This policy is to ensure compliance of HTMi Australia with the Information on Privacy Principles set out in the Commonwealth Privacy Act 1988 (Amendment) and Privacy Principles.
The policy is also intended to ensure that everyone involved with HTMi Australia is treated respectfully and professionally.
This policy deals with the collection, use, disclosure, storage, security and access to personal information being held at HTMi Australia.
It applies to all teaching and non-teaching staff and to all current participants and prospective participants who have provided personal information to HTMi Australia.
The policy is to be included in the Student Handbook, Marketing materials and Staff Handbook.
HTMi Australia is committed to the privacy of the participants and staff and works diligently to ensure that everyone is treated respectfully and professionally. HTMi Australia will respect the privacy of all individuals with whom it communicates.
Personal information is collected by HTMi Australia solely for the purpose of operating as an Education provider. HTMi Australia also collects participant information to continually improve the services they offer to all participants.
The requirements of the registering authority may mean the release of participants’ personal information for the purposes of audit, or for collection of data by Commonwealth and State Government departments and agencies.
Access to participant records may be provided where an officer of the law requires this information from HTMi Australia. HTMi Australia staff will comply with all external reporting responsibilities where required to do so.
The Operations Manager will maintain up-to-date records of the employment history and qualifications of all staff employed by HTMi Australia.
HTMi Australia will ensure that all personal information given to HTMi Australia by employees and participants is held securely and safely.
Only staff directly involved with participant welfare and or participant results will have access to personal participant details.
Trainers and HTMi Australia administrative staff will provide participants with access to their own files and personal information held by the HTMi Australia upon request according to procedures, including access to their participation and progress, participants may request corrections to information that is incorrect or out of date.
Upon receipt of written consent by a participant, HTMi Australia staff will provide a third party with participant’s personal details.
Collection of information
HTMi Australia requests information from participants as part of the pre-enrolment, enrolment and any re-enrolment processes. We will not collect personal information at any time by unlawful or unfair means.
HTMi Australia will always take reasonable measures to ensure that the individual is made aware of why personal information is being collected and what it could be used for.
Collection of a participants’ personal information will occur for the following purposes:
• For the essential communication for the participant’s safety and comfort during their studies
• When it is necessary for HTMi Australia to contact a participant’s nominated family member in the case of emergency or accident.
Selected participant details are also collected and used for:
• Processing enrolments
• Enquiries regarding courses available and sending out course information
• Communicating accurately with participants
• Assisting participants with courses they may be interested in
• Assisting participants with RPL applications
• Participant account details
• Assessing an individual participant’s entitlements for government funded areas.
HTMi Australia will ensure that when personal information is collected it will not intrude to an unreasonable extent into the personal affairs of the prospective participant/employee and that the information is up to date and complete.
Disclosure of information
Privacy and confidentiality is paramount within HTMi Australia and policies and procedures will be observed by all staff. Personal information will not be released without the consent of the participant or staff member.
Even though HTMi Australia is part of an employer group, it does not release personal details of participants to employers or employees.
HTMi Australia does not release or sell participants’ personal details to any external companies for the purposes of marketing.
HTMi Australia may from time to time be required to provide personal information to external organisations including the Australian Government and other designated authorities to provide specific services as required by law.
If there is a serious health-related issue and some information may be provided to the HTMi Australia during a consultation with a practitioner, then this information may be accessed by the HTMi Australia staff for the purposes of providing further helpful services to the participant.
No other parties will gain access to the information at any time, other than those listed above without the written consent of the individual participant concerned.
Breaches in Privacy and Confidentiality
Should HTMi Australia become aware of any breach in these Policies and Procedures, as outlined under the APP, HTMi Australia will notify the Office of the Australian Information Commissioner (OAIC) and any parties who are at risk because of the breach.
Ensuring the data quality
• Consistent with the Australian Privacy Principles, HTMi Australia is committed to ensuring that personal information collected by HTMi Australia remains accurate, complete and up to date.
• HTMi Australia relies on its participants and staff to advise the HTMi Australia of changes that may occur in personal information to keep all records up to date and of accurate quality.
• HTMi Australia will ensure that the participants’ records are kept updated by making the changes in the participant personal files, in the participant management system and in the participant soft copy register as soon as they are provided by the participant.
• HTMi Australia will destroy records relating to personal information when such information is no longer necessary to be retained within the HTMi Australia’s records. Personal information will be destroyed by shredding or another secure process.
Access to data and making corrections
• All participants, clients and staff have the right to inspect their own personal information and files held by HTMi Australia.
• Prospective participants are informed that upon giving the HTMi Australia their personal contact details, the HTMi Australia will use these details to process their enquiry and send them course information.
• Upon reasonable request and 5 working days’ notice, administrative staff at HTMi Australia will provide a participant with access to their personal records and if required, reissue qualification paperwork which has been achieved. HTMi Australia will not allow this to take place without an appointment being made.
• Participant’s personal records cannot be released to parents, partners or any external party without the written consent of the participant.
• When a record is found to be incorrect, this will be corrected; when a participant requests that a record be corrected because it is not accurate or correct, the details of the request for amendment with the evidence supplied for change will be noted on the records.
Breaches of the Privacy Act
Should HTMi Australia become aware of an eligible data breach, they must notify the Office of the Australian Information Commissioner (OAIC) and any parties who are “at risk” because of the breach.
This will be the responsibility of the General Manager.
An “eligible data breach” is either:
1. unauthorised access or disclosure of information that a reasonable person would conclude is likely to result in serious harm to any individuals to whom the information relates; or
2. information that is lost in circumstances where unauthorised access or disclosure of information is likely to occur; and
3. it can be reasonably concluded that such an outcome would result in serious harm to any of the individuals to whom the information relates.
To determine whether an individual is at risk of serious harm the General Manager will need to consider factors such as the sensitivity of the information, whether the information is protected by one or more security measures, the kind of persons who could obtain the information and the nature of the harm.
If an employee of HTMi Australia suspects there has been a data breach but is not aware of the circumstances or whether it is an actual “eligible” data breach, then the General Manager or their delegate must carry out a reasonable and expeditious assessment within 30 days of becoming aware of the breach.
If there are reasonable grounds to believe there has been an eligible data breach, then the General Manager or nominated person will notify the OAIC and the individuals whose data was affected or individuals who are at risk with:
• a description of what occurred
• the kinds of information concerned; and
• the recommended next steps that individuals affected should take in response to the data breach.
In some circumstances, if action is taken in response to the breach before any disclosure or serious harm occurs then the Act provides that it may not be an “eligible” data breach and you do not need to go through the notification steps.
Failure to abide by the investigation and notification regime will be an ‘interference with an individual’s privacy’ and therefore a breach of the Privacy Act. The OAIC may investigate, make a determination and pursue civil penalties against HTMi Australia for such a breach.
Should there be a breach, then it should be reported to:
The Office of the Australian Information Commissioner (OAIC) GPO BOX 5218 Sydney NSW 1042
Ph: 1300 363 992
Fax: +61 2 9284 9666
Any complaints regarding a privacy matter will be handled in accordance with the HTMi Australia Complaints, Grievance and Appeals Policy and Procedure.
Should complaints not be resolved by the HTMi Australia, participants may also address their complaints to the Office of the Australian Information Commissioner.
Any policy and the availability of complaints and appeals processes within the HTMi Australia, does not remove the right of the participant to act under Australia’s consumer protection laws.
- Commonwealth Privacy Act 1988 (Amendment)
- Australian Privacy Principles
- Privacy Amendment (Private Sector) Act 2000
- Request to Access Personal Information