There are privacy laws in Australia to protect your personal and sensitive information. Your Disability Employment Services (DES) provider and your employer must keep your information safe.

What is personal and sensitive information?

Personal information covers a range of details that can tell people who you are. For example:

• name, address and phone number
• date of birth
• employment records.

Sensitive information is a type of personal information. It includes details about you that might be very private. For example, information about your health and disability.

An employer or DES provider may need to collect this information when you’re applying for jobs or starting a new job.

For more on what is personal and sensitive information, visit the Office of the Australian Information Commissioner (OAIC) website.

Your rights about your personal information

You have the right to know:

• why your personal information is being collected – for example, to help you find work
• what the law says about collecting this information – is it allowed, and is it necessary
• what will happen to your personal information
• who it might be given to – for example, the Department of Social Services
• how your personal information will be stored.

You have the right to:

• access any record that has your personal information
• change your personal information to make sure it is correct at any time.

Your employer and DES provider must give you information about your rights when they collect personal information.

What happens with your personal information

When your DES provider or employer collect your information, they must:

• tell you why they’re collecting your information
• tell you how they’ll use it
• only use it for the reasons that they tell you
• tell you how they store your personal information
• store your information safely.

Your DES provider or employer will also tell you what other people or organisations they’ll share your information with.

They can only share your information with other people or organisations:

• if you’ve agreed in writing that it can be used or shared, and you’ve been told who your information will be given to
• if the law requires or allows the DES provider or employer to share your information for a different purpose – for example, if there is a threat to someone’s safety or health.

Learn more about your privacy rights and the law on the OAIC website.

What happens if there’s a data breach

A data breach is when a person or organisation:

• gets access to or shares your personal information where you did not agree to that access or sharing of your information
• an organisation that holds loses your personal information.

Examples of a data breach can include where:

• a device that has your personal information saved on it, such as a laptop, is lost or stolen
• a database that stores your information is hacked – someone accesses it illegally
• your information is given to the wrong person by mistake.

Your employer or DES provider must tell you if there’s been a data breach, and if it is likely to cause you serious harm. For example, if the breach might cause you to lose money, or affect your safety or reputation. 

Your employer or DES provider can tell you about a breach by email, text message or phone call.

Learn more about data breaches on the OAIC website.