Changes to the Privacy Act 1988 have arrived.

Amendments were passed in 2013 and the new Australian Privacy Principles came into effect in March 2014.

There are a number of changes including new sections on direct marketing and cross-border disclosure, and tougher penalties on breaches. These changes will impact all Australian businesses which collect, use/disclose and/or store personal information on individuals.

This is a significant issue for recruitment agencies. Our lengthy involvement in the industry has shown us the current practices in many agencies, in fact most agencies, will fall short of the new legislation. The increase in the amount of penalties and the new capacity and willingness of the Office of Privacy Commissioner to conduct their own reviews of businesses should be taken seriously.

The Privacy Best Practice program is an initiative of ITCRA, Information Technology Contract & Recruitment Association, to assist Australian businesses to prepare for these changes.

The program is a unique combination of a training workshop and a review of records. This will be held at your office, attended by your staff, over a single day. This is the best way to identify where changes are needed to how you manage privacy and to spread awareness across your staff.

Alternatively you may prefer to send your staff to a half day information workshop.

Why you should be prepared

The Office of the Australian Information Commission has made it clear they will be using their new powers to conduct privacy audits. The recruitment industry is one of a small number of industries which deals with significant amounts of personal information for individuals who are not employees. (There are a number of exemptions for employees under the Privacy Act).

In a recent case it was found an organisation breached national privacy when it left a database of about 740,000 customer records, in some cases containing usernames, password, email addresses and more, exposed on the web. Under the new laws the Commissioner could apply to the Federal Court to levy fines of up to $220,000 against individuals and $1.1m against companies for "repeated and serious" privacy breaches.

A recruitment agency, quite unintentionally, released personal details of candidates onto the internet including names, addresses, driver license details and more. Mistakes can happen, but if you can't show that (a) you have taken the time to understand your obligations, (b) developed suitable policies, procedures and practices, and (c) have records to show you have implemented these procedures, then your defence will be so much more difficult.

Click here for the Privacy flyer.

Option 1:
In-House Workshop and Records Review Combined
Option 2:
Workshop only

This is the recommended approach as in one day it can achieve the dual objectives of identifying gaps in your current system against privacy legislation, and of providing awareness across your staff of these gaps and the new requirements. It will be conducted in-house.

The workshop will provide information on the changes in the Privacy Act amendments and implications for the recruitment industry. The records review will identify areas in your business of real and potential risk of non-compliance against the new requirements. We leave you with a report which identifies any areas of potential breach or risk.

Based on the findings in the report you should then develop appropriate policies, procedures and practices for privacy management. We can also provide you with some important templates.

Click here for the registration form.

Alternatively you may like to attend one of the half day workshops we will be conducting around all the capital cities.  As above, this workshop will provide information on the changes in the Privacy Act amendments and implications for the recruitment industry.  This will not include a review of records.
Workshops are being planned for capital cities around Australia.

Click here for the registration form: SEC Privacy Workshop Registration Form

CERTEX 4801 logo