The Optus case for retaining customer personal information, including government identifiers (e.g., passport, drivers’ licence, and Medicare numbers), may well be different from the retention case that recruitment & staffing agencies could mount.
But if you’re a recruiter, and you’re are retaining that sort of information, it might be wise to ask yourself why you need to retain it.
Sure, you might have needed it to verify the identity or work rights of your candidates; but if you can’t make a convincing argument for retaining it – and inconvenience is not a convincing argument – then shouldn’t you be destroying or de-identifying it in accordance with APP.11 and NZ IPP.9?
It’s worth asking the question, and it might keep you and your candidates safe.
The Office of the Australian Information Commissioner’s insights from its 2021-22 Assessment Program, recently published in Information Matters through its Privacy Professionals’ Network (29/04/2022), lists the following four steps that you should be taking.
clearly document and regularly review your practices and procedures to ensure you outline the measures that are in place to manage privacy risks;
implement regular and mandatory refresher privacy training for staff. This is an important part of entities’ privacy programs. Best practice is annual refresher training for all staff (including contractors and short-term staff);
regularly review and test data breach response plans to ensure their plans are up to date and staff know what actions they are expected to take in the event of a data breach. It is also important that entities proactively monitor audit logs to help identify unauthorised access and disclosure of personal information;
clearly document the operational relationship between your privacy and cyber security teams, as well as the roles and responsibilities of each business area. This will facilitate a coordinated response in the event of a suspected or actual cyber security incident or an eligible data breach.
How many can you tick off?
I especially like No #2. When did you last conduct refresher training for your staff? If you’ve not done it recently, you might like to register for the WorkAccord/ The Recruiters’ Casebook webinar on 3 May 2022, when we’ll be Talking Privacy and What Recruiters Need to Know.
In my experience, most are pretty good. But I have to ask, because I’m staggered to see that, after 20 years, there are still a few recruitment firms out there that believe they are bound by something called the “Recruitment Industry Privacy Code”. They proudly publish the fact in their privacy policies and on their websites.
Fact check…
The Recruitment Industry Privacy Code was the brainchild of ITCRA (APSCo Australia). It was never approved or implemented. It did not become “a thing”.
It gets worse…
Despite the fact that the RIPC originally contemplated that ITCRA would be the Code Adjudicator, several recruitment firms, perhaps because they weren’t members of ITCRA, simply swapped out references to ITCRA for references to either RCSA or the Privacy Commissioner. And perhaps, because they weren’t members of ITCRA, they didn’t get the memo about the RIPC being withdrawn from the approval process.
Rubbing salt into the wounds
To make matters worse, most of those firms that are still proclaiming their adherence to the RIPC, claim to be committed to protecting the privacy of their clients and candidates … in compliance with the National Privacy Principles … which were replaced in 2014.
I’m sure they are committed, in their own way. But it can’t be much of an advertisement for professionalism if you’re a couple of decades out of date.
Update your awareness
If you need to update your awareness of recruitment privacy, you might like to register for WorkAccord/ The Recruiters’ Casebook webinar on 3 May 2022, when we’ll be Talking Privacy and What Recruiters Need to Know.
Hooray! The veil has been lifted on the keenly anticipated autumn collection of Tuesday TalkAbout, which features four webinars on essential topics for recruitment and staffing professionals.
New Inclusions for Extended Discussion
We’ve updated the engagement design to include an extended Q&A session, when you can ask the questions that you’ve been wanting to ask and we’ll see if we can put you on the right path to getting the information you need.
We’ll also be providing prep materials to registrants on the Friday before the webinar so that you can join in, already having a basic understanding of the topic we’re discussing and so that you can formulate questions specifically tailored to your interests.
You can even join in discussion, before or after the webinar, via one of our two moderated LinkedIn forums so that you can follow through on questions that are of particular interest to you.
Finally, for webinar attendees, we’re including a post-webinar 15 minute complimentary phone chat, when you can raise those “quick questions” that you weren’t able to raise in the public session. Appointments do need to be made via the WorkAccord website, and the booking “window” will be open only in the week of the webinar (Mon to Fri) whilst appointments are available.
Autumn Collection:
Independent Contracting On-Hire: Where to from here? (29 March 2022)
The Australian High Court’s recent decisions in CFMMEU v Personnel Contracting and ZG Operations Australia Pty Ltd v Jamsek have certainly NOT made life easier for on-hire agencies who, overnight, may have discovered that workers whom they thought were their contractors are, in fact, their employees.
So, what can you do about that? You plan your service model restructure – that’s what you do. But there are plenty of questions to be answered as you set about doing that.
You can find out more about the webinar and register via the Eventbrite portal here.
Labour Hire Licensing Five Years On: What we know and still need to know. (26 April 2022)
Since 2017, we’ve been learning to live with four separate licensing schemes. What have we learnt and what do we still need to know?
Join us as we examine the performance of the four state and territory schemes and examine some of their more difficult aspects – taking a closer look at difference at the difference between labour providers who need a licence and mere “intermediaries” who don’t.
We’ll talk about:
the Victorian extensions
the worker exemptions
the data on licence conditions, refusals and cancellations
the prosecution cases so far – who is getting prosecuted and why
the challenges of regulatory over-reach in a federal system
We’ll talk about avoidance; how you might detect it; and what you need to do about it.
You can find out more about the webinar and register via the Eventbrite portal here.
Talking Privacy: What recruiters need to know (3 May 2022)
It’s Privacy Awareness Week. So what better time to schedule a privacy refresher for recruiters, whose day-to-day work involves the handling of large amounts of personal information ?
In this session we’ll be looking at the different privacy frameworks that apply to recruitment operations – especially those using cloud-based technologies, artificial intelligence, and offshore processing or sourcing.
We’ll talk about:
what is really “necessary” and how necessity operates to limit the type of information you can collect, use or disclose
ID scanning
data breach notification
what case determinations are telling us
responsibilities as a contracted service provider to government agencies
privacy impact assessments – when and why you need to conduct them
You can find out more about the webinar and register via the Eventbrite portal here.
Care & Support Sector Workforce & Governance Reform: What it means for recruitment & staffing agencies (31 May 2022)
The Care & Support Sector (Aged Care, NDIS & Veterans Support) is undergoing significant workforce and governance reform. What is going on and what does it mean for recruitment & staffing agencies? Will it be business as usual, or will the changes affect the way you need to operate?
In this webinar, we’ll be reporting on the state of the reforms and examining the role of recruitment & staffing agencies as “facilitators of care”.
We’ll ask whether there still scope for “all care, no responsibility” service models, and start to explore the changes you may need to be making to your agency’s operations and networks.
You can find out more about the webinar and register via the Eventbrite portal here.
“Over-promising” often occurs as a result of making unqualified statements. Sometimes, those statements are made inadvertently; other times, they may be made recklessly or through ignorance. Sometimes they are harmless; other times, they can mislead and create false expectations that cannot be met.
One area in which it’s always good to be wary of unqualified statements is the area of confidentiality and privacy.
For example, if as a mediator, I were to say to the parties something like:
Information you give me is confidential. I will never, in any circumstances, disclose it
I would be “over-promising”. That’s because there may be circumstances where disclosure could be required or permitted by law.
Similarly, if a recruiter were to say to a candidate something like:
Information about our candidates can never, in any circumstances, be disclosed for a purpose other than finding them employment
that recruiter might be “over-promising”. Again, that is because there may be circumstances where disclosure could be required or permitted by law. You can probably think of a few of them. Some of them appear as exceptions to privacy principles. There may be other exceptions that apply at common law. In fact, your recruitment software (including integrated, third-party software ) probably captures and discloses information that you might not even have thought about!
By over-promising, you can end up misleading people into divulging information, which they might not have willingly disclosed if you had qualified your promise properly. Consent may have been improperly obtained – not being sufficiently informed. And the information may have been collected and disclosed unfairly.
In short, “over-promising” on confidentiality and privacy crosses the boundaries of professionalism. So, it’s essential to know where the limits of confidentiality and privacy lie and to mark them out with carefully considered and qualified statements.
Privacy Awareness Week is just around the corner and, to kick off its Wednesday Webinar series, WorkAccord is joining in on Wednesday, 15 May with a free webinar: Privacy Refresher & Update for Recruiters.
I hope you can join me as we refresh our privacy knowledge and update with a look at:
the impact of the GDPR on Australian recruiters
data breach scenarios for Australian Recruiters
social media – what are the recruitment and workplace boundaries?
There’ll be time for questions… and hopefully some answers!
Recruiters' Casebook 