It is the policy of Joblife Employment to ensure safeguards are in place to protect the personal and confidential information obtained in the conduct of business in accordance with legislative and business requirements. This includes all written and verbal information relating to client, staff, contractors and stakeholders.
The purpose of this policy is to set an expected level of personal and professional behaviour for all staff, employees, volunteers or persons on work-placements with Joblife Employment in the handling and transmission of sensitive (private) information.
This policy and related procedures are applicable to all paid employees of Jobfind LWB Pty Limited trading as Joblife Employment Pty Ltd and any other parties receiving supports from or accessing a Joblife Employment office location (i.e. clients; visitors; contractors; parents/carers).
This policy must be read in conjunction with the Records Management Policy and Procedure JL-DES-OP-POL-014 and relevant Angus Knight Group policies and procedures relating to privacy, confidentiality, and the security of personal and business information.
Joblife Employment is committed to ensuring the privacy and confidentiality of client personal information is upheld in accordance with the Privacy Act 1998 and the Social Security (Administration) Act 1999.
It does this by ensuring procedures and practices comply with the National Privacy Principles described in the Privacy Act 1988.
Accordingly, as a minimum, the following statements are observed in the creation or implementation of any procedures (including this procedure) or practices at Joblife Employment:
- Joblife Employment only collects information relevant to the services it provides and only collects information in a lawful and fair way and by means which are not unreasonably intrusive
- Joblife Employment informs its clients of the need to gather information, their right to access their own records and their right to request inaccuracies be corrected if they are found to exist
- Joblife Employment seeks to ensure participants consent to the collection, use and disclosure of their personal information unless disclosure is required or authorised by law
- Joblife Employment does all it can to keep client personal information up to date, accurate and complete
- Joblife Employment ensures all electronic information is held on Australian-based servers
- Appropriate access restrictions are applied to electronic information across the organisation. Paper-based information is kept secure at all times
- Any identifiers used by Joblife Employment are unique forms of identification which are not derived from any other personal identifiers such as Medicare or Tax File Numbers
- employees must complete Privacy training at a minimum once every 12 months
- employees must ensure that the use of personal information is for business purposes only
- employees must ensure that sensitive information is discussed in private and confidential areas where physically possible
- employees must comply with requirements under the Social Security (Administration) Act 1999 and the Privacy Act 1988.
- all actual, suspected or potential breaches must be responded to as a critical incident and must be immediately reported to the Joblife Chief Executive Officer.
All employees must complete the Information Exchange and Privacy learning module available through ECSN at the commencement of employment and then at least once in every 12 months thereafter. Additional privacy training will also be required for any staff person directly involved in an actual or suspected privacy breach or as directed by the Joblife Chief Executive Officer as part of a privacy breach response strategy.
Collection of personal information
Personal information about DES participants is collected by Joblife, the Department of Social Services and other government agencies. A broad range of personal information is collected to assist in the delivery of high-quality targeted services to participants. All DES participant information held by Joblife Employment must be stored in line with the Records Management Policy and Procedure JL-DES-OP-POL-014
The kind of personal information Joblife collects from participants includes:
- Personal details: name, gender, age, date and country of birth
- Contact details: postal and residential address; home, work and mobile telephone numbers; email address
- Details in relation to income support
- Education history and qualifications
- Employment history and qualifications
- driver’s licence number, passport number, details as to birth, citizenship and marriage, contained in proof of identity documents.
Joblife collects personal information directly from participants, including from forms completed by participants at the time of registration, meetings, interviews, electronic communications and/or telephone conversations with participants. Much of this information is “sensitive”. It may include health information, information about racial or ethnic origin, and information about a participant’s criminal record.
Joblife also collects personal information from employers. The kind of personal information collected from employers, includes contact details in relation to “contact persons” for employers, address, phone and email address and participant work hours, rates of pay and payslips.
Joblife also collects personal information from those who register to receive email alerts or if they complete online inquiry forms via our website https://joblifeemployment.com.au/. This personal information includes name, address, email address, and job title/position.
Joblife uses social networking services such as Facebook and Twitter to communicate with the public about its activities. Joblife may collect personal information from those using these social networking services and the social networking services will also handle personal information for their own services. These social networking sites have their own privacy policies.
Use of personal Information
Joblife employees must not use a participant’s personal information for any purpose than would be reasonably expected for the delivery of employment services.
The purposes for which Joblife employees use personal information include but may not be limited to:
- determining a participant’s eligibility for participation in employment programs
- providing a participant with employment and training opportunities
- contacting and supporting a participant when they have found employment
- resolving complaints.
The purpose for which Joblife uses personal information of employers includes communicating with them to match a participant with the needs of the employers’ business.
If a participant registers on Joblife’s website for email updates and news, Joblife will use their personal information for purposes which include communicating with them about activities and services that may be of interest to them and that Joblife may provide to them.
Disclosure of personal Information
Participant personal information may be disclosed to other parties where the participant has provided written agreement and disclosure is necessary for the provision of services and supports.
Participant personal information may also be disclosed to other parties without express consent where it is required or authorised under an Australian law or a court/ tribunal order.
Storage and security
Joblife undertakes to take reasonable steps necessary to protect personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure. The storage and security of personal and business information must be managed in accordance with the Records Management Policy and Procedure JL-DES-OP-POL-014.
Joblife employees must ensure that participant records that are stored electronically are stored securely in the third-party IT system and no files or personal papers are to be left unattended at any time.
A participant’s employment services records must be securely destroyed when they are no longer required for the provision of services, or when permissible under contractual requirements with the Department of Social Services. Joblife will retain current and accurate lists of archived and destroyed employment services records.
Participant personal information is to be stored on computer systems which are protected from unauthorised access and viruses by a combination of firewalls, secure logon processes, encryption, intrusion monitoring technologies and virus scanning tools. When Joblife sends electronic data relating to a participant to an approved external party, dedicated secure networks or encryption are used.
To further secure personal information Joblife has protection in their buildings and data centres against unauthorised access such as alarms, cameras and guards (as required).
Access to and correction of personal information
A participant can request access to personal information that is held about them. They can request that their personal information be corrected if it is inaccurate. If access to or correction of personal records is requested by a participant this must be authorised by the Chief Executive Officer (or their delegate) and actioned within 14 days. However, before giving a participant access to their records, they must prove their identity, such as verifying their full name and date of birth.
If access to personal information is refused the participant must be notified in writing and provided reasons for the refusal. The participant must be provided with information regarding how to appeal this decision.
Breach of personal information
If a participant’s privacy has been breached, or there is a suspected or potential breach of personal information, action must be taken which is in accordance with the privacy breach requirements as identified within the Privacy Act 1988. This includes immediate notification to the Joblife Chief Executive Officer, who will determine actions to be taken including who is responsible for making the required notification to the affected participant/s, the Department of Social Services, and the Office of the Australian Information Commissioner.
The following information in relation to the breach of privacy must be documented:
- name of person/s affected
- date privacy breach/suspected breach occurred or potential for breach was identified
- what personal information was inadvertently or advertently breached or at risk of breach
- what type of breach occurred – (e.g. participant information left on employee’s desk for other members of the public to see; participant information was copied to a USB and subsequently lost; an employee has witnessed another employee accessing a participant’s personal details without a business reason to do so; unauthorised access to information via phishing, scam, malicious virus or other system breach)
- where the breach/suspected breach occurred
- what strategies were implemented in response to the breach
- what rectifications (corrective actions) have been put in place, so further privacy breaches do not occur.
In notifying a participant that a breach of their privacy has occurred they must be informed that they can make a complaint to either the Joblife Privacy Officer, the Department of Social Services Privacy Officer and/or the Office of the Australian Information Commissioner.
If a participant wants to make a complaint regarding an actual or perceived breach of their privacy rights, they must be provided with the contact details of the Joblife Privacy Officer.
Suite 501, Level 5, 10 Bridge Street
Sydney NSW 2000
Phone: 1800 319 502
Email: [email protected]
All complaints should be acknowledged and where possible responded to within 10 working days of receipt. It is recognised that some complaints may take longer to investigate. In these cases, the complainant should be advised that their complaint is being followed up and will be responded to in due course.
Complainants must be advised of their right to contact the Office of the Australian Information Commissioner (OAIC) if the complaint remains unresolved or they are unhappy with the outcome of investigation. Contact details can be found at OAIC’s website: www.oaic.gov.au
Privacy Act 1988 (Cth)
Freedom of Information Act 1992
Social Security (Administration) Act 1999