The Victorian Labour Hire Licensing Authority (Authority) was established by the Labour Hire Licensing Act 2018 (the Act). The Act introduced a licensing scheme for labour hire service providers in order to improve the transparency and integrity of the labour hire industry, to hold providers of labour hire services accountable for their conduct, and protect vulnerable workers from being exploited.
This policy applies to the personal information of both external parties and the staff of the Authority. Any personal information collected by the Authority, or that it obtains about individuals from other sources, will be handled in accordance with this policy.
The Authority manages personal information in accordance with the Information Privacy Principles set out in the Victorian Privacy and Data Protection Act 2014 (PDP Act). Personal information is information or an opinion that is recorded in any form, about an individual whose identity is apparent or can reasonably be ascertained from that information, but not health information. Health information is information which concerns that individual’s physical, mental or psychological health, disability or genetic makeup.
The Authority is an agency responsible for the performance of functions or activities directed to the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of a law imposing a penalty or sanction for a breach. For this reason, the Authority has a partial exemption under s 15 of the PDP Act from complying with the specified IPPs if it believes on reasonable grounds that non-compliance is necessary for the purposes of its law enforcement functions.
In order to perform its functions, the Authority has also entered into certain agreements with Australian government agencies, which may mean that it has also agreed to be bound by relevant Australian Privacy Principles contained in the Commonwealth Privacy Act 1988.
The Authority collects personal information that the Act, privacy and other laws authorise it to collect and that it needs in order to perform its licensing, registration and enforcement functions. This includes contact details provided by stakeholders so that the Authority can provide them with e-newsletters and other other stakeholder updates. It also includes personal information required as part of licence applications, to update and verify licence applicants' and licensees' details and to maintain the public Register of Licensed Labour Hire Providers.
For a licence application or renewal, generally the Authority collects personal information directly from individuals with their consent, but information about third-party individuals (‘relevant persons’) is also collected in this context with their knowledge and consent. The purposes of this third-party collection include probity checks in relation to performance of the Authority’s core regulatory functions. These probity checks include nationally coordinated criminal history checks by the Australian Criminal Intelligence Commission.
Part 5 of the Act provides for the powers of inspectors to monitor compliance and investigate potential contraventions of the Act. Subject at times to their obtaining relevant Magistrates' Court orders or warrants, inspectors have express powers to enter premises, inspect or require provision of documents and information in specified situations. These documents and information may include personal information.
Sometimes the Authority will also be provided with personal information in connection with objections and complaints that it must consider or investigate, such as an objection by an interested person to an application for a licence, or a complaint about an inspector’s conduct.
For details of information collected about visitors to the Authority’s website, please see the Privacy Statement for the Authority’s website at https://www.labourhireauthority.vic.gov.au/privacy
You can access the information the Authority has collected about you, and request that it amends or removes incorrect or misleading information about you. For more details see the Access and Correction section below.
Use and disclosure
Personal information that is collected by the Authority will be used by and disclosed to the Authority’s staff or contractors whose duties require them to use it. These employees and contractors must handle personal information in accordance with the requirements of the PDP Act. This means they will only use or disclose collected personal information for the primary purpose for which it was collected, or for a permitted secondary purpose in specified situations, such as where the individual has consented to the use or disclose, or where the use or disclosure is required or authorised by or under law (for example, in response to a valid request made under the Victorian Data Sharing Act 2017. These specified situations also include provision for disclosure to law enforcement agencies such as the Australian Security Intelligence Organisation or the Australian Secret Intelligence Service, in defined circumstances.
In addition, the Act contains a secrecy provision that further protects information concerning the affairs of any person acquired under or for the purposes of the Act. Exceptions to this secrecy requirement include disclosure to the Victorian Civil and Administrative Tribunal, and to police officers and other regulators in specified circumstances. Inspectors are also subject to a confidentiality provision in the Act – it is an offence for an Inspector to provide such information to any other person unless authorised.
The Authority is required by the Act to publish certain information on its website upon receiving applications for licences or licence renewals, and to maintain a public register. The information about identifiable individuals that it publishes is publicly-available information and therefore not personal information. The PDP Act requires that public sector agencies administer public registers, so far as is reasonably practicable, in a way that would not contravene handling requirements for personal information, if that information were personal information. In a number of circumstances, for example where a person conducts business from their residential address, it may be necessary for the Authority to publish personal information on the Register.
Note that the Act contains an express permission for the Authority to publish on its website information concerning licensing outcomes, such as the name and business name of an applicant for a licence, if the application is refused or withdrawn, suspended or cancelled, or if the Authority has refused to renew a licence.
De-identified personal information derived from the personal information collected may also be used in support of the Authority’s broader functions, such as for research and reporting purposes.
The Authority takes reasonable steps to ensure that the information it holds is accurate, complete and up to date. Accurate information should be provided to the Authority at all times. Licence applicants are required to make a declaration that the information they have provided is true and correct, and licence holders must notify the Authority of any changes in the information provided to the Authority within 30 days of the change.
The Authority is committed to protecting your personal information from misuse, loss or unauthorised access, unauthorised modification or disclosure.
The Authority has secure office premises and a security pass entry system for Government employees and contractors to enter the premises. The Authority takes reasonable steps to protect files from outside or unauthorised access. The Authority’s information technology arrangements incorporate a range of data security measures. For example, the Authority requires staff to use passwords to enter the computer system and its databases can only be accessed using an additional password, with different levels of access granted depending on the role of the staff member concerned. Only staff who need to use your information to perform their functions have access to it.
To protect your privacy, you should keep your Authority password confidential: it must not be displayed, shared or written down.
Transmission security risks
You should be aware that there are risks in transmitting information across the Internet. So, while the Authority takes reasonable steps to protect the personal information we receive from you or from third parties, the Authority cannot guarantee the security of any information transmitted to it online. If you are concerned about conveying confidential or delicate material to the Authority over the Internet, you might prefer to contact us at firstname.lastname@example.org to make other arrangements.
Online Services and Online payments
The Authority’s online services are managed by a third-party IT service provider. Our service provider may access the personal information entered into our forms in order to process electronic transactions or to resolve a technical problem.
If you make a payment using the Authority’s website, the Authority will process your payment with the assistance of a reputable third party electronic payments service provider and present you with an online receipt for your records.
If you make an online application or another payment transaction the Authority’s website, the Authority takes additional steps to protect the security of your personal information, such as strong SSL encryption. Before using these facilities, you should ensure that you are using a web browser that supports SSL encryption. In many web browsers, you can confirm that your session is encrypted by the appearance of a locked padlock symbol at the foot of the browser.
The Authority generally destroys or permanently de-identifies information when it is no longer needed for any purpose. However, information held by the Authority is subject to the provisions of the Public Records Act 1973 and must be retained or disposed of in accordance with relevant Retention and Disposal Authorities.
Access and Correction
Requests for access to and/or correction of documents containing personal information held by the Authority will be handled according to the provisions of the Freedom of Information Act 1982. Requests should be addressed to the FOI officer c/o The Labour Hire Licensing Authority, email@example.com and should be accompanied by any applicable fee.
The Authority does not assign or adopt the unique identifiers that other organisations may have assigned to individuals. However, if the Authority decides to grant a licence, it must allocate a unique licence number to the licence. That licence number must be stated on the licence.
Individuals seeking general advice from the Authority or accessing the public register do not have to identify themselves. However, the Authority will need to collect personal information if you are seeking answers to a specific enquiry, or making a complaint. You cannot apply anonymously for a licence under the Act.
Transfer of Information Outside Victoria
Generally the Authority will not send personal information outside Victoria without individuals’ prior consent. In some cases that consent may be implied, as where individuals have consented to criminal history checks being carried out. In any case the Authority will not transfer personal information about an individual to others outside Victoria unless it reasonably believes that the recipient will handle the information in a substantially similar fashion to that required under the Information Privacy Principles.
During the licence application process the Authority collects some sensitive information. This includes place of birth information that could indicate racial or ethnic origin, and criminal record information. The Authority does this as part of its process to ensure that only fit and proper people who may validly apply under the terms of the Act are granted a licence.
© Labour Hire Licensing Authority, State Government of Victoria, 2018
Last updated 21 September 2018