This Policy applies to all Joblife employees accessing personal information in relation to the delivery of Disability Employment Services.
Joblife takes privacy of personal information seriously.
All employees when handling personal information must comply with requirements under the Social Security (Administration) Act 1999 and the Privacy Act 1988.
3. Key points
- employees must complete Privacy training at a minimum once every 12 months
- all personal information must be stored securely
- participants must consent to the collection, use and disclosure of their personal information unless disclosure is required or authorised by law.
- employees must ensure that the use of personal information is for business purposes only
- employees must comply with requirements under the Social Security (Administration) Act 1999 and the Privacy Act 1988.
- all actual, suspected or potential breaches must be responded to as a critical incident and must be immediately reported to the Joblife Chief Executive Officer.
4. Privacy training
All employees must complete the Privacy learning module available through EA3000 at the commencement of employment and then at least once in every 12 months thereafter. Additional privacy training will also be required for any staff person directly involved in an actual or suspected privacy breach or as directed by the Joblife Chief Executive Officer as part of a privacy breach response strategy.
5. Collection of personal information
Personal information about DES participants is collected by Joblife, the Department of Social Services and other government agencies. A broad range of personal information is collected to assist in the delivery of high-quality targeted services to participants. The kind of personal information Joblife collects from participants includes:
- Personal details: name, gender, age, date and country of birth
- Contact details: postal and residential address; home, work and mobile telephone numbers; email address
- Details in relation to income support
- Education history and qualifications
- Employment history and qualifications
- driver’s licence number, passport number, details as to birth, citizenship and marriage, contained in proof of identity documents.
Joblife collects personal information directly from participants, including from forms completed by participants at the time of registration, meetings, interviews, electronic communications and/or telephone conversations with participants. Much of this information is “sensitive”. It may include health information, information about racial or ethnic origin, and information about a participant’s criminal record.
Joblife also collects personal information from employers. The kind of personal information collected from employers, includes contact details in relation to “contact persons” for employers, address, phone and email address and participant work hours, rates of pay and payslips.
Joblife also collects personal information from those who register to receive email alerts or if they complete online inquiry forms via our website (www.Joblifeemployment.com.au). This personal information includes name, address, email address, and job title/position.
Joblife uses social networking services such as Facebook, Twitter. Instagram, YouTube and LinkedIn to communicate with the public about its activities. Joblife may collect personal information from those using these social networking services and the social networking services will also handle personal information for their own services. These social networking sites have their own privacy policies.
6. Use of personal information
Joblife employees must not use a participant’s personal information for any purpose than would be reasonably expected for the delivery of employment services.
The purposes for which Joblife employees use personal information include but may not be limited to:
- determining a participant’s eligibility for participation in employment programs
- providing a participant with employment and training opportunities
- contacting and supporting a participant when they have found employment
- resolving complaints.
The purpose for which Joblife uses personal information of employer includes communicating with them to match a participant with the needs of the employers’ business.
If a participant registers on Joblife’s website for email updates and news, Joblife will use their personal information for purposes which include communicating with them about activities and services that may be of interest to them and that Joblife may provide to them.
7. Disclosure of personal information
Participant personal information may be disclosed to other parties where the participant has provided written agreement and disclosure is necessary for the provision of services and supports.
Participant personal information may also be disclosed to other parties without express consent where it is required or authorised under an Australian law or a court/ tribunal order.
8. Storage and security
Joblife undertakes to take reasonable steps necessary to protect personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
Joblife employees must ensure that participant records that are stored electronically are stored securely in the third party IT system and no files or personal papers are to be left unattended at any time.
A participant’s employment services records must be securely destroyed when they are no longer required for the provision of services, or when permissible under contractual requirements with the Department of Social Services. Joblife will retain current and accurate lists of archived and destroyed employment services records.
Participant personal information is to be stored on computer systems which are protected from unauthorised access and viruses by a combination of firewalls, secure logon processes, encryption, intrusion monitoring technologies and virus scanning tools. When Joblife sends electronic data relating to a participant to an approved external party, dedicated secure networks or encryption are used.
To further secure personal information Joblife has protection in their buildings and data centres against unauthorised access such as alarms, cameras and guards (as required).
9. Access to and correction of personal information
A participant can request access to personal information that is held about them. They can request that their personal information be corrected if it is inaccurate. If access to or correction of personal records is requested by a participant this must be authorised by the Chief Executive Officer (or their delegate) and actioned within 14 days. However, before giving a participant access to their records, they must prove their identity, such as verifying their full name and date of birth.
If access to personal information is refused the participant must be notified in writing and provided reasons for the refusal. The participant must be provided with information regarding how to appeal this decision.
10. Breach of personal information
If a participant’s privacy has been breached, or there is a suspected or potential breach of personal information, action must be taken which is in accordance with the privacy breach requirements as identified within the Privacy Act 1988. This includes immediate notification to the Joblife Chief Executive Officer, who will determine actions to be taken including who is responsible for making the required notification to the affected participant/s, the Department of Social Services, and the Office of the Australian Information Commissioner.
The following information in relation to the breach of privacy must be documented:
- name of person/s affected
- date privacy breach/suspected breach occurred or potential for breach was identified
- what personal information was inadvertently or advertently breached or at risk of breach
- what type of breach occurred – (e.g. participant information left on employee’s desk for other members of the public to see; participant information was copied to a USB and subsequently lost; an employee has witnessed another employee accessing a participant’s personal details without a business reason to do so; unauthorised access to information via phishing, scam, malicious virus or other system breach)
- where did this occur
- what strategies were implemented in response to the breach
- what rectifications (corrective actions) have been put in place, so further privacy breaches do not occur.
In notifying a participant that a breach of their privacy has occurred they must be informed that they can make a complaint to either the Joblife Privacy Officer, the Department of Social Services Privacy Officer and/or the Office of the Australian Information Commissioner.
If a participant wants to make a complaint regarding an actual or perceived breach of their privacy rights, they must be provided with the contact details of the Joblife Privacy Officer.
Suite 501, Level 5, 10 Bridge Street
Sydney NSW 2000
Phone (02) 9259 5555
All complaints should be acknowledged and where possible responded to within 10 working days of receipt. It is recognised that some complaints may take longer to investigate. In these cases, the complainant should be advised that their complaint is being followed up and will be responded to in due course.
Complainants must be advised of their right to contact the Office of the Australian Information Commissioner (OAIC) if the complaint remains unresolved or they are unhappy with the outcome of investigation. Contact details can be found at OAIC’s website: www.oaic.gov.au