About this policy

Version 3.0

This human resources privacy policy outlines the personal information handling practices for employees and prospective employees in the Office of the Australian Information Commissioner (OAIC). See our main privacy policy for when we handle personal information in wider circumstances.

We will update this policy when our information handling practices change. Updates will be publicised on our website and through our email lists.

Human resources personal information handling practices

Human resources personal information for the OAIC is managed and held by the Australian Human Rights Commission (the AHRC) on behalf of the OAIC. The OAIC has a Memorandum of Understanding (MOU) with the AHRC to undertake these services.

Under the MOU the AHRC is responsible for the safe keeping and maintenance of OAIC material in its custody and control. The MOU also provides that the AHRC will only disclose information contained in human resources files to the OAIC, except for the purpose of delivering service under the MOU, as required or authorised by law, or with the prior written approval of the OAIC’s Deputy Commissioner.

If the AHRC is required or authorised by law to disclose any information contained in human resources files to a third party, the AHRC will notify the OAIC as soon as practicable.

Throughout this policy, references to the OAIC’s human resources personal information handling include the management of the OAIC’s human resources activities and the handling of personal information related to those activities by the AHRC.

Purpose for which we collect, hold, use and disclose personal information

The OAIC keeps and handles human resources records to enable us to properly manage our business affairs and the employment of staff, as well as consultants and contractors.

The purpose of keeping records on candidates for employment (application files) is to allow us to assess the suitability of candidates for employment at the OAIC.

The following people may use personal information held on human resources files for the purposes set out above:

  • Commissioner
  • Deputy Commissioner
  • Assistant Commissioners
  • Directors
  • Assistant Directors
  • Staff and other individuals sitting on a employment selection committee
  • AHRC human resources staff
  • Third party service providers.

Personal information in human resources files

Human resources files collect and hold personal information including:

  • employee, referee and emergency contact details
  • applications for employment and supporting documents
  • selection committee reports
  • employment contracts, and other records relating to terms and conditions of employment
  • details of financial and other personal interests supplied by employees and their immediate family members for the purpose of managing perceived or potential conflicts of interest
  • proof of Australian citizenship
  • certified copies of academic qualifications
  • records relating to salary, employment benefits and leave
  • medical certificates or health related information supplied by an employee or their medical practitioner
  • taxation details
  • banking information necessary to pay salary and wages
  • superannuation contributions
  • information relating to employees’ training and development
  • information about an employee’s performance.

How we collect and hold personal information relating to human resources

At all times we try to only collect the information we need for the particular function or activity we are carrying out.

The main way we collect personal information about you is when you give it to us. For example, when you apply for a job vacancy at the OAIC, we collect personal information such as contact details and your employment history. The employment information we hold may also include our opinion about your suitability for a particular position.

We may also collect contact details and some other personal information if you are on our committees or participating in a meeting or consultation with us.

Third-party service provider access to and use of personal information

The OAIC may use third-party service providers to process job applications and manage the recruitment process. We may disclose personal information about prospective employees to third-party service providers for this purpose.

Third-party service providers may collect, hold, use, and disclose personal information of prospective employees in the provision of recruitment services to the OAIC. These recruitment services may include reference checking.

Quality of personal information

The OAIC maintains and updates personal information in its human resources files as necessary, or when we are advised that the personal information has changed.

Storage and security of personal information

The OAIC takes steps to protect the security and confidentiality of personal information it holds. These steps include password protection for accessing our electronic IT system, audit trails of electronic systems and physical access restrictions.

The AHRC provides information technology services to the OAIC under a Memorandum of Understanding (MOU). The AHRC is also responsible for the safe keeping and maintenance of OAIC material it holds. All of this material is stored in Australia.

For the list of mandatory requirements that cover governance, personnel, information and physical security, please visit the Protective Security Policy Framework website

When no longer required, the OAIC destroys personal information in a secure manner, in accordance with the Australian Government Administrative Functions Disposal Authority (AFDA). Application files are stored for 7 years and then destroyed in a secure manner.

Disclosure of personal information overseas

The OAIC will generally only disclose human resources personal information to an overseas entity if you agree, or if we are authorised or required by law.

Accessing and correcting personal information or making a complaint

You can access, and ask that we correct, the personal information we hold about you on our human resource files, or make a complaint about how we have handled your personal information, in accordance with the processes set out in the main privacy policy.

Contact us for further information.