|Effective Date||01 July, 2018|
|Date Last reviewed||14 Nov, 2016|
|Scheduled Review Date||01 July 2020|
|Supersedes||All previous Policies and/or Statements|
|Approved By||Natalie Thomasen (Privacy Officer)|
|References||• Information Security Policy • Document Destruction Policy • Dispute Resolution Procedure • Privacy Act 1988 • Australian Privacy Principles|
Cloak Investigations (T/A Employment Screening Australia) is an Accredited Body able to conduct nationally coordinated criminal history checks (commonly known as police checks).
Accredited Bodies use the National Police Checking Service, administered by the Australian Criminal Intelligence Commission (ACIC), to obtain criminal history information, with the informed consent of the individual applicant.
The Accredited Agency (The Agency) is not allowed to obtain criminal history information without the consent of the individual about whom the information is sought.
The Agency also conducts other types of pre-employment screening activities on behalf of employers such as reference checking, qualifications verification, social media screening and medical screening.
When the Agency deals with personal information about any person, the Accredited Agency will follow certain principles so as to safeguard that individual’s privacy.
This policy sets out those principles, which are consistent with the Privacy Act 1988.
|Personal information||Personal information is any information which identifies an individual, or from which the individual’s identity can reasonably be ascertained. It includes an individual’s name, address, telephone number, driver’s licence number, date of birth, work experience, skills and qualifications, any test results, referee contact details and other information relating to career, education and personal interests.|
|Sensitive Information||Sensitive information is information about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientations or practices or criminal record.|
|Employee record||Employee record means information contained in or recorded in a record about health, training, discipline or resignation of the employee, termination of the employment of the employee, terms and conditions of employment, personal and emergency contact details, employee performance or conduct, hours of employment, salary or wages, membership of a professional or trade association, trade union of membership, recreation, long service leave, sick, personal, maternity, paternity or other leave).|
Collection of personal information
The Accredited Agency will only collect personal information that is necessary for;
- undertaking police history checks or other background screening checks for employment purposes, in its capacity as a pre-employment screening provider, on behalf of Legal Entity Customers with whom the Agency maintains a current approved service agreement; and/or
- undertaking pre-employment screening of its own employees.
Where it is reasonable and practicable to do so, the Agency will collect personal information about an individual from that person directly. If the Agency collects personal information from third parties, we will take all reasonable steps to ensure that the personal information is true and correct and has been provided with the informed consent of the individual.
The Agency will endeavour to only collect personal information by lawful and fair means and not in an unreasonably intrusive way.
Type of personal information collected
The following information can be collected in order to conduct Police Checks and other screening checks where requested.
- Personally identifying information such as full name, date of birth, place of birth, current address, previous addresses, driver’s licence and passport details, signature.
- Sensitive information such as criminal history details and memberships
- Biometric information such as fingerprint comparison. On rare occasions, this information can be requested by Police agencies where there is a name match.
- Demographic information such as information about race, ethnicity, profession or occupation.
- Information relating to an applicant’s check purpose or employment.
- Information or opinion relating to an applicant’s current or previous application process. This information may include the opinion of others about your work performance (whether true or not).
Use of personal information
The Agency uses personal information to conduct national coordinated criminal history checks via the National Police Checking Service NSS Database, whereby the information supplied to the database assists in determining the correct identity of the applicant and obtaining any disclosable criminal history information.
The Agency will only use personal information for conducting police checks or other pre-employment screening checks for which the individual has consented.
Where practical, we will only use personal information contained in a record if it is accurate, complete and up to date. In many instances, we rely upon the subject individual to provide accurate and complete information and to advise us should their circumstances change over time.
Personal information is only disclosed to the individual or to Legal Entity Customers (the individual’s employer, potential employer or employment agency) where the individual’s informed consent has been obtained.
Personal information will NEVER be sold or distributed to third parties without the express consent of the individual.
Method of Collection
Information about you is collected via hard copy (paper) forms and certified photocopies of identification or electronically via secure online systems.
Where possible, we will collect your personal information directly from you.
Personal and sensitive information will be collected from you when:
- You provide it to us directly;
- You provide it to us via one of our Legal Entity Customers (Your employer or potential employer)
- We undertake or receive any personal, professional or academic reference about you;
- We receive any results of inquiries that we might make of your former employers, colleagues or associates;
- We receive any performance feedback (whether positive or negative);
- We undertake psychological or medical assessments;
- We undertake National Police History Checks and other pre-employment checks.
From time to time, with your consent, we may also collect personal information from third parties including Australian Criminal Intelligence Commission (ACIC), Dun & Bradstreet (Australia) Pty Ltd, Accurate Information Systems LLC, Australian Securities & Investments Commission and Australian Health Practitioner Regulation Agency.
Security & Storage of personal information
The Agency has established appropriate physical, electronic and managerial procedures to safeguard any information we collect in accordance with our Information Security Policy. This helps prevent unauthorised access, maintains data accuracy and ensures that the information is used correctly. All personal information is stored within trusted secure local third party storage systems using Transport Layer Security (TLS - the successor to Secure Sockets Layer, or SSL), TLS 1.2 protocol, 256-bit RSA key exchange and a 128 bit AES encryption cipher. This also includes all traffic between smartphone apps and servers and all APIs.
All data in each location is encrypted at rest with AES-128 and sophisticated encryption keys management.
Personal information is not stored or transmitted internationally except in instances where our Legal Entity Customer may choose to transmit the information to overseas offices, in which, case it is incumbent upon the Legal Entity Customer to adequately protect the transmitted information. All of the Agency’s Legal Entity Customers are subject to audit on a regular basis to ensure compliance with information security requirements and Privacy Law.
All Agency employees are subject to appropriate screening (police checks), Confidentiality Agreements and are subject to internal procedures for the handling and security of personal information.
The Agency will only use or disclose personal information obtained for police checks in accordance with the Agency’s Agreement for controlled access by duly Accredited Bodies to Nationally Coordinated Criminal History Checks (Agreement). This reflects our commitment to the Privacy Act 1988 which provides that personal information collected for a primary purpose can only be used for that primary purpose (unless a secondary purpose exemption applies)
Personal information is disposed of in accordance with our Agreement for controlled access by duly Accredited Bodies to Nationally Coordinated Criminal History Checks (Agreement) as follows:
|Personal information||Retention Period||Disposal Period|
|Nationally Coordinated Criminal History Check application||At least 12 months after receipt of the police check result||No more than 3 months after the minimum retention period (15 months in total)|
|Copies of Identity Documents the applicant presented for their police check including verification method||At least 12 months after the receipt of the police check result||No more than 3 months after the minimum retention period (15 months in total)|
Access and correction of personal information
Unless otherwise agreed or a lawful exception applies, individuals have the right to access, make copies of and correct their own personal information in the possession of The Agency.
Disputing Police Check Results
Individuals who do not agree with their police check results are entitled to dispute the results. Information about how to dispute your police check results is attached at Annexure B.
To make a request to inspect such records Phone 0434 886 466 or email firstname.lastname@example.org
All employees of the Agency are under an obligation to preserve the privacy of customers, clients, agents, contractors, suppliers, distributors and fellow workers. In preserving this privacy, employees must refrain from disclosing confidential information. This obligation extends to out of hours conduct and any breach of privacy in this regard may be subject to an investigation.
Where confidential and personal information is found to have been disclosed by an employee, they may be subject to a disciplinary process in accordance with the Agency’s disciplinary procedure.