In an increasingly invasive society, where social media is being more and more intertwined with conducting day-to-day business and technology is bouncing around, providing endless streams of communication opportunities, legally, there was always going to be implications. The law and compliance is now catching up in relation to Privacy and the protection of an individual’s information, and the rules are about to be revised.
Keeping in mind how much easier it is these days to gain a little information about someone here, there and everywhere, it is crucial for businesses to be not only informed of their privacy obligations but independently test business processes, procedures, policies and security to ensure that the way a person’s information is managed is in line with the new privacy regime.
As a committed workforce management specialist, we are renowned for our breadth of services and the ability to have someone inducted, screened and ‘work ready’ quickly, but conversely the sheer amount of information that WorkPro requests and gathers from an individual to enable our customer’s to validate certain requirements is substantial.
The new Privacy laws will officially come in to effect in March 2014, and we recognised that an independent review of our system, processes and procedures was a ‘non-negotiable’ to understand if we needed to made adjustments, to be ready in time when the new laws take effect.
Dianne Gibert, MD of Service Excellence Consulting (SEC) was appointed as the Auditor under the Privacy Best Practice Program. The program included a document review, onsite audit and workshop to assess WorkPro against the Privacy Act 1988 amendment.
In short, the Privacy Amendment Act 2012 introduces 13 new Australian Privacy Principles. These essentially harmonise the current Government Principles and Business Principles; making it (fingers crossed), easier for everyone to understand, and abide by. It is these Principles that were cross-referenced during the audit, to determine how WorkPro collects, stores and shares information, the sensitivity of information, how the information is used, and a review of the WorkPro system to identify any gaps or recommendations for improvement.
According to SEC’s returned report, ‘The WorkPro program of data collection and presentation of results, and the manner in which it is used by both the candidate [sic] and the clients, appears to be consistent with the APP requirements.’
The purpose of this blog is to transparently highlight WorkPro’s approach to privacy from a system and processes point of view, providing our audience with a high degree of comfort that we will continue to meet our obligations and protect businesses and employees:
- An individual is only asked for information that is relevant to the requirement of the process being undertaken. In other words, WorkPro does not request personal information about an individual that is not related to their employment or a specific process within the system.
- Each WorkPro process includes clear and concise terms and conditions.
- We transparently detail how the system collects and stores their information, and clearly offer detailed information on how the individual can independently control and manage their personal information at any time.
- Each WorkPro registered individual is allocated a unique identifying Candidate Identification Number (CIN) and PIN. The individual can at any time, log in to their profile in the WorkPro system and reset their PIN so that an organisation cannot access their information.
- It is understood and accepted by the individual, that if they register for WorkPro as part of their employment, and enter a company allocated Module Access Code (MAC) in to the system that an automatic email is generated and sent to the company who owns the MAC, advising of the completion of a process, and displays the individual’s profile in WorkPro for the MAC owner to validate the WorkPro process completed.
- After a set period of time, the individuals’ information is archived off the MAC owner’s portal dashboard.
- It is only via the individual’s CIN and PIN (which they own) can a subscribing organisation gain access to an individual’s information.
- If an organisation contacts WorkPro for an individual’s CIN and PIN, the organisation is requested to send an email, including various pieces of information about the individual which is cross-referenced against the individual’s profile before information can be exchanged.
- The only information stored and available on reports or in a profile accessed by an organisation is the person’s CIN – both CIN and PIN are required to access any information about an individual.
- WorkPro is secured by a demilitarised zone (DMZ) and WorkPro’s software partner has won several awards for system security.
According to Diane the changes to the privacy laws will affect some industries more than others, and she says one industry which will see a very big impact is the recruitment industry. “This industry collects and uses a vast amount of personal information from individuals who are not employees,” She also warned that “the Office of the Privacy Commission has enhanced powers and will to conduct audits which include privacy sector organisation”.
For information relating to the new Act and how to get prepared check out this video – Australian Privacy Commissioner, Timothy Pilgrim speaking about the changes to the Privacy Act.