(1) RMIT is a contracted service provider with the Department of Employment, Skills, Small and Family Business (the Department) under the jobactive Deed 2015-2020. As part of this, RMIT is contracted to provide employment services for the Commonwealth, which includes the delivery of programs to individuals that receive social security benefits or payments. (2) This document outlines how RMIT will manage ‘protected information’ as an employment services provider. (3) Authority for this document is established by the Privacy Policy. (4) All staff who have access to ‘protected information’ and the Privacy Office in providing central oversight. (5) RMIT must comply with the Social Security (Administration) Act 1999, including the provisions that govern the collection, use and disclosure of ‘protected information’ in addition to the requirement to comply with the Privacy Act 1988 (Cth). (6) ‘Protected information’ is information about an individual, that is protected under the Social Security Act 1991 (Cth) and the Social Security Administration − Class of Cases − Public Interest Certificate (No. 1) (the Class PIC), effective 1 September 2019. (7) It covers information that was obtained under the social security law and is or was held in the records of the Department or the Human Services Department. It includes information that is personal, sensitive, or health information (see the Privacy Policy). (8) Protected information must only be disclosed in the following limited circumstances: (9) In assessing whether ‘protected information’ can be disclosed, details of the request from the relevant authority or organisation must include, at a minimum: (10) The Dean SVBE will report annually to the Privacy Office (privacy@rmit.edu.au) on SVBE staff training currency, and any authorised disclosures made under the Class PIC.Management of Special Category Information Instruction
Section 1 - Purpose
Section 2 - Authority
Section 3 - Scope
Section 4 - Instruction
‘Protected Information’
Summary of Responsibilities for Handling ‘Protected Information’
Threshold Requirements
Monitoring and Reporting
View Document
This is not a current document. It has been repealed and is no longer in force.
Activity
Responsibility
Conditions
Completion of ‘Information Exchange and Privacy’ online training available via the department's Learning Centre.
All School of Vocational Business Education (SVBE) staff involved in the administration of the NEIS program.
Privacy Office representative
Mandatory
Notifies the Dean SVBE of disclosure requests received for protected information.
Program Manager and/or delegate
As soon as possible and with joint referral to Privacy Office
Receives and makes disclosures of protected information including notifying the Department’s Account Manager when disclosures are made under the Class PIC.
Dean SVBE
Local process retains confidentiality of requests
Delegate uses Release of Protected Information Notification Form using the Class Public Interest Certificate to notify the Department account manager.
Provides independent assessment of whether the thresholds for disclosure have been met
Privacy Office
As required
Monitors disclosures made and reports to the Chief Audit and Risk Officer
Privacy Office
Annually
Security of records of ‘protected information’ including physical and electronic, on premises and off premises.
Dean SVBE
Program Manager
Security arrangements approved by CISO, ITS.
System Security Plan of Electronic Data for the NEIS program maintained and current.