INTRODUCTION

1.1        Purpose

The purpose of this policy is to provide directions in relation to the collection, use and storage of information about individuals which may be required by IFAP.

1.2        Scope

This policy applies to all IFAP:

  1. Employees;
  2. Associate Consultants;
  3. Clients; and
  4. Course participants and their employers, or those who pay for course attendance.

1.3        References

This Policy applies to the Australian Privacy Principles (APP) as scheduled in the Privacy Amendment Act 1988. If any part of this policy conflicts with the APP then the APP shall take precedence.

  1. Consent Form;
  2. IFAP Assessments Policy; and
  3. IFAP Records Management Policy.

1.4        Abbreviations

APP — Australian Privacy Principles.

ASQA — Australian Skills Quality Authority.

NCVER – National Centre for Vocational Education Research. USI – Unique Student Identifier.

1.5        Definitions

Employer — is defined as the organisation or individual who paid (or was liable for payment) for a person to attend a service delivered by IFAP.

GUIDING PRINCIPLES

The guiding principle of this policy is that personal information held by IFAP is relevant, accurate, stored securely and has restricted access.

The following protocols apply to the collection, security, access and retention of personal information.

2.1         Collection

Personal information will be obtained where IFAP is required to obtain that information or where it is necessary for IFAP to conduct its business effectively.

2.2         Reason for Disclosure

Where personal information is sought from an individual, the reason for obtaining the information and its’ purpose will be explained to that person.

The collection and use will be on the grounds that it will not be an unreasonable intrusion into the personal affairs of the individual.

2.3         Relevance

Where IFAP is required to obtain personal information about an individual, such information will be relevant to the purpose for which it is obtained and as accurate as can reasonably be established.

2.4         Disclosure

IFAP will not use or disclose personal information for any other purpose than the purpose for which it was collected other than as specified in Section 6 of this policy.

DATA COLLECTION

  • IFAP will not collect personal information on any individual, unless that information is necessary to perform our normal business functions and activities.
  • IFAP will collect information only by lawful and unobtrusive means.
  • IFAP will take all reasonable steps to ensure that all personal information held is accurate and up-to-date.
  • Sensitive information will not be collected without the consent of the individual. Information provided to IFAP by an individual will be deemed to be provided with

DATA SECURITY

  • IFAP will protect any personal information from misuse and unauthorised access.
  • IFAP will not adopt any identifiers used by a commonwealth agency (eg. tax file numbers, license numbers) for an individual.
  • IFAP will adopt its own unique identifier for individuals which will not be linked to any identifiers used by a commonwealth agency.
  • IFAP will protect and not disclose to any third party the Unique Student Identifier (USI) of an individual to ensure privacy. It will not appear on any testamurs or statements of attainments.
  • IFAP will not transfer an individual’s information to foreign countries in circumstances where the information will not have appropriate privacy protection.

ACCESS TO PERSONAL INFORMATION

  • Any individual from whom personal information is collected may access their personal information upon request.
  • On request from an individual, IFAP will take all reasonable steps to generally inform that person what sort of personal information IFAP holds, and for what purpose the information may be used or disclosed. IFAP will require an individual to provide proof of identity before providing this information.
  • IFAP will take all reasonable steps to allow individuals access to their personal information on written request.
  • IFAP does collect and retain reports on an individual’s medical fitness to undertake certain IFAP courses. This information will not be disclosed to any person or organisation without the written consent of the individual. Consent is to be provided on the Consent Form located in IFAP

5.1         Access to Personal Information by Employer

  1. Where training at IFAP is funded by the employer and is a requirement of employment, IFAP will provide a copy of the certification outcome at the completion of training, if requested.
  2. IFAP will not provide access to reports, feedback sheets and other documents used in training unless the IFAP Managing Director believes it is required under the APP —Principle – Use or Disclose.
  3. If the certification outcome is required by the employer at a later stage, a consent form signed by the individual must be submitted to IFAP with the replacement fee.
  4. Where training is funded by the individual, IFAP will not allow the employer to access the individual’s training records unless requested by the individual in writing on IFAP’s Consent Form.
  5. Where training is funded by the employer, at the completion of training, should the individual be deemed ‘Not Yet Competent’, IFAP will contact the employer and advise them of the outcome.

5.2         Access to Personal Information by 3rd Parties

  • IFAP will not disclose personal information to any other organisation or individual unless required to do so by law and as described below.
  • IFAP is required to provide personal information to the Australian Skills Quality Authority (ASQA) for the National Centre for Vocational Education Research (NCVER) in carrying out its regulatory and statistical function in the VET sector.
  • IFAP is required to pass on personal information and assessment documentation to other governing regulators for data collection and audit requirements.
  • Personal information will not be disclosed to a third party other than described above without written consent of the individual concerned. Refer relevant Consent Form in IFAP Central.

USE OF PERSONAL INFORMATION BY IFAP

IFAP may market its services and third-party services to individuals on its database if it believes that those services may assist the individual to improve occupational safety and health.

  • The only personal information used will be residential, business or electronic mail addresses.

FEEDBACK AND EVALUATION

Access to information, complaint or comment on this Policy must be made in writing to:

(CONFIDENTIAL)
The Managing Director
IFAP
PO Box 339
Willetton, Western Australia 6955

ALTERATIONS TO THIS POLICY

This Policy may be amended at any time to reflect IFAP’s business needs or legislative requirements.

This policy can only be altered by the Manager (or Team Leader) — Organisational Learning and Development or the Managing Director.