On this page
1. Introduction
Jobs and Skills Australia (JSA) is committed to promoting and upholding your right to privacy, and ensuring the proper handling of your personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act).
JSA provides advice to government on Australia’s workforce skills needs, efficient prices for vocational education and training (VET) courses, the public and private return on government investment in VET and other matters relating to the VET system. JSA also publishes an annual report about Australia’s current, emerging and future workforce skills needs.
JSA staff, as well as contractors and agents, are subject to the Privacy Act and to the requirements of the Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act. The APPs regulate how federal public sector agencies and certain private sector organisations can collect, hold, use and disclose personal information and how you can access and correct that information.
This privacy policy has been developed in accordance with APP 1 and our obligation to ensure the open and transparent management of the personal information we collect, hold, use and disclose.
The purpose of this privacy policy is to:
- describe the types of personal information that we collect, hold, use and disclose;
- outline our personal information handling practices;
- explain our authority to collect your personal information, why it may be held by us, how it is used and how it is protected;
- notify whether we are likely to disclose personal information to overseas recipients and, if possible, to whom;
- provide information on how you can access your personal information, correct it if necessary and complain if you believe it has been wrongly collected or inappropriately handled.
This privacy policy has been developed to follow the ‘layered policy’ format, which means that it offers layers of greater or lesser detail so people can read as much as they wish and find what they need fast.
For a snapshot of our personal information handling practices, please go to the Condensed Privacy Policy. This offers an easy-to-understand summary of:
- how we collect, use, disclose and store your personal information; and
- how you can contact us if you want to access or correct personal information we hold about you.
This privacy policy is not intended to cover our handling of commercially sensitive information or other information that is not defined in the Privacy Act as personal information or sensitive information.
‘Personal information’ means any information (or an opinion) about an identified individual or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.
‘Sensitive information’ is a subset of personal information and includes information about your health, genetics, biometrics or disability; racial or ethnic origin; religious, political or philosophical beliefs; professional association or trade union memberships, sexuality; or criminal record. Additional requirements apply to the collection and handling of sensitive information.
2. Our Personal Information Handling Practices
Personal information may be collected directly by us, or by people or organisations acting on our behalf (e.g. contracted service providers). It may be collected directly from you, or on your behalf from a representative you have authorised.
We may also obtain personal information collected by other Australian Government agencies, state or territory governments, other third parties, or from publicly available sources. This will only occur where you consent, unless it is unreasonable or impractical to collect the information only from you or where we are required or authorised by or under law to collect the information from someone else.
We will only collect personal information that is reasonably necessary for or directly related to one or more of our functions or activities. For details about the collection of sensitive information, see section 2.3 of this privacy policy.
When we collect personal information, we are required under the APPs to notify you of a number of matters. These include the purposes for which we collect the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information, including if those persons or bodies are located overseas. We usually provide this notification by including privacy notices on our paper-based forms and online portals.
We collect and hold a broad range of personal information in records relating to:
- employment and personnel matters for our staff and contractors (including security assessments);
- performance of our legislative and administrative functions;
- management of contracts;
- management of fraud and compliance investigations;
- management of audits (both internal and external);
- correspondence from members of the public to us or otherwise referred to us by departments or Ministers;
- complaints (including privacy complaints) made and feedback provided to us;
- requests made to us under the Freedom of Information Act 1982 (Cth) (FOI Act) or the Privacy Act; and
- the provision of legal advice by internal and external lawyers.
In carrying out our functions and activities we may collect personal information that is sensitive information (see section 1.2 of this privacy policy). The APPs impose additional obligations on us when collecting, using or disclosing sensitive information. We may only collect sensitive information from you that is reasonably necessary for, or directly related to, one or more of our functions or activities or where:
- you provide your consent; or
- the collection is required or authorised by law or under law or a court/tribunal order; or
- a permitted general situation exists such as to prevent a serious threat to safety. Permitted general situations are set out in Section 16A of the Privacy Act.
- Also, see APP Guidelines – Chapter C for further information on the range of ‘permitted general situations’.
Where permitted under the APPs we collect sensitive information for the purposes of:
- human resource management;
- detection and investigation of fraud or other misconduct;
- taking appropriate action against suspected unlawful activity or serious misconduct;
- responding to inquiries by courts, tribunals and other external review bodies.
In carrying out our functions and activities we may collect personal information about children and young people, either directly from them, through their parents or guardians, or from their education or child care providers. Where children and young people are aged 15 or over, our general policy is to collect information directly from them as they are likely to have the capacity to understand any privacy notices provided to them and to give informed consent to the collection. For children under the age of 15, or where capacity to provide consent is at issue, our policy is to notify and seek the consent of a parent or guardian.
Sometimes personal information is not sought by us but is delivered or sent to us by either the individual or a third party without us having requested it. This information is considered ‘unsolicited’.
Where unsolicited information is received by us, we will, within a reasonable period, determine whether we could have collected the information under the APPs, if we solicited it. If this cannot be determined, or we decide that we could not have collected the information under APPs, we may, as soon as practicable and in accordance with law, destroy or de-identify the information.
If we determine we could have collected the information under the APPs, we will notify you of the purpose of collection and our intended uses and disclosures according to the requirements of the APPs, unless it is impracticable or unreasonable for us to do so.
We collect your personal information through a variety of channels, which may include forms or notices, online portals, social media websites and accounts, electronic or paper correspondence and from data sharing, matching or linkage arrangements with other Australian Government and state and territory agencies, or from other third parties.
We may also collect your personal information if you:
- communicate with us by telephone, mail, email, fax or SMS;
- attend a face to face meeting or event conducted by us or by people or organisations acting on our behalf (e.g. contracted service providers);
- use our website;
- participate in a survey administered by us; or
- interact with us on our social media platforms.
We also monitor news and media, including social media, in the public domain.
By signing paper documents or agreeing to the terms and conditions and disclaimers for electronic documents you are consenting to the collection of any personal information you provide to us.
For further information on what information we collect online see section 2.12 of this privacy policy.
You may wish to not identify yourself or to use a different name (pseudonym) when interacting with us.
In some cases, you will be able to remain anonymous or use a pseudonym, for example, when you make an enquiry with JSA.
However, there will be occasions where it will be impractical for you to remain anonymous or use a pseudonym and we will advise you accordingly. For example, Jobs and Skills Australia (JSA) may be unable to investigate and resolve a complaint you have if you do not identify yourself.
There may also be situations where JSA is required or authorised by law or court/tribunal order, to deal with an identified individual only, in which case it will be necessary for you to identify yourself. For example, JSA will only give you access to your personal information under the Privacy Act or other legislation such as the FOI Act if you provide sufficient information to satisfy JSA of your identity.
Under the Privacy Act, we are required to take contractual measures to ensure that contracted service providers (including subcontractors) comply with the same privacy requirements applicable to us. When JSA enters into agreements with contracted service providers, it imposes contractual obligations on providers to ensure they comply with relevant privacy obligations when collecting, using, disclosing and holding personal information.
2.9.1 Storage
We store personal information in a range of paper-based and electronic records, including records that may be stored in the cloud.
Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Australian Government’s records management regime, including the Archives Act 1983 (Cth) (Archives Act), records authorities, general disposal authorities and other whole of government policies or standards issued by the National Archives of Australia.
2.9.2 Data security
We take all reasonable steps to protect the personal information held in our possession against loss, unauthorised access, use, modification, disclosure or misuse.
Access to your personal information held by us is restricted to authorised persons who are Australian Public Service employees or contractors, on a need to know basis.
Electronic and paper records containing personal information are protected in accordance with Australian Government security policies, including the Attorney-General’s Department’s Protective Security Policy Framework and the Australian Signals Directorate’s Information Security Manual.
We conduct regular audits to ensure we adhere to these policies.
We take all reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, relevant and not misleading.
These steps include responding to requests to correct personal information when it is reasonable and appropriate to do so. For further information on correcting personal information see section 3 of this privacy policy.
Audits and quality inspections are also conducted from time to time to ensure the accuracy and integrity of information, and any systemic data quality issues are identified and resolved promptly.
We may collect and hold personal information for a variety of different purposes including:
- performing our management, employment and personnel functions in relation to staff and contractors;
- performing our legislative and administrative functions;
- policy development, research and evaluation;
- data sharing or data integration with other Australian Government agencies
- complaints handling;
- administering requests received by us under the Freedom of Information (FOI) Act or the Privacy Act;
- preventing, detecting, investigating or dealing with fraud or corruption against the Commonwealth;
- program management;
- contract management; and
- management of correspondence with the public.
We use and disclose personal information for the primary purposes for which it is collected. For example:
- if you make a complaint to us, we may use and disclose your personal information to investigate and respond to the complaint.
- in relation to staff or persons under contract to the Department, we may use or disclose your personal information to manage your employment, performance and workplace health and safety
- If you correspond with us, we may use or disclosure your personal information in order to respond to your correspondence, or address matters raised within your correspondence.
We may also use and disclose personal information for a variety of different purposes including those listed at 2.2-2.5 and 2.11 of this policy.
We will only use or disclose your personal information for other, "secondary purposes" where we are able to do so in accordance with the Privacy Act. This may include:
- where you have consented to this secondary purpose;
- where the secondary purpose is related (or if sensitive information, directly related) to the primary purpose and you would reasonably expect us to use or disclose the information for the secondary purpose;
- where it is required or authorised by or under law or court/tribunal order; or
- where a permitted general situation exists such as to prevent a serious threat to safety.
Likely secondary purposes for which we may use or disclose your personal information include but are not limited to: quality assurance, auditing, reporting, research, evaluation and analysis, investigations of fraud or misconduct, data sharing, data integration, data matching and promotional purposes.
2.13.1 Passive collection
Your information—including personal information—is collected by a variety of software applications, services and platforms used by your device and by JSA to support it to deliver services.
This type of information collection is ‘passive’ as JSA is not collecting this information directly and it does not directly relate to JSA’s functions. Your consent for your information to be collected and shared in this way is typically obtained at the time you first use an application or service on your device.
You can opt out of some of these passive data collections, including by:
- Disabling / refusing cookies;
- Disabling JavaScript;
- Opting-out of Google Analytics; and
- Disabling location services on your device.
Additional advice regarding how to protect yourself online can be found at Stay Smart Online.
2.13.2 Active collection
JSA directly collects some of your information—including personal information—via its website. Generally, this information is collected to enable JSA to properly and efficiently carry out its functions and deliver services.
No attempt is made to identify you through your browsing other than in exceptional circumstances, such as an investigation into the improper use of the website.
Information may be collected by: | Type of information: | Information collected to: |
Internet browser Cookies Google Analytics Social media platforms Qualtrics |
Your browser type Your browser language Your server address Your location (where location services are enabled on your device) Your top level domain name (e.g. ‘.com’, ‘.gov’, ‘.au’, ‘.uk’) Date and time you accessed a page on our site Pages accessed and documents viewed on our site How our website was accessed (e.g. from a search engine, link or advertisement) |
Measure the effectiveness of our content Better tailor our content to our audience |
Name Email address Phone number Education history Employment history |
Deliver services to you Contact you Identify you Subscribe you to a service or update you have requested Evaluate our programs Inform policy development |
2.13.3 Links to External Websites and Social Networking Services
Our website includes links to other websites. We are not responsible for the content and privacy practices of other websites. We recommend that you examine each website’s privacy policy separately.
We may also use social networking services such as Linkedin and Yammer to talk with the public and our staff. When you talk with us using these services we may collect your personal information to communicate with you and the public.
The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for these services on their websites.
2.13.4 Electronic communication
There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communication with us, such as post, fax or telephone (although these also have risks associated with them).
We may disclose your personal information to other Commonwealth agencies that provide services to JSA, in particular the Service Delivery Office within the Department of Finance (Finance), which provides a range of corporate services to JSA. For more information, please refer to the Service Delivery Office.
We will, on occasion, disclose personal information to overseas recipients. The situations in which we may disclose personal information overseas include:
- the publication on the internet of material which may contain personal information, such as reports and other documents; photographs, video recordings and audio recordings; and posts and comments on our social media platforms;
- the provision of personal information to overseas researchers or consultants (where consent has been given for this or we are otherwise legally able to provide this information);
- the provision of personal information to recipients using a web-based service where data is stored on an overseas server, for example, JSA may use Mailchimp for email subscriptions and SurveyMonkey for online surveys (see below for further detail on these services);
- where recipients of our communications use an email account that stores data on an overseas server; and
- where people post and comment on our social media platforms.
We will not disclose your personal information to an overseas recipient unless one of the following applies:
- we have taken reasonable steps to ensure the recipient does not breach the APPs in relation to the information;
- we reasonably believe that the recipient is subject to a law or binding scheme substantially similar to the Australian Privacy Principles (APPs), including mechanisms for enforcement;
- you consent to the disclosure after being expressly informed that we will not be taking reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles;
- a "permitted general situation" exists (e.g. to lessen or prevent a serious threat to life, health or safety);
- disclosure is required or authorised by or under law or court/tribunal order, or by an international agreement relating to information sharing to which Australia is a party; or
- the disclosure is reasonably necessary for an enforcement related activity conducted by, or on behalf of, an enforcement body and the recipient performs similar functions.
It is not practicable to list every country to which we may provide personal information as this will vary depending on the circumstances.
2.15.1 Mailchimp
To provide our news or information JSA may use Mailchimp. Mailchimp provides online platforms that can be used to create, send, and manage emails. In providing this service, Mailchimp may collect personal information, such as distribution lists which contain email addresses, and other information relating to those email addresses. For further information about the type of personal information Mailchimp collects, please refer to Mailchimp's Privacy Policy.
We may use this information to manage emails relating to the work of JSA, measure email news performance and to improve the features of our website and email news service. Mailchimp may transfer this information to third parties where required to do so by law, or where such third parties process the information on Mailchimp’s behalf. Mailchimp uses cookies, Web Beacons and Flash player code to collect information about when you visit the website, when you use the services, your browser type and version, your operating system, and other similar information.
Mailchimp is based in the United States of America (USA) and the information generated by cookies about your use of the website (including your IP address) will be transmitted to and stored by Mailchimp on servers located outside Australia.
You can opt out of our mailing list if you choose the ‘unsubscribe’ service provided by Mailchimp in every email, or contact JSA. You can also disable or refuse cookies or disable Flash player; however, you may not be able to use the services provided by Mailchimp if cookies are disabled. Should you wish to contact Mailchimp, you can find contact details on the Contact Mailchimp page.
If you do not unsubscribe or contact Jobs and Skills Australia to opt out of the mailing list you:
- consent to your personal information being collected, used, disclosed and stored as set out in Mailchimp's Privacy Policy and agree to abide by Mailchimp's Terms of Use;
- understand and acknowledge that this service utilises a Mailchimp platform which is located in the USA and relevant legislation of the USA will apply. This means you will need to seek redress under the laws of the USA for any privacy breaches by Mailchimp; and
- understand and acknowledge that Mailchimp is not subject to the Commonwealth Privacy Act and JSA will not have an obligation to take reasonable steps to ensure that Mailchimp does not breach the APPs in relation to personal information that is given to Mailchimp.
2.15.2 SurveyMonkey
We use SurveyMonkey to survey respondents voluntarily about a range of matters relevant to our work. Wherever possible, we will not seek your personal information as part of our surveys, but sometimes this is necessary. Further, in providing this service, SurveyMonkey may collect personal information. For further information about the type of personal information SurveyMonkey collects, please refer to SurveyMonkey's Privacy Policy.
JSA will only use this information if you choose to respond to our invitation to participate in a survey, and for the purpose of receiving and analysing your answers.
SurveyMonkey is based in the USA and the EU and the information generated by cookies about your use of the website (including your IP address) will be transmitted to and stored by SurveyMonkey on servers located outside Australia.
If you choose to respond to one of our surveys you:
- consent to your personal information being collected, used, disclosed and stored as set out in SurveyMonkey's Privacy Policy and agree to abide by SurveyMonkey's Terms of Use;
- understand and acknowledge that this service utilises a SurveyMonkey platform, which is located in the USA and the EU, and relevant legislation of those countries will apply. This means you will need to seek redress under the laws of the USA or the EU for any privacy breaches by SurveyMonkey; and
- you understand and acknowledge that SurveyMonkey is not subject to the Commonwealth Privacy Act, and JSA will not have an obligation to take reasonable steps to ensure that SurveyMonkey does not breach the APPs in relation to personal information that is given to SurveyMonkey.
We will take seriously and deal promptly with any unauthorised access, use or disclosure of personal information.
The Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act, which commenced on 22 February 2018, generally requires agencies and organisations to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm to those individuals. These entities are also required to notify the Office of the Australian Information Commissioner (OAIC). We comply with the NDB scheme when dealing with these types of data breaches.
JSA also has regard to relevant guidance material issued by the Office of the Australian Information Commissioner, including the ‘Data breach preparation and response — A guide to managing data breaches in accordance with the Privacy Act 1988 (Cth), when responding to any incidents involving the unauthorised access of, use or disclosure of personal information.
3. Accessing and Correcting Your Personal Information
You have a right under the Privacy Act to access personal information we hold about you.
You also have a right under the Privacy Act to request corrections of any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
To access or seek correct personal information we hold about you, please contact us using the contact details set out at section 6.1 of this privacy policy.
If you request access to or correction of your personal information, we must respond to you within 30 calendar days.
While the Privacy Act requires that we give you access to or correct your personal information on request, it does set out circumstances in which we may refuse you access or decline to correct your personal information.
If we refuse to give you access or decline to correct your personal information we will provide you with a written notice which, among other things, gives our reasons for refusing your request.
It is also possible to access and correct documents held by us under the Freedom of Information (FOI) Act. For information on this, please contact our FOI Coordinator (contact details are available on the Freedom of Information page of our website).
If you are unsatisfied with our response, you may make a complaint, either directly to us (see section 5), or you may wish to contact:
- the OAIC at enquiries@oaic.gov.au or telephone 1300 363 992; or
- the Commonwealth Ombudsman by lodging a Complaint Form online or telephone 1300 362 072.
4. Privacy Impact Assessments
A privacy impact assessment (PIA) is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.
The Privacy (Australian Government Agencies — Governance) APP Code 2017[1] (Privacy Code) requires us to undertake a PIA in certain instances and to maintain a register of those PIAs from 1 July 2018. In accordance with the Privacy Code, we publish a version of our PIA register on our website.
5. Complaints
If you think we may have breached the APPs or the Privacy Code, you may contact us to make a complaint using the contact details set out at section 6.1 of this privacy policy. In order to ensure that we fully understand the nature of your complaint and the outcome you are seeking, we prefer that you make your complaint in writing.
Please be aware that it may be difficult to investigate or respond to your complaint if you provide insufficient detail. You may submit an anonymous complaint, however if you do so, it may not be possible for us to provide a response to you.
We are committed to quick and fair resolution of complaints and will ensure your complaint is taken seriously and investigated appropriately.
If you have a complaint about our privacy practices, you should submit a written complaint using the contact details set out in this policy. We will respond to your complaint within 30 days.
If you are in the EU, you can lodge a complaint with the supervisory authority for the GDPR in your country.
If you are not satisfied with the way we have handled your complaint in the first instance, you may contact the OAIC to refer your complaint for further investigation. Please note that the Information Commissioner may not investigate if you have not first brought your complaint to our attention.
Office of the Australian Information Commissioner
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Post: GPO Box 5218
Sydney NSW 2001
6. Contact Us
If you wish to:
- query how your personal information is collected, held, used or disclosed by us;
- ask us questions about this privacy policy;
- request access to or seek correction of your personal information; or
- make a privacy complaint;
please contact us:
By mail:
Privacy Officer
Jobs and Skills Australia
GPO Box 9828
Canberra ACT 2601
By email: privacy@jobsandskills.gov.au
By telephone: 02 6240 0393
If you wish to access this privacy policy in an alternative format (e.g. hard copy) please contact us using the contact details set out at section 6.1. This privacy policy will be made available free of charge.
This privacy policy will be reviewed annually and updated as required.
Last reviewed February 2025