(Version 4, Approved Oct 2018)
To ensure that ETC meets its legislative requirements regarding the receipt, storage and sharing of information about its clients/students, website visitors and staff (individuals).
This policy applies to all ETC staff, managers, Board Directors and contractors acting on behalf of ETC.
The Privacy Act does not apply to the handling of information that does not relate to individuals e.g. businesses, corporations and companies.
APP’s – Australian Privacy Principles (January 2014)
The Privacy Act defines ‘personal information’ as:
‘Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a. whether the information or opinion is true or not; and
b. whether the information or opinion is recorded in a material form or not.’
Sensitive Information – Information or an opinion about an individual’s racial or ethnic origin, political opinion, membership of a political association, religious beliefs, memberships of professional or trade associations, sexual preferences or practices, criminal record, medical/health information.
ETC collects personal information so that we can perform our primary business functions in line with contractual obligations and legislative requirements.
The purposes for collecting information may include activities associated with course enquiries, course enrolment and assessment, confirming identity for funded and unfunded training and assessment, workshop registration, recruitment, payroll information, personnel information for HR purposes, confirming identity to provide secure access to databases and IT systems required to conduct ETC business, jobseeker assistance, supplier payments, client/student success stories, processing client/student feedback and wage payments.
As much as reasonably practical, an individual will be notified at or before the collection of any of personal or sensitive information, the purpose for which the information will be used and with whom it will be shared.
ETC will collect this information through forms completed and information provided to us by our clients/students, website visitors and staff such as enrolment forms, business cards, job applications, payroll related forms, assessment evidence, workshop registration details, website forms and forms associated with the delivery and service of any of our current contracts. Information is also collected via on-line applications including Job seeker information via ETC’s “joblab” (hosted by C3); program/event registrations via Register Now, Eventbrite and ETC websites; and opt-in e-mail campaigns via MailChimp.
These cookies are standard across most websites and you can setup your browser to refuse all cookies or track when a cookie is being sent, and opt out of advertising please visit http://www.youronlinechoices.com.au/ for more details.
Sensitive information may also be collected from individuals as part of the delivery of our services.
ETC may collect information about individuals from other parties such as (not limited to) the Department of Jobs and Small Business DOJASB) NSW Department of Industry, Department of Human Services, Department of Social Services, NSW Department of Ageing, Disability and Home Care, Queensland Department of Education and Training (DET), Australian Apprenticeship Centres (AAC’s), Employers, other jobactive Providers, Disability Employment Service (DES), criminal history checks, and Working with Children checks.
ETC may use Google Analytics (a third-party service provider) to monitor and analyse website traffic. Google uses the data collected to track and monitor the use of our website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
Collection of this information will only occur as is reasonably necessary for one or more of ETC’s functions or activities.
ETC will only use personal or sensitive information for the purpose/s for which it was gathered. If it is deemed necessary to use this information for any other purpose, the client/student must consent to its use for this purpose. In some instances the individual would reasonably expect that the information would be used for the secondary purpose. This includes but is not limited to information provided by ETC’s Registered Training Organisation (RTO) to the Department of Industry and authorised third parties for the purpose of research, statistical analysis, program evaluation and internal management purposes. Consent will be sought to discuss individual progress and development with an Employer, Supervisor, Workplace Trainer, Employment Service provider and in some cases, other ETC Trainer/Assessors if and when necessary.
Personal information may be disclosed and passed on to the DOJASB and Department of Social Services and to other persons in relation to providing Services under the jobactive, TtW and Disability Employment Services Deeds. Personal information may be disclosed and passed on to other government departments and to other persons in relation to providing Services under other ETC contracts. In some instances ETC may be required by law to disclose information to a Third Party.
ETC does not send or store any personal information offshore either directly or via Cloud storage.
Information held about jobseekers may be governed by both the Privacy Act 1988 (Cwlth) and Social Security Law. Social Security Law governs the use and disclosure of protected information.
Where a Provider receives a police request for a jobseeker’s information and that jobseeker receives a social security benefit or payment, the information will likely be protected information and subject to Social Security Law. If the information is protected information, providers should notify the DOJASB and provide a copy of the request as this information can usually only be disclosed to the police under a Public Interest Certificate (PIC), issued by the Secretary of Employment, or their delegate under section 208 of the Admin Act.
The PIC must be issued in accordance with the Social Security (Administration) (Public Interest Certificate Guidelines) (DEEWR) Determination 2013 (https://www.legislation.gov.au/Details/F2013L01553/Html/Text).
The DOJASB advises that if a provider or their employees release the information to the police without a PIC, the individual who does so may be in breach of section 204 of the Social Security (Administration) Act 1999. This is a strict liability offence and punishable by imprisonment for up to 2 years.
Information relating to specific clients/students cannot be divulged to relatives or friends of the client unless they are listed as a “DHS Nominee” in the Department’s IT system (ESS Web) AND/OR ETC has the signed consent of the client to release information to a specific person or organisation. This includes where a third person either phones or requests information in person or in writing, relating to the client’s whereabouts, personal records, attendance at an activity, course or appointment, address, phone number etc.
For example: a person phones an ETC office advising they are a client’s parent or partner and asking if the client is at a training course at ETC today, as they need to speak with them. Unless the caller is listed as the DHS Nominee in ESS Web AND/OR we can confirm we hold a signed consent form in the client files, we must advise the caller that no information can be provided regarding that client due to Privacy & Confidentiality laws. We are unable to confirm or deny that person’s whereabouts.
In addition, a third party cannot provide information to ETC relating to a client’s inability to attend a required activity, training course, ETC appointment etc., unless they are listed as a DHS Nominee in the Department’s IT system AND we have either verbal consent from the jobseeker and ensure we obtain written consent at their next appointment. Otherwise the client must call ETC themselves, and explain their circumstances.
Important: Confirmation of identity must be requested from the caller if there is any uncertainty about their validity.
The Privacy of our Employers and Work Placement Hosts must also be protected. Where prospective applicants are being contacted regarding a job vacancy, the Employer details are not to be divulged unless the applicant has successfully gained an interview.
Employers utilise ETC as a jobactive provider to reduce the number of applicants they have to interact with and in many cases to provide the full recruitment process. In providing this service we must protect the privacy of the employer and maintain confidentiality.
ETC staff are not permitted to access any Employer portals (such as Jobsearch.gov.au) even if expressly requested to by Employers. ETC staff should not have access to or retain any Employer portals login details or passwords.
Individuals have an option of using a pseudonym or not identifying themselves when making enquiries about our product or services. In most instances it is impractical for ETC to provide a full service to clients/students who have not identified themselves; it may also be a requirement of law or a Commonwealth or state contract to confirm an individual’s identity before providing a full service to them.
ETC is required to use government related identifiers such as state drivers licence, passport, Job Seeker Identification Number, Training Contract Identification Number, Centrelink Client/student Reference Number, Unique Student Identifier, Tax File Number, Australian Business Number etc. to confirm an individual’s identity for the purposes of providing services to the individual and where it is a requirement of a State, Territory or Commonwealth authority.
Information Security Management (ISM)
Effective security requires protecting both computer hardware as well as the data that the computer hardware holds from unauthorized use, access, theft or damage. All ETC staff are to consider ISM measures and the protection of personal information. ETC will take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorized access, modification or disclosure.
ETC will take reasonable steps to ensure that any information that is disclosed/stored by any other party, that this party has a policy in place that is in line with the Australian Privacy Principles (for example a cloud computing data base; applications involving external providers/sites such as “joblab”).
When handling Protected Information, ETC complies with the requirements of the Social Security (Administration) Act 1999.
ETC takes privacy of information very seriously and will at all times take steps to ensure that an individual’s information is stored and disposed of securely through the use of and adherence to protected IT systems, filing systems, security procedures, secure offsite storage and records management policies.
All ETC staff are not to remove from, or store outside, ETC’s secure network any client/student personal information using portable storage devices (i.e. USB sticks, portable hard drives), wireless transfers, uploads to personal emails or storage clouds, without express permission from an Executive Manager or IT Manager.
ETC may contact an individual to advise them about a product or related service that they have expressed interest in. ETC will only use personal information from an individual for the purpose of direct marketing:
a) with their consent; or
b) if the individual would reasonably expect ETC to use their information for this purpose
ETC will provide an easily accessible “opt out’ option for all direct marketing. ETC may disclose client/student, website visitor information to select Third Parties for the purposes of Direct Marketing from ETC. Third parties include Facebook and Google Ads.
ETC’s “Business Insights” employer email newsletter and “Triple-E” engagement campaign of weekly emails for job seekers is provided on an optional, opt-in basis.
ETC will take reasonable steps to ensure that the information it holds about an individual is accurate and up to date. With most of the services and functions that ETC delivers, opportunity is provided at regular intervals for individuals to update information.
ETC will correct any information that it may have about an individual within a reasonable timeframe if it is satisfied that the information is accurate and complete.
An individual may request access to their records held by ETC. In some instances ETC is not obliged to provide access to the information such as in circumstances where the information held is a commonwealth record, giving access is unlawful or would impact on the privacy of other individuals, or when the request for information is frivolous or vexatious.
If ETC denies or grants access to or charges a fee for producing copies of records, it will notify the individual of the reason or cost. The cost of any fees must be fair and not excessive.
A request to access information can be submitted in person at any ETC office, via phone on 1800 007 400, via the ETC website at etcltd.com.au contact us form or via email to firstname.lastname@example.org
If an individual believes that ETC has not protected their information in line with the Privacy Act 1988 and the Australian Privacy Principles 2014, they can contact ETC via the ETC website – Feedback Form to have their concern addressed. If a concern is not satisfactorily addressed an individual may contact the Office of Australian Information Commissioner (OAIC) to have the concern heard and determined.
All ETC staff, managers, Board Directors and contractors acting on behalf of ETC, must comply with the requirements of this policy.
Any breach of this policy may result in disciplinary action which may include, but is not limited to, issuing a warning, suspension, termination of employment (or, for Persons other than employees, the termination or non- renewal of contractual arrangements).
Sign up for our newsletter to stay informed about the latest tips, trends and business insights from ETC – Enterprise & Training Company Ltd.