Office of the Australian Information Commissioner

Similar documents
Privacy Policy - Australian Privacy Principles (APPs)

COLLECTION STATEMENT

POLICY STATEMENT PRIVACY POLICY

National VET Data Policy

CHC30113 Certificate III in Early Childhood Education and Care

Manager, Continuing Education and Testing. Responsible Officer Policy Officer Approver. Marc Weedon-Newstead Emma Drummond Rob Forage

I have attached one of the following forms of identification to confirm these details (please specify)

Enrolment Form. Other (please specify) Yes. Yes. Do you speak a language other than English at home? (If Yes, please specify)

RTO Code of Practice

Construction Training International

Complaint about a training organisation operating under ASQA s jurisdiction

St Brendan s College RTO 30349

Precedence Privacy Policy

AUSTRALIAN RESUSCITATION COUNCIL PRIVACY STATEMENT

PRIVACY POLICY. 1. Privacy Statement

PRIVACY POLICY 18/8/2016

Enrolment Form - Domestic

This policy has implications for all managers, staff, board members, students, apprentices and trainees, contractors and volunteers.

Draft Code of Practice FOR PUBLIC CONSULTATION

Student Information Handbook

REVIEWED BY Leadership & Privacy Officer Medical Staff Board of Trust. Signed Administrative Approval On File

St Augustine s. VET Student Handbook Prepared by Velg Training Version 1, January 2015 velgtraining.com

Data Breach Notification Guide Policies and Procedures

STUDENT HANDBOOK SHORT COURSES UNITS OF COMPETENCY. Master Plumbers Association of South Australia Incorporated RTO ID: 40070

ACC Privacy Policy. Policy Statement. Objective. Scope. Policy system. Policy standards. Collection

Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital

VET Student Handbook

PRIVACY MANAGEMENT FRAMEWORK

St George Private Radiology

What information does Genome.One collect about you and why?

91397 Barrington Training Services Pty Ltd. Please complete all sections of this form and return to Barrington Training Services.

CHCPRT001 Identify and respond to children and young people at risk

FOOD SAFETY SUPERVISORS COURSE

THE PRIVACY ACT AND THE AUSTRALIAN PRIVACY PRINCIPLES FREQUENTLY ASKED QUESTIONS

Policy No. AD I1 ** Information from collection to retention shall be managed according to relevant legislation.

STUDENT INFORMATION and Code of Practice Tactical Training (Australia) Pty Ltd

Food Handlers Program

Community Child Care Fund - Restricted non-competitive grant opportunity (for specified services) Guidelines

Addendum 1 Compliance indicators for the Australian Privacy Principles

DATA PROTECTION POLICY (in force since 21 May 2018)

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

DATA PROTECTION POLICY

10165NAT Certificate IV in Assistive Technology Mentoring

Technology Standards of Practice

Date last amended: (refer Version Control Table) Director, Governance and Legal Division

IVAN FRANKO HOME Пансіон Ім. Івана Франка

COMPLAINTS AND APPEALS POLICY AND PROCEDURE

Collaborative Research Infrastructure Scheme (CRIS)

Report of the Information & Privacy Commissioner/Ontario. Review of the Cardiac Care Network of Ontario (CCN):

Essential Conditions and Standards for Continuing Registration

Vocational Education and Training (VET) Student Handbook

GDPR Records Management Policy

APPLICATION FOR ADVERTISED SCHOOL EMPLOYEE POSITION 2016

P11- Legislative and Regulatory Conformance

Study materials: Nominate your preferred format for Training and Assessment materials

PRIVACY AND NATURAL MEDICINE PRACTITIONERS

STEP BY STEP SCHOOL. Data Protection Policy and Privacy Notice

Audit report VET Quality Framework Continuing registration as a national VET regulator (NVR) registered training organisation

Guide to. Grant Aid Agreement Document. Section 39 Health Act, 2004 Section 10 Child Care Act, 1991 National Lottery

Student Handbook 2018

2012 TAFE eligibility exemption places information sheet

INFORMATION TECHNOLOGY, MOBILES DIGITAL MEDIA POLICY AND PROCEDURES

PRIVACY MANAGEMENT PLAN

Your Rights and Responsibilities

Research Code of Practice

Administrative Assistant Religious Education and Curriculum Services

Audit report VET Quality Framework Continuing registration as a national VET regulator (NVR) registered training organisation

Client Support. RTO No 21852

PRIVACY BREACH MANAGEMENT POLICY

National Cervical Screening Programme Policies and Standards. Section 2: Providing National Cervical Screening Programme Register Services

Australia s National Guidelines and Procedures for Approving Participation in Joint Implementation Projects

Student Handbook (SOPF ) NECA Training. RTO No

Advice on completing the Expression of Interest to Undertake a TVET Course 2017

Standard Operating Procedures (SOP) Research and Development Office

Partnership Application

Compliance with Personal Health Information Protection Act

PERSONAL HEALTH INFORMATION PROTECTION ACT (PHIPA) Frequently Asked Questions (FAQ s) Office of Access and Privacy

2011 TAFE eligibility exemption places information sheet

PADI S RTO STUDENT HANDBOOK PADI S RTO #6729 PADI ASIA PACIFIC UNIT 3, 4 SKYLINE PLACE FRENCHS FOREST, NSW, 2086

Commonwealth Scholarships Program for South Australia: Program Guidelines

Audit report VET Quality Framework Continuing registration as a national VET regulator (NVR) registered training organisation

Application for Recognition or Expansion of Recognition

Application for Volunteer Work

91397 Barrington Training Services Pty Ltd. Please complete all sections of this form and return to Barrington Training Services.

General Policy. Code of Conduct

I. PURPOSE DEFINITIONS. Page 1 of 5

Occupational Health Privacy Notice

YORK REGION DISTRICT SCHOOL BOARD. Policy and Procedure #158.0, Information Access and Privacy Protection

Professional Development Policy and Procedures Manual

Eastern Ontario Development Program

1. THE PROTECTION OF VULNERABLE GROUPS SCHEME (PVG)

AGENCY RECRUITMENT ONBOARDING PROCEDURE GROUP FIVE RECRUITMENT CENTRE OF EXCELLENCE. Conditions precedent in respect to conducting business with:

Australian Sonographer Accreditation Registry (ASAR) Policy & Procedure 10 - Making Complaints about Accredited Sonography Courses

Farm Data Code of Practice Version 1.1. For organisations involved in collecting, storing, and sharing primary production data in New Zealand

DOCUMENT CONTROL Title: Use of Mobile Phones and Tablets (by services users & visitors in clinical areas) Policy. Version: Reference Number: CL062

Research Equipment Grants 2018 Scheme 2018 Guidelines for Applicants Open to members of Translational Cancer Research Centres

PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms.

Audit report VET Quality Framework Continuing registration as a national VET regulator (NVR) registered training organisation

Entrepreneurs Programme - Supply Chain Facilitation

Advice on completing the Expression of Interest to Undertake a BLOCK TVET Course 2017

Transcription:

Policy and Procedure Name Privacy Policy and Procedure Version 1.0 Approved By Chief Executive Officer Date Approved 19/10/2016 Review Date 30/06/2017 Opportune Professional Development in accordance with the Australian Privacy Principles has a commitment to ensuring that all reasonable steps are taken to protect the privacy of its consumers and staff. The following policy and procedure outlines how personal information is collected, used, disclosed, stored, destroyed. The Privacy policy and procedure applies to staff, students, employers, clients and potential consumers and is used throughout all aspects of business operations. The following policy and procedure should be read in conjunction with the relevant Registered Training Organisations Privacy Policy and Procedure, Consumer Protection Policy and Procedure, Record Retention Policy and Procedure and Complaints and Appeals Policy and Procedure. AVETMISS Data breach Personal information OAIC RTO Sensitive information The agreed national data standard for the collection, analysis and reporting of vocational education and training information.1 Where personal information is held by an organisation and is lost or subjected to unauthorised access, use, modification, disclosure or other misuse 2. Types of information that are specific to an individual for example name, address, contact or bank account details.3 Office of the Australian Information Commissioner Registered Training Organisation A type of personal information that is sensitive in its nature for example race or ethnic origin, political opinion, religious belief or affiliation, medical history or criminal record.4 1 NCVER (2014) Glossary of VET 2 Office of the Australian Information Commissioner (2014) Australian Privacy Principles Guidelines 3 Office of the Australian Information Commissioner (2014) Australian Privacy Principles Guidelines 4 Office of the Australian Information Commissioner (2014) Australian Privacy Principles Guidelines

In order to deliver a high quality education service, Opportune Professional Development is required to collect a variety of personal information from both consumers and staff members. Where personal and sensitive information is collected it is stored, disclosed and destroyed in accordance with the Australian Privacy Principles (APP). Where Opportune Professional Development works in partnership with a Registered Training Organisation (RTO) in the delivery of training and assessment they will comply with the RTO s APP compliant Privacy Policy and Procedure. The following principles underpin this privacy policy and procedure; Personal information is protected by the Privacy Act 1988. Opportune Professional Development takes all reasonable steps required to protect and maintain personal and sensitive information. A robust governance framework is used to assess, plan, implement and review the protection of personal information against misuse, loss, inappropriate access, and inappropriate disclosure. Prior to the collection of personal and sensitive information the individual is told what information is to be collected and stored, the purpose of collection, if this information is to be disclosed to a third party and/or under what circumstances disclosure may occur. Once the individual is well informed consent is obtained for the collection of information. Personal and sensitive information is used only for the purpose of its collection and by staff who require the information in order to complete their duties. Individuals have access to their information when required and without charge. Personal information is stored in either an electronic or hardcopy format. Security measures such as unique password requirements and restricted file access are used to maintain and protect students/clients and employee s privacy. Opportune Professional Development will only disclose personal information to a third party where written consent has been obtained from the individual. Where Opportune Professional Development receives unsolicited information it is either destroyed or de-identified. The Privacy policy and procedure is publicly available on the website and a synopsis can be found in the Participant Handbook. More information on the Privacy Act can be found at www.privacy.gov.au 3.1 Types of information collected and held Personal and sensitive information is routinely collected from staff and consumers for the purpose of either employment or enrolment. i. Information collected for the purpose of employment Name Recent professional development activities Address Reference checks Contact detail Insurance documentation Emergency contact Proof of identity 100 Point ID check Employment history Superannuation details Qualifications Tax File Number Verification documentation and evidence Vulnerable person checks National Police Clearance Checks, Working with Children Checks (where specifically requested) Registration/ Licensing documentation Bank details

ii. Information collected for the purpose of enrolment in a qualification or program Name Address Contact details Emergency contact Employment history / status Centrelink information, government allowances Citizenship, Residency and Visa status and information Language, literacy and numeracy assessments Indigenous status Proof of identity 100 Point ID check Unique Student Identifier (USI) Disability / special need requirements Schooling / qualifications completed Verification documentation and evidence Vulnerable person checks National Police Clearance Checks, Working with Children Checks (where specifically requested) Fee payment information e.g. credit card information, banking details 3.2 How personal information is collected and stored Individuals may disclose information over the telephone, via email, in person and by the completion of relevant forms. Only information disclosed by the individual is used in the collection of information. Prior to the collection of personal information, the individual is told what information is to be collected and stored, the purpose of collection, if this information is to be disclosed to a third party and/or under what circumstances disclosure may occur. Written and/or verbal consent is obtained prior to collection of personal information and stored appropriately (e.g. in the students/employee file or on the student management system). For individuals under 18 years of age parent/guardian consent is sought/required. The types of information collected or disclosed by the individual will vary depending on the method of collection, the purpose of that collection and the individual disclosing the information. Forms used by Opportune Professional Development to collect personal information from students may include; Enquiry forms Application forms Application for credit transfer form Assessment tasks submission forms Enrolment forms Training plans/ Individualised learning and assessment plans Documentation used by Opportune Professional Development to collect personal information from staff include; Application documentation Staff details form Superannuation documentation Competency Record Trainer Matrix Tax file declaration

Information and assessment evidence collected on the telephone will only be undertaken after consent of the individual is given, information may be kept in the form of a sound recording in electronic format. Such electronic recordings are only retained as long as they are required for the purpose of the individual and are marked for deletion in accordance with Opportune Professional Development s and the Registered Training Organisations Record Retention Policy and Procedure. Information is held in either a locked filing cabinet or electronically on Opportune Professional Development secure cloud based server. Access to information is limited to personnel with the correct authorisation and is only available to staff for the purpose of collection. Security measures such as unique password requirements and restricted file access are used to maintain and protect students/clients and employee s privacy. Where staff leave the organisation their access to data is removed/deleted. Where a prospective student completes an online enquiry or payment information is held in Opportune Professional Development email system, secure cloud server or accounting system and is only available to the Operations Manager, Chief Executive Officer or where follow-up is required, finance team for the purpose of reconciliation & issuance of receipt. Use of information Personal information is only for the purpose for its collection and by staff who require the information in order to complete the tasks associated with their role and function. i. Student personal information is used to; Identify individuals enrolled in an Opportune Professional Development program Process application and enrolment requests including credit transfer applications Process payments for service delivered Monitor student progression and provide individualised support Enter student assessment results Identify students enrolled in a training product that is superseded Report data required by government (data provision and contractual data requirements). Monitor and evaluate organisational performance. Ensure certification documentation is awarded to the correct graduate Serve purposes that are expressly permitted under any agreement with you ii. Staff personal information is used to; Ensure staff have the correct qualifications, registration/licensing requirements to deliver and assess nationally recognised training. To mitigate risk and ensure student safety To support human resources processes and systems Manage logistical requirements associated with training and assessment Meet superannuation and taxation legislative requirements Where students do not wish to use their name and contact details on assessment task submission sheets they are able to use their student or enrolment number.

3.4 Direct Marketing Opportune Professional Development only uses or discloses personal information for direct marketing purposes if consent has been given by the individual. Individuals have the opportunity to be removed from circulation or subscription lists if they choose not to receive organisation related materials. 3.5 Disclosure of personal information Opportune Professional Development only discloses information to a third party where written consent has been gained from the individual, or when compelled by law. Where possible, data is encrypted so that the student has a level of pseudonymity. Opportune Professional Development does not disclose any individual s personal information to overseas recipients. As Opportune Professional Development works in partnership with high quality domestic Registered Training Organisations to deliver Nationally Recognised Training and Assessment, personal information will be disclosed to the relevant RTO (involved in the training course to which the individual is enrolling), for the purpose of that enrolment. In accordance with legislative and regulatory requirements Opportune Professional Development and the RTO is required to provide information to State and Commonwealth government departments for the purpose of administration, research and quality assurance5. From time to time, Opportune Professional Development will also disclose personal information (on a confidential basis) to third parties that we use in the ordinary operation of our business, such as account and billing,, user experience research and surveys, website hosting and support and maintenance. Opportune Professional Development will only disclose information to the extent required for the limited purpose of the third party providing services contracted to us so that we may service clients. Opportune Professional Development takes all reasonable steps to protect the information held from unauthorised access, use and disclosure, however cannot guarantee that our systems and stored data will be completely free from third party interception or are free from corruption. Certain parts of the Website (such as those parts that require consumers to provide Opportune Professional Development with a credit card number) provide the ability for consumers to transmit information to our Website in an encrypted form by using secure socket layer technology (SSL). However, other parts of the Website are not protected by any form of encryption to protect information sent from the consumers computer to us over the Internet. Further, no method of transmission over the Internet, or method of electronic storage, is 100% secure. In light of this, we cannot ensure or warrant, and do not warrant, the security or privacy of consumers personal information, including payment and account details. Consumers transmit this information at their own risk. If consumers have any questions regarding security they are encouraged to contact us at consumerprotection@opportune Professional Development.com.au. 5 AVETMISS data, quality indicator reporting data and information required to undertake a compliance audit.

3.6 Accessing and seeking correction of personal information Opportune Professional Development acknowledges the rights of individuals to have access to their personal information under the Freedom of Information Act and provides opportunities to review this information on request. Students and staff are encouraged to update their personal information as it changes to maintain the currency and accuracy of records/data. Where Opportune Professional Development staff identify/suspect that personal information is inaccurate, out of date, incomplete or misleading they will contact the individual for further clarification and action any rectifications as required. Student is requested to send in writing via email or a letter the updated personal information. Student records in the student management system are then updated to reflect the new details. There is no charge to an individual who wishes to correct personal information or an associating statement. 3.7 Destruction of personal information Personal information disclosed to the Registered Training Organisation will be stored in the organisations student management system for the period required by law. Students should refer to the privacy policy of the relevant Registered Training Organisation for more information. When Opportune Professional Development no longer requires personal information (e.g. completion, withdrawl or cancellation of a students enrolment), it is destroyed. Hard copy information is shredded securely and electronic information is securely deleted within 5 days of the information no longer being required. 3.8 Complaints and appeals Feedback on Opportune Professional Development compliance with the Privacy Policy and Procedure is encouraged by contacting the Consumer Protection Officer or by making a complaint. Details of the Consumer Protection Officer are provided on the corresponding page. Consumer Protection mailto: Consumerprotection@oppportune.com.au T: 1300 721 121 A complainant or appellant is required to lodge the complaint/appeal in writing. The Operations Manager will acknowledge the complaint within 48 hours of the complaint being received. Following a comprehensive investigation potential causes of the complaint will be identified, corrective actions taken to eliminate or mitigate the likelihood of future reoccurrence. The complainant will be informed of the outcome of their complaint within 10 days of their complaint being received. If the complainant is dissatisfied with the outcome of their complaint they can escalate their complaint to the Operations Manager or request an independent review of their case. Failing to resolve the complaint at this level the complainant can approach the OAIC for further information and/or action. See Complaints and appeals policy and procedure for more information.

3.9 Governance mechanisms Opportune Professional Development has robust governance framework in place to ensure its compliance with the Australian Privacy Principles. The following governance framework underpins and supports the operationalisation of this policy and procedure; Risk assessments including privacy impact assessments are undertaken when required. Staff receive training on the handling of personal and sensitive information on employment commencement and as changes and/ or amendments occur. Staff who regularly handle personal information are provided with supervision and support from their line manager. Performance development and management processes ensure staff have the knowledge and skills required to complete their role requirements Where an agent or contractor is collecting personal information from a consumer on behalf of Opportune Professional Development systematic processes are implemented to monitor compliance and maintain the student s privacy see Engagement and Monitoring of Partners Policy and Procedure. The Privacy Policy and Procedure is publicly available on the website and it can be found in the student s handbook. The organisations Privacy Policy and Procedure is reviewed and updated annually or where required. Where changes to the Privacy Policy and Procedure have occurred the latest document version will be placed on the website and all students/clients will be notified by email that a new privacy policy and procedure has been released. Opportune Professional Development takes all reasonable steps required to protect and maintain personal and sensitive information in accordance with the Australian Privacy Principles. If a data breach was to occur the organisation has a systematic approach to managing the critical incident in an open and transparent manner that manages risk effectively. The process for managing a data breach includes conducting a preliminary assessment and investigation, undertaking a risk assessment, notifying all relevant parties and developing an action plan to prevent potential future breaches. Opportune Professional Development management monitors the effectiveness of the policy/procedure and is actively involved in its review. Australian Skills Quality Authority (2015) Standards for Registered Training Organisations (RTOs) 2015. Privacy Act 1988 Privacy Amendment Act 2012 Office of the Australian Information Commissioner (2014) Australian Privacy Principles Office of the Australian Information Commissioner (2014) Guide to developing an APP privacy policy

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback