Industry Training and Assessment Services abides by the legislation and regulations regarding privacy and confidentiality


This means that we will:

• provide advice to you about the collection of personal information, its purpose, use, and security

• only collect personal information required to carry out the business of Industry Training

and Assessment Services and to fulfil the data information for ASQA and the AQTF


• take reasonable steps to secure and protect all personal information


• follow procedures that will ensure the personal information is accurate, up-to-date and complete


• provide access to students to their personal information, in the manner and as

determined under privacy and confidentiality regulations


• provide access to personal information by approved entities or persons, if required by Australian law


• seek consent from the owner of the personal information for any other legitimate access request


• respond quickly, following required procedures under the Acts to resolve concerns or

breaches relating to unlawful access to, use of or changes to personal information


• retain personal information as required by law until it is able to be destroyed


• require staff and contractors to sign a Deed of Confidentiality


• only use government unique identifiers for the purpose for which they were created


• allow anonymity, where allowable by law, for the provision of some information


Principles of Privacy


Our privacy and confidentiality policy and procedures reflect the national and state privacy

principles outlined below


There are thirteen Australian Privacy Principles (APP) in the Commonwealth Privacy Act


APP 1 — open and transparent management of personal information which means the management

of personal information in an open and transparent way


APP 2 — anonymity and pseudonymity refers to allowing a person to be anonymous or provide

a pseudonym if circumstances allow


APP 3 — collection of solicited personal information means only collecting personal information

that is reasonably necessary to collect in relation to the activity or reason for collection


APP 4 — dealing with how to remove unsolicited personal information deals with information

that was not necessary, but that was acquired in the course of collecting information or the activity


APP 5 — notification of the collection of personal information refers to advising the person

from whom information is to be collected, what the information is, why it is collected,

how it is protected, how it is used, required disclosure, how the owner of the information can

access the information


APP 6 — use or disclosure of personal information deals with consent requirements, the use

and disclosure allowed under the Act, including as directed by law


APP 7 — direct marketing relates to the collection and use of personal information in a

direct marketing activity and required consent areas (links to the Do Not Call Register

Act 2006 and Spam Act 2003)


APP 8 — cross-border disclosure of personal information deals with restrictions and

allowances for disclosure across borders and protection from breach of the


Act APP 9 — adoption, use or disclosure of government related identifiers deals with

access to personal information collected in adoption procedures. This also deals with the

use of government identifiers


APP 10 — quality of personal information meaning it is accurate, up-to-date and complete


APP 11 — security of personal information deals with the steps that must be taken by the

collecting party to protect the personal information from unlawful access, change, disclosure

and use, and when information can be destroyed


APP 12 — access to personal information concerns access to the personal information

by the person whose information it is, request procedures and how to provide the access,

and the instances when access can be lawfully denied


APP 13 — correction of personal information concerns the right of and process for an entity to

request persons to update their personal information


Currently, all matters associated with this Act in the Commonwealth are dealt with by the

Office of the Australian Information Commissioner


The NSW Information Privacy Act refers to twelve Information Privacy Principles (IPP)


The IPPs reflect the APPs, and the laws of NSW and can be found at


Relevant legislation includes the Commonwealth Privacy Act 1988 and the Information

Document Name: Industry Training and Assessment Services

Privacy Policy Doc Number: 1.0 Version: 1.0 Date: June 2019

privacy policy.png