PRIVACY AND PERSONAL INFORMATION

PRIVACY AND PERSONAL INFORMATION

  1. Policy

Emergency First Aid Pty Ltd is committed to protecting employee and client privacy and confidentiality in line with State and Federal Privacy legislation.

This policy refers to the Privacy Act 1988 and the Student Identifiers Act 2014.

This policy focuses on Emergency First Aid Pty Ltd commitment to protecting the privacy of its students, and outlines the various ways in which it ensures this protection. For the purpose of this policy personal information is described as follows:

Personal information

Is information or an opinion that identifies an individual or allows their identity to be readily identified from such information. It includes but is not limited to information such as a person’s name, address, financial information, marital status or billing details.

Standards for Registered Training Organisations (RTO’s 2015)


Privacy Act 1988

The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information, and access to and correction of that information.

When Australian, ACT and Norfolk Island Government agencies and ministers’ offices collect, store, use and disclose any personal information about individuals, they must comply with the 11 Information Privacy Principles (IPPs) in section 14 of the Privacy Act 1988. The IPPs also allow individuals to request access to their personal information and ask for information to be amended or deleted.


Student Identifiers Act 2014

Generally, a registered training organisation must not issue a VET qualification or VET statement of attainment to an individual after 2014 unless the individual has a student identifier.

The Student Identifiers Registrar must assign a student identifier to an individual on application. On request by an individual, or an organisation or body involved with vocational education and training, the Registrar may verify that an identifier is the individual’s student identifier, or give the individual’s student identifier.

Records of student identifiers must be protected from misuse. Collection, use and disclosure of an individual’s student identifier without the individual’s consent is prohibited, unless it is authorised by this Act. The Information Commissioner may deal with breaches of these rules as interferences with privacy under the Privacy Act 1988.

On request, the Registrar may give all or part of an authenticated VET transcript of an individual who has a student identifier to the individual, a registered training organisation or a VET‑related body. This is subject to access controls set by the individual.

The Student Identifiers Act 2014 authorises the Student Identifiers Registrar to collect personal information about USI applicants. When you apply for a USI on behalf of an individual who has authorised you to do so, you will be asked to provide personal information about that individual.

This will include:

  • name, including first or given name(s), middle name(s) and surname or family name
  • date of birth
  • city or town of birth
  • country of birth
  • gender; and
  • contact details, so the Student Identifiers Registrar can provide individuals with their USI and explain how to activate their USI account.

Provision of personal information ensures that USIs are correctly assigned to individuals. If the required personal information is not provided a USI cannot be assigned.


What is a Unique Student Identifier (USI)?

All students studying nationally recognised training in Australia from 1 January 2015, will be required to have a Unique Student Identifier (USI). A USI is an account (or reference number) made up of numbers and letters. The USI will allow your students online access to their training records and results (transcript) through their online USI account.

  • A USI is required for your new and continuing students undertaking nationally recognised Vocational Education and Training (VET) courses to receive their statement of attainment or qualification.

Privacy

The personal information collected by you from the individual that you are applying on behalf of and that you provide to the Student Identifiers Registrar is subject to the provisions of the Student Identifiers Act 2014 and the Privacy Act 1988.

Personal Information may include, but is not limited to: name, address, date of birth and other identifying information.

The collection, use and disclosure of USI’s is protected by the Student Identifiers Act 2014.

You must ensure that your organisation handles the individual’s personal information in accordance with the requirements of the Privacy Act and the Student Identifiers Act 2014.

Procedure

Collection of personal information

Staff 

  • Emergency First Aid Pty Ltd will collect personal information from staff in order to obtain the information required to meet employment, legal and taxation obligations.
  • Information collected includes general personal details, and may include details of any disability or health issue that may affect the staff member’s ability to meet the requirements of their position.

Students

  • Emergency First Aid Pty Ltd is required to collect personal information from students in order to process enrolments and obtain the information required to provide suitable training and assessment services. Where applicable information may also be required to comply with AVETMISS standards as specified by government regulators.
  • Information collected includes general personal details, and may include details of any disability or health issue that may affect the student’s ability to undertake training and/or assessment activities.
  • Emergency First Aid Pty Ltd will only collect personal information that is required for the purposes of employment or education, or in meeting government reporting requirements.
  • Emergency First Aid Pty Ltd collects all personal information in writing, either from an employment application and personal details form, or an enrolment form, directly from the person whom the information is about. (Where applicable information may be collected from the parent or guardian of a student under the age of 18.)

 

Applying for a USI  When you apply for a USI on behalf of an individual you will need to verify their identity. You must do so through the Document Verification Service (DVS) which is built into the USI online application process if the individuals have documents such as a Medicare card, birth certificate, driver licence, Australian passport, certificate of registration by descent, citizenship certificate, Visa (with Non Australian Passport) and ImmiCard.

Identity

  • If you are applying for a USI on behalf of an individual you must have the authorisation of that individual.
  • If you are an RTO or a VET Admission Body you can apply for a USI in accordance with sub-section 9(2) of the Student Identifiers Act 2014

Use and disclosure of personal information

Staff 

  • Emergency First Aid Pty Ltd uses personal information of its staff for the purposes of meeting employment requirements including payroll, superannuation and taxation.

Students

  • Emergency First Aid Pty Ltd uses personal information of its students for the purposes of meeting VET requirements for the awarding of national qualifications, and to comply with reporting requirements where relevant, as specified by government regulators.
  • Personal information as collected through the enrolment form or online enrolment or through other means will be passed on to government regulators as per legal data collection requirements. This personal information may also be accessed for the purposes of an audit by the government regulator ASQA.
  • Personal information will not be used in any way other than those outlined in this policy, and any other ways that might reasonably be expected.

Access to personal information

It is a policy of Emergency First Aid Pty Ltd to allow access to personal files at any time to the person to whom those files relate, upon written request.

Staff and students may access their files by submitting their written application to Student Administration


Storage and security of personal information

Emergency First Aid Pty Ltd will take all reasonable steps to maintain the privacy and security of personal information.

  • Information stored electronically is kept on a secure server and access is restricted to authorised employees only. This server is regularly backed up and kept in a secure location.
  • Paper-based documents containing personal information are in a locked filing cabinet and held within a secure area within the RTO premises.
  • Where documents are required to be transferred to another location, personal information is transported securely in an envelope, folder or document bag.
  • Reasonable steps will be taken to destroy or permanently de-identify personal information when it is no longer required for any purpose.
  • Non-active files are archived at a secure location for 30 years.

Confidential Information

Emergency First Aid Pty Ltd will make all reasonable efforts to protect confidential information received from clients or partner organisations during the course of business operations. This information will not be disclosed without the prior consent of the client or partner organisation.


Privacy Statement

A privacy statement is available for all persons in contact with Emergency First Aid Pty Ltd to identify the way in which personal information is handled by the RTO. (Appendix A)

 The USI and reporting Each time your students complete nationally recognised training, you must collect and verify their Unique Student Identifier (USI) before you can confer a qualification or statement of attainment. (More information on collecting students USIs.)When you submit your data according to the new VET data collection and reporting requirements, it will now include the USI for each of your students. This USI will be reported to the National Centre for Vocational Education Research (NCVER) and entered in the national data collection. The new Unique Student Identifier (USI) scheme is underpinned by the Student Identifiers Act 2014, Standards for NVR Registered Training Organisations (RTO) 2014 and Student Identifiers Regulation 2014 and these require that you, the training organisation:

Collect a USI from each student:

  • Verify a USI supplied by a student
  • Ensure a student has a valid USI before conferring a qualification or statement of attainment on that student
  • Ensure the security of USIs and related documentation
  • Destroy any personal information which you collected solely for the purpose of applying for a USI on behalf of a student
  • Adhere to all legislative requirements under the USI legislative requirements

You will be required to have a valid and verified USI for each of your students before you issue a qualification or statement of attainment to that student.

The USI – Retention and destruction of Information                                                

As an RTO you declare that you will ensure the security of USIs and all related documentation under your control, including information stored in your student management systems.

In accordance with section 11 of the Student Identifiers Act 2014, you declare that you will securely destroy personal information which you collect from individuals solely for the purpose of applying for a USI on their behalf as soon as practicable after you have made the application or the information is no longer needed for that purpose, unless you are required by or under any law to retain it.


Relevant Policies & Procedures, Tasks and Documents:

                                                                          Policies and procedures that relate to this policy:                                                                                        Documents related to this process:
All policies & procedures within the operational system reflect how EFA will ensure compliance to this policy –Checklists for Reviews, Schedules, Meetings and reference guidelines for Actions are incorporated into the system.

1.1 Policy/Procedure – Quality Assurance Management

1.2 Policy/Procedure – Cooperation with the RTO Registering Body

1.3   Policy/Procedure – Notification of Significant Changes

1.3 Policy/Procedure – Compliance to Standards for  RTO’s

1.5   Policy/Procedure  – Complaints  &  Appeals

1.6   Policy/Procedure – Access & Equity

1.7   Policy/Procedure – Privacy & Personal Information

1.8   Policy/Procedure – Occupational Health & Safety

1.9   Policy/Procedure – Data Provision Requirement

1.10Policy/Procedure – Academic Advisory Board

2.1   Policy/Procedure – Records Management

2.2   Policy/Procedure – Version Control

3.1   Policy/Procedure – Refund Policy

3.3   Policy/Procedure – Financial Management &  Practice

And supporting Policies & Procedures for:

(The following P&P’s reflect the Actions required to ensure compliance through methods of continuous improvement)

·    Student Management System

–       4.1 Policy / Procedure – Student File Record Management

–       4.2 Policy / Procedure – Enrolment Process

·  Human Resources

–       5.1 Policy / Procedure – Staff Recruiting

–       5.2 Policy / Procedure – Staff Induction

QMS·    VCID.QMS.03 – Continuous Improvement Plan

·    VCID.QMSR.01 – Version Control Register

Scheduled Meetings

·    VCID.QMS.08- RTO Standards Quarterly Review Schedule

·    Internal Audit Reports

·    VCID.QMS.09 – Audits Schedule

·    VCID.QMS.11 – Management Meeting Agenda –

–       Monthly Meetings – Minutes

·    VCID.QMS.12 – Trainers Meeting Agenda – template

–       Monthly Meetings – Minutes

·    VCID.QMS.07 -Meetings Schedule

·    VCID.QMS.18 – Action Report Form

·    VCID.QMSR.03 – Continuous Improvement Register

·    VCID.QMS.16 – Complaints & Appeals Verification Report

·    VCID.QMSR.09 – Complaints Log Register

·    VCID.QMSR.13 – Operational System Notification Register

SMS

·    VCID.SMS.05 – Complaints Form

Flow Charts – Complaints & Appeals Processes

Privacy, Access & Equity and Complaints & Appeals process also explained in:

VCID.SMS.04 -Student Information  Handbook

HR

Privacy, Access & Equity also referred to in:

VCID.HR.06 -Trainer / Assessor Handbook

 


Appendix A:

Emergency First Aid Pty Ltd

Privacy & Personal Information Statement

Emergency First Aid Pty Ltd is committed to protecting the privacy of your personal information. This statement explains how we handle your personal information.

This statement only applies to our databases and files and does not cover any State, Territory or Commonwealth Government database or file. You are advised to contact the relevant government agency for a copy of their privacy policy.

Where we use the words ‘we’ and ‘us’ in this document, it means Emergency First Aid Pty Ltd.

Your Personal Information

In order to provide you with training, employment and associated services, we may need to collect personal information such as your name, address, work history, qualifications, job seeker identification number, government benefit card, etc.

If you’re studying nationally recognised training in Australia from 1 January 2015, you will be required to have a Unique Student Identifier (USI). There are laws that protect a student’s USI and USI’s must not be collected, used or disclosed by anyone except as allowed by the laws.  The student’s privacy is further protected by laws requiring that any personal information collected by a training organisation solely for the purpose of creating a USI on their behalf is to be destroyed after the USI is created.

The personal details of individuals held by the Student Identifiers Registrar will be protected by the Privacy Act 1988 (Cth).

If you decline to provide your personal information, Emergency First Aid Pty Ltd may not be able to:

  • provide the product or service you requested, or
  • enter into a business relationship with you.

Collection of personal information

Where practicable, we will endeavour to collect personal information directly from you.

Where services are provided on behalf of a Commonwealth and/or State Government Department, we may collect personal information from such government departments and agencies.

We may also need to collect personal information from other third parties with or without your direct involvement or consent, such as an employer. However, this will not include sensitive information.

Collection of personal information for the Unique Student Identifier (USI).

The personal information that you provide to the Student Identifiers Registrar is collected, used, and may be disclosed, in accordance with the provisions of the Student Identifiers Act 2014 and the Privacy Act 1988. The Student Identifiers Registrar’s Privacy Policy provides information about the protection of your information, including how you can access and seek correction of your personal information held by the Student Identifiers Registrar and how to make a complaint about a breach of your privacy and how such complaints are handled.

Use and disclosure

We will use our best efforts to ensure that the information you provide to us remains private and is used only for the purposes you agree to.

We will only disclose personal information to a third party where one or more of the following apply:

  • you have given consent (verbal or written)
  • it is authorised or required by law, or necessary for enforcement of law
  • it will protect the rights, property or personal safety of another person
  • the assets and operations of the RTO business are transferred

Access to personal information

You can access the personal information we hold on you, except when government legislation requires or authorises the refusal of access.

To access your personal information, you will need to contact the Student Administration department in writing and specify the type/s of information you wish to view. You will be required to provide proof of identification.

Storage & Security

We will take reasonable steps to maintain the privacy and security of personal information. We ensure this by having such security measures as:

  • storing electronic information on a secure server with restricted access
  • storing paper-based documents securely on our premises

We will take reasonable steps to destroy or permanently de-identify personal information when it is no longer required for any purpose.

The students USI will be stored by the USI Registry System, along with some personal information about the student, such as their name, date of birth and a way of contacting them such as an email address. The USI will also be held by the National Centre for Vocational Education Research (NCVER) in a separate database along with their training records.

Where is my USI stored?

For safety and security your personal details are held in a different location to your training records and results but your USI is held in both locations.

Your USI will be stored by the USI system, along with some personal information about you, such as your name, date of birth and a way of contacting you such as an email address. The USI will also be held by the National Centre for Vocational Education Research (NCVER) in a separate database along with your training records.

Then each time you login into your USI account the two systems will talk to each other and your personal information and training records and results will both appear in your account even though the information comes from two different locations, as required by law. This happens because the protection of your USI and the information it stores is paramount so these safeguards are in place.


Resolving privacy concerns

If you wish to raise a concern about a privacy matter should contact the Student Administrations Department.

For further information:

USI’s

http://www.usi.gov.au/Students/Pages/student-privacy.aspx

Privacy Act 1988 – Office of the Australian Information Commissioner

http://www.oaic.gov.au/privacy/privacy-act/the-privacy-act


Emergency First Aid P/L/Operational System/QMS/P&P’s  – Policy & Procedure 1.7 Issued: 07/2014.v1;01/2015.v2;01/2017.v3