is disclosed/stored by any other party, that this party has a policy in place that is in line with the Australian Privacy Principles (for example a cloud computing data base; applications involving external providers/sites such as “joblab”).
When handling Protected Information, ETC complies with the requirements of the Social Security (Administration) Act 1999.
ETC takes privacy of information very seriously and will at all times take steps to ensure that an individual’s information is stored and disposed of securely through the use of and adherence to protected IT systems, filing systems, security procedures, secure offsite storage and records management policies.
All ETC staff are not to remove from, or store outside, ETC’s secure network any client/student personal information using portable storage devices (i.e. USB sticks, portable hard drives), wireless transfers, uploads to personal emails or storage clouds, without express permission from an Executive Manager or IT Manager.
ETC may contact an individual to advise them about a product or related service that they have expressed interest in. ETC will only use personal information from an individual for the purpose of direct marketing;
a) with their consent; or
b) if the individual would reasonably expect ETC to use their information for this purpose
ETC will provide an easily accessible “opt out’ option for all direct marketing. ETC will not disclose client/student information to any Third Party for the purposes of Direct Marketing.
ETC’s “Triple-E” engagement campaign of weekly emails for job seekers is provided on an optional, opt-in basis.
Accuracy of information
ETC will take reasonable steps to ensure that the information it holds about an individual is accurate and up to date. With most of the services and functions that ETC delivers, opportunity is provided at regular intervals for individuals to update information.
ETC will correct any information that it may have about an individual within a reasonable timeframe if it is satisfied that the information is accurate and complete.
Access to information
An individual may request access to their records held by ETC. In some instances ETC is not obliged to provide access to the information such as in circumstances where the information held is a Commonwealth record, giving access is unlawful or would impact on the privacy of other individuals, or when the request for information is frivolous or vexatious.
If ETC denies or grants access to or charges a fee for producing copies of records, it will notify the individual of the reason or cost. The cost of any fees must be fair and not excessive.
A request to access information can be submitted in person at any ETC office, via phone on 1800 007 400, via the ETC website at etcltd.com.au contact us form or via email to firstname.lastname@example.org
If an individual believes that ETC has not protected their information in line with the Privacy Act 1988 and the Australian Privacy Principles 2014, they can contact ETC via the ETC website – Feedback tab to have their concern addressed. If a concern is not satisfactorily addressed an individual may contact the Office of Australian Information Commissioner (OIAC) to have the concern heard and determined.
RELATED DOCUMENTS AND REFERENCES
- Privacy Act 1988
- Privacy Amendment (Enhancing Privacy Protection) Act 2012
- Privacy Regulation 2013
- Australian Privacy Principles (2014)
- jobactive Deed 2015 – 2020
- Transition to Work Deed 2016 – 2020
- Disability Employment Services Deed 2015 – 2018
- NSW Smart and Skilled contract
- Queensland User Choice contract
- Other ETC contracts
- Social Security (Administration) Act 1999
- Records Management Policy and Procedure (ETC)
- Deed of Confidentiality (ETC)
- Do Not Call Register
- Spam Act 2003 and guidelines
- Privacy Policies of external providers such as Eventbrite, Register Now, QLBS